Trusted digital identity: what is it and why is it important in the new digital era?

We all have a digital identity. Every time we create a user account — from social media platforms and digital subscriptions to shopping services and online banking — we need a digital identity.

In the early days of the internet, that identity was nothing more complicated than an email address (identification) and a password (authentication). But today, in a new digital era where more and more of our time (and money!) is being spent online, basic digital identities are no longer enough.

They don’t provide the security we need as individuals. They don’t provide the veracity guarantees companies need that hold your data. And they are open to malicious attacks from third parties, with potential consequences including financial theft and reputational damage.

Introducing trusted digital identities

In the new digital era, only trusted digital identities are likely to be sufficient. And as regulatory requirements tighten, trusted digital identities will be more necessary than ever. Complying with HIPAA, GDPR, PSD2 and eIDAS will require the kind of authentication steps that can only be delivered by trusted digital identities.

But what, exactly, is a trusted digital identity?

In short, trusted digital identities enable the user to prove their identity with real-world authentications. Today, if you log in to any kind of portal, from digital banking through to your social media, email and online shopping accounts, a trusted digital identity is the only way to effectively minimize the risk of falling victim to cybercrime.

A protected transaction based on a trusted digital identity is built on a framework of three complementary and compulsory factors:

· Confirming the identity of the app and device

· Confirming the identity of the user

· Securing the consent of the digital identity owner

Confirming the identity of the user is achieved with one or more real-world data points — most often from official identity documents. These can include national ID cards, debit and credit cards, and health IDs. Once these verified ID documents have been checked, a link is formed between the individual and their digital identity (these checks do not even have to be manually conducted, thanks to advances such as our mIDStart self-service registration process).

And depending on the device in question, mIDVerify can secure consent through clicks, fingerprint or face recognition.

Trusted digital identities are not achieved with OTPs

Some online systems have taken an initial step towards better authentication by using SMS or one-time password (OTP) processes. But these should not be confused with fully-fledged trusted digital identities, in part because SMS deliveries do not offer robust security guarantees.

At KOBIL, all our two-factor authentication (2FA) or multi-factor authentication (MFA) processes are built on trusted digital identities. Our PKI-based certification process helps to deliver the world’s highest security levels, non-repudiation and better user experiences.

To find out more about trusted digital identities and how they could secure your business’s future, visit www.kobil.com.

Originally published at https://www.linkedin.com.