Digital Identity: Implications and future

Most lifecycle relationships between consumers and brands begin and end in a virtual environment. This is the reality in which we move as we near the end of the first quarter of the 21st century. For these relationships to be not only useful but also transparent, the management of digital identities must be built on a solid and socially engaged foundation. 

W

hat is digital identity?  

Any attribute that speaks of a person and is stored and verified online. This is one of the definitions we could use to understand what digital identity is. In a broader sense, digital identity would speak of a person’s representation in a virtual environment, either through information, content or interactions generated by or associated with that person. This can include personally identifiable information (PII), such as name or address, as well as user-generated information, such as social media posts or Internet transactions. Such information is known as a digital footprint and has an impact on public perception, i.e., online reputation. 

Digital identity has many implications; it is a virtual map that tells us who we are based on the decisions we make, the relationships we establish with brands, companies and other users, the content we produce and the image that all of this reflects on others. Let’s think about one of the most common transactions of an average user: the creation of an online bank account. To begin with, the website or application will most likely ask them to set up a username and password. After this first connection, this new profile could be linked to previous financial products: other accounts or outstanding loans. Next, the entity would propose verification systems to determine that the person creating the online account is the account holder, which would then link that account to other aspects of the person’s identity: biometric records, their official documentation, etc. This issue requires the involvement of third parties, trusted providers specialized in activating the necessary technology. From this point on, the bank must be responsible for ensuring the user’s identification at any time, each time they access, as well as making sure that the credentials have not been shared with others. It must also manage the level of authorization (access) that the user has. There are many opportunities to work on identity consistency – for example, when changing devices or geographic areas and ultimately, when unusual activity is detected – by requesting authentication via numeric codes or text messages. Some connections lead to others and each point of interaction deserves special care.  

In order for the whole process to function properly, the management of digital identities must be carried out from reliable, attack-proof, and user friendly platforms. Only then will the needs of all parties be met. Because, what interests do companies have in a good design of the digital space beyond increasing the profitability of their offer? What do users demand from the brands they contact regarding the treatment of their personal data online, apart from obtaining a final product or service? It’s simple, companies need to have a clear and precise idea of who they are doing business with. For the customer, privacy is everything; digital identity should equal secure transactions, low-friction interactions and robust but reasonable data protection measures. 

Reusable digital identity and adaptive authentication 

The truth is that the management of digital identities is highly fragmented. As a catalyst for a secure society in the virtual world, it is essential to develop new, more convenient and flexible administration methods. Digital ID wallets, some of them government-driven, still provoke distrust. Citizens are slow to adopt them, perhaps accustomed to dealing with password-based systems and unaware of the possibilities they offer, and suppliers are wary of a higher authority monitoring their relationships with consumers. 

While many questions remain as to how digital identity management systems will evolve, it is certain that reusable digital identity modes, in the form of wallets or otherwise, will become widespread. Procedures that force us to identify ourselves over and over again using different modes of access greatly hinder online traffic. Each person individually manages a multitude of accounts for a myriad of services. In addition to being inefficient, these procedures obscure control over personal data. With the implementation of reusable digital identities, each person would have to undergo a single verification process and use that same shielded and verified digital identity to register on any other platform, online or offline. According to a study published in early 2022, the market for reusable digital identities will grow by nearly 70% between now and 2027. Provided they know how to compromise and be open to change, all parties are likely to benefit from this way of understanding IDs.

Risk based authentication (RBA) or adaptive authentication, is another of the digital identity management methods on which all eyes are focused, with great expectations regarding its applications and limits. Based on the likelihood that fraudulent activity may occur in a login, RBA will establish different levels of examination. As the risk increases marked by the thorough analysis of the applicant’s profile, the authentication method becomes more complicated and restrictive. Other authentication factors or challenges are superimposed on user and password identification. 

Only time will tell what the next steps in the evolution of digital identity will be. New forms of authentication seek their perfect fit alongside business interests, consumer privacy concerns and supplier liability, all in the midst of the unstoppable expansion of the virtual world and the metaverse as the next great topic of conversation.