By David Orme, Senior Vice President of IDEX Biometrics ASA
Digital identity, also known as an amalgamation of information available online that can bind a persona to an individual, is changing the face of personal identity as we know it. In a similar way to its physical counterpart, digital identity can be used to authorise an individual’s access to something that may otherwise be restricted. In the online world, a username, email or password can be used in a multitude of ways – allow a user to transfer money, shop online or access a social media account for example – in the same way a passport can be used for travel, or an identity card to verify age.
However, when in the wrong hands, this personal information can be used by cybercriminals for fraudulent and malicious intent. In fact, often just one element of personal information can be all a cybercriminal needs to steal an individual’s online identity – providing them with the ability to withdraw funds from a bank account or even apply for credit cards or loans in another person’s name.
Despite rising concern around the security of personal data, our recent research revealed a surprising lack of awareness regarding the actual value of people’s personal data. The research found three-in-five (59%) consumers worried about the security of their personal information, but in the same research almost three quarters (73%) said they would be prepared to give up their name in exchange for a free coffee, and an astonishing third (33%) would even be prepared to share their date of birth. Highlighting an obvious disconnect between the public’s concerns and their behaviour.
Findings from the millennial generation were even more worrying. As many as 80% of this generation would give up their email address for a coffee, and 42% would give up their mobile phone number, with baby boomers (26%) being much more likely to keep that information a secret. Whilst this personal data appears to be seemingly nominal pieces of information, sharing it, without a thought to how it can be used, is putting digital identities at risk.
A phone number can be used with reverse lookup services to obtain an address, which can provide hackers with all they need to steal an identity. Once a cybercriminal has access to a home address there is nothing stopping them using this along with your full name to find out additional information, all of which can be put together to set up a credit card or even steal money from an existing bank account. Sharing a date of birth can be just as harmful – for many a date of birth is an easy password or PIN number to remember, but with a bit of trial and error can deliver quick results for hackers.
The ramifications of sharing personal data are frightening, yet this clearly isn’t translating into precautionary behaviour. This is a theme that can be seen particularly among younger generations, who are far more laissez-faire with their personal information than their elders. This is further supported by the research which found only 43% of Generation Z would be concerned with giving away their mother’s maiden name, whereas 74% of Baby Boomers would. As this piece of data is one of the top password security questions, providing a mother’s maiden name, could directly help cybercriminals access consumers’ personal accounts. Perhaps safeguarding personal data is one area where younger generations could learn from their more cautious elders.
Whilst this reckless behaviour could be put down to a lack of awareness around the dangers of sharing personal data, it is also likely due to a common misconception in today’s digital age, that if a cybercriminal wants your personal information, they will find it anyway, despite any efforts to protect it. This belief highlights a lack of faith in companies to protect personal data – an attitude that without action will continue to drive careless behaviour when it comes to digital identity.
To combat this attitude, businesses and organisations need to act now and adopt innovative methods to protect digital identities and reassure consumers that their personal information is safe when using online platforms and devices. Fingerprint biometric-enabled identification cards are just one wave of innovation that can empower consumers to take control of their own digital identities. By moving towards something the consumer is (i.e. their fingerprint), rather than something they know (like an email address or password), consumers can be safe in the knowledge they are the only person able to authenticate online or digital activities.
Unlike current methods of online identification, fingerprints cannot be shared, lost or stolen, therefore providing ultimate security for consumers when authenticating themselves across both online and offline platforms. By adopting this technology, companies can help to rebuild consumer faith in data protection by removing the assumption that cybercrime is inevitable.
To remain secure in today’s hyper-connected world, consumers must be educated around the value of their personal information and the importance of protection. Companies must work with consumers to stay one step ahead of fraudsters and embrace the latest technological advances to tackle data protection insecurities head-on.