Whenever a person leaves the house, most do a sanity check for items they require – “do I have my phone, wallet, keys, glasses, money, watch, ID etc.” Dubbed everyday carry or “EDC” by the internet communities that love acronyms as much as Mitek, EDC tools help people interact and accomplish items in the world outside their homes: a watch to keep time, a wallet to store money and identity documents, keys to lock up houses or drive cars.
But as the world goes digital, people are drastically cutting down the things they need to stuff into pockets before heading out. Most tools in the aforementioned examples have been exported to a phone or digital device - today, a phone can keep time on its clock negating the need for an analog watch beyond hobbyists, digital wallets house ecards for contactless payments so leave the big wallet at home, and apps can unlock doors that are wired to the internet, so why worry about losing a house key?
One of the last items in most EDC that’s going digital is the humble Identity Document. Though adoption may be slow, many countries in Europe, the Middle East, Africa, Asia, and Latin America have rolled out programs to have a National ID card that is valid for both the physical and digital domains. But just because a person has a digital ID card, does that mean they have a “Digital Identity”? Yes and no.
Though it may soon become a reality there’s no need to bring a physical driver’s license everywhere, a person’s overall digital identity is vastly different and more complex than a simple digital identity document. A digital identity encapsulates a person’s online activity, biometric behavioral data, and a number of other important aspects that allow people to login into the online community everyday and interact – call it a digital “EDC” that’s always there and always online.
Read on for more for answers to the following: What is Digital Identity? What is biometric authentication technology? How to verify someone's identity? What is Self-Sovereign Identity? What is the future of digital identity verification?
What is Digital Identity?
A person’s digital identity is an electronic file containing personally identifiable information (PII).
Examples of PII include the following:
- Social Security number
- Biometric data
- Driver’s License number
- Passport number
- Login credentials (usernames and passwords)
- Date of birth
- Bank account number
PII is used by banks and websites to prove identity through an identity verification process. Digital Identity is becoming more important and more complex as fraudster’s identity theft techniques get more sophisticated. The need for digital identity security is more important than ever and so is knowing that a company has a solid identity verification on-boarding process.
What is biometric authentication technology?
Biometric authentication technology is used to verify a person’s identity. These unique biometric and behavioral biometric features include elements like facial recognition, fingerprints, voice recognition, palm symmetry, iris recognition and more. Examples of using biometric authentication technology being used in everyday situations would be when you use your fingerprint or facial recognition to unlock your phone or use your voice to ask Siri where the closest gas station is. Because every person has a unique identifier, using biometrics as a digital identity solution can help fight against fraud like financial crime by making it harder for fraudsters to falsify an identity.
How to verify someone's identity?
When someone creates an account online, they usually set up a password and a user ID. This is known as a single factor authentication or SFA and is the one of the simplest forms of authentication. Two-factor authentication, or 2FA for short, requires a password (the first factor) then a numeric code, security token or a biometric such as a fingerprint (the second factor) to access online data. Also known as two-step verification or dual-factor authentication, 2FA validates both sets of user credentials before granting access to an online account.
Most 2FA processes combine two of five common authentication factors: knowledge; possession; inheritance; location, and time. Knowledge factors are items the user knows such as a password or PIN, whereas a possession factor is something the user possesses, such as their mobile phone or an ID. Inheritance factors, also known as biometric factors, include fingerprints, voice tone and other inherited identifiers.
What is Self-Sovereign Identity?
Self-sovereign identity refers to individuals or organizations maintaining exclusive ownership of their digital and analog identities as well as determining how this personal data is distributed and used. Christopher Allen’s Ten Self-Sovereign Identity (SSI) Principles itemize the fundamental components of a self-sovereign digital identity framework:
- Existence — Users must have an independent existence.
- Control — Users must control their identities.
- Access — Users must have access to their own data and any associated claims without the interference of gatekeepers or intermediaries.
- Transparency — Systems and algorithms must be transparent.
- Persistence — Identities must be long-lived.
- Portability — Information and services about identity must be transportable.
- Interoperability — Identities should be as widely usable as possible.
- Consent — Users must agree to the use of their identity.
- Minimization — Disclosure of claims must be minimized.
- Protection — The rights of users must be protected.
The pros of self-sovereign identity management is that data is more private, and a person is in full control over the information they choose to share. A con is that the individual is also responsible for the security of that information, which can create opportunities for identity thieves.
How necessary is supporting sovereign ID to your financial services business model? The Mitek 2018 Digital Identity Consumer Confidence Report found 85% of people want to do business via websites that verify the identity of all users, and 67% prefer doing business with a website that can guarantee a person is whom they claim to be. According to Gartner Research, consumers also care about how companies manage the mobile identity verification process. “By 2022, digital businesses with great customer experience during identity corroboration will earn 20% more revenue than comparable businesses with poor customer experience.”
Self -sovereign identity solves two challenges for financial services’ digital product managers: confidence and risk. Accepting a customer’s sovereign digital identity as verified by the decentralized, irreversible, and transparent blockchain builds consumer confidence in your platforms and facilitates KYC/AML compliance.
Self-sovereign identity also reduces costs associated with multiple identity assurance systems by limiting PII to what’s necessary to complete the desired transaction.
What is the future of digital identity verification?
Convenience battles security when it comes to digital identity adoption. While consumers value digital identities for access to new services, they remain concerned over security risks and are fighting to find a balance between the two. But when it comes to the sharing economy, consumers are already actively using digital identities, setting the stage for the next frontier of digital interactions.
“The fact remains, however, that biometric identity verification solutions offer much greater security than traditional username/password methods. As the technology continues to grow in its sophistication, malicious access to this data will become increasingly difficult for hackers, providing both a more secure and convenient solution for users to access and verify their digital identities," explains Mitek CEO, Max Carnecchia.
As fraudsters and criminals try to steal identities, having a more secure system of identity authentication is also becoming more sophisticated. The new normal for digital identity verification will be in the form of a multi-factor authentication that includes some form of unique biometric identifier such as facial recognition or fingerprints. This offers the consumer both convenience and an extra layer of security.