A Broader, Deeper View of Identity Management
While strides have been made toward better online identity authentication, there are numerous barriers to success, some of which are self-imposed. For instance, some agencies may still rely on self-reported, internally collected data to verify identity, despite the fact that in the first half of 2019, 4.1 billion records were exposed. Other agencies use multifactor authentication, including logins and passwords plus codes sent by text. While this can help enhance security, it doesn’t account for how previously unknown users behaved in all aspects of their digital lives and whether or not they are threats.
The solution lies in a multilayered approach. Much more than a password or a single piece of identifying information — such as a birthdate or Social Security number — digital identity authentication can look at an array of factors, including:
- Behavioral biometrics
- IP address
- Social media presence
All of these elements can help determine who is on the other end of a transaction.
The benefits are substantial, as the private sector has seen. Companies utilizing a multilayered solution approach could realize an approximately 30 percent decrease in their cost of fraud, which is significant. And with digital identity intelligence and behavioral biometrics layered in, organizations can expect to lower the true cost of fraud even further.
Creating a complete profile of users during account creation is critical to ensuring the integrity of your system. But that profile depends on many disparate bits of data and requires a combination of internally collected information and contextual data from third-party databases to verify a new user’s digital and physical identity. A digital and physical identity database solution correlates identity and transactional information in near real time from thousands of data sources to find patterns of behavior. Agencies can leverage the results to streamline customer access, improving CX while maintaining trust in the system.
Here’s a real-world example that illustrates this approach.
A driver’s license is the gateway to identity, so it is crucial to ensure licenses are issued to legitimate users. Instead of physically going to a building to renew a license, a user now goes online. The department of motor vehicles can compare the information provided when creating an account against a global digital identity intelligence network to see if the user is who they say they are, based on the user’s digital footprint. As a result, the DMV can instantly determine if the user is trusted or if there is a level of risk that calls for an additional layer of security to be applied.
Frictionless and Risk Appropriate Access Management
Many states and local jurisdictions are looking at a centralized access model — a single sign-on platform that opens the door to all services and information. Some states and cities have already begun the process. Centralization requires new workflows, and the challenges for many jurisdictions involve everything from vision and planning to the budget process and advocacy.
On top of that, it often entails finding the right technology partner to develop and integrate a solution. Still, the benefits of implementing a more risk-appropriate, centralized environment outweigh these challenges because it can better protect citizens and agencies alike. Reducing fraud, protecting data and people, and reducing friction all save time, money and resources — as well as frustration. Ultimately, these platforms need to ensure trust, confidence and integrity.
However, achieving this means countering bad actors of all types.
Global cybercriminal networks — state-sponsored or not — have ever-changing technology and intrusion methods. In addition, they have data purchased off the dark web and harvested for years, making detection less likely by the person who truly owns the stolen identity. To defend themselves, the private sector has benefited from having access to a global digital identity intelligence network that goes beyond what cybercriminals can harvest themselves.
Ensuring the trust, confidence and integrity of a single sign-on platform requires an identity verification/authentication strategy that utilizes global digital identity intelligence and linked physical identity data that can provide real-time physical identity verification and authentication. It takes a linked digital and physical identity network to fight a global cybercrime network.