Building trust to transform the way we protect our digital identity

• Read original article here

We have been heading towards a digital revolution over the last few years, but with the pandemic accelerating our shift to online services, we are seeing an even greater increase in the need to identify ourselves digitally

From retail shopping to mobile banking to social media platforms, we need to prove we are who we say we are online.

This is amidst a context of diminishing trust between organisations and consumers due to the growth in fraudsters purporting to be from trusted organisations scamming consumers out of money and goods – demonstrating we can’t currently trust the identity of who we interact with online. Digital trust is eroding.

Organisations want consumers to interact and transact with their online services, so consumers should be able to trust that they are being provided with secure technology when accessing these services. But how are companies building trust between consumers and businesses, so they feel comfortable interacting online?

To provide the public with confidence using their services, organisations need to challenge the ubiquity of traditional log-in methods, such as usernames and passwords, and instead introduce different ways of validating digital identity.

There are two different types of authentication methods that organisations can put in place to overcome the shortcomings of usernames and passwords: native biometrics and behavioural biometrics.

Both allow customers to log-in across mobile and desktop using a single username. In the background, organisations will be able to see how users behave on different types of devices at different times of the day. This information can be used to build a picture of a user’s behaviour and make their online experience more secure.

The widespread use of native biometrics across mobile and desktop browsing is relatively new. Put simply, it means consumers can use touch and face ID not just on their mobile app, but also on desktop.

However, fingerprints and face recognition are a less trustworthy method of authentication because they don’t give inherence and there is no liveness check – meaning they can’t differentiate between the real biometric factor of an individual and artificial versions.

It is well known that facial biometrics can be manipulated so all touch and face ID do is provide access to a device, but don’t authenticate that individual’s identity to access confidential services such as mobile banking apps.

Fraudsters can easily find ways around accessing devices without having to use facial biometrics, for example by saying the camera isn’t working and going on to use weaker authentication techniques such as a pin or a password to gain access.

All these factors suggest that native biometrics are not safely authenticating genuine users in the way technology should be. As a way of combatting this, organisations can use technology such as behavioural biometrics to provide an alternative method of authentication.

Behavioural biometrics differs to native biometrics because it’s not tied to specific hardware – it is vastly superior to physical biometrics in many ways, primarily because it’s device agnostic (not reliant on a single device). And in an age where customers use a variety of devices and channels, device agnosticism is vital to ensuring the user experience is improved in a safe, secure, and nondisruptive way.

Passive behavioural biometrics also uses millions of data points to verify if a user is genuine, when layered with device and threat intelligence, and removes the single point of failure that plagues most traditional authentication methods.

With that in mind, we know that identity can be authenticated through a multitude of ways, but how can organisations encourage users to use these technologies confidently?

One way to build trust between consumers and organisations when verifying our digital identity is through social-based account recovery mechanisms. When a consumer signs up for a service such as banking, they indicate who their trusted friends and family are, and use this social network to identify themselves if they lose their password or pin.

Doing so ensures consumers are in control of their digital identity and are responsible for using their network wisely. Not only does this shift some of the onus from organisations, but it also starts to develop trust between organisations and consumers. Businesses must understand the importance of building consumer confidence with the processes and services they deliver so they can establish digital trust and develop brand loyalty.

What’s next for protecting our identity

Digital identity is an important part of our online lives, but more work needs to be done to increase trust between consumers and the technologies they use to develop brand loyalty. However, by considering a range of factors as outlined above, and implementing the right technologies, the whole ecosystem can become more transparent in a privacy conscious way.

Stuart Dobbie is SVP Innovation at Callsign, a position he has held for over a year, following on from his role as SVP Product and Architecture at the same company. He has extensive experience in the financial services sector, holding positions as Digital Security and Fraud Project Manager, and Big Data, Machine Learning and Digital Fraud Project Manager at Lloyds Banking Group.