A Blueprint for Digital Identity
The digital economy requires new approaches to user identification, and financial services firms are positioned to lead the way.

User identification is a vexing problem for financial services firms. It’s at the center of many processes, including payments and loans, and both detail and accuracy are critical. But establishing identity today means either collecting physical proof—by scanning a driver’s license, for instance—or relying on the “know your customer” approach. Neither fulfills the requirements of a digital future.

Meanwhile, the need for a digital solution to identification is becoming urgent. Online transactions are growing in volume and complexity. Customers across industries increasingly expect seamless, omnichannel service delivery. Regulators are demanding greater transparency in transactions. And hackers can exploit weak identity systems more readily than ever, wreaking financial and reputational havoc in the blink of an eye.

It’s a problem that’s relevant in many areas today, but according to recent research from Deloitte Consulting LLP and the World Economic Forum, financial institutions are particularly well positioned to take the lead on developing a solution. They already perform many digital identity functions in the normal course of business. Their operations span multiple jurisdictions. They’re the intermediary of record in many transactions. They’re both strictly regulated and mature. Finally, they also stand to benefit from improved efficiency, increased revenues from new products and services, and even transformation into new business areas. Potential applications include tailored risk profiles, international resettlement, digital tax filing, improved risk assessments, and much more.

Done right, a digital identity network would benefit everyone involved. Collecting and sharing supporting documentation would be easier, for example. With cutting-edge authentication and security protocols, a digital identity system would make it harder to damage, lose, steal, or tamper with identification records. Digital identities would also offer customer-serving institutions a better way to know and serve their customers.

Guiding Principles

“Identity”—whether of an individual, legal entity, or asset—comprises many different pieces of information, also called attributes. The more attributes there are, the stronger the identity. For example, a Social Security number is unique to an individual, but it reveals almost nothing by itself. The person’s name and date of birth provide a bit more information. A personal photo, mobile number, residential address, school records, and work history paint a much more complete picture.

In the digital world, identity is a set of standardized digital records that represent a user. Identity providers verify and store these records, and supply them to the parties with which users transact, effectively completing transactions on behalf of the users.

A strong digital identity system will conform to five core principles:

Serve the social good. It will provide identity to all users, serve user interests, and be open to all who wish to participate.

Protect users. Current identity systems put users at risk by leaving their information vulnerable to privacy infringement, data leakage, and overexposure. A digital identity system will ensure that involved parties see only the data they need and use it only for the purposes they disclose.

Provide user control. More than one identity system has failed because users didn’t trust it. Giving users control of their data will help ensure that doesn’t happen.

Take a long-term view. Stakeholders should know their investment will pay off, so it’s important to design and build the identity system for sustainability.

Embrace openness. Finally, a good identity system will be built on open technology and data standards and designed to integrate new parties and serve changing user needs.

A Multilayered Solution

An effective digital identity system requires a multilayered solution based on standards that govern system operation. (These still need to be developed.) The top level is service delivery, which must be efficient, effective, and seamless. The layers in between include authorization, attribute exchange, authentication, and attribute collection. Each layer presents its own set of challenges (Figure 1).

Figure 1: Challenges at Every Level

Many efforts today address only one layer. For instance, authentication technology solutions tend to rely on attributes that have already been collected. These solutions provide a better experience for users and ensure the same person is transacting each time, but they don’t help confirm that person’s identity.

Technology companies, professional organizations, and governments are carving out territory with individual solutions, but these efforts have not coalesced into an integrated digital identity system that’s secure, convenient, effective, and trustworthy.

The Road Ahead

Some promising technologies are bringing us closer to a digital identity system. Advancements in data storage, for example, offer greater privacy, security, and user control. New data transfer protocols tighten protection against interception and decryption while again putting more control in users’ hands. New authentication techniques are in development as well. These link users to their digital activities in more reliable and persistent ways.

That said, there may never be a single, global solution for identity. Different types of users have different identity needs. Individuals must be able to complete transactions safely and conveniently. Legal entities require a comprehensive way to aggregate data for managing risk. Assets need a tracking system that provides transparency around ownership and value.

Privacy needs also vary. It’s essential for individuals, while legal entities and assets can do without—in fact, privacy might even interfere with their larger purposes. Individuals act on their own behalf; legal entities and assets have custodians who act for them. Identity is also cultural. The people of some nations accept a national ID card; others don’t. And some governments may not be stable enough to carry out digital identity.

Ultimately, different groups will build their own identity networks, and that’s probably as it should be. We encourage firms to consider a bottom-up approach to digital identity. First, articulate the problem to be addressed. Test and refine the system with a critical mass of parties, then gradually scale it to include more. It’s equally important to build connectors among the separate identity networks developed. Those connections are the rails of interoperability that will allow a global blueprint for digital identity to emerge.

Source: deloitte.com, January 17, 2017

Why we must work together to gain safety and trust in the digital identity age 

As consumers across the globe become increasingly aware of their digital identity and personal data rights and further regulations take hold, it’s unsurprising that Google has announced it will not be replacing third-party cookies with identifiers and email addresses.

Advertisers now need to look for new ways to engage valuable customers on a one-to-one basis. Digital targeting and measurement strategies that the industry has grown up around will need to be rebuilt for a privacy-first world.

This is both a challenge and an opportunity for the industry – to champion privacy while finding new and innovative ways to provide marketers and consumers with relevant, targeted ad experiences. The industry needs to determine the best path forward and partner to develop strategic identity solutions, enabling publishers to maximize the value of their first-party data, help advertisers meet their business goals, and build consumer trust in digital advertising.

A new vision for a new digital identity ecosystem

Collaboration between partners within the digital identity and advertising ecosystem is now more important than ever. Suppose advertisers want to increase the effectiveness of their campaigns across the whole of the Internet. In that case, they need to be working with partners who can join up these conversations without operating a walled garden. Greater collaboration is also vital for local premium publishers to continue developing creative, engaging content for consumers, which is the foundation of their ongoing success.  

The central principle of navigating this changing landscape is for the digital advertising industry to understand where it goes with respect to identity, and it needs to do that with consistency. This means how it will handle identity in the face of the death of third-party cookies, the rise in regulation, and the evolving ways that it is buying and selling advertising today.

Increasing regulation around data privacy – such as the GDPR in Europe – has been one of the biggest drivers for change in our industry. So, advertisers will want to work with companies adhering to data regulations and encouraging transparency within the supply chain. On top of that, many brands will need to feel a sense of ‘safety through familiarity.’ When discussing compliance, it helps to work with a partner with similar challenges, protocols, and internal processes. For example, a bank or a telecommunication company is going to want partners that can demonstrate their security frameworks meets the country’s data privacy standards, as well as your company’s individual privacy standards.  

With cookies, these have been relied on for a very long time, yet we’ve seen over the past year or two that we can generate brilliant performance leveraging solutions that do not rely on this. However, as things stand, there isn’t one silver bullet to identity or one single solution, and it won’t be solved for some time. What needs to be done now is to take a very deliberate multi-pronged approach to solve identity. While first-party data goes some way to achieving this, brands can get market-leading performance and competitive advantage even by just using strong and innovative contextual solutions. It’s important for brands not to stand still at this point; testing innovative new solutions will mean you’re well equipped to deal with what comes next. 

Adopting new models to meet changing needs

For publishers, this means that they need to look at how they can use their proprietary assets to evolve their business models and package and sell their inventory in a way that best meets the needs of the buyer in our rapidly changing digital advertising landscape.

Developing different ways to generate and acquire authenticated first-party data will be one key area of focus for publishers. Many are already doing that as they look to build out subscriber bases. This means that if a person uses their email address every time they visit a site, the publisher can use it as a persistent identifier. From here, they can start to build a profile of that user and what their interests are. By better understanding individual users, publishers’ inventory becomes more valuable to advertising partners, as they can effectively target specific audience profiles. 

Alternative ways that publishers can use their assets, such as building up contextual solutions. The ability to build contextual profiles has advanced greatly since the early days of simply placing adverts for mortgages in financial publications. Today there is much more accurate contextual information about specific articles, so publishers should be looking at utilizing this. Today you can even use contextual solutions to match the sentiment of a piece; for example, if you’re a brand selling retro cameras, you can target context that generates the feeling of nostalgia. 

In the future, publishers will need to consider device-based advertising. If we consider the devices that will support advertising or do already support advertising, very little of that is cookie-based anyway. A raft of different devices will come into play here, such as smart speakers, CTV, and even wearable tech. None of this will be dependent on a cookie, so there needs to be continued investment in exploring these areas and the new audiences they offer. 

With the right data protection, privacy controls in place, and the right partners on board, it remains possible to provide consumers with critical choices and insight into the value exchange of advertising and content. By these means, we can also ensure that we enable publishers and marketers to achieve the required outcomes. At this point in time, the worst thing you can do is stand still and wait for something to happen around you. Your audience is still there online, so it’s important that you take all the steps necessary to continue connecting with them.

Author: Karan Singh

Source: Dataconomy