Protecting Your Identity: How To Keep Control Of Your Digital Twin
The COVID-19 outbreak has thrown the world into chaos, reinforcing at the same time just how reliant we have all become on the digital world. Working from home, ordering necessities and being entertained largely online has reminded us that we all have some form of a digital identity – whether on social media, online banking and shopping, or our own professional profiles.
And it goes far deeper than being a picture on a video conferencing screen or an online profile, where we freely share personally identifiable details. Our identity is what gives us a feeling of belonging, a sense of being part of something, wrapped up in society, status, background, religion, wealth and heritage.
We tend to display these personal characteristics on our ‘sleeves’ – especially digitally. Ironically, what makes us unique is both our strength and our weakness. It’s what every hacker is looking for to exploit us, whether it’s to pull on our heart strings in online dating scams, or to trick our banks by stealing our details, in order to access our hard-earned savings.
We very often make it too easy. We don’t attempt to safeguard information on every key stroke we make, or every chat we have with an Alexa or Siri in our home. It soon mounts up.
Living in our digital normal
Over the past few weeks, we’ve experienced more e-commerce and online offerings than ever before – from online gym classes to grocery deliveries – to help us socially distance. Unfortunately, an increased digital presence leads to a rise in cyber-attacks, too. The good news is that unique identifiers and usage-patterns make it possible to verify the digital identity and verify a user – making sure that they are who they claim to be when participating in any online or digital interaction.
A digital identity can be defined as “a body of information about an individual or organisation that exists online.” But the reality is that consumers remain confused about what actually constitutes a digital identity. Consumers don’t feel they can fully protect what they don’t understand. Is it our social media profile? Our credit score or history? Is it contained within a biometric passport?
This confusion means many are also concerned about the level of access a digital identity exposes to potential fraudsters. Once a hacker has our personal details, how much of ‘us’ can they really access? In the US, we found that 76 percent of consumers are extremely or very concerned about the possibility of having their personal information stolen online when using digital identities; but 60 percent feel powerless to protect their identity in the digital world.
This is mainly because many trust in their old methods and devices for security control – passwords, security questions, and digital signatures. But as modern security techniques evolve, these methods are no longer able to protect us on their own.
More advanced and secure methods of identity verification mirror modern social media habits. Most of us are familiar with taking selfies. Now, technology can match that selfie to an ID document such as a driving licence, turning a social behaviour into a verifiable form of digital identification. A simple, secure process enables people to gain access to a variety of e-commerce and digital banking services, without a long and friction filled ‘in-person’ process.
Even in the case of a compromised photo ID or stolen wallet, we can re-verify our digital credentials once we have our paperwork back in order – and restore a digital profile to full health.
But this doesn’t answer the question of who holds our digital identity data. Where is it stored? Who has access to it? Who is responsible for the long-term health and protection of our digital ‘twin’?
Looking after our digital self
Historically, governments have proven to be poor custodians of their citizens’ data, given the loss of 25 million tax records, including payroll information, in the not-so-distant past. Of course, some of the world’s biggest companies are not immune either, being held responsible for countless data breaches over the years.
As such, there is a school of thought that citizens should be responsible for their own digital identities, making them ‘self-sovereign’. The ambition is to free our own personal information from existing databases and prevent companies from storing it every time we access new goods or services. Data controls such as GDPR and CCPA are a start – policing and regulating how companies use, control, and protect data.
However, ‘self-sovereign’ identities could only become mainstream if governments relinquish their sole responsibility for issuing and storing our identity information. It will also require new technologies, such as blockchain, to gain traction and be trusted. A cultural shift will be paramount, too. At present, some of us are all too willing to give up our data to get access to better offers or cheaper goods and services.
Some suggest that instead of the rise of ‘self-sovereign’ identities, we’ll see some of the industry’s biggest players emerge instead. We’re already used to verifying our identities through Google and Facebook, using them to speed up registrations or access new services. Could those tech giants become our digital identity guardians?
What about connectivity companies that know a lot about us already and who could make it even safer for us with the added benefit of a quick geolocation check? Or would we rather entrust our digital identities to financial companies such as Visa or Mastercard, who have been looking after our financial transactions for decades, historically taking on the risk for us, and are now able to process disputes and stop unauthorised withdrawal of funds even faster?
It’s clear that taking good care of one’s digital identity is a fine balance between trust and control. Security is also a personal thing, and what is right for one may not suit another. One thing is for certain: identity is the essence of the human being, so guardianship should be hard-earned.
Whatever the future of digital identities holds, here and now it’s down to the individual to ensure they are protected. Businesses have a role to play in furthering the health and protection of our digital twins too. And in the not-so-distant future, armed with proven digital identity verification and cybersecurity protection technologies, we can make self-sovereign identities a reality – if that’s what the people want.