Serious change awaits the digital identity market in 2018. The magnitude of the Equifax data breach served as a wake-up call to consumers, the media, and policy makers that the status quo for digital identity is inadequate. Simultaneously, innovations in biometrics, machine learning, and artificial intelligence introduce new ways of proving who we are while we are online. A crisis creates an opportunity for change. These are the five big changes for identity we see for 2018.
1. Biometric and telecom operators replace credit bureaus
Given that criminals and legitimate people have access to the same information, knowledge based methods of identity verification will phase out in favor of biometric and possession based methods. Sign-up flows that compare a selfie of the enrolling user to an image of a driver’s license will become increasingly common. Mobile Network Operators like AT&T and Verizon will leverage their location data and subscriber information to fulfill functions that the credit bureaus fulfill today. An added advantage for consumers opening new accounts is the elimination of data entry requirements as telecoms already have the personal data on file.
2. Dawn of the bots
Machine learning allows applications to teach themselves based on feedback after a transaction has been completed. As opposed to applications that use rigid rules to determine whether or not an identity and user combination is valid, machine learning applications can leverage new insights on the fly to increase the pass rate for legitimate users while keeping criminals out. As more and more data points are available from the way we type on a keyboard to our geolocation data as we commute from home to work, dynamic applications will become more and more effective at making the right access decisions.
3. A new type of Single Sign On provider
Government, healthcare, and financial services applications do not accept social logins for access to their applications. This is almost certainly for the best as most Americans likely do not want an advertising company managing their most sensitive information and transactions. In Europe, however, a new type of Single Sign On is emerging. Sweden has “BankID” which provides a Single Sign On for Swedes to use to prove their identity for high-risk transactions. A Swiss consortium of financial services companies just announced SwissID for the same purpose. Expect more trusted identity providers and national ecosystems to emerge to provide the same functionality to government, financial services, and healthcare that Facebook and Google provide for low-risk logins.
4. Redefining the role of the SSN
Shockingly, many organizations still allow their call centers to verify the identity of callers with name, date of birth, and last four of SSN. Criminals will use compromised data from breaches to attack slow moving organizations that use static identifiers until they change their behavior. Meanwhile, members of Congress have publicly mused about “killing the Social Security Number.” While the Social Security Number won’t go away, policy makers and organizations will create a strong distinction between identification – whose unique identity is the user trying to claim? – and verification – is this user actually the identity they are claiming? – to protect themselves by distinguishing legitimate users from attackers.
5. Biometric-based interfaces
Voice based interfaces like Amazon’s Alexa and Apple’s Siri are already changing the way people live, control their homes, and pay for things. As voice based platforms mature, and phone manufacturers and platform providers alike continue to service the Virtual Reality (VR) and Augmented Reality (AR) world, consumers will find that the line between the physical and digital world is increasingly blurred. And that strong digital identities are more important than ever to maintain control.