Identity. It’s what makes us unique as individuals. As technology has progressed, however, a new type of identity has emerged, one that’s becoming more common and accepted across the world—the digital identity.
Just over a decade ago, the British public felt national ID cards were stepping over the line. Now, the tide seems to be turning in favour of this technology, accelerated in part by the drive to make all things digital in response to the pandemic.
The British government recently published its second version of its digital identity trust framework and plans to create a governing body with the express purpose of making digital identities as trusted as passports. The prevalence and use of digital IDs in the UK seems imminent.
After all, much of the rest of the world is embracing digital identity. Seventy countries have set up a national ID scheme and most are using electronic national ID cards. Further, there are more than one billion users of digital identity apps today, and that number is expected to jump to more than 6.2 billion by 2025, according to a recent study. However, concerns linger in the UK about this chip-based approach, with users worried about privacy and security.
But, the truth may come as a surprise. The reality is the security concerns around digital identity are baseless. Modern technology has made it quite secure, and digital identities will actually offer a wave of possibilities for individuals, government and businesses.
Digital identities: why the wariness?
A recent survey found only 17 percent of UK consumers are very much in favour of a common digital identity and almost a third (31 percent) are skeptical about it. Some citizens simply don’t know enough about the system to support it, but much of the hesitancy stems from concerns around security.
Cyber security in general is a major worry. Attacks have been on the rise since the pandemic started, so it’s easy to understand why citizens may feel uncomfortable about a purely digital identity system. Identity theft is of particular concern, as the National Fraud Database figures revealed an 11 percent increase in identity fraud in the first half of 2021.
What if the infrastructure itself fails or has technical issues? The hardware or software used to run the digital identity system could malfunction, cutting users off temporarily from access to their own personal data.
While all of these issues merit serious attention, UK citizens and businesses can find much comfort in available knowledge on the subject. Because the truth is modern technology can make digital identities safer and more secure than the paper documents most of us are storing in our homes.
Digital identity security: don’t sweat it
First and foremost, it’s important to know the digital identity trust framework sets security rules and requirements for all providers within the system. Specifically, all providers must use encryption and set up a security governance framework.
Contrary to popular belief, the framework can actually help fight the battle against fraud. The combination of multiple data sources, various digital and biometric attributes, behavioural user data and more all work together to validate and authenticate a user’s identity in seconds and identify anomalies that may indicate the possibility of fraud.
A powerful combination of cognitive capture and artificial intelligence can fully automate digital identity verification. Here’s a closer look at how it can work:
- Data is extracted automatically from all types of identity documents, including UK Residency Cards, passports and driver’s licenses.
- The process is typically done via optical character recognition (OCR).
- For documents containing eChips (such as passports), OCR is bypassed, and the user can use the NFC reader on their phone to access and read the information in the document.
Verification and authentication
- ID security features are verified to detect documents that may be fraudulent.
- An authenticity check is performed to match the data on the front and back of the ID.
- In the case of documents with eChips, the chip is signed with a digital certificate which is checked against a list to prove the data was signed by the correct authority.
- Tampering checks are performed to look for headshot manipulation, text changes, and other evidence of digital tampering.
- The system prompts the user to take a selfie.
- Liveness detection technology is used during the capture process to ensure the user is taking the picture in real time.
- Forensic image checks make sure the photo was the result of a natural capture.
- The selfie is matched against the face photo from the eChip in the document to ensure the person holding the ID is the verified owner.
A SaaS solution adds yet another layer of security, ensuring the selfie match technology is up to date and always performed. A robust solution will follow standard protocols to ensure data is protected with:
- SOC 2 Type 2 certification
- ISO 27001 certification
- Multi-tenant or dedicated/single tenant (AWS)
- Infosec and regular third-party security audits
- GDPR and CCPA compliance
Success stories: everybody wins with digital identities
Scandinavians have used digital IDs for many years, with driving licenses, health information, loyalty cards and Covid passes all linked to a person’s digital ID. In fact, Estonia, Denmark and Sweden are close to universal adoption.
Digital identity is also gaining prominence across Europe. The European Commission recently unveiled a framework for a European Digital Identity wallet. It will be available to all EU citizens, residents and businesses, making it possible for people to prove their identity and share electronic documents with a simple click. It’ll connect multiple aspects of a citizen’s digital footprint to secure these assets from malicious attack.
It also puts users in control of their data. Individuals have a say in which attributes are used to create their identity. For instance, if a citizen is using the digital wallet to purchase tobacco or alcohol, they can choose to only share that portion of information in their identity wallet.
By minimising the amount of personal data that needs to be exchanged during transactions, it reduces the reliance on third parties, which enhances security by removing a player from the equation.
Digital identities can be leveraged in myriad ways, from proof of residence to renting a flat, conducting employee background checks, and verifying political donations. The list of use cases for individuals, businesses and governments is a long one, all while enhancing security:
- Application and account creation: Reduce sign-up friction, streamline digital user onboarding, and increase new customer conversion.
- Age verification: Quickly identify and verify customer birth data for age-restricted products, substances and content.
- Know Your Customer certification: Quickly meet regulatory requirements such as anti-money laundering, know your customer, GDPR, and PSD2 with highly accurate identity proofing and fraud deterrence.
- Suspicious transaction verification and fraud prevention: Stop bad actors and deter fraud with machine learning and neural networks.
- Apps and website logins: Eliminate frustrating, slow, imprecise customer and user verification and enhance customer engagement.
- Customer-not-present transactions: Accelerate customer checkout, decrease customer abandonment, and prevent fraudulent charge-backs.
Digital identities can be a bit intimidating at first. But fear not. Modern technology has your back, protecting your data and your assets. So, embrace the digital identity reality with open arms, and don’t sweat the security stuff.
Jim Close is Regional Vice President of Enterprise at Kofax
Main image courtesy of iStockPhoto.com