It’s incredibly easy to pretend to be someone you’re not online.
Twitter’s crackdown on fake user accounts is a perfect example. Some 50,000 suspected spam accounts, created by bots, trolls, and human impersonators, are blocked by Twitter every day. In May and June of 2018 alone, Twitter shut down 70 million fake accounts.
Twitter’s dilemma is symptomatic of a larger issue that’s causing people to lose a significant amount of trust. When you can’t even be certain you’re interacting with a real person on one of the most popular social media platforms, how can you be confident in any online interaction?
Our digital world has an identity problem.
The Emergence of the Identity Market
Identity answers two fundamental questions: Are you really who you claim to be? And how can you prove that you really are who you say you are?
In the physical world, answering those questions is straightforward. Hand over a valid identification card, and both are answered simultaneously. In the digital world, it's clearly not so easy.
Digital identity is ultimately the link to a physical person or a physical identity. It is about a person being able to prove that they really are who they claim to be in a remote environment. There are many different solutions that have evolved to address this issue, and all have had varying success.
Digital identity is a term that has only became relevant in the past five years. Yet the identity market is growing quickly, with new solutions for authentication popping up left and right. It’s a wide-open playing field, with market forerunners leading the way in defining what digital identity actually means and how it should be secured.
To date, popular solutions for authenticating identity include two-factor authentication (2FA), device ID and digital footprints, digitized ID cards, and behavioral analytics. But as our Twitter example shows, these solutions are simply not working.
Digital identity is a critical concept to nail down as our world continues to move steadily online. Yet confusion continues to swirl as identity theft persists unabated.
Why We Need a New Approach to Digital Identity
The trouble with current authentication solutions is that they rely on static information to confirm identity. That could be a password, security question, or geo-location data. This data about you is called personally identifiable information (PII), and it’s widely available for sale on the dark web. We can all thank the steady drum beat of major corporate data breaches for that.
Armed with your PII, anyone can use the information to pose as you online. If they have the right information, there’s no way to tell that it’s been stolen. This has caused an explosion of fraud across industries, from banking to insurance, gaming, e-government and beyond. Today’s authentication measures weren’t built to take into account that a person could use valid credentials that don’t actually belong to them to open an online account, initiate a payment transaction, or take over a user’s profile.
Here are a few examples of our fraud-riddled current situation:
- New account fraud: How do I prove that it is really me filling out the application to open a new account when someone else could be entering my information, taking over data elements associated with my identity?
- Child identity fraud: How can a child prove that they really are who they say they are if a fraudster has already stolen their identity?
- Synthetic identity fraud: How can you protect yourself from fraudsters who combine your social security number with fake contact information to steal your credit history, max out new credit cards, and disappear without a trace?
The Future of Digital Identity
The future of digital identity will almost certainly include both physical biometrics and behavioral biometrics, an emerging behavior-based authentication solution. Both provide a stronger link to the physical person behind online activity. But even so, physical biometrics, like fingerprints, facial recognition, and iris recognition, are still static forms of identification. It might not be widespread yet, but it’s conceivable that fraudsters will soon start stealing and selling this data about you too.
Typically, digital identity is broken down into three categories: What You Know, What You Have, and Who You Are. Basing authentication on Who You Are is quickly becoming the go-to modality for tackling our digital identity problem.
Biometrics are at the core of Who You Are, and one major emerging modality is authentication is based on behavior. We all behave in a singular way, so it’s possible to confirm a user is who they say they are based on the unique way a person a person types or holds their phone, for example. Behavioral biometrics also make authentication continuous, not just at login. A big part of the appeal is that these solutions run in the background, so users are kept secure without having to take any additional actions to prove their identity. No passwords, no fingerprint scans required. It’s the basis for Markets & Markets’ recently issued market forecast showing behavioral biometrics will be a $2.5B market within 5 years.
The end solution for digital identity will involve combining all these indicators, biometrics, behavioral biometrics, and static identifiers, into a package that can be presented digitally, just like a person presents themselves physically.
This will help restore trust in our remote world, building confidence that people are who they say they are, whether on social media or at account opening.
Looking for a better solution to verify identity online? Learn more about BioCatch.