A digital identity is information used by computer systems to represent an external agent – a person, organization, application, or device. Digital identities allow access to services provided with computers to be automated and make it possible for computers to mediate relationships.
The use of digital identities is so widespread that many discussions refer to the entire collection of information generated by a person’s online activity as a “digital identity”. This includes usernames, passwords, search history, birthdate, social security number, and purchase history, especially where that information is publicly available and not anonymized and so can be used by others to discover that person’s civil identity. In this broader sense, a digital identity is a facet of a person’s social identity and is also referred to as online identity.
An individual’s digital identity is often linked to their civil or national identity and many countries have instituted national digital identity systems that provide digital identities to their citizenry.
The legal and social effects of digital identity are complex and challenging.
Personal Identifiable Information (PII)
Personal Identifiable Information (PII) is defined as: Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.
The Digital Identity Crisis
To survive in our digitally transformed world, we’ve all gotten used to typing in personal details without a second thought and letting them drift wherever the internet winds may take them. Our names, addresses, emails, and other unique identifiers unlock everything from online banking to one-tap food delivery. But this same accessibility creates innumerable vulnerabilities for identity theft and even grand scale fraud attacks.
This contradiction—that our digital identities are both key to survival and constantly under attack—has created a fracture known as the Digital Identity Crisis. It’s a problem for everyone living in the digital age, but it’s up to businesses to solve it. And the stakes have never been higher.
The Ongoing Impact of the Digital Identity Crisis
The Digital Identity Crisis is causing chaos in how money and identities move across the web. It’s why many major hotels, car rental companies, and other large merchants have stopped accepting digital credit cards. It’s how 4.5 million fraudulent customer accounts were created at PayPal—causing a 25% stock slump. It’s why Robinhood created a list of digital banks from which it bans transfers: literally turns away money. And it’s the reason why so many underbanked, genuine customers get rejected during the digital onboarding processes, simply because they have a thin file of credit or a small digital identity footprint.
Companies have resigned themselves to these pull-up-the-drawbridge efforts as their best attempts to stop the citizen fraudsters, bot attacks, and sophisticated fraud rings that target and trade in valuable PII. The very fact that businesses would take such drastic measures shows how seriously they take the Digital Identity Crisis. Chime, for example, is a digital bank that has booming growth in both users and valuation; but major industries refuse to do business with them due to fraud worries, and in effect are locking themselves out of a robust revenue stream. And it’s not just the monetary impact of fraud that causes nightmares: brands’ reputations, consumer confidence, and regulator penalties are also at stake. How can businesses protect their reputations and revenue, without locking the door on genuine customers?
The Costly “Solutions” to Fraud
Fraud attacks can clobber a business in multiple ways. But while focused on preventing costly fraud loss, they’re often suffering from the even higher cost of false positives. Despite my career spent working with fraud teams, helping hundreds of companies fight fraud and reduce losses caused by cybercriminals, data breaches, and poor verification strategies, I am still constantly surprised by just how much money is lost each year due to fraud prevention systems declining genuine customers who are flagged as suspicious (aka, false positives). According to the Aite Group report, The E-Commerce Conundrum: Balancing False Declines and Fraud Prevention, between 2017-2019 more than 62% of merchants reported their false positive rates had increased. This same report predicted that those losses would grow to $443 billion within two years. This number is staggering, and typically far outweighs losses from fraudulent purchases.
Part of the difficulty in determining genuine customers lies in the fact that most fraud prevention technologies rely on static, historical data that is easily compromised. Many of today’s identity verification tools look backward: at where applicants live, what their credit score is, and other personal identifiable information (PII) connections. Meanwhile, PII is what fraudsters are harvesting and inputting at scale. So cybercriminals are increasingly able to use genuine PII data for fraudulent activities. They submit that PII, it gets through the fraud checks, and costs money. Meanwhile, genuine customers who just don’t have as lengthy PII trails—maybe they’ve moved a lot, or haven’t established long credit histories—get denied.
So, what do you do when the cure costs you more than the disease?
Digital Identity Verification Beyond Traditional Data
This is where new, highly accurate methods of pre-submit data analysis are driving real change across the fraud prevention industry. Pre-submit data is the information derived before PII is even submitted, pulled solely from the digital interactions of an online applicant as they fill out a form. When a prospective customer taps, types, or swipes information into an online form or application, these behaviors create pre-submit or behavioral data.
Behavioral data provides indicators of the intentions and experience that the user leaves behind with every interaction. It can provide deep insights into what users’ true intentions are (legitimate or nefarious), if they are who they say they are, and even the experience they have during their customer journey (confusion, frustration, confidence, etc).
This data has always been generated by digital applicants. For most organizations, this data is inherently captured–but not put to good use. Pre-submit behavioral analytics technology is often the critical missing piece in a business’ fraud detection and prevention system. Bringing with it the potential to save billions of dollars annually lost to fraud, false positives, and customer friction, many regard it as the true solution to solving the Digital Identity Crisis and overcoming the hazards of unreliable PII. Some behavioral analytics technology can even look at crowd-level behavior and find bot attacks before they do damage.
The Digital Identity Crisis is a real threat, but not insurmountable. Cybercriminals flourish when businesses stay in scramble mode, relying solely on static and likely compromised pools of PII data. Pre-submit and behavioral analytics are real-time checks that help businesses keep their eyes on the horizon for new opportunities, instead of always looking backwards at applicants’ history. Those who take advantage of this cutting-edge technology will also stay leaps and bounds ahead of the Digital Identity Crisis, and all the pain that comes with it.