What is Digital Identity? Verification, challenges and opportunities

Understanding the evolution of digital identity is critical for businesses. More and more of our lives are spent online and on mobile, resulting in changes to consumer behaviour, regulation and technology. The businesses who adapt will thrive, and the ones who don’t will find it hard to compete.

• • What is digital identity and why is it important?
  • How is digital identity verified and regulated?
  • What are the key drivers and challenges of digital identity?
  • What are the key opportunities of digital identity?
  • What could the future of digital identity hold?
  • Our recommendations for using digital identity
  • How Experian can help you keep pace and stay competitive

What is digital identity and why is it important?

A digital identity, also known as a digital ID, is a way to gain verification and access to products and services online. With one, businesses can employ faster and smoother customer onboarding, and individuals can open and access online accounts for banking, shopping, and Government services.

Digital ID has also fast-become an essential part of organisations’ recruitment processes, with many employers utilising it within their candidate vetting. By digitising checks, such as Right to Work, the whole hiring process becomes less time consuming and costly.

Already used by over 3.2 billion people across the world, Governments are starting to recognise and back the use of digital ID as legal identity. EU citizens, residents, and businesses for example, can use the established European Digital Identity^[1] for public and private services across the EU.

What kind of information makes up a digital ID? A digital ID is made up of digital attributes – consisting of your legal identity, such as date of birth or email address – and digital activities – such as device info or search queries:

Digital attributes

• Date of birth
• Bank details
• Medical history
• Passwords
• Email address
• Driver’s licence
• Biometric data (such as fingerprints or retina scanning)

These attributes can be stored and managed within a digital wallet, making it easier to share the information, in real time, with digital identity systems.

Digital activities

• Device information
• User location
• Purchasing patterns
• Purchasing history
• Search queries
• Downloads
• Social media usage

It’s important to note that some digital attributes are more popular and preferred than others. For example, since being introduced for smartphone and laptop unlocking, fingerprint recognition has become a commonplace method of biometric verification. Because of this it’s worth considering each attribute’s popularity and ease of use before implementing it into your own system.

As with all things digital, there are security considerations and levels of risk to be mindful of. Having personal information online means users and businesses can be subject to security breaches, theft, and hacking.

What is digital identity verification?

Digital ID verification is when items from a user’s digital activities and digital attributes are used alone or combined together to identify and verify a person. Put simply, it means their identity is proven to be real, and isn’t stolen or fake.

According to McKinsey^[2]:

Unlike a paper-based ID such as most driver’s licenses and passports, a digital ID can be authenticated remotely over digital channels.

Similarly, an essential part of candidate vetting is the use of Identity Document Validation Technology (IDVT) to confirm and verify the validity and authenticity of those digital attributes, without the need for physical checks. IDVT verification is done by extracting data, such as signatures, from ID documents which are then analysed for any manipulations or alterations by Machine Learning algorithms.

In fact, artificial intelligence is fast-becoming a handy tool for ID document verification as a whole, as it can be added into digital ID systems to help organisations validate a document’s authenticity at speed.

When it comes to digital ID security, and to ensure control and ownership of a digital identity, both individuals and businesses can use the common self-sovereign identity (SSI) model. This model is made up of three pillars: blockchain, decentralised identifiers and Verifiable Credentials. Together, they ensure that the owner of all the digital data remains in control, with access rights and the ability to remove data if necessary.

How is digital identity use regulated?

In the UK, the pace of digital ID’s adoption and transformation has led to the introduction of the Government’s Digital Identity and Attributes Trust Framework (DIATF).

The DIATF is a planned governance framework for the future use and vision of digital ID. It maps out the standards and requirements businesses must follow when working with digital ID and ID security. This includes having a data management policy, following security and encryption best practices, and having detailed recovery processes in case an individual is a victim of fraudulent digital ID activity.

As well as this, the Government-approved Good Practice Guide 45 (GPG45) shares official guidance, which essentially comes down to using whichever tools and processes are best for each organisation. For example, are your candidates or users likely to have a passport or the means to digitally capture their physical ID? If not, an alternative vetting process should be provided.

Alongside this framework is the Digital Identity Service Providers (IDSP) certification. This is a Government-initiative that approves and certifies businesses, such as Experian, to be able to complete digital identity checks for schemes like Right to Work, Right to Rent, and DBS.

As well as providing assurance and digital identity security for consumers and businesses, both the DIATF and IDSP highlight that digital IDs aren’t just a trend, but fundamental change in the way we are able to identify and verify individuals.

In fact, according to our research, consumer preferences for online security and fraud prevention methods have shifted towards invisible solutions. These include physical and behavioural biometrics, as well as PIN codes sent to devices. This rise in popularity seems to be towards more elegant, invisible, and frictionless consumer recognition systems.

Our research also shows that UK consumers are increasingly willing to share personal data with businesses they have a long-standing relationship with. Older consumers (40+) are happier to share more types of personal data with trusted businesses, while younger consumers are more willing to share biometric (physical and behavioural) data.

By incorporating the relevant authentication and fraud prevention procedures into every digital channel and life stage, businesses can build trust, improve retention levels, and create opportunities to win more customers in the digital marketplace.

What are the key challenges of the ‘digital identity crisis’?

Businesses and the UK Government are rapidly implementing digital ID into their verification processes, but a primary problem is protecting the security of this identity data.

For many lenders, rapid uptake of digital ID verification means trying to compete with agile FinTechs and new market disruptors such as Buy Now Pay Later (BNPL) service providers.

Understanding the drivers, challenges and opportunities of digital identity design will put you in a strong position to adapt and change within a fast-moving digital marketplace. The technology you implement now will enable you to readjust quickly in the future, as the external landscape continues to evolve.

1. Keeping up with changing regulation

Processes to avoid a security crisis are a key part of digital ID designs, with obvious good reason. To assist in minimising risks, the UK has several laws and regulations, such as Anti-Money Laundering (AML) and Know Your Customer (KYC), overseen by the Financial Conduct Authority (FCA). As digitisation speeds up the pace of change in the financial services industry, regulation is likely to evolve more rapidly too.

Keeping up with changing regulation is a challenge for all businesses. However, the FCA’s innovative, risk-based approach gives UK businesses an opportunity to innovate new products and services in collaboration with the regulator. This is a great way to ensure your processes are robust from the get-go, and can save a lot of time, money, and energy in revisions.

Businesses can also find regulation guidance in sources such as the Good Practice Guide (GPG) 45 and JMLSG Guidance^[3].

2. Managing friction versus risk

It’s important for businesses to identify the right assurance level for the amount of risk a customer is willing to take when verifying or using digital ID.

As our research shows, a one-size-fits-all process doesn’t work. Different customers will have different preferences when it comes to what data and digital credentials they’re willing to share, and what kind of checks they favour. It also depends on their relationship with the business in question, and where they are in the customer journey. Understanding this is key, alongside ensuring that any checks introduced are appropriate for the level of risk involved.

You can read more about identifying the right assurance level and regional differences in our whitepaper.

3. Preventing and managing fraud

Buying and making transactions online is at the highest it’s ever been and most consumers are well aware of the security risks involved with sharing personal information online. Because of this, fraud detection and prevention measures are now essential and businesses must include the appropriate solutions within their customer journeys, as standard.

Our research shows a disconnect between businesses’ security measures and consumer preferences, highlighting that there’s still some work to be done. To match consumer demand, businesses need to optimise investment in authentication and fraud prevention solutions, as well as undertaking consumer research so they’re able to get a better understanding of their customer’s experience, wants, and needs.

4. Building consumer trust around fraud concerns

The rapid rise in digital activity has created new opportunities for fraudsters, meaning businesses and consumers are exposed to increased risks of fraud, identity theft, and data breaches.

When it comes to digital identity solutions, matching consumer concerns will be critical in building trust and understanding how willing they are to complete certain verification activities.

As with managing friction versus security risk, it’s not a one-shot solution as there are many variables at play. In digital settings, where reducing friction is the number one concern, two-factor authentication could be enough. However, in situations where potential fraud and ID privacy concerns may rise, a multi-layered approach to digital identification could be needed.

Most countries have some kind of privacy legislation in place, but the depth and breadth of regulation varies. Businesses need to work closely with trusted partners and suppliers to best understand how those requirements impact them, whilst keeping up to date as they evolve.

What are the key opportunities of digital identity?

Investing in the right digital identity design could unlock a range of business opportunities, allowing for competitiveness in an increasingly busy digital marketplace.

1. An increase in economic activity

Digital ID allows consumers to access essential products and services online and on mobile, such as banking, Government benefits, education, and healthcare. This means more people are able to get online to undertake tasks and make purchases, and they’re able to do it quickly and habitually.

Research into the potential economic impact of digital ID, by the McKinsey Global Institute^[4], showed that countries implementing digital ID could unlock monetary value equivalent to 3%-13% of GDP by 2030.

2. An improved customer experience

One of the biggest stories of the pandemic is how it’s accelerated digitalisation. It forced a sea-change in the way we live, work, play, spend, save, and borrow. As a result, consumers have become more digitally savvy and expect a quick turnaround and seamless digital journeys.

To keep pace, businesses have rapidly transformed their operations to accommodate new digital services and onboarding capabilities, while fulfilling consumer expectations for fast, easy, and secure interactions.

Investing in the customer experience and staying ahead of the curve when it comes to new implementations or journeys, will make for happy customers and allow businesses to reap the rewards.

3. Better privacy protection

Digital ID technologies mean a person’s identity can be appropriately authenticated for a specific transaction, without unnecessarily sharing their personal information. For example, your digital ID could confirm you are aged over 18, without disclosing your full date of birth.

This additional layer of security – and peace of mind – can be a huge benefit for consumers, meaning they’re more likely to do business with those who have it implemented.

What could the future of digital identity hold?

Compared to many digital systems and processes, digital identity is still in its infancy. Which means businesses have a unique opportunity to help shape and evolve the proposition as a whole.

In order to prepare for emerging digital ID technologies and legislation, it’s important to build flexibility into digital identity solutions. That way it’s easy to adapt to any cultural, technological, and regulatory changes.

Consumers want both security and ease of use, regulators want assurance that data is protected and used responsibly, and businesses are walking a tightrope to meet these often competing demands. It’s therefore important for organisations to evolve their digital identity strategy and keep up to date with these shifting dynamics.

Another interesting topic currently being debated between the Government and banks, is around liability. Right now, many banks rely on one another’s digital ID verification to make their own business decisions. But if a bank has verified someone that turns out to be a fraudster, who is responsible and liable for the security breach and potential fine? While this example may be industry specific, the issues around liability should be considered by all.

The evolution of digital identity is a journey, not a destination and you can take a closer look about the future of it in our whitepaper.

Our recommendations for using digital identity

• Make sure your systems are robust and ready to go. The digital ID landscape is evolving at a rapid pace and you need to be sure your systems are ready for it.
• Judge the appropriate level of identity verification needed to suit your customer base, so they can experience a frictionless customer journey.
• As well as meeting regulations and legal requirements, remember to consider the fraud risks specific to your business and make appropriate designs for them.
• Implement a layered approach as this will allow you to balance certain technologies strengths and weaknesses, resulting in a robust solution overall.
• Be prepared to adjust quickly to technological shifts. Just a few years ago, fingerprint biometrics were considered niche. Now, they’re ubiquitous and readily used by most.
• Design solutions that focus on inclusivity, making sure the technology itself doesn’t become a barrier to access.
• Understand the role and responsibility of your business – do you want to become a digital ID service provider or will you be happy to accept digital IDs from elsewhere?