Adam Desmond, UK&I Country Lead At Mitek explains why prioritising data privacy will boost the digital identity landscape
Most of us don’t think twice when buying alcohol, let alone consider it a security risk. But when flashing our ID’s, sellers get an unnecessarily full view of our address, surname, nationality and signature. If proving our age only requires our date of birth and a photograph, the rest of our personal information doesn’t need to be exposed when buying a bottle of wine, or any time we make a simple purchase.
The online world is seeing a similar trend too. In 2020, 75% of large companies in the UK reported a data breach in the last 12 months – and the numbers show no signs of slowing down. As a result of the COVID-19 pandemic, coupled with the masses of personal information out in the world, it has led to rising identity fraud cases.
While this example is by no means a prominent threat of identity fraud, it begs the question: in a world of constant data breaches and rising fraud, why aren’t we being more careful?
It’s no surprise people are hesitant to adopt digital identities, when there’s so much data available on all of us. Even though we all know buying a bottle of wine or signing up for a new bank would be much easier and quicker with a simple flash of a digital ID. Our concern for data privacy is what’s hindering digital ID’s becoming widespread.
However, digital identities could be a fix to withholding unnecessary data and protecting ourselves from fraud – not opening ourselves up to it. The government knows this is a priority too, as they’ve recently launched a framework outlining the future governance of digital identities. To roll out digital identity adoption the right way, consumers need to trust that their data is safe and secure. This all boils down to how we build these digital identities, and who looks after them.
Only what needs to be shown is shown
For starters, the story around digital identities needs to change. What they won’t be is a one-stop-shop to access every piece of personal information about you at the touch of a button, shareable and stealable. What digital identities could be, if we put data privacy at their core, is selective. We have the opportunity to create a technology, which means people only need to share the specific data they need at any one time, withholding as much data as they can to get the job done.
This doesn’t seem too big of an ask, either. Mastercard recently partnered with Deakin University and Australia Post to test out a digital ID solution enabling students to register for their exams digitally. This removed the need for tiresome paperwork and trips to campus, but also reduced the amount of data shared about each student. Students created a digital identity with Australia Post, using this to gain access to their university exam portal. With each registration, only specific personal information was required to allow students’ entry to the exam portal – nothing was shared than didn’t need to be.
Now imagine this in our banks, shops, and workplaces. Rather than revealing most of your ‘identity’ with every purchase of alcohol, you only show your ID documents when you first create the identity – to verify that you are who you say you are. Then, each time it’s needed, your digital identity only reveals what needs to be revealed at that time, and keeps the rest of your data safely hidden.
Putting user privacy first
While putting data privacy at the core of digital identities is critical, it’s not the only step to take to increase trust. Often, who is holding your data is just as worrying as what data they have to hold.
For example, a digital identity card trial in Taiwan was recently delayed indefinitely until stronger privacy regulations are introduced. The digital ID system would have brought their physical identity cards together with a citizen digital certificate, and their health and driving license data. As the plans were made, citizens raised privacy safeguarding concerns, questioning how their personal data could be protected from potential cyber-attacks. The issue here isn’t the mechanics, or whether or not digital IDs are the right move – it’s simply about ensuring there is enough trust in those who hold the data. In this case, regulation will likely be the answer or allow individuals to hold their own data on their own device like they do a physical document.
Establishing trust with the organisations who will collect our personal data is key. Regulation is one thing, but perception is another. Of all the sectors who have their hat in the ring to create and own digital identities, many are already under intense scrutiny when it comes to data. Big Tech firms have a poor track record of putting user privacy first (two words: Cambridge Analytica), and governments too have come under fire for data privacy issues – most recently in Denmark, which exposed tax ID numbers for millions of citizens. That’s why many industry insiders are betting on third parties, like established payments providers or even new entrants to the market such as the Post Office, to win the trust of weary consumers.
Whoever emerges the victor in the race to create digital identities needs to remember one thing: being transparent with data collection and privacy will be critical to getting people onboard.
The promise of digital IDs
While its apparent physical ID documents are here to stay, adopting digital identities seems to be looming on the horizon. This opens up a host of possibilities. Not only will digital identities be selective in the information they share but think how much quicker it would be to verify our identities with a fingerprint alone. Fast and seamless user experiences, regulatory compliance and a simpler way to do business is the promise digital ID’s can deliver – they’ll also offer us privacy and protection that we can’t get from an identity system stymied by rising data breaches.
To accelerate digital identity roll outs and turn this into a reality, trust must be at the core of it all. Ultimately, the level of trust of this technology will be the deciding factor to getting consumers on board, and eventually enable us to quickly flash our digital IDs when we buy a bottle of alcohol.
Adam Desmond is UK&I Country Lead at Mitek
Main image courtesy of iStockPhoto.com