How Strong, Secured Digital Identity can avoid frauds in COVID-19?
Early March 2020 onwards, COVID has ensured that we stay in our homes and use digital services as much as possible in our daily lives. The only way to avail digital services is to have a valid, safe and secured digital identity.
What is Digital Identity?
Digital Identity is the information that is used on the Web to represent an externally present agent. This agent can be a person, entity or device. It is quite similar to a physical identity. ISO/IEC 24760-1 defines identity as “set of attributes related to an entity”. This is a trusted digital representation of physical identity. Digital identity helps to automate the processes or the scenarios where previously a physical identity had to mediate. Thus, this replaces the presence of a person.
Digital identity is a cumulative database of all the online activity of a certain person. Not only does it include passwords, login credentials but also the search activity and various other behavioural data captured while using digital applications. It is an online identity of a person, which is made available publicly and is an acceptable form of identity.
With the introduction of Digital KYC (Know Your Customer), the customer onboarding process is completely automated. The digital technology used assists in gathering more and more data about the customer as it gets generated on the web. As the complete information about the customer is available online, it means that a holistic identity of the person gets created. If not handled properly, fraudsters and scammers can impersonate which has larger ramifications. Thus, due to increased digitization, the world is also witnessing an increase in various kinds of digital crimes. One such crime that has increased over the period has been digital identity theft.
Why it is needed?
Cyberspace is ever-expanding with a huge amount of data. Millions of transactions take place on a regular basis. With these conditions, it is very necessary to know with whom one is exactly dealing with. With the expansion of technology, frauds are also expanding and the number of people with identity embezzlement also increases. In these scenarios, a verified digital identity is very important to ensure authenticity and confidentiality. Passwords and login credentials can be hacked anytime and thus, they do not stand as a proper way to achieve secured digital identity anymore.
Digital identity is based on dynamic entity relationships. This relationship is built using many different data points such as a collective submission of search histories from multiple websites and mobile applications, signed petitions, badges, tokens, medical history, photos on social media, likes and comments on social media, forum posts.
The identity verification is done by comparing a set of entity relationships between a new event and a past event, looking for patterns of convergence. However, any abnormality in the pattern can guarantee an attempt to forge an identity. Digital identity is made anonymous using a one-way hash. As this concept is about behavioural data and does just about certain fixed data points like passwords or a fingerprint, it is very hard to duplicate.
Identity fraud and how to keep yourself safe
Digital identity is the replica of a human being’s identity. If it falls into the wrong hands, it can be used to mislead others and the real person has to face its consequences. Even though there are a lot of positives to this concept, it is still very risky as a lot of personal data appears on the web and we are aware, anything on the web is hackable. Identity theft happens when a fraudster steals the identity of a person and engages in malicious activities with the information acquired. Logging in unsecured websites, social engineering, phishing attempts, weak password, location sharing systems, third party breaches etc. are very few ways in which data can be illegally mined in the web.
And then comes the dark web, much more powerful and dangerous. Here, data is not just hacked, but sold to other entities. A stolen identity can cause a huge massacre here. According to Consensys, approximately 1.1 billion people worldwide don’t have a way to claim ownership over their identity. Talking about safeguarding your identity, there are multiple ways using which you can prevent identity theft. Protecting and securing passwords, checking bank account transactions and mails daily, not using public and exposed wifi etc. are some of the ways to be safe from ID theft.
According to Colton De Vos, in order to decrease the risk, you’ll need to engage in regular audits and penetration tests of your systems to identify network security threats and solutions. It’s crucial to implement controls from two-factor authentication to firewalls, as well as engage in policies, procedures, and guidelines for dealing with your current and future network security threats and vulnerabilities.
Contribution of Blockchain in strengthening Digital Identity & preventing frauds
The development of various technologies like AI, Blockchain have contributed in establishing safe and secured systems in any enterprise. Blockchain today is an enterprise-grade technology. It has remarkable algorithms that can prevent impersonification and any sort of identity theft. It is used to eradicate issues like inaccessibility, data insecurity and fraudulent identities which are most common in identity theft. According to Consensys, among the 45% of the people without identity, half of them belong to the weaker section of the society. Although, 60% of them do own a smartphone. Thus, there is an immense opportunity to use their smartphone behaviour and create an immutable, unique digital identity using blockchain technology for them. At PiChain, a larger part of our research contributes towards multiple different approaches of introducing the unbanked to the world of digital identity.
To understand how it works, we are providing below a little more detail into technology. While signing up for digital identity verifications, a pair of public and private keys is created. Public keys are stored in a chain which makes it immutable and protected against frauds. Additional data associated with the decentralized identifier can be stored on a chain too. However, complete data is never stored on the chain which ensures privacy and scalability. Each person or organization has its own pseudo-anonymous identifier or DID (Decentralized identifier). Each DID is secured by a private key which is controlled by the owner and thus, only they can prove or control their identity.
Acceptability of blockchain & digital identity
The U.N. and World Bank ID4D initiatives set a goal of providing every individual across countries with a legal identity by 2030. The European Union’s Electronic Identification and Signature (eIDAS) regulation came into force in July 2016, requiring mandatory cross border recognition of electronic I.D. by September 2018. With all these changes in place, digital identity is expected to bring about more mobility, national ID initiatives and an acceleration towards smart cities.
According to NEC, the identity and access management market is expected to grow from $8.09 billion in 2016 to $14.82 billion by 2021, representing a 12.9% CAGR. With everything going digital, starting from businesses to identity checks, it was predicted to have safe, verified and secured digital identity in the coming years. This closes the final loop of digitization and is bringing about the next wave of the digital revolution.
Also, blockchain in digital identity management has multiple use cases, that ranges from self-sovereign identity to data portability. At PiChain, we believe safe and secured digital identity is going to be used in most of the future technologies to authenticate and authorise an individual to various systems across industries like BFSI, healthcare, education, travel, transportation and food tech.