- ‘One-off’ identity verification is no longer sufficient
- Consumers expect a seamless and secure process
- Impersonation-proof identity verification is the new standard
- Digital identity should be based on strong, universally-accepted standards
- Getting digital identity right could make digital trade smoother, easier and faster
For most organisations, verifying identity for a transaction is a one-time event – and one for which it sets its own risk appetite. But this approach no longer fits with the complexities of our always-on, networked lives, believes GBG’s Alexi Walsh.
Five digital identity trends for 2018
Walsh identifies five developments with the potential to transform the way businesses and organisations interact with their customers:
1. The consumer becomes a stakeholder
Traditionally, digital identity issues have been viewed as a business-to-business concern. But as consumers adopt more active roles as stakeholders, this relationship is becoming a business-to-business-to-consumer one.
Increased consumer engagement means higher expectations; people don’t want to have to rekey their data every time, for example. Instead, it’s about immediacy and always being connected, so people will expect technology to perform better and security to be higher.
One solution for businesses is to use Facebook Login, which allows users to log into a website through their own Facebook account. If users are happy for Facebook to share their details in this way, it can offer a quick, social and personalised user experience. As with any identity verification solution, however, businesses must ensure that they are satisfied with the validity of the data they are supplied with.
2. Two-factor authentication
Individuals want the friction taken out of their online journey, but businesses must balance this with regulatory and compliance requirements and their own risk appetite. Can you be sure that the data provided by a mortgage applicant is valid and correct – and that they are who they say they are?
Questions like these led to the launch, in January 2018, of the new Payment Services Directive (PSD2) standard, which aims to enhance consumer protection and security by requiring more than a password or credit card data to make most online payments. It means that financial services and online payment companies will need two independent types of identity verification – a physical element along with a password or biometric one.
As new legislation comes into force and consumers become less tolerant of poor identity standards, it will no longer be enough to check that users match a valid digital identity; ensuring that someone is not impersonating them will be the new standard.
3. The ‘trust framework’ model
The real revolution, though, comes with the change from a one-time transaction to the issuing of a digital identity that’s based on extremely strong, universally-accepted standards. This digital identity will unlock doors for us to buy online, to carry out financial transactions and interact with government services.
This approach to digital identity is built on a ‘trust framework’. GOV.UK Verify, an example of a UK-centric trust framework, has provided a single trusted login across UK government digital services since its launch in 2016. The system certifies ‘partner companies’, which it has approved to verify users’ identity securely.
While the Government Transformation Strategy prioritises “making better use of GOV.UK Verify by working towards 25 million users by 2020”, the number of digital identities it is able to verify has so far failed to provide the ‘critical mass’ required to roll it out to the public sector; 18 months after its launch, Verify had just 1.5 million registered users.
So will 2018 be gov.uk’s year, and the year more of us have the promised convenience and reassurance of a digital identity? Hopefully, but it will need to significantly grow its registered user base.
4. Private sector collaboration
We could start to see the gov.uk service boosted in 2018, or we could see the impatience of the private sector leading to companies looking elsewhere for an accepted identity framework.
Norway’s banks collaborated on a system that allows people to use their bank accounts to create a digital identity that’s accepted by other industries throughout Scandinavia. And in Germany, VERIMI is a private sector collaboration with commercial companies such as Deutsche Bank, Daimler, Lufthansa, Telekom Deutschland and Allianz.
In Sweden, 67% of the population has taken up the offer of a digital identity and the fact that these identities have been used for around two billion transactions shows it’s been well adopted. Anglo-Saxon countries, however, are sceptical about centrally issued IDs. There are still connotations dating back to World War Two, alongside fears over privacy.
In 2018, however, we will start to see the effects of regulation, which may drive renewed requirements for digital identity.
Primarily that’s around General Data Protection Regulation (GDPR), where we’ll see consumers having a higher stake in how and where their identity is used.
5. From security to easier business
The frequency and severity of data breaches underlines the growing importance of identity verification. But just as security is front-of-mind for companies, it is increasingly important to consumers.
This change is not solely driven by negative factors, though. In the near future, we are likely to see much more activity in the realm of Open Banking. And, if that initiative is to truly take off, assuring identity must be a key component.
Getting digital identity right could also be a very good thing for the UK economy, in that it would make digital trade smoother, easier and faster.
A new era of assured digital identity?
In the industry, we’ve been talking about these issues for some time. Perhaps the change could come this year, perhaps we’re still years away. But there is definitely a change in the air. There seems to be a catalyst for a new era of assured digital identity and it seems more real than ever.
Either way, we’d advise companies to start to get their heads around managed identity and how it might affect their business model.
Alexi Walsh is General Manager, Identity Assurance at GBG. With knowledge of verification requirements in regulated markets, Alexi’s work has involved acquiring international data to support identity validation on a global scale with a focus on identifying those that are hard to find. Alexi is presently leading the Identity Assurance program for GBG, developing its B2C digital identity offering.