Across industries, organizations are accelerating digital transformation processes for long-term growth and profitability. Gartner says that “53% of the organizations surveyed remain untested in the face of digital challenge and their digital transformation readiness therefore uncertain. And part of this has to do with the way they manage the data that comes through the organisation.
What that we don’t hear often enough about is how the accelerated pace of change forced on consumers and businesses in 2020 is impacting how identity is used, managed and protected.
The Allianz Risk Barometer report reported that during the early stages of the lockdown some firms turned off multi-factor authentication. Ask yourself why would companies do that? Where is the logic in that when you consider employees working from home are more susceptible to phishing attacks?
In the US, at the peak of the first wave of lockdowns in April 2020, the FBI reported a 300% increase in cyber incidents.
Identity as a business accelerator
One of the discoveries of 2020 was that consumers are willing to shift more of their commercial and professional engagements online – shopping and collaboration. Not surprisingly businesses are responding to the shift with varying degrees of commitment.
Namrata Jolly, general manager, Asia Pacific, Callsign, said this shift makes the issue of digital identity extremely important. “Businesses are transforming digitally to ensure they can accurately identify who is accessing their portals,” she said matter-of-factly.
More important is “whether the folks who are accessing their online portals are who they say they are,” she clarified.
Forces afoot
The Identity Defined Security Alliance (IDSA) report, Identity Security: A Work in Progress, noted that identity-related breaches are now ubiquitous with 94% of respondents to a study of 502 IT security and identity decision-makers, conceding that they have had an identity-related breach at some point, 79% of which had occurred in the last two years.
What may be more interesting is that 99% of these professionals believe these breaches are preventable.
Jolly believed that technology and regulation will have the most significant impact on the evolution of digital identities. She cited an effort in Europe to enforce strong consumer authentication with multi-factor authentication being used to prove and protect one’s identity. She believed Asia-Pacific is not going to stay behind on this.
While regulatory enforcement needs to happen, she also believed that organisations must leverage technologies like machine learning to go beyond the current generation of technologies.
“I am starting to worry that even with my fingerprint, it's not enough as I wait for the bank to authenticate me. Even if I'm in front of the teller and I need to look at my bank account while she's going through about doing what she's supposed to, I'm starting to worry that somebody somewhere is scanning through the airwaves, looking at how I'm processing the way I do the things,” she quipped.
Are banks in Asia up to the task?
Jolly believed that the verdict is not yet out and that, for now, it is a mixed bag as she called it. She noted that some banks use standard methods for authentication, including username, password and PINs. Some still use SMS OTPs (which are known to be vulnerable to attacks).
She acknowledges that there is a growing interest to leverage biometric authentication, things like a fingerprint. However, she raised the point that there are other everyday technologies consumers already use today, features found in smartphones for example, that can extend the authentication process by leveraging artificial intelligence.
She explained a user’s habit or behaviour can be used to verify one’s identity, without resorting to a conscious effort of request for identity verification. She cited the example of how today we use our fingerprint to identify ourselves to our smartphone or the app running on our smart device asking the user for additional information.
What’s stopping businesses (from going the extra mile)?
Jolly noted the concerns around the introduction of additional friction, perceived or real, is a sticking point for many businesses. She also acknowledged that while there is interest in the potential of technology, like Callsign’s artificial intelligence IP, the priorities of companies like banks are pointed elsewhere – like digital transformation.
The above comment suggests that security, including authentication, is not an inherent part of digital transformation. To the author of this article, this is nothing new and reflects an observation that is decades old and remains the status quo despite advances in technology and process innovation.
Jolly provided more politically astute commenting that there remains, in many traditional businesses, legacy platforms that power mission-critical business functions. And behind these systems are ‘multiple vendors’ that keep them running.
“I wouldn't see that as a concern. But definitely, there is some amount of effort involved in rolling back multiple solutions that they have, and then bringing in a comprehensive solution,” called out Jolly.
She believed that it’s more about the effort, however, for organisations to roll out solutions similar to Callsign’s.
“We are hopeful that given the different benefits that we would bring, including the ability to help with vendor consolidation, and provide one vendor who can to provide a comprehensive solution, apart from the benefits to the consumer, reducing cost by doing away with SMS OTP (for example), and so on. We are hopeful that this is something that will create value in our potential customers here,” she concluded.
Click on the podchat player to listen in Jolly’s candid discussion about the rise of intelligence-driven authentication.
- How important is identity as businesses accelerate how they engage with customers online?
- In 2021, what are the forces that will have the most significant impact in how digital identity is created, managed and protected?
- What is holding banks/businesses from implementing such technologies?
- Can you name 3 common mistakes businesses continue to do when it comes to digital identity?
- When looking for an identity solution is there a one-size-fits-all?
- What do you see will be the top trends impacting digital identity in 2021?
