The future of digital identity: how businesses and consumers can protect themselves

By Ravi Erukulla, VP, Analyst Relations and Customer Advocacy at Saviynt and Chairman of Identity Management Day

Better user experience, accessibility, increased operational efficiencies — and even stronger security — are all up for grabs in the arms race for advanced digital identities. Yet, achieving effective identity-based security still seems like a very distant reality for many companies and consumers. As the threat landscape continues to evolve, and attacks on businesses and individuals grow, it’s critical that organizations, regulatory bodies and governments work closely together to develop accessible strategies and frameworks to safeguard operations in our digital world.

Some regions are making significant progress creating digital identity frameworks and standards, however. The European Commission’s European Digital Identity (EDI) framework is ahead of the curve with a proposed EU-wide framework that would enable individuals and organizations to link national digital identities with a driver’s license or other forms of identification. If it’s successful, it would allow Europeans to quickly present a digital wallet on a mobile device or laptop to identify themselves and validate certain information instantly.

Healthcare organizations in the U.S., Europe and Asia are also advancing digital identity standards—possibly even too quickly due to regulations and standards being slow to catch up. Many healthcare providers around the world are using passwordless authentication to grant staff quick, secure access to a large library of patient records in a matter of seconds.

As consumers and companies continue to adapt to the changing security and regulatory environments, they need to understand the ways digital identities have changed (and will continue to change) in the next several years, along with how those changes impact the security industry. While this article just scratches the surface of the digital identity movement, it’s important everyone begins considering what the digital and cloud era means for their distinct business model.

The digital experience

More businesses are moving away from the traditional password or PIN-protection techniques and embracing passwordless forms of user checks such as fingerprints, hardware token codes or proximity badges. Advances in authentication methods such as these allow businesses to improve the customer experience in various ways. A better digital experience can translate to increased app adoption, fewer help desk inquiries and higher productivity, leading to higher sales and customer retention. From a marketing perspective, moving away from passwords, PINs and other hard validation information for users to remember is a no-brainer.

Behavioral and physical biometrics

Biometrics has almost become synonymous with the digital experience. What’s more straightforward than using a mobile device to log in to an app or pressing your fingerprint on a screen to move through airport security? From a security perspective, biometrics are the gold standard; they’re more secure than passwords because they are much harder to counterfeit and difficult to circumvent (however, not impossible). Biometrics are also easier on the user because they’re impossible to forget. Behavioral biometrics fit in with this category as well. These strategies —  like verifying a person by their location, the way their phone is moving in their hand or even analyzing the way they type on their keyboard — will take off in the future as people become more comfortable with advanced identification methods.

Identity decentralization

Current user identity verification models require users to remember the information they’ve shared with any entity they interact with in their professional and personal lives. When they forget their credentials, it triggers a cumbersome process to retrieve or reset them to gain access. Not only is this frustrating for the user, but it isn’t sustainable for the third-party organizations on the other side. Forrester Research determined that large organizations spend up to $1 million per year on staffing and infrastructure to handle password resets alone. And as more and more user data gets stored for each private entity, and the demands on the companies that hold onto user data  grows (enter: more consumer data privacy laws), these costs are expected to increase. A decentralized approach would give users control back of their legal identity so that it is them, and only them, who can grant one-touch access. This strategy would eliminate the need for individual accounts credentials, and users wouldn’t have to share their data every time they sign up for a new app, service or website.

AI-enabled fraud

The use of AI for bettering identity and fraud management is another promising trend that will continue to gain traction in the coming years. Through intelligent automation, businesses can onboard customers faster and screen for fraud more efficiently. What’s even more exciting, is that AI can now be used to scan for deepfakes (video or voice recordings fraudulently altered to impersonate someone else). These sophisticated threats that once seemed far-reaching are now becoming a grim reality. For example, in 2020, fraudsters in the U.A.E. cloned the voice of a company director at a large bank to claim a whopping $35 million in one of the largest, most complex heists in history. Threats like these will only become more prevalent and harder to detect without the use of AI.

Fraud isn’t just something that should concern enterprises. Consumers are also at risk. In fact, American consumers lost more than $5.8 billion to fraud last year, a 70 percent increase compared to 2020. Intelligent fraud detection tools can help protect customers and businesses alike — and minimize remediation costs significantly.

Adopting best practices to stay safe in the digital era

Making sense of the complex identity and security technologies coming to market — as well as the associated risks and hurdles — can be challenging. However, businesses with an identity-centric security model and mature Identity and Access Management (IAM) programs will set their company up for success as digital identity incurs widespread adoption.

Identity Defined Security (IDS) provides real-time, intelligence-based access to data and applications by integrating IAM infrastructure with enterprise cybersecurity solutions. IDS improves security posture through identity-centric security and reduces the risk of an attack, breach or audit failure. It’s important to note that having a mature IAM program is not an absolute requirement for implementing an identity-centric approach to security, but it’s sure to improve the effectiveness.

New types of identity will continue to change the way people operate, providing an enhanced customer experience and building a better customer journey. However, these improvements will change the way companies secure employee and third-party identities. With new cyber risks becoming a reality every day, companies must prioritize identity-centric security models if they haven’t already. Properly managing the digital identities of customers and other stakeholders will ultimately increase customer loyalty and reduce the risk of profit loss from fraudulent transactions. Most importantly, a concrete IAM program will help organizations protect their data and customer’s privacy and adapt to future risk.

If your organization is ready to take the next step towards a safer, identity-centric security strategy, I also encourage you to participate in Identity Management Day 2022. Join security experts, companies, and consumers for a global day of awareness, education, and action to strengthen identity-security practices across the world.

About the author

Ravi Erukulla is VP of Analyst Relations and Customer Advocacy at Saviynt and Chairman of Identity Management Day.

DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.

Article Topics

biometrics  |  cybersecurity  |  digital identity  |  fraud prevention  |  identity access management (IAM)  |  Identity Management Day  |  Saviynt