The skyrocketing rise in cybercrime indicates that there is much work to be done to secure the digital identity of businesses and their customers. According to the latest Symantec Security Threat Report, the total reported number of stolen or exposed identities jumped 23% to half a billion worldwide during 2015.
The first line of defence against cyber attackers is to prevent the hackers from gaining access in the first place, says Sachin Mahajan, Director of Digital Identity and Emerging Products with TELUS. A Verizon Data Breach Report states that more than 76 per cent of breaches occur as a result of lost, weak, or stolen credentials.
What is Digital Identity?
Digital identity is the key to establishing secure credentials that people can trust. Mahajan points out that there are many perceptions about what the term “digital identity” really means. Some definitions refer to the digital footprint that records your “clicks” when you’re surfing the Internet. It can also refer to a set of identifying attributes, such as a person’s date of birth, social insurance number or spending patterns. According to Mahajan, the bottom line is that digital identity is a way for an individual or a business to prove who they are online with some level of trust.
How does it work? There are services that organizations can use to establish trusted identities with their customers, says Mahajan. A good first step is to use credentials that are safer than passwords. Two-factor authentication provides a more convenient and secure way to log in to online applications. The two factors required to sign in would be based, for example, on something you have, such as your mobile phone, and something you know, such as a PIN. This combination is much more difficult to crack than a simple password.
For identity validation, organizations like banks can work with mobile network operators to verify customer identity based on customer data in their systems. For example, if a bank notices that a customer’s credit card is suddenly being used for large overseas transactions, the bank could check the location of the customer’s mobile phone to see if he or she is traveling. To maintain privacy, the data could only be shared with prior consent of the customer. The overall result is greater security for both the user and for the bank.
Why it’s a Big Deal:
Organizations need a digital identity framework they can trust, says Mahajan. “This is vital to stopping the cyber criminals and to unlocking the full potential of the digital economy,” says Mahajan. Given the rapid rise in smartphone users, mobile networked backed authentication is a crucial building block, he notes.
Effective digital identity management is not only needed to combat the increasing threat of cyber fraud, it can also reduce cost and complexity. According to an HDI survey, up to 30 per cent of call centre tickets are related to password resets.
For Governments, analysis by the Boston Consulting Group indicates that the efficiencies of digital identity systems could yield global taxpayer savings of up to $50 billion per year by 2020.
The biggest opportunity is the number of applications and services that could go online once there is greater trust in online identity. According to the World Economic Forum, there is a “fourth industrial revolution” waiting to happen.
Advantage Cyber Attackers (For Now)
Right now, the cyber attackers have the upper hand, according to Ray Boisvert, former assistant director for intelligence at the Canadian Security Intelligence Service (CSIS). Boisvert told a recent conference that 74 per cent of businesses are affected by online fraud, and that it takes an average of $1 million and up to five days for them to recover.
The online risks are accelerating with the rising number of devices connected to the Internet, particularly mobile phones. The GSM Association, which represents mobile operators worldwide, estimates that there were 4.7 billion mobile subscribers in 2015, which is expected to grow to 5.6 billion by 2020, a 72 per cent penetration rate.
Those people want to do their business online. For example, a study by U.S. predictive analytics company, FICO, shows that 8 out of 10 people say they want to do more banking transactions via mobile devices.
But, it’s a question of trust. In the online world, how can banks or other organizations be sure they’re dealing with a customer and not a cyber criminal trying to hack into their network?
This article is one in a series sponsored by TELUS to provide advice and expertise on digital identity management for organizations. For more information, please email [email protected].