Why Effective Digital ID Management is Vital in Financial Services
Posted: Friday, Jan 19

i 3 Table of Contents

Why Effective Digital ID Management is Vital in Financial Services

In an increasingly digital world where online financial exchanges are commonplace, identity (ID) data has become critical. This is because organisations need to be confident that the people they interact with are real humans, and the correct humans they claim.

Achieving this, however, requires a skillful balancing act. If an organisation gathers too much ID data, it risks making itself a target for cyberattacks. On the other hand, if too little is gathered, the organisation may become exposed to fraud and synthetic identities.

Faced with this dilemma, increasing numbers of financial firms are exploring the emerging field of decentralised identities. This approach gives users control over their own data and allows them to share only what a third party actually requires – no more, and no less.

A key driving force behind this shift in the way IDs are managed is the way in which the technology landscape has evolved. Rather than interacting with applications and systems sitting behind firewalls in secure data centres, people are just as likely to be using apps on mobile devices or services running on a cloud platform.

This has made it increasingly challenging to securely manage ID details and has led to a number of high-profile attacks where large volumes of personal data have been stolen. Shifting to a decentralised ID system will significantly reduce these risks.

The Challenge In Financial Services

Securely managing digital IDs is critical when it comes to financial services. Every year the volume of transactions conducted digitally increases while usage of cash declines. Advances in technologies such as smartphone digital wallets are only increasing the pace of change.

For this reason, the topic of identity access management has become widely discussed. Banks and other financial institutions need to be sure that they hold sufficient ID data to establish customer identities but also that the data is used and stored in ways that meet the requirements of strict regulatory requirements.

This comes at a time when traditional, established banks are facing increasing competition from nimble, digital-only rivals. This means the traditional banks need to meet these digital ID requirements without sacrificing the online customer experience.

The Dilemma of Synthetic IDs

One of the emerging challenges facing all financial firms is the rapid evolution of so-called ‘synthetic IDs’. These IDs are created by cybercriminals who mix together some legitimate components of an actual ID with fraudulent ones. The result is an ID that may appear authentic but has the potential to allow criminals to gain access to customer accounts and services.

To overcome the challenge posed by synthetic IDs, financial institutions need to adopt a three-step process when it comes to authenticating customers and allowing them to have access to particular resources.

  • The first step is to have a robust authentication capability to vet customers when they first visit a website or use an app. This authentication should not be undertaken just once, but should recur as a customer moves from resource to resource.
  • A second step is to have in place tools that ensure customers are actually authorised to access the resources they are trying to access. For example, if a customer who does not have a mortgage with a bank attempts to access a mortgage account, this could be a sign of unauthorised activity.
  • The third step is to ensure that, once they terminate their relationship with a financial institution, customers have the right to be forgotten. This requires their ID data to be deleted which removes any chance of it being stolen.

Begin With Identity In Mind

As financial institutions work to build and launch new service offerings for their customers, it’s important that any project begins by facing the challenge of digital identity. Where traditionally it may have been a component that was bolted on to a completed application, now it must be in place from the outset. Institutions that take digital ID seriously and put it at the forefront of application planning and deployment will be best placed to secure an increasing share of a rapidly growing market.

Ashley Diffey
Ashley Diffey is Vice President Australia and New Zealand for Ping Identity, a leading provider of seamless and secure digital experiences. Based in Melbourne, he is responsible for accelerating sales and bolstering customer support and services to continue driving the increasing demand for Ping Identity’s solutions in the region. Ashley originally joined Ping in late 2018 and has more than 20 years of sales and channel leadership experience. He previously worked at Venn Solutions as General Manager for Victoria. While there, he established the company’s Victorian branch based in Melbourne and expanded its portfolio of customers. He also worked at F5 Networks, where he managed the company’s partner relationship with Telstra and oversaw the organisation’s southern regional channel. Prior, he was Director for Channel Sales Australia and New Zealand at Commvault.
Share This