The Rise of Digital ID: It is Not All The Same
2021-04-15Given the vast percentage of online financial interactions members have with their credit unions, we could all really use a reliable digital authentication solution. If only you could simply ask for a physical ID in a digital setting, right?
If only.
On top of that, everyone is justifiably alarmed by the increase in digital identity thefts and data breaches across multiple industries. These events directly expose sensitive personal consumer information to hackers.
It’s a problem as old as the internet
Digital identity has been an annoyance since the dawn of the internet. Even after more than 30 years, we still can’t prove we are who we say we are with digital credentials the same way we can with a physical ID like a driver’s license.
In the physical world, members can use a government-issued ID for all transactions that require photo identification. However, there is nothing like a driver’s license or passport that members can use for transactions online. Proving one’s identity online has primarily been restricted to biometric methods, such as passwords and challenge questions, which are both susceptible to fraud.
A standardized digital identity would help
There are two problems to solve. First, we need an accepted standard format. Ideally, it would be something as universally understood as a driver’s license. It’s government issued, it contains a photo, staff members recognize it when they see it and it’s difficult to counterfeit. However, it’s very easy to acquire a falsified driver’s license on the dark web.
In contrast, when a member uses a digital credential, it must be in a format that can be read and verified by a device. The second problem is to verify the source of the credential and vouch for the integrity of the credential provider. There are many organizations claiming to be “the only digital identity your members need.” This begs a question, though…
Are all types of digital identity the same?
The quick answer is no! Digital identity is used widely today for online access to healthcare, financial services, restaurants and retail. Currently, it comes in three forms or models, and they function and behave differently.
Siloed and centralized identity
Traditional “siloed” identity is the simplest of the three models: an organization issues to you (or allows you to create) a digital credential that you can use to access its services.
Trust between you and the organization is typically established through the use of shared secrets, usually in the form of a username and password, and sometimes requiring other “secrets” such as your birthday, mother’s maiden name, PINs and so on. Sometimes shared secrets are augmented with additional factors such as physical tokens or biometrics.
At least some of your member’s personal data, whether shared by the member or obtained from other sources, is typically stored with the organization’s data “silo,” a scenario that repeats for every organization, app or website your member logs into. As a result, this model requires your member to create and manage separate credentials for each relationship. The siloed identity model has the worst customer experience of the three identity models and carries the highest risk for fraud, as the personal information about your members is stored in a centralized database.
Federated or user-centric identity
The federated or identity provider model adds a third-party company or consortium to act as an “identity provider” (IDP) between the member and the credit union. The IDP issues the digital credential, providing a single sign-on experience with the IDP which can then be seamlessly used elsewhere. This reduces the number of credentials a member needs to maintain.
It works like this: the member logs into the IDP, which then “federates” the login to the service the member is trying to access using different protocols. Trust between the member and the IDP is maintained in the same manner as in siloed identity—typically through shared secrets—and may be fortified with additional factors to provide a higher level of assurance to the verifying party.
A “user-centric” digital identity is also sometimes characterized as a federated model. The most common example of a user-centric digital identity is a “social login” on the web using a Facebook, Google, Twitter or other social ID to access a service. Before a member logs into an application, Google requests your consent before allowing the application to access your data.
All of these IDPs have access to a lot of data about your members—they can see transactions and they can sell your members’ personal information. Do you want someone else to own your member relationships? Why would your members want a digital credential from someone other than their credit union? Will a verifier trust a digital credential issued by none other than a credit union?
Self-soverign or decentralized identity
This leads us to the most privacy-preserving digital identity model that exists today and the one most appropriate for financial services. A self-sovereign or decentralized identity allows members full control of their identity and adds a layer of security and flexibility by allowing the member to reveal only the data necessary for a given transaction. It also eliminates the need for either siloed or federated identities, and it is almost impossible to hack or steal.
Self-sovereign identity starts with a digital wallet or passport that contains the digital credentials. This wallet is similar to a physical wallet in which the member carries credentials issued by the credit union and others, such as a passport or credit union account authorization, except these are digitally signed verifiable credentials that can cryptographically prove four things to any verifier:
- Who the issuer is (credit union);
- To whom it was issued (member);
- Whether it was altered since it was issued; and
- Whether it has been revoked by the issuer (credit union).
To exchange digital credentials securely and privately, the member has a direct, encrypted connection with the credit union or any other verifier. Trust is mutually established between the two parties when this connection is active to exchange credentials, with no third party coming in between you and your member. Verifiable claims are a standard way to define, exchange and verify digital credentials and are defined by the open standards organization, the World Wide Web Consortium or W3C.
Digital identity helps build consumer trust in financial institutions
According to a 2020 research article from The Financial Brand, when asked which types of organizations they were most comfortable giving digital identities to, 60% of respondents preferred a financial institution above organizations like government, tech companies and social medial platforms.
It’s not surprising. Consumers rely on online and mobile access to their financial institution to manage accounts, pay bills, transfer money and apply for loans. This means digital identity is intrinsically important to the overall financial industry.
Despite our increasing reliance on technology, applications and artificial intelligence, trust is an inherently human quality. There is no substitute for members who trust their credit union to do the right things.
How to compare apples to apples
As you’ve read, no two identity providers are the same. When evaluating the right digital identity solution that is best for your credit union and offers the latest in privacy-preserving technology for your members, ask yourself these questions:
- Does the digital identity provider reduce the need for obsolete security questions in the call center?
- Does the digital identity provider enable two-way, bi-directional communication assurances, eliminating impersonator fraud schemes?
- Can the digital identity provider’s solution be used across all member contact points, creating an omni-channel authentication experience?
- Does the digital identity provider address members’ needs for data privacy, ownership and control of their personal information?
- Can the digital identity provider’s solution be used outside of the credit union ecosystem—making identity authentication portable and interoperable?
- Does the digital identity provider offer protection of identity elements kept in centralized databases that can be hacked and create identity theft?
- Does the digital identity provider comply with current and upcoming privacy laws relating to anonymized consumer data?
- Does the data identity provider offer a long-term solution to reduce layered security costs to fight against fraud scams now and in the future?
The demand for digital identity is only getting stronger. If you don’t already have a digital ID solution at your credit union, now is a good time to start.
Bonifii, a credit union service organization, offers MemberPass, a simple, secure and convenient member identity verification method. MemberPass is a digital passport that provides members convenient access to their financial accounts while allowing control and privacy over ther personal information. We leverage touchless technology to protect you and your members. Visit www.memberpass.com or email sales@memberpass.com.