August 14, 2018
Digital Identity: Three Keys to Fraud-Proof User Identification
Posted December 13, 2017
It’s the paradox digital identity is designed to resolve: As the task of facilitating online transactions gets easier, avoiding the scourge of cybercrime grows exponentially harder.
Today, digital transformation initiatives are rapidly reshaping (and giving rise to) entire industries. To meet user expectations for instant gratification, businesses must make trust decisions about each transaction in the blink of an eye. That means it’s more important than ever to quickly and accurately verify the identity of the person on the other end of a transaction.
But in a post-breach world, whatever trust was established through usernames, passwords and other static forms of identity is rapidly evaporating. Just since 2013, more than 9 billion personal identity files have been set loose into the wild through corporate data breaches.
As a result, a growing number of governments and businesses are recognizing the need for advanced authentication technologies that can accurately verify user identities in mere milliseconds.
A Global Movement
Without a doubt, this need is the driving force behind a multitude of ambitious digital transformation initiatives around the world.
In Canada, major banks are combining forces to develop digital identifiers that can act as user proxies for online transactions. In Estonia, the government’s e-residency initiative is designed to issue digital identification to its citizens, as well as to entrepreneurs worldwide who’d like to run their companies using Estonia’s digital payments and taxation infrastructure.
Meanwhile, Australia’s proposed Govpass system aims to match a user’s photograph, driver’s license and birth certificate details into a single digital identifier for accessing government services. And the country’s New Payments Platform is meant to do the same for private-sector transactions.
Indeed, there are any number of initiatives around the globe — PSD2 in the EU, BankID in Norway, Sweden and the Ukraine, GDPR in the UK, and more — that hinge on instant and accurate identity verification and authentication. But how can that be achieved in a post-breach, zero-trust world? For many, the answer is digital identity.
So What, Exactly, is Digital Identity?
Put simply, digital identity is a dynamic authentication technology designed for organizations that transact online.
Unlike traditional forms of authentication that rely on static identity credentials, digital identity leverages hundreds of dynamic data elements that cannot be lost, stolen or faked.
Through behavioral analytics and advanced machine learning, digital identity uses these elements to establish normative behavior patterns as a baseline for assessing identities during each transaction.
According to organizations that have deployed such systems, digital identity-based authentication:
- Spots Imposters Using Stolen Credentials – Most authentication systems in use today simply cannot tell the difference between a legitimate user and a criminal who’s using valid identity credentials acquired through data breaches. By comparing established baselines with the specifics of a given transaction, digital identity instantly spots scammers impersonating legitimate users—even when they’re using valid login credentials acquired through corporate data breaches.
- Identifies Fraudsters on Their First Visit –For most organizations, fraudsters are only identified after the fact, or at best, during a criminal act. But digital identity understands each user’s history and the way they behave across multiple websites and applications. Cybercriminals are instantly recognized, even if it’s their first time using a site or mobile app. Legitimate users never notice a thing—it all happens transparently and without adding friction to the digital experience.
- Detects Synthetic Identities – Identifying imposters using stolen credentials is one thing. But what do you do when the identity itself is fake? In a post-breach world, thieves can easily stitch together entirely new identities. They set up accounts, establish credit, pay their bills and appear to be trustworthy customers and prospects. At least until they pull off whatever their long-term con may be. Digital identity recognizes each individual element of an identity and assesses whether it’s consistent with other facets of that identity. Even when a fraudulent account is successfully created, digital identity continuously analyzes the user’s actions to determine if they make sense within the context of each new transaction in order to ferret out fraud.
More Protection, With Major Savings
With an average of 130 successful cyberattacks hitting organizations each year at an average cost of $11.7 million each, digital identity is emerging as more than just a way to fend off losses.
Using digital identity, financial institutions are protecting online and mobile logins and transactions. Retailers are improving the customer experience, while reducing fraud rates without the need for additional fraud management staff. And a new generation of fintech lenders prevents the use of stolen identities to take out fraudulent loans, while reducing the time needed to approve mobile and online applications to mere minutes.
Indeed, while spending on advanced perimeter defenses is up, investments in the technologies needed for digital identity—intelligence systems and advanced identity and access management—deliver the highest cost savings per year, up to $5.2 million per organization, according to Ponemon Institute.
To learn more, be sure to check out The Definitive Guide to Digital Identity. This new online resource is designed to help businesses understand how digital identity can help them grow profitable and securely in a post-breach, zero-trust world.