Solving the digital identity problem for mobile and beyond
Three Essentials: Privacy, Security & Convenience
In the US alone, identity fraud losses in 2020 reached a total of $56 billion, growing 230% YoY from $16.9B in 2019. $43B in fraud losses resulted from social engineering scams, where typically bad actors act as customer support representatives with the intent of obtaining user account information to take over accounts and steal people's money. The other $13B in fraud losses is due to data leaks that enable fraudsters to use information like stolen credit cards and identities to make fraudulent purchases. As mobile phones increasingly replace cash and credit cards, the problem will only intensify. Crime is transitioning from the physical world to the online world and following the money.
But this is still just the tip of the iceberg. By 2025 there will be 5B internet users. Each of us will have a few personal devices that will interact with hundreds or thousands of other devices daily. It will be easy for bad actors to hide within such a wild environment with so much volume. And as the Internet of Things becomes ubiquitous, the consequences of cyberattacks become more physical and increasingly more critical.
New technologies such as 5G and nanotechnology will enable the golden era of the internet of things and wet computing, which will allow total human-computer symbiosis. Can you imagine people hacking devices inside your body or hacking devices inside your baby's bedroom to communicate with them?
Digital identity is an extremely challenging problem and far from being solved. Fraudsters are constantly developing new hacks and scams, and the community of bad actors only grows. So how to build a digital identity that endures and enables consumers to live a life that benefits from technology while staying safe??
I believe that the three essential elements of a next-generation digital identity for mobile and beyond are Privacy, Security, and Convenience.
Privacy has to come first, simply because we know that no technology is impenetrable and flawless. So the ultimate protection is to avoid, as much as possible, capturing or storing any information related to the user's real-world identity.
Security is necessary for obvious reasons and the era of relying solely on static credentials such as passwords and knowledge-based answers is over. The attack surface is too broad. Our data is already spread across countless databases associated with the websites, mobile apps, and people we interacted with. The digital identity of the future must use dynamic and real-time information to validate the user's identity and the context.
The password was invented more than 50 years ago and since then, the user experience in sign-up and login to most internet services has deteriorated, requiring increasingly complex passwords and additional actions for authentication, including the use of one-time passwords (OTPs), biometrics, and other high-friction authentication factors. This strong, high-friction authentication should be the exception, applied only in high-risk situations, not the norm as today. Authentication should be frictionless, and invisible.
Can you imagine, in the future, typing a code to access the hundreds or thousands of devices you will interact with at every location you go?
The one thing that will never change is that no matter how connected we become, we will always be physically present somewhere and will interact with whatever internet service through a physical device in the same place or location where we are present. So I contend that the core of the digital identity of the future will be created around location-sensing techniques that meet the three critical requirements of privacy, security, and convenience:
Our location behavior is as unique as our fingerprints, so our location behavior “fingerprint” is strong enough to authenticate us without requiring our real-world identity or biometric data. Location data can be very sensitive, so it requires state-of-the-art anonymization technology and continuous improvement. Authenticating with data that is not directly linkable to our real-world identity is an essential step toward next-gen digital identity.
Location behavior is inherently dynamic but also has some interesting additional properties. The first is its uniqueness; an individual can only be in one physical location at a time, and a person cannot be in two or more different locations simultaneously. Location behavior is also associated with places that are not publicly accessible such as your home and workplace. Hence, a fraudster has more difficulty accessing these private locations and impersonating your digital identity. The digital identity problem is very complex, so a multi-layered approach is necessary and location is not the only factor, but the strongest.
Location behavior is just our normal behavior. We already carry our digital tokens with us at all times, so no action is required to authenticate using location, other than to be ourselves. This is the ultimate level of convenience.
The ideal solution would be to transform our anonymized physical behavior into dynamic authentication tokens for the internet of things, enabling friction-free, private, and secure communication with every device.
This is a challenging problem to solve! This is why Incognia exists. Join us!
"The most profound technologies are those that disappear. They weave themselves into the fabric of everyday life until they are indistinguishable from it." Mark Weiser
Read more on how Incognia is removing passwords and friction from authentication.