Consumers still wary of digital identity security risks, study finds
Twenty-five percent of consumers surveyed revealed that they “fully understand digital identity,” while 65 percent said they apparently necessarily have to rely on it in some form every day, according to a new survey by Mitek, a mobile deposit and digital identity verification solutions provider in partnership with OpinionRoute.
This dichotomy seemed to indicate “early stage confusion about what digital identities really are, the study concluded, saying, “Moreover, while respondents value the convenience and accessibility that digital identities provide, a majority are still wary of potential security risks. Together, the findings show that while consumers appear ready to further embrace the convenience of digital identity, misgivings around the specifics of the technology and the risk of having personal data exposed remain a barrier to broader adoption.”
More than 1,000 respondents in the United States over the age of 18 were surveyed about their awareness and personal use of digital identity. The survey – performed between July 9 and the 16th — asked 40 questions regarded the respondents’ awareness, comfort level, usage, benefits, and concerns about digital identity, as well as demographic information on individual respondent’s location. The overall margin of error was estimated to be +/- 3.1 percent at a 95 percent confidence level.
“As digital transactions become more pervasive in our everyday lives, consumers are increasingly turning to their digital identities to validate and secure the accounts they use to bank online, transact with apps, and interact with each other,” said Mitek CEO Max Carnecchia,
“The problem, however,” he pointed out, “is that while consumers show a growing appetite for digital convenience, many users have a different understanding of what digital identity actually means and remain concerned over the protection of their information.”
Carnecchia said he “advises that as businesses look to adopt digital identity solutions into their own practices to meet this demand, they will need to invest in consumer education initiatives to better inform their users of its application and how they are keeping personal identity data secure,” according to a statement released with the report.
“Biometrics may be the most advanced opportunity for convenience and security, but consumers are wary of new technologies,” the report said, adding, “Biometric identity verification technologies provide one such avenue for businesses to offer consumers another layer of security when using digital identities. The growing adoption of voice-based products like Siri and Alexa, coupled with the near ubiquitous presence of smartphones, indicates that consumers are becoming increasingly familiar with thumbprint, voice recognition and other biometric solutions in their everyday interactions with technology.”
But, with “biometric adoption” yet in its early stages,” the study nonetheless found that only 17 percent of surveyed respondents and a majority of consumers still “prefer to verify their identities through biometrics” or “more traditional verification methods they believe are more secure … despite the technology’s growth,” and, it’s flourishing general acceptance as the way of the future.
Indeed. “While mainstream adoption is growing,” the study said, “consumers still report a general lack of trust with newer biometric technologies.”
The survey also found that “when it comes to verifying their identity, consumers are still most comfortable using identity verification methods that they are familiar with, including traditional documents (54 percent) such as a passport, driver’s license, or birth certificate, as well as passwords (51 percent), compared to newer forms of verification.”
The report also found consumers are markedly fascinated with “applications for digital identities within the gig economy, setting the stage for the next frontier of digital interactions. A majority of consumers are already actively using online marketplaces for shopping, ridesharing, and banking — but the next generation of offerings will bring digital identity into the home.”
That statistic may not be so surprising, given that more and more people are shopping online or opting for in-home services. The survey found 48 percent of users “show a desire to use digital identity for in-home services, such as family care series, delivery, and cleaning services.”
“Faster and better access to services is the primary driver of digital identity adoption,” the survey report stated, pointing out that 79 percent of respondents had reached a decision “that having their identity digitized would be faster than using a physical ID in the future,” and that 75 percent agreed that “having a digital identity would provide easier access to services than a physical document.”
This specific finding certainly seems to be symptomatic of a society increasingly accustomed and used to – if not expecting – faster and faster consumer servicing, and being able to receive quick service using the latest and greatest technological tools that can facilitate this need for immediate gratification. It’s certainly a brave new world.
Biometric Update recently reported, for example, that the World Travel & Tourism Council (WTTC), which represents the global travel and tourism private sector, discovered from a new survey that a whopping 80 percent of Americans are willing to share biometric data if it improves their travel experience boarding either a domestic or international flight.
“According to our survey, more than 80 percent of travelers would use their faces to effectively replace their IDs, their boarding passes, and even their passports. From booking to destination city, biometric technology will transform the way we travel – creating a safe and seamless experience,” said WTTC President and CEO Gloria Guevara.
According to PWC’s new 2019 Internet of Things Survey of hospitality executives, “(o)n the consumer side, IoT tops the list of Fourth Industrial Revolution (4IR) technologies that consumers have embraced, yet they also say it creates new worries about data collection, security, and privacy. It’s clear that decision-makers need to trust that IoT’s data is accurate, up to date, and secure — and that it’s not accidentally creating a backdoor to the corporate network. Consumers need to feel confident that their privacy is respected and that they are getting fair value for their data.”
The PWC survey found 59 percent of hospitality executives are using IoT to achieve internal efficiencies, while 58 percent report IoT has increased trust with customers.
PWC said it discovered that “IoT requires securely gathering huge flows of disparate sources of data from thousands or millions of sensors and then ensuring that the data is accurate and authentic, effectively analyzed, protected, and private. Surprisingly, this may actually offer many ways to enhance trust.”
The study explained that, “Examples of everyday trust-building use cases include using sensors to keep better track of equipment, which 42 percent of executives surveyed said their company is already doing, and another 40 percent are planning to do within two years. Improving facilities management — whether room energy use, overall environmental conditions, or even determining when trash bins need emptying — is something 39 percent are already benefiting from. Plus, 35 percent have enhanced security and safety, some by enabling employees to quickly tell management their location if they need assistance.”
Conversely, though, Kaspersky’s new Advanced Threat Predictions for 2020 report predicts that “it is inevitable that the cybercriminals will also attempt to diversify their attacks to include other types of devices besides PCs or servers” – like IoT. “For instance, ransomware in consumer products, such as smart TVs, smart watches, smart cars/houses/cities. As more devices become connected to the Internet, cybercriminals will also be looking for ways to monetize their access to these devices. Ransomware is, unfortunately, the most effective tool for extracting a financial profit from the victims.”
Kaspersky further pointed out that “the convergence of real and cyber worlds brought about by the profusion of IoT devices offers growing opportunities for attackers; and it’s evident that threat actors are aware of the potential. This year it was reported that unknown attackers stole 500MB of data from NASA’s Jet Propulsion Laboratory using a Raspberry Pi.”
Kaspersky stated that in its “threat predictions for 2019 we considered the possibility of ‘malware-less’ attacks, where opening a VPN tunnel to mirror or redirect traffic might provide all the necessary information to an attacker.” For example, the company pointed to an incident in June in which “it was revealed that hackers had infiltrated the networks of at least ten cellular telcos around the world, and had remained hidden for years. In some cases, it seems they had been able to deploy their own VPN services on telco infrastructure.”
Finally, Kaspersky affirmed that it seems “likely that attackers will [also] exfiltrate data with non-conventional methods, such as using signaling data or Wi-Fi/4G, especially when using physical implants (something we also believe is probably being overlooked),” and that “in a similar vein, we believe more attackers will use DoH (DNS over HTTPS) in the future to conceal their activities and make discovery more difficult. Finally, it is possible that during the coming months we will start discovering more UEFI malware and infections as our ability to see such systems is slowly improving.”
Yet, “consumers enjoy benefits, but want control over what information is shared with companies,” the Mitek report said, confirmed that, “While consumers enjoy the rewards and benefits of sharing their data, 88 percent still want to maintain control over what personally identifiable information is provided to companies.”
In conclusion, the Mitek survey said, “While perceptions of digital identity still vary among consumers, many are actively beginning to adopt it into their daily lives” because they “recognize the range of benefits digital identity technologies offer, with faster and more convenient access to services and applications that they use every day.”
But, on the other hand, many consumers continue to be circumspect about “the potential security risks of having their identities stolen or [their personal] data unwittingly shared by third parties when using digital identity technologies.” And it’s this driving concern which continues to be the hurdle. The world’s digitized business collective unavoidably must persist in tussling with this if consumers are to one day become as comfortable with digital identity transacted commerce as they are in revealing the most intimate details about themselves to the world on Facebook.
Likewise, even though consumers have become adapted to using passwords, security questions … even digital signatures because they’ve been around the longest – even though a 2019 report found 80 percent of hacking-related openings are the result of compromised, weak, and reused passwords — Mitek drew the comparison that this “doesn’t mean they are the most reliable or effective methods for proving one’s identity.”
So, just what can be inferred from all the evidently conflicting consumer surveys, studies, and reports? Mitek expressed a musing that seemed particularly reflective. It contemplatively held that because of the “widespread impact and awareness around data breaches and hacks, consumer sentiment” about even “passwords and security-based questions may be changing.” Mitek took note that Americans “are now more worried about cybercrime than violent crimes, with 71 percent worried about having their personal or financial information hacked, and 67 percent worried about being a victim of identity theft.”
So, “As organizations look to build digital identity verification solutions into their own offerings, they will need to balance consumers’ growing appetite for convenience with concerns over privacy and security of their personal data,” Mitek maintained. And, thus, “accordingly that will require organizations to invest in educating consumers on what is and isn’t a reliable and trusted process when using a digital identity to onboard a new digital platform and exactly where and how that information is being shared.”