How can we secure identities in the era of the digital citizen? //09.09.20
In the wake of the COVID-19 pandemic, we’ve seen technology accelerate at breakneck pace. Nearly every industry has had to identify new ways of communicating and transacting with customers – whether they’re a citizen, patient, student, shopper or even an employee. Digital transformation has accelerated, and it’s expanded the threat surface. For example, Experian has reported a 33% increase in fraud during lockdown.
For sectors like financial services, not only is there an issue of potential fraud, but organisations must also meet regulatory compliance. The pandemic has led to a surge in demand for technologies that verify, authenticate and secure the identities of the people completing those transactions.
Technologies like remote identity document verification, contactless biometrics, AI and machine learning have and will continue to play a key role in responding to the pandemic. In addition to their potential application for early detection, patient screening and public safety monitoring in an effort to contain the spread of the virus, they can also be leveraged to secure remote transactions. This can include banking, loans, credit cards, digital currencies and travel. People won’t be able to complete these transactions in person when digital alternatives exist.
Protecting the digital citizen
Since the implementation of GDPR across Europe, we’ve seen the penalty for insufficient data protection practices implemented, but breaches are at an all-time high. As we live increasingly digital lives and move into a world of ubiquitous biometrics, protecting people’s personal data will become more important. After all, you can change your password, but you can’t change the elements that make up biometrics like your face.
In a world where we’re all digital citizens, data theft can cause new types of disruption. When someone proves their identity, they’re proving data about themselves. This often involves information from an identity document – personal information like their name, address, date of birth or biometric data. If that information is stolen, it can no longer be relied on when presented as part of an application. Securing identities means securing the data attributes that make up that identity. The more this data is stolen, the less it can be relied on.
Thankfully, there is plenty happening on the innovation front to prepare us for this brave new world. New methods of securing data like homographic encryption and irreversible transformation enable us to analyse and use data without revealing the data itself. The usefulness of the sensitive data can be maintained, and the data can be protected without having to keep encrypting and decrypting. If the data is stolen, it would be useless to an attacker.
The use of zero-knowledge proofs adds an even deeper layer to identity security by establishing a binary response to whether something is true without exposing any information about it. Simply put, this technology allows us to establish that someone is who they say they are without revealing any identifiers. Zero-knowledge proofs allow organisations to collaborate over issues like fraud prevention without having to share sensitive data. While the capability has existed for decades, recent advancements enable practical implementation at scale.
Data, consent and our communications challenge
Complexities of the technology aside, one of the most important things we have to consider in the era of the digital citizen is the individual themselves. Placing new technology in front of a user without sufficient explanation could make it hard for them to engage with it correctly, putting their own data at risk. As an industry, we’re not always good at bringing the individual in. Despite control over personal data being protected by GDPR, communication about data is often transparent in a very surface level way. Legal and technical jargon baffles many users, which could lead to them consenting to use of their data without fully grasping what exactly they’re consenting to.
We have a real opportunity to secure identities and personal data with new technology, AI, data security methods, organisational collaboration and a focus on the user at the centre of the design. This multifaceted approach is not only possible, but it’s fundamental for a digital-first future that benefits everyone.