Most consumers are not able to understand or quantify the risks of digital identity (yet). We often engage in the creation, use and management of digital identities but without fully understanding what and how much we’re actually sharing.
We would never leave home without locking the door yet we often save our online banking username and password to our computer – essentially the equivalent of leaving the key in the front door, ready for anyone to enter. We would never put a sign on our door that reads “We’re away on holiday” yet we happily post such information on social channels for just about anyone to see. Consumers express concern about identity theft but at the end of the day are doing little to protect themselves from it from a digital perspective.
Digital identity has become important mainly because of rising online criminal activity – due to the breadth and depth of consumer’s online lives and also convenience. Mobile has a key role to play in addressing the management of digital identity as mobile devices become increasingly prevalent, powerful, and intelligent. Additionally, SIM cards have proven track record of robust security. But what is digital identity and why does it matter?
At the simplest level digital identity is a supplement to the real or core identity of any individual. In other words digital identity is a set of credentials or attributes that allow a third party to asses and verify the authenticity of the identity in question and the claims being made by it. Such as whether or not that identity is allowed to enter a certain website or is allowed to make a payment.
Furthermore, digital identities can range from a single attribute or credential, such as age, to the complex, containing details of a consumer’s home or bank account. However, the main difference between physical identities and digital identities tends to be volume. Where most people have 3-4 physical identity documents– ID card, passports or – they tend to have a large and growing number of digital identities – multiple email accounts, Facebook, Google and other social media logins.
According to BBC News the typical consumer has 26 different logins but only five passwords. People generally are not wired to remember randomised usernames and passwords so they default to what they know but could be putting themselves at risk.
Identity is not only an issue for consumers but also for companies and payment providers. Companies want to know about consumers in order to minimise the risk of fraud and also because at the end of the day they want to be in a position to sell more relevant goods and services. Consumers want to be assured that their seller they’re working with is legitimate and reliable and not someone phishing for data to exploit.
Identity theft is a growing concern for consumers, governments and enterprises as financial, emotional and practical costs are a stake and rising year on year. The estimates vary but it’s expected that the cost of identity fraud runs into billions of dollars.
There is no doubt that consumers want convenience and ease-of-use but how can digital identity be addressed in a way that will not further compromise privacy while minimising the risk of fraud? That’s where mobile comes in.
Why does digital identity need mobile? Simply, mobile is the only medium that is based on an extremely secure technology, the SIM card, which can already be used for live authentication. Another reason is registration. Mobile operators already perform strong registration processes for a substantial and growing customer bases. They must adhere to regulatory guidelines and specifications and unlike retailers, who are not able to authenticate in a secure manner, such as a username and password.
Unlike other options mobile is able to authenticate the individual’s identity’s identity through a variety of means. For example a retailer could use mobile to provide a second factor authentication in association with any attempted purchase. In this example the mobile operator involved may never actually gain access to the profiling information relating to their customer’s online purchase, behaviour or history.
The common trend toward user convenience can be achieved through the introduction of new mechanisms such as the mobile phone, fingerprint sensors, and multiple authentication factors. The mobile phone/SIM card is something consumers have but it can also be something they are. It can hold information such as location, a behavioural profile, or simple biometric information such as fingerprint scan or voice recognition.
Since the user needs to have possession and control of the mobile phone, it offers a more secure option to consumers than the old username and password. The mobile phone is a clear choice to support the proliferation of digital identities securely and conveniently.
Jaikishan Rajaraman is the GSMA Vice-President and Head of Technology for the Asia-Pacific region.