Identity verification. This is a more important issue for businesses today than ever before. In addition to the growing number of new companies joining the digital landscape, businesses that once used traditional means of verification are now undergoing massive digital transformation and bringing their services online. Not only do all of these businesses need to develop methods that allow users to access their services securely, but they also need to monitor their exposure to risk as their user base continues to grow.
The market for digital identity verification is growing day by day. In a recent analysis carried out by McKinsey, the market was estimated to be worth approximately $10 billion in 2017 and expected to reach between $16 and $20 billion by 2022.
This trend for an increasing need for strong identity verification has led to a proliferation in the collection of sensitive identifying data, including passports, drivers licenses, social security numbers, etc. From FinTech and P2P markets to Cannabis and E-Cigarettes, the industries driving this trend are facing intense pressure to ensure that this information is stored securely and in line with their compliance obligations.
The Identity Trade-Off
Our all-digital world brings convenience and agility, but it also brings a raft of threats including identify impersonation, money laundering, and service misuse. In a bid to avoid these risks without compromising the quality of service, businesses have had to find ways to keep fraudulent users at bay while also offering quick and convenient access to legitimate users. It’s a trade-off that a huge number of businesses are struggling with.
Users are worried too. They are worried that the identity information they share in exchange for accessing services is poorly stored, easily compromised, and in some cases abused. They have a reason to be concerned — the current state of play is often flawed and fragmented.
Something has to give. More online platforms mean more user data to manage. Poor management and lapses in protection are the reason why we hear about mass-scale data breaches every other day. According to Juniper Research, the global cost of data breaches will rise to $2.1 trillion by 2019.
The True Cost of Identification Verification
Security isn’t the only concern for organizations that gather and store sensitive user data. Thanks to the introduction of compliance legislation such as the EU’s GDPR and California’s REAL ID Act, data breaches and non-compliance hold an even higher economic expense, as shown by the recent $57M GDPR fine brought against Google.
Firms must take responsibility for the identity data they gather and how they use it. That is a given. However, they face a huge problem. On one hand, the growing number of online services means companies need to collect more information to verify identities and keep their platforms and users secure. On the other hand, regulators and society are turning up the pressure on the same companies to collect less sensitive consumer data. It’s a real Catch 22.
Identifying the Risks
Many of the most recent data breaches have been caused by vulnerabilities in integrated third-party systems used to store and transmit passwords and validated processes. These vulnerabilities highlight the need to review the ways in which users are authenticated and reduce the risks involved in the process. Such risks include:
- The growing number of web applications and how users engage with organizations online
- Issues with security web applications, such as password sniffing, cross-site scripting and exposing consumer financial and personal data to theft and loss.
- Insecure wireless networks that expose user data to interleaving, password sniffing replay, reflection, “man in the middle” attacks and forced delay.
- Insecure 3G networks that are susceptible to attacks.
- Vulnerabilities caused by the transmission of password hashes — this allows hackers to masquerade as genuine users.
Maximum Security, Zero-Knowledge
So, how do organizations allow a user to gain access to the services they need without exposing hypersensitive information or breaching compliance obligations? How can they do this while still being sure of the identity of the user accessing their platform?
These two opposing pressures are what Passbase is built to solve. Passbase’s enterprise product eliminates the need for businesses to collect the most sensitive identity data while still allowing them to be sure about the identity of the user on their platform. Identity verification is where digital payments were 20 years ago. Passbase is doing for identity information what PayPal did for credit card numbers, helping users to access the services they use every day securely without exposing their most personal details.
Knowledge, as the saying goes, is power and when that knowledge is user credentials, that power can have devastating effects when in the wrong hands. In many applications using traditional authentication processes, passwords are sent as clear text. This provides hackers with plenty of opportunities to intercept valuable and sensitive data. Zero-knowledge authentication, on the other hand, allows users to prove that they know the password without ever revealing the password to the authenticating server.
While this concept of zero-knowledge authentication isn’t applicable for industries regulated under AML today, Passbase has the ambitious goal of building a privacy-focused identity solution that one day even banks can leverage.
We at Passbase (Passbase.com) work tirelessly to improve privacy and security online by creating a better way to do identity verification. We’re building the future of identity using a unique combination of public-key cryptography, biometric authentication, and machine intelligence.
Like always, let us know your thoughts and your feedback or reach out directly to us via firstname.lastname@example.org
- Why Google Was Hit With a 57M GDPR Fine and What It Means For the Future of Data Privacy! LINK
Why Google Was Hit With a 57M GDPR Fine and What It Means For the Future of Data Privacy
On January 21st, Google was fined $57M for breaching Europe’s stringent new data privacy regulations, GDPR. In a…
2. Why Google, Amazon, and Facebook Won’t Win the War for Digital Identity.