Creating, Engaging, Managing the New Age of Identity
April 1st 2019
The digital world is advancing fast. Technology is able to carry out functions and analyze data more efficiently than ever, all in a matter of milliseconds. These advances come with major concerns and challenges. For businesses of various sizes, understanding the full scope of IAM (Identity Access Management) is becoming a prerequisite for survival in today’s digital landscape.
With ever growing actions available on a phone or the internet, users will be frequently required to verify their identity, leaving businesses to answer the questions they have about the security of their most private information.
Financial institutions and any other organization looking to successfully onboard new clients must become proficient in rapidly categorizing different types of customers and figuring out how to securely engage them.
This publication, along with those that will follow on a monthly basis, seeks to breakdown every aspect of the new age of identification. From the foundations of the creation of your identity to best practices for usage, storage and management, including a look at the laws that are implemented to protect the customer and challenge the organization.
In this first, introductory piece we will provide a basis and help to establish the foundation of the concept of identity. We will attempt to describe and define the best way for any sized organization to understand how identity is used and for which purposes.
There’s much to learn and understand, for your safety and others.
Identity is a concept constantly studied and closely monitored for many reasons on both a global and a local scale resulting in more factors to take into consideration. In order to comprehend its significance in today’s society, we must first define the different sides of an identity: the personal, the genetic and the legal and look at how those profiles interact with each other and further, which aspects of each of these elements is used when digitally verifying one’s identity…
A personal identity consists of your family, your culture, your language, your gender, your perspectives, your sexual preference and the list goes on. For each individual, identity differs based on experiences and changes in their lives. This characterization of an identity is mainly used on a personal level for each individual looking to find a job, make friends, build relationships etc. These types of actions do not require legal interference in identification and therefore, are not likely used to verify your identity when trying to complete digital onboarding. This type of identity profile is more likely to be used to create an online ad campaign and marketing schemes aimed directly at your interests, but that’s another article for another company to write.
Your genetic identity, probably the most secure form of identity, is carried around with you at all times. It consists of your fingerprint, iris, voice, face, DNA, blood type etc. This identity is given at birth and with the exception of some extreme cases, cannot be changed. Not only is this identification method virtually unchangeable, it is one that is specific to you and no one else making it the most accurate form of verifying your identity. The trick here is, these genetic attributes are not widely accessible and therefore only certain aspects of your genetic identity can be used to verify a digital process: fingerprint, voice, iris and face which is also considered your biometric identity.
Legally, a person’s identity is defined most accurately by external factors. For example, a transgender female might herself identify as female, however, unfortunately, she will not be considered a female until her minted, government issued ID has been legally changed allowing her to be globally recognized as female with any service she wishes to access. Your legal identity consists of your ID card, your identification number, your nationality/passport and your
birth certificate. All these elements allow legal identification of your personal data to be used as a means for acquiring services and completing transactions worldwide.
For the purposes of Scanovate’s activity and expertise, we will follow along the legal identity, now combining biometric parameters, to gain insights into the full scope of Digital Identification. For businesses, it is imperative to learn how to control and manage these identities in a safe and accurate manner that maintains regulatory compliance and creates a sense of security amongst its users.
Managing cyber identities forces businesses to possess the resources and capabilities to know which questions to ask about the credentials of their customers, and what answers to look for, and further, use this aggregated data to inform their decisions on the customer’s eligibility for whichever transaction.
When managing cyber identities, an organization asks itself: where do we keep it, how do we keep it and how long do we keep it for? It being the data behind your identity: address, phone number, political affiliations, nationality etc.. For an organization to successfully manage identities it must be aware of what it is, who created it and how they can engage it.
By managing identities, an organization has the control over the engagement with the client. Where a client’s identity is the epicenter of access to digital services, the management of these identities is no less crucial for each organization to ensure, in order to effectively engage their clients in the digital space.
On the management front, regulation is a stronger player in the considerations behind the methodologies as managing an identity involves storing and accessing a user’s private information. From financial institutions to retail businesses, of all sizes, regulatory demands standardize services and hold businesses accountable for how and where they are allowed to store and manage a user’s data and for how long.
Of course, regulation changes from region to region, depending on each country’s stance on user privacy. for a better understanding of your region’s regulatory standpoint, we recommend researching a bit about the laws of privacy in your country. Europe, for example, has the GDPR which is slowly setting the bar for identity management best practices. Other countries, like Sweden, have stricter policies that limit Identity Access Management in completely different aspects.
Engagement happens as a result of using context when assessing an identity. Which part of my identity is being referenced is dependent on the action I want to complete. There are different levels of engagement that require different credentials.
Frontal levels of engagement are where a user’s credentials are assessed according to my proof of ownership. Age verification is an example of frontal engagement. Based on the ID one possesses, and the year it was issued, one will have access to certain digital services, for example, renting a car, opening a bank account or purchasing age restricted products like alcohol or cigarettes.
Traveling is another example of engagement with an identity. A user must present their financial credentials when purchasing a ticket to fly and must then present their biometric and legal identities when arriving at the airport. When a traveler’s passport is swiped and their face is then compared to the picture in the passport, whether automatically or manually, it is considered a form of identity engagement.
Identity: Then & Now
The beginning of the 20 th century executed very different methodologies than today’s identity schemes which will continue to change and evolve in accordance with technological advances. The old system of having a country mint an identity for a person and it being recognized globally for verification was once sufficient, until computers became an integral part of an organizations’operations and success. For example, there has been an increase in multinational or non-national populations, making people more difficult to identify using the old methodologies that were available at the start of the 20th century.
Computers and technology have shifted the once static identification methods to more dynamic and, of course, digital forms of identification. Identity was originally built as a form of ownership which represented you, and in time, has moved to be used as a means to an end.
Today, it is in the best interest of any organization to look at identity as an asset rather than the defaulted option as part of a long history of internal governance approaches. Businesses looking to become truly and fully digital will have to understand the abundance of methods of identification and how each user’s identity profile provides insights into much more than just the verification of each customer.
What’s the bottom line..?
Cyber identity is a big world that is constantly evolving and rising to new heights. It is already and will become more a part of our everyday operations. It is a concept that must be on the forefront of discussions surrounding the topic of digitization for all organizations in all industries worldwide.
In the very near future, market leaders will be looking to get their products and messages to customers remotely, without having to take branch locations into consideration. This allows for rapid market expansion and, it goes without saying, increases in sales and revenue. This is the dream for businesses however, this dream comes with great responsibility.
To understand the full scope of Cyber Identity businesses must comprehend how identity is created, how businesses can engage with an identity, and how an identity is managed, while simultaneously maintaining a firm grasp of the laws in place that could mean grave ramifications if otherwise.
Co-writers: Guy Stiebel, CIO of Scanovate and Danit Ianovici, Scanovate Content Developer