Digital Identity: What is it and how to protect it
Digital identity is the online version of an individual’s physical identity. It consists of all of the individual´s personal data that is available online —not just an email or physical address, but also pictures, banking info, shopping preferences. This identity is not uniform, as we share different attributes in different platforms. In other words, we don’t share the same type of information on LinkedIn and Facebook, for example.
That is why it’s such a complex and unwieldy concept. Who regulates the use of people’s digital identity? BBVA Research poses this question in a working paper, in which it defines digital identity as the “set of attributes that links a personal entity with its online interactions.” And it notes that: “What is really important, in order to interact online, is the validation that others make of the attributes that we share to prove our identity.” In other words, the ability to prove that we are who we say we are.
Exponential technologies: allies of a secure digital identity?
Some exponential technologies, such blockchain and other distributed ledger technologies, biometrics and artificial intelligence can help deliver secure identity services, in particular by governments and financial institutions, says BBVA Research.
According to an article by TechCrunch, the next revolution will be the management of your digital identity. Indeed, as digital technologies continue to develop, the amount of information that users share grows exponentially. Only when users know exactly when, where and to what extent this information is being collected, they will be able to manage their digital identity and take the measures required to protect it.
In this context, privacy is key. And it is essential that businesses embrace this idea: Unless consumers feel that their data are protected, they will refrain from engaging in online transactions.
An opportunity for the financial sector
“For financial institutions, this is the opportunity to become trusted identity providers across different industries, leveraging the trust that consumers traditionally place in the sector,” says Ana Isabel Segovia, economist in the area of Digital Regulation at BBVA Research.
With this in mind, in December 2017, BBVA launched the startup Covault. The company, which belongs to the bank´s New Digital Businesses area, specializes in digital identity and security solutions for individuals and businesses. BBVA and Covault developed a high security biometrics solution to protect and share online identity in the United States.
“We'll soon start to see consolidation and standardization across identity verification projects,” explains Covault CEO Louie Gasparini. “Banks would benefit from a common standard,” he adds, as it would result in “cost savings and efficiency for all adopters.”
Identity Regulation
In today's world, being able to prove that you are who you say you are is a fundamental component of economic, financial and social development. That’s why it’s necessary to develop identity solutions that are valid across different services, markets, standards and technologies. Private companies, governments and regulators search for comprehensive solutions that enable clients and citizens to identify themselves online.
So far, the regulation related to digital identity only covers certain aspects of it. That’s why governments are starting to consider new rules to fill in the gaps. Europe’s eIDAS Regulation, seeks to set a single legal framework for the mutual recognition of digital identities among European Union member states. It is part of a broader regulatory push, which also includes the General Data Protection Regulation (GDPR), which sets the basis for managing the physical and digital identity, and reinforces the idea of an individual control over one’s own data, and the second Payments Services Directive, PSD2.
According to BBVA Research, cybersecurity is one of the main challenges that digital identity regulations must address. Another one is the lack of standardization and interoperability, as each identity provider (whether public or private) stores the information in a different way. Lastly, the lack of user control and regulatory uncertainty are two other major challenges.