By Michael Magrath, VP of Global Regulations and Standards at OneSpan
Before adopting more digital means of verification, we relied entirely on manual processes and physical documents to prove our identities. Over the past decade, this has changed. Today, digital identity (digital ID) is already playing a significant part in managing identities to access different services and products. However, digital IDs as they currently stand are not interoperable – with other financial institutions, tech companies, and governments having their proprietary systems, which usually cannot communicate. Under this system, online identity is limited, and users are bound to the terms and conditions of the platforms they use – and crucially, they don’t own their digital IDs.
Over the last few years, real headway has been made in changing the status quo of digital ID across many sectors and services – especially in finance. Many European jurisdictions have adopted sandboxes or other nationwide projects to spur innovation and create frameworks for standardised digital IDs. The proposed framework for a European Digital Identity is one of several initiatives that highlight regulators’ commitment to digital ID and its potential. The EU Commission predicts that by 2030 80% of Europeans will have digital IDs. Earlier this year, the UK Government released an alpha version of a digital ID and attributes trust framework. It is part of the government’s more comprehensive plan to make it quicker and more accessible for people to verify themselves using modern technology in a secure and trusted process equivalent to proving who you are using a passport in the physical world.
However, for this level of development to continue unabated, we must also consider the potential threats to digital ID innovation and how they can be mitigated.
Building trust and security online
Security breaches and identity fraud have also increased as technology has developed, leading to distrust between consumers and organisations. According to Cifas, in the first six months of 2021 alone, there was a sharp spike in fraud cases in the UK, with almost 180,000 instances of fraudulent conduct reported. With a dramatic increase in fraud and scams, data privacy rights and concerns around fraud, security risks, and privacy breaches are at the forefront of many consumers’ minds.
One of the biggest threats to innovation in digital ID is the resulting lack of trust from the general public. Without the public’s trust, digital ID providers will find it more challenging to attract users to participate in their digital ID ecosystems – not least because of data privacy concerns. For digital ID to be widely adopted, individuals need to feel assured and confident. They need to be better informed about the data collected on them and have a clear say about how it is used and shared. This is the only way to build confidence in the organisations accessing and processing their sensitive information.
The most successful digital services are those that gain the trust of consumers. There is no substitute for trust – it must be at the foundation of digital ID. Trust frameworks are one of the most common approaches from governments globally to tackle the issue of building understanding and trust. Another example is the Digital Identity and Authentication Council of Canada (DIACC). DIACC recently launched an Outreach Expert Committee to craft messaging and share consumer and industry education on the benefits the forthcoming Pan-Canadian Trust Framework will bring.
Creating private and public sector cooperation
To be effective, governments must play a significant role since they are the issuer of identities and the authoritative data source issuing sensitive identity attributes, including birth certificates, social security numbers, driver licenses, and passports. However, the government cannot do it alone. It should partner with the industry to develop digital identity trust frameworks as is the case in Canada and the UK to seek and welcome input from industry and sectors that will serve as issuers relying upon parties in the private sector. A lack of cooperation with other sectors could be detrimental to any digital ID initiative’s rollout and overall success. Governments should provide a “seat at the table” for industries, including banking, financial services, and healthcare, to assist or provide feedback on developing the digital identity trust frameworks. Governments should design digital identity systems that can accommodate and onboard such individuals to assure inclusion in the digital economy. There are mutual benefits for the public and private sectors working together – the public sector wants to develop digital ID solutions that are secure and privacy-enhancing to garner the public’s trust. The private sector wants to be trusted and have confidence that the people they are doing business with are who they claim to be. Moreover, many technology vendors will provide user-friendly ID verification and online authentication solutions that comply with trust framework policies and government regulations.
It is essential to have open communication across sectors when approaching new transformative technology projects. With collaboration at the core of digital ID initiatives, there will be less room for error and a greater understanding of potential pitfalls and blind spots with insights offered by both sectors. They can also agree on joint protocols and security systems to foster a cooperative approach to tackling fraud and cybercrime.
Tackling the threat of fraud and cybercrime
Cybercriminals are using more sophisticated techniques to bypass security checks and launch attacks – and there’s no doubt that digital ID will be a prime target for fraud attacks and scams. Private and public sector cooperation is just one of the weapons used to fight fraud and data breaches. While there is already existing legislation to discourage such activities, digital ID providers need to have dynamic and resilient monitoring processes and technology to spot threats and fraudulent activity. Techniques and technologies that will be essential for limiting threats to digital ID innovation will mostly depend on online ID verification tools, similar to a wallet, and online identity service providers that can disclose appropriate information to a third party.
While there is still a long way to go, the necessary steps are being taken to give people ownership over their identity. Considerable progress can be made when governments work with experts and organisations to develop digital ID products and services that meet the needs of consumers.