As more of our everyday activities shift online, from grocery shopping and mortgage applications to school exams, the ability to trust other people’s digital identities is critical. But unfortunately, it’s getting harder to make sure people online actually are who they say they are.
Identities online can be challenging…
Specifically, there’s a lack of streamlined, interoperable fraud solutions designed to manage the complexity of today’s online environments. There are more ways to interact online than ever before. Users log in at all hours of the day from an enormous variety of devices, including phones, watches, game consoles and even smart fridges. And that’s not even counting the traffic generated by IoT devices as they send a constant stream of data to the cloud. New delivery options like buy online, pick up in store (BOPIS) add to the complexity of online shopping experiences. So do the expansion of various payment methods, like buy now, pay later apps that let users purchase on installment.
The explosion of online interactions poses a major security dilemma for companies. Each of these channels and behaviors require their own identity verification methods — you can’t ask someone to type a one-time password into a fridge, for example. And the number of touchpoints makes it incredibly difficult to know who’s logging in from behind a screen. Data breaches exposed more than 22 billion records in 2020 alone, fueling a lucrative black market where cybercriminals buy and sell passwords and personal information. This makes it much harder to trust the credentials companies have long relied on to verify identity.
So, it’s no surprise that online fraud is on the rise. According to the Aite Group, Q1 2021 saw a 650% increase in account takeover (ATO) attacks alone. This situation risks eroding users’ trust in the companies they interact and transact with online.
As we continue living so much of our lives online, we need to close the security gaps in our identity ecosystem. It starts with embracing a more nuanced definition of digital identity that doesn’t rely on any single credential or attribute such as username and password — and that’s flexible enough to apply across digital channels without adding undue friction to the user experience.
The multiple layers of digital identity
In today’s complex digital environment, we all know PIN numbers and passwords alone are no longer enough to confirm users’ identities. Modern solutions verify identity via device, account or individual user behavior by looking at an entire constellation of data points. These types of data points can include the following:
- Actions like how you hold a device, how you type and other passive biometric indicators.
- Physical characteristics like fingerprints or a retinal scan.
- Passwords and other authentication information for your account.
- Device data like whether you’re logging in from a trusted device you’ve used before.
- Contextual information like transaction or interaction history.
- Personally identifiable information (PII) like your name, address and phone number.
Modern identity solutions leverage multi-layered, dynamic processes to replicate the kind of reasoning and risk assessments humans apply during face-to-face interactions. For example, if you bump into a friend in the street when you’re not expecting it, you’d still recognize them and have a nice chat. Similarly, if someone logs into an online account from an unfamiliar device, but types with the expected cadence for that user, a modern identity system can weigh those factors and assess whether the user is likely to be fraudulent. If fraudulent, the system could lock them out completely or issue a challenge like a fingerprint scan to further validate their identity. If the system determines the user is not fraudulent, it would allow their interaction with that account to continue.
Tomorrow’s notion of identity goes beyond that: It provides the right identification layer for each user depending on their specific needs. Whether it’s based on the type of device they have (Does the device allow for biometrics?), their physical ability (Can the user only control the device through voice?) or simply what type of information a company needs from the user (Do they need to know this user is the account holder, that they are of legal age or do they need to see a copy of a driver’s license?).
Customers deserve seamless, streamlined experiences that are adapted to their needs and their devices across all digital channels — but they need security, too. Using flexible combinations of security layers and data requirements, companies can continuously verify users with minimal friction and customize requirements to each situation. As more companies take a 360-degree approach to identity, we’ll see the growth of a ubiquitous identity ecosystem that supports seamlessness and inclusivity while also reducing fraud.
Giving customers control over their personal data
Modern online identity reflects who we are as people, embracing rich human diversity. Innovation powered by NuData and Mastercard is moving technology forward to embrace this understanding and build a more secure online ecosystem that nurtures user trust. Customers want more control over their personal data — and a robust form of digital identity can help provide it.
For example, a modern digital identity solution can empower users to choose which information to share with the system and which information to keep private. Australia’s Deakin University used Mastercard’s digital identity service, ID, to verify the identity of students taking exams online. Students create a shareable identity using a dedicated app on their phones, controlling the personal information that’s used.
When they’re ready to take an exam, a student scans a QR code from the university’s online portal to launch the app. The app then shares only the specific, minimal data points the university system needs to verify identity — such as their full name — leaving the rest of the information the student shared totally private and locked within their phone. This revolutionary approach creates an experience that’s seamless and secure, while putting students in control of their privacy.
A credential is no longer enough
Digital experiences encompass more of our lives than ever before, but our concept of online identity is only now beginning to catch up to this new reality. To offer trusted users thoughtful, seamless experiences, we must look at the big picture rather than individual credentials or other isolated data points. Only by embracing a more adaptive and multi-layered approach to identity will we be able to build an ecosystem of seamless and secure online products and services that customers can trust.