In the real world, proving your identity is pretty straightforward. When you show up in person to open a bank account, rent a car, book a hotel room, gamble at a casino or purchase alcohol, you present your government-issued ID, proof of address or whatever else might be required for the transaction, and the company you’re doing business with can physically see that you are who you claim to be.
This process gets far more complex in the digital world. Now, these same companies must find a way to verify that you are who you say you are, even though you aren’t physically there to present your ID or documentation. Companies must find a way to assure your digital identity matches your real-world identity.
What Is a Digital Identity?
A digital identity is a reusable, digital proof of identity issued by a trusted authority with a known level of assurance. In simple terms, your digital identity is the compilation of information about you that exists in digital form — this can be everything from your date of birth to something you like on Facebook.
Digital identities can be used to verify a customer’s identity for government services, healthcare, financial service providers, e-commerce sites and other online services. They include unique identifiers that can be used to help prevent identity theft and increase cybersecurity to improve the customer experience.
What Makes Up a Customer’s Digital Identity?
The information that forms your digital identity can be grouped into two broad categories: your digital attributes and your digital activities. These pieces of information, either alone or combined together, can be used to identify you.
Here are some examples of each:
|Date of Birth
ID Numbers (Social Security number, driver’s license)
Government-Issued ID Card or Document (passport, driver’s license)
Login Credentials (username & passwords)
Biometrics (fingerprint, face or eye scan)
Badges and Tokens
|Likes, Comments and Shares on Social Sites
Photos on Facebook, Instagram, etc.
Cell Phone Usage
What Is Digital Identity Management?
Digital identity management is the process of creating, verifying, and managing digital identities for individuals or entities in the online realm. It involves the use of unique attributes like usernames, passwords and biometric data to confirm identity when accessing digital services. This practice is essential for ensuring secure online interactions, protecting against unauthorized access and cyber threats, and enabling trust and privacy in digital transactions.
Effective digital identity management includes robust security measures and user-friendly self-service options for tasks like password resets and profile updates. It is crucial for organizations to build secure and personalized relationships with users while complying with data protection regulations. As the digital landscape continues to evolve, digital identity management remains a fundamental element in modern cybersecurity and privacy practices, contributing to a secure and user-centric digital experience.
Digital Identity: Currency for Fraudsters
Your digital identity acts as a sort of currency on the web. It can give you access to your accounts, allow you to open new accounts and give you credibility to engage in a trustworthy way with people, products and digital services online. On the flip side, the fact that your digital identification information exists in cyberspace means that it is subject to hacks, breaches, copycating and identity theft. And with thousands of publicly disclosed data breaches and billions of exposed records every year, much of that previously personal information is now public information.
Market Guide for Identity Verification
How Digital Identity Information is Exposed:
- Public Wi-Fi networks
- Unsecured websites
- Third-party data breaches
- Phishing attempts
- Weak or limited number of passwords
- Deepfake videos, voice and graphics
- Location sharing settings
- Adding strangers to social media accounts
“All the information is available if you know where to look,” explained Jumio CEO Robert Prigge. “There’s a very vibrant marketplace for identity information that can be resold and used against you.”
This “vibrant marketplace” is known as the dark web — a network of sites within the deep web, not accessible by search engines or through normal web browsing means. On the dark web, identity data is acquired, sold or dumped.
While people tend to think of Social Security numbers as valuable, they can be purchased on the dark web for as little as a dollar. Banking information and credit card details can garner a much higher price, and medical records are among the most valuable.
These marketplaces don’t just have individual identity data — they have bundles that combine a passport, a selfie and a utility bill to make the job of a fraudster that much easier.
Just having one or two pieces of someone’s digital identity can have a cascading effect that leads to an even more complete digital identity that can be used to access more and more secure, valuable accounts. Your pet’s name? Right there on Instagram. Your mother’s maiden name? Available on Facebook. Your date of birth and email address? Pretty darn easy to track down.
Issues for the Modern Organization
Let’s put our business hats on. Operating in an increasingly digital world, many organizations must be able to verify the identities of their customers and users online. Bad actors don’t belong in the online ecosystems of financial institutions, the sharing economy, online gaming, mobility services, dating sites and elsewhere. Organizations have a business imperative to care about and verify the digital identities of their users.
This imperative is driven by three key issues:
Your customers and online users trust that you will protect their data. But there’s another side to trust. In many industries, your customers or online users are interacting with one another. Whether a buy-sell-trade exchange, ridesharing, social media, dating site or other online platform, trust is the linchpin of it all, and the foundation of trust is establishing that the person on the other end of the transaction is who they say they are.
In fact, a recent study showed that two-thirds of consumers would be more likely to engage with a financial services business if it has robust identity verification. It also found that 83% of consumers think it’s important for social media sites to verify identities to hold users accountable.
2. Fraud Risk
The increasing array of identity information housed online is leading to a growing risk that this information will fall into the hands of fraudsters. This fraud doesn’t just hit your customers in the pocketbook — merchant losses to online payment fraud will exceed $206 billion cumulatively for the period between 2021 and 2025, according to Juniper Research.
Existing and evolving compliance mandates bring digital identity to the forefront of the minds of compliance managers and executives in both the public and private sector. KYC and AML compliance mandates are probably the most well known when it comes to their direct impact on online processes, especially account opening. But there are others, including California’s CCPA compliance rules and Europe’s GDPR (General Data Protection Regulation) mandates that are driving the need for companies to establish a strong link between digital and real-world identities of their online customers.
What’s Wrong with Traditional Approaches to Online Identity Verification?
Most businesses currently use some combination of a classic security paradigm to gain an appropriate level of assurance that the identity of their online customer matches the real-world identity of the customer. This paradigm includes:
- Something the customer knows (e.g., security question, password)
- Something the customer has (e.g., ID badge, cryptographic key)
- Something the customer is (e.g., biometric data)
The problem with this model, however, is that organizations rely disproportionately on the first two categories — what people know or what they have. Unfortunately, things you know, like passwords and security questions, can be easily gleaned from the internet (or dark web) and things you have, such as a cell phone number or SIM card, are increasingly problematic because they can be damaged, lost or stolen.
At Jumio, we contend that businesses still asking only for a passport and utility bill are asking for the wrong information. They’re merely asking if a person is who they say they are versus who they really are. But what if that person has a legitimate but stolen ID document? Likewise, looking at an account record is no longer helpful. Companies need to know that the person interfacing with them online is who they purport to be at that very moment.
In its 2022 Market Guide for Identity Proofing and Corroboration, Gartner states, “the close interplay between identity proofing, fraud detection and user authentication across the user journey has become critical in establishing trust and mitigating risk online. The need to consider a broad range of risk and trust signals across events such as onboarding, login, credential recovery and high-risk activities like adding new payees and transferring funds in banking is foundational to concepts such as continuous adaptive trust.” Organizations need to move away from identity proofing solutions that rely on shared secret verification, such as out-of-wallet knowledge questions or memorable personal data (often used as part of knowledge-based verification solutions).
Asking the Right Questions
Are you really who you say you are?
Are you still really who you say you are?
If you think about it, these are the two questions companies should care most about when it comes to digital identity. The answers to those questions come through two interconnected processes: upfront identity verification and ongoing user authentication. Identity verification confirms the link between the digital and real worlds on the outset of the customer relationship — during account opening or enrollment. Authentication maintains the person who later logs into the account is the same person who initially opened the account.
Increasingly, modern enterprises are turning to biometrics for identity verification and authentication in order to answer the burning questions we posed above. Companies are using biometrics, alongside more traditional ID verification, to strengthen their defenses against online fraud, maintain compliance with AML and KYC, and to build trust in their online ecosystems.
Using Jumio’s Technology For Efficient Identity and Access Management
Digital wallets are apps and services that allow you to manage and securely share your digital identity credentials, providing only the information needed for the transaction. Previously, you would submit your passport or driver’s license to prove your identity, which would give the business or agency access to all the data on that ID. A digital wallet allows you to control which data you share, which is critical for data privacy. For example, if you’re ordering alcohol for a corporate event, you need to share your age but should not have to share your home address, signature and driver’s license number.
At Jumio, we recommend a best-practice online identity verification process that ties the digital identity to a physical or digital ID issued by a trusted authority, and after the ID is proven to be authentic, the digital identity is further corroborated with a selfie and liveness detection to ensure that the user is physically present. This powerful combination of verifying who someone is, binding that person to face-based biometrics and further securing the transaction with liveness detection allows modern organizations to operate more securely in the digital world.
For more information on Jumio’s identity verification solutions, contact us to schedule a call.
Digital Identity FAQs
What are some use cases for digital identities?
Digital identities are used for authentication and verification of individuals in various sectors such as finance, healthcare, education, e-commerce and government services.
Are digital identities verified using blockchain technology?
Yes, blockchain technology can be used to verify digital identities. It provides a decentralized and tamper-proof way to store and manage digital identities. Blockchain-based identity verification can help in reducing identity theft, providing secure and privacy-preserving identity management, and enabling faster and more efficient identity verification.
What are some ways to increase security for your digital identity?
Some ways you can increase security for your digital identity include:
- Use strong and unique passwords for all online accounts and avoid reusing passwords.
- Enable two-factor authentication (2FA) or multi-factor authentication (MFA) to add an extra layer of security to your accounts.
- Keep your software and operating systems up-to-date with the latest security patches and updates.
- Be cautious when sharing personal information online and avoid clicking on suspicious links or downloading unknown software.
What are the four forms of digital identity?
The four forms of digital identity are user-centric identity, user-enabled identity, social identity, and machine identity. These encompass individual user profiles, user-controlled attributes, social media identities, and machine-to-machine identifiers.
What two things make up your digital identity?
Your digital identity is typically composed of personal information and authentication credentials, such as usernames and passwords or biometric data, used to verify your identity online.
What are some examples of digital identity systems?
Examples of digital identity systems include government-issued IDs, online account profiles (e.g., on social media platforms or e-commerce websites), digital wallets, and blockchain-based self-sovereign identity systems.
Why do I need a digital ID?
A digital ID is essential for secure online interactions, protecting your digital assets, and ensuring trust in digital transactions. It helps verify your identity, grants access to online services, and can protect your privacy and sensitive information.
Originally published November 12, 2019.