When I first became involved in the identity space, which was about 10 years now, the definition of ‘digital identity’ was being hotly debated. This debate raged on over the years, but out of it, a stoic pragmatism has emerged. Digital identity is many things, but what it has in common across all definitions, is data. You are what your attributes say you are...well if you have had them verified to a decent degree of probability that is.
Identity data is a valuable commodity. In terms of attractive assets, it has cybercriminals chomping at the bit to get at it. According to a study by the Identity Theft Center, data breaches increased by 40% in 2016 over the 2015 figures. Identity data is also, of course, highly valuable to the individual behind the data, and service that individual wants to access. We need to make the identity data work for the individual, not the cybercriminal. But to do this, we need to start to break the silo barriers down.
Data, data, everywhere, but not a byte to share
Wherever we go on the web, we have to create an account. It’s enough to drive a person insane. I literally cannot remember how many accounts I have now. As a keen online shopper, who avoids B&M shops like the plague, I have truly embraced the idea of having a ‘digital me’. I transact online to do everything from purchasing my weekly groceries to sending money. Each one of those services has my Personally Identifiable Information, financial information and often health data too. The web knows more about me than many family members do.
...But this data isn’t actually me. But it can do jobs for me...
Much of the time, the data shared with the third-party isn’t actually needed. All that is needed is an assurance that I am who I say I am. In my previous article, I talked about the GDPR and how using de-identification techniques could help with compliance. However, there are cases where identity data needs to be expressly shared to carry out a process.
I’ll give you a real world example. According to the Financial Services Authority (FSA), in the UK, up to 57 billion GBP are lost each year due to financial fraud. To counter this, certain procedures are put in place that affects anyone sending money over a certain amount to another person. For example, if you want to give your child a large sum of money, perhaps as a deposit on a mortgage, in the UK at least, you have to show proof of your identity and finances, to the conveyancing lawyer. To do this you have to physically go to a Post Office (not always a local one), show them your identity documents, and have them officially ‘stamped’. They are then posted off to the lawyer.
Sign up for CIO Asia eNewsletters.