Amid waves of cybercrime worldwide, it’s time for service providers to become the trusted protector of their customers’ digital identities.
February 27, 2018
Anyone who has created an online profile for shopping, posting memes, etc., has established a digital identity. Most of us have traces of our digital identities scattered across multiple sites and apps. This creates obvious security and privacy vulnerabilities, but it also impacts customer experience as people often forget the ID and password combinations required to access their services.
Given the number of people who experience these problems and how fundamental confirming a user’s identity is to any digital experience, it’s no surprise that the personal digital identity market may exceed $10 billion in just a few years.
Service providers want to play a central role in this market. One argument is that a mobile phone number is an ideal unique identifier to help validate a customer’s digital identity. Take Google and Apple as an example—these two digital giants rely on mobile phone numbers for multifactor authentication. But this may be a short-sighted point of view. After all, a phone number isn’t personal and it isn’t something a person owns. That said, service providers may be able to play a major role in the digital identity market as trusted brokers. To win this opportunity, however, service providers may need to come up with good answers to some critical questions.
1. Who Owns a Person’s Digital Identity in a Business Setting?
The question of identity ownership is debated regularly in the digital world. Facebook claims to own your family photos, and mobile operators own your phone number. But on the other hand, technologies like blockchain are emerging to prevent anyone or anything from owning another person’s identity.
Service providers see a big opportunity in B2B markets around managing digital identities. But they may not be able to own an employee’s identity for the same reasons LinkedIn can provide part of a person’s work identity, but they cannot own that information. If service providers continue to see the B2B digital identity opportunity as a separate market, it’s unlikely that they will solve the scattered identity problems that already plague the digital world.
2. Should We Expect to Continue Having Separate Personal and Business Identities in the Digital World?
Many consumers who work for corporations already have separate personal and business identities. For example, some people carry two smartphones: one that they own for personal use, and another for business that’s owned by their employer. This isn’t good for users or corporations because it requires the individual to be disciplined enough to keep the two worlds separate. But they aren’t separate and that creates security issues and legal liabilities that cross the imaginary boundaries. To win in digital identity, service providers cannot allow their legacy organizational structures to separate by business and consumer. While there may be different permissions or access rights between personal and business profiles, digital identity hinges on using more than one factor to confirm a user’s identity. Oftentimes, that user is both an operator’s personal and business customer, but rarely does the operator know or acknowledge this multivariable relationship.
3. Can Social Platforms Provide a Universal Source for Digital Identity?
Social platforms are already ahead of the curve when it comes to providing APIs for digital identity; think about using Facebook credentials to log in to some other related or unrelated app. But social platforms have not proven to be very secure. What’s more, in many countries with large populations, like China and Russia, government regulation forbids access to certain social platforms. As a result, social platforms play a big role in digital identity, but they may be part of the problem, not the solution.
If service providers can provide a safe and useful alternative to social as a source of digital identity authentication, that may be their key to victory as trusted data protectors for their customers.