Digital identity will underpin everything we do online and while much has been done, it still seems to be playing ‘catch up’ with the new technologies it should be harnessing.
Data breaches are escalating at an unprecedented rate. Fines caused by players stealing customers’ digital identity are already running into the billions of dollars. The hardest hit is the financial sector. Stories of banks, credit agencies and other financial institutions being hit make the headlines for a while.
What does not make the headlines is the penalty for leaking the digital identity of your customers. They are tough and steep.
As the GSMA notes, ‘Capital One in the US accepted culpability for a breach affecting the personal details of 106 million customers across North America, including credit scores, payment histories, linked bank account numbers and social insurance details. This came just a week after credit agency Equifax agreed to pay out just under $700 million for a data breach exposing the personal data of 150 million people and the company faces a claim of around £100 million for failures to comply with data protection obligations prior to GDPR’s introduction, in the UK’s first representative data breach claim to the High Court’.
Of course, the challenge is not limited to the world of finance and ‘even major players in key industries such as transport and hospitality are encountering difficulties in keeping their systems of the right side of the regulators – and that can be very expensive’.
As you would expect, the GSMA points to operators being guardians of customers’ digital identity and their trusted partner in a lifelong journey. It points to the already very effective collaborations between operators and financial institutions.
Yet there still seems something about digital identity that is not being grasped in the way it should be. It is the entry point into the digital world for customers and therefore the point that hackers try to, well, hack.
It is also one of those areas where we hide behind ‘advances in AI and facial recognition’. Frankly if the advances that we read about are as advanced as they say, we should be safe as houses, or safer. If customers could opt in to full facial recognition as their security procedure and if the data sharing between operators and banks was better (and customers could make it so by opting in), then surely we should not be reading the headlines about multi-million dollar data breaches.
Maybe operators and financial institutions should bring digital identity to the top of the agenda, invest much of the money set aside for fines – and solve this problem once and for all.