Five Identity Proofing Trends in Identity and Access Management for 2018

 

The days of auto-filling your personal information in exchange for “free” access, content and offers are limited. People generally don’t think twice about providing personal information in exchange for what they want quickly, but that is beginning to change as cases of personal data being misused and even breaches on major platforms increase (see Facebook).

The issue of regulations around Personally Identifiable Information (PII) is coming to a head. Self Sovereign Identity (SSI), the concept that people and businesses can store their own identity data on their own devices and provide it efficiently to those who need to validate it, without relying on a central repository of identity data, and what that should mean is paramount in the digital age. The idea of owning your own data and consenting to its use may have seemed impossible just a few years ago. However, European courts gave someone the right to be forgotten and scrubbed from Google search results in 2014 and Google says it has received more than 650,000 requests to remove certain websites from its search results since.

Identity and Access Management (IAM) is moving toward fewer instances of storing personal data and more toward scenarios where information is requested as needed to process services.

As businesses look for ways to streamline and secure digital transactions, here are some of the top IAM trends:

 

People Will Own Their Data

Due to GDPR and other similar laws going into effect, more and more digital interactions will rely on individuals giving consent for their data to be used. This practicality has birthed the concept of Self Sovereign Identity (SSI) where a person holds and controls all of their own data, including biometrics. This concept could,  and has already in some countries , give way to passport-less travel, where an individual’s biometrics will be used to access all the information needed for border control.

 

Biometric Authentication Will Go Mainstream

Biometrics is not just a novel way to unlock your iPhone anymore. Expect to see more mainstream adaptations of biometric authentication as leaders in IT fear digital threats will continue to increase. Access control, in particular, is moving from access cards to biometrics with gait recognition being the technology that is gaining popularity for high-security areas.

 

More Industries Will Invest in Blockchain

The future of using cryptocurrency such as bitcoin for everyday transactions remains to be seen. However, companies like Mastercard are utilizing blockchain technology to reduce fraud and credit card skimming. Mastercard plans to roll out its investment into blockchain technology – the company is the largest holder of blockchain-related patents in the world.

In addition to the finance industry investing in blockchain, healthcare is another industry that is highly concerned with secure yet more streamlined documentation. Ideally, healthcare records would be complete and travel with the patient regardless of doctor or insurance changes. This is still a working concept as the records are stored in many different systems, which have resulted in many recent high-profile data breaches.

 

Artificial Intelligence Will Improve Security

Currently, Artificial Intelligence is powering identity solutions by learning from millions of transactions and documents to spot anomalies. This is a powerful tool to help combat fraud. Industry leaders envision a future where AI can monitor computer sessions to identify if a real person is conducting a transaction or if a session is abnormal or the result of a breach. Rather than checking against credentials, AI could use a combination of biometrics and user behavior to figure out whether that person poses a risk to security. AI learning the identity of users and their habits dynamically is still a future technology but is one that shows a lot of promise.

 

Investments in building identity solutions for your business need to include both proven experience as well as groundbreaking innovations. Acuant is proud to be one of the four providers of Identity Proofing Solutions named IDC Innovators, offering the combination of physical document and biometric authentication through human assisted machine learning.

 

 

Beyond Machine Learning

Buzz from the Know Identity Conference 2018

The 2nd annual Know Identity Conference just took place in Washington DC and Acuant was in attendance to catch this year’s buzzworthy topics. A major one was how firms will establish consumer identity especially in the digital world and how/when most consumers would use digital identity.  Enter SSI. The industry has unified around the term self-sovereign identity (SSI) to represent both the digital identity credential and the right for the consumer to control access to it and who gets what portion of their identity.

 

So how do we test whether digital identity is ready for the consumer mainstream? One line of thought by David Birch of Consult Hyperion, was that by taking care of 3 audiences of online consumers (the 3 W’s), that would be enough to ensure the right amount of protection to make business transactions secure. The 3 W’s are witness protection, whistle blowers and people who browse explicit material (wankers in his informal British prose). If digital identities allow the 3 W’s to browse anonymously and protect their transactions, then we can all have an appropriate level of security in the digital world.

 

Scott Galloway, a professor at NYU Stern School of Business, worries about the ever-increasing control of personal information in the digital world by four companies: Google, Facebook, Amazon and Apple.  He calls these firms the brain, heart, stomach and libido of the digital world.  These four companies each create more revenue each year than the GDP of all other nations except USA, China, Japan and Germany.  Scott argued these companies are already monopolies and innovation could gather renewed energy if these companies were broken into smaller entities, further pondering that they may have just too much information about individual consumers. In the backdrop of the recent Facebook debacle and the pending European GDPR laws, protection of consumer information was at the forefront of many conversations.

 

The General Data Protection Regulation (GDPR) goes live May 2018.  The hardest part of compliance with this new regulation mentioned by many of the panelists, is compliance with the laws mandating the right for a consumer to be “forgotten” by any company.  With the size and breadth of systems in many companies, the right to erasure of a consumer may prove a daunting task. The days of selling consumer contact lists will be over in the EU come May and the UK is currently racing down the path to adopt similar laws as GDPR by the end of 2018.

 

Biometrics and its various forms was also highly visible at the conference.  Most sessions and panels discussed biometrics whether it was facial recognition, iris, fingerprint or voice as the natural next step in security. Most experts suggested a multi-modal approach to biometrics (more than one biometric) as there always needs to be a fallback when something does not work quite right. The fear factor of biometrics is much lower now and with adoption rates increasing we should all expect to see more usage across industries.

 

Lastly, there was a theme of hope as digital ID was seen as a solution to the unbanked and underrepresented for many parts of the world.  Many areas where government IDs are made available at birth (but other forms of identification are scarce, unreliable or inaccurate), could benefit from digital IDs backed by initial ID documents.  With Washington DC as a backdrop, new ways of proving identity with low friction, high confidence and mobility shined through.

 

 

security white paper cta