Building Trust in Digital Identity Solutions
This article originally featured in Technology Dispatch.
By Justin Walker, VP for Digital Transformation, Thales
Think about all the times that you have to share your identity. Whether it’s proving your age at a bar, showing your passport as you head through airport security, or having your credentials verified when renting a house – there are countless touchpoints where we have to prove who we are.
For many of us who grew up in the ‘analogue’ era it is second nature to provide proof of our credentials in a physical setting. However, we’re now entering an age of digital identity.
What is digital identity?
Digital identity works just the same as the physical examples above, just in a digital setting.
Broadly speaking, digital identity takes two main forms. The first is the digital version of an official physical identity document – such as a digital driving license that lives in a mobile wallet on your smartphone.
The second is a credential for accessing online services. These are typically created through an initial identity verification process, usually involving a check against an official ID document and – increasingly – some form of biometrics. For a consumer, this might be the details they use to log onto their mobile banking app on their phone.
These two areas cover a huge number of interactions – including both day-to-day moments and life milestones. Setting up a new SIM-contract with a mobile provider, connecting a smart speaker to a home smart hub and taking out a loan to start your own business sit at different ends of the spectrum, in terms of significance, but all are enabled by digital identity.
Digital means of proving identity provides a number of benefits; customer convenience and ease being one of them. However, if not done in a secure way – it could put the end-user’s data at risk.
In the absence of in-person verification, how can the person and the business on both sides of that interaction know that who they are dealing with is a genuine and trusted party?
The same is also true for machines which speak to other machines as part of the Internet of Things (IoT). In this case, connected devices need to know that the technology they are connected to is what it claims to be.
Trusted digital identities are needed to bridge that gap and ensure people and machines can trust other organisations, businesses, and devices, and vice-versa.
Why is trust in Digital Identity so important?
Without trust in their customers and citizens, organisations and governments won’t be able to pursue the digital transformations that they need to level up the services they provide. Similarly, in the absence of trust, consumers won’t feel comfortable using online tools, which may mean they miss out on access to essential services – a major barrier to inclusion. Finally, an absence of trust in the IoT sphere can create huge friction in device interaction and could end up severely hampering the development of the technology in the coming years.
When you think that more of us than ever are currently reliant on remote network connections, the Cloud, and home working due to the pandemic, then it’s clear that the lack of trust could be a big problem.
What’s more, ‘traditional’ forms of identity are no longer enough to ensure adequate online security. The use of passwords, for example, in isolation, no longer meets the needs of a society that relies so heavily on being online – given they are a relatively weak form of authentication. With criminals constantly looking for chinks in the armour of consumers and businesses, more must be done to protect these parties.
Digital identities are designed to solve all of these challenges. Not only do they enable 100% trust in all parts of the value chain, but they are also key for driving inclusivity to all parts of society, providing security through unique biometric identifiers – like fingerpints and facial recognition – and creating a frictionless experience for consumers as well as ensuring compliance for businesses. They should also be created along privacy by design principles. The identity credentials should be stored on the device in secure chips or hardened applications, biometric verification happens locally when possible and users should stay in control of the data they choose to share.
When designed properly, one of the benefits of digital identity solutions is the ability to only share data that is necessary – only sharing it as a transaction or certificate. To put this into context, think about when you scan your ID at a club; all you need to prove is the fact that you’re 18 or over – yet in doing so you have to share your address and date of birth. This leads to a gathering of unnecessary personal data that could breach GDPR.
Trust is the most important currency in the digital world. Digital identities are how this trust is conveyed and embedded, and therefore their importance to our online society cannot be overstated.