5 Myths About Digital ID, Biometrics, and Privacy
Simply using online services means a person has a digital identity. And over the last decade, our lives have become increasingly digital-centric
Juniper Research predicts that there will be over 70 billion digital identity verification checks this year, a 16% increase over last year.
While many service providers still use passwords for access, others require the use of biometric factors, such as a fingerprint or facial scan. The 2023 Online Authentication Barometer from the FIDO Alliance reported that “biometrics is both the preferred method for consumer log-in and what they believe is most secure.”
We also live in an age where many of the companies we do business with collect PII (personally identifiable information) from us. In 2023, 79% of global companies collected personal data on individuals living in North America, Western Europe, and other regions. Businesses also lose our information and credentials to criminals through data breaches.? In the first quarter of 2024 alone, the Identity Theft Resource Center recorded 841 publicly reported data breaches, nearly double the number from only one year ago.
And it’s not just businesses. Governments, from Canada and El Salvador to the UK, Switzerland, India, and Kuwait, are among those that have been targeted in the past year. This has created an era where consumers may be inclined to distrust businesses and government.
So, despite their increased security and convenience, misconceptions around digital identity and biometrics abound. Daon is here to help debunk them.
Myth #1: Digital identity means I'll lose my privacy
Digital identity and biometric data are considered personal data and protected by data privacy laws. These laws include rules that require transparency as to how biometric data is to be used, for how long, and to ensure that the customer explicitly consents to the use.
The European Union Digital Identity framework includes features that give users full control to choose which aspects of their identity and data they share with third parties and to keep track of their sharing.
Another privacy benefit of digital identity is that it can’t be lost. With physical identity, documents can be easily misplaced and used to commit identity crimes. But if a digital identity is secure using strong biometrics, it can’t be used by anyone who is not you.
With a digital identity protected by robust biometric authentication, you can gain greater control over the privacy of your information.
Myth #2: Biometrics can be easily faked
Biometric authentication factors are inherently safer than passwords or other knowledge-based authentication (KBA) factors, which can be hacked, forgotten, or guessed. But with the increased (and increasingly sophisticated) use of generative AI tools, the perception that biometrics can be easily faked has risen, too.
We’ve read the stories about people being scammed by deepfake voices purporting to be a loved one in trouble or a manager asking for data/money to be transferred. But the thing to remember is that today’s best solutions from digital identity verification companies use the power of AI and machine learning to protect against criminals and to accurately authenticate legitimate users.
For example, liveness detection technology ensures that a facial scan or fingerprint is from a live human being and not from a still image, video, or other presentation attack. Anti-spoofing technology detects synthetic speech and voice replays.
AI advancements enable more sophisticated attacks by criminals — but AI tools (good AI) also provide strong defenses against these attacks.
领英推荐
Myth #3: My biometric data will be stored in a giant database
It’s a common question: Are biometrics safe? When you open an account or onboard for a service that requires biometric authentication, a template is created of your facial scan, fingerprint, or voice. Then the template is, in fact, stored in either a database or on-device, under FIDO standards. The latter places the customer’s biometric under their full control.
But a biometric template is different than a biometric (and vastly different from a password). If a hacker steals a password, they have exactly what they need to pose as you or another legitimate user. They can access work or personal accounts, steal money or data, and commit other types of fraud. If the password has been reused across multiple accounts, it opens the door to even more damage and potential use in credential stuffing attacks.
Even if the account is secured with two-factor identification, this is most often a four- or six-digit code sent via email or text that can be hacked or stolen (like with SIM-swapping schemes).
A biometric template, on the other hand, contains only the data points necessary to identity you when it is paired with the live element — your finger, face, or voice. Device-side storage offers the most secure form of authentication, as the user is in full control of their stored biometric credentials.
So, while biometric templates are stored in a database or on a user’s own device, they offer more security for customers, employees, and companies than traditional authentication methods.
Myth #4: Digital identity is only for big tech companies
Practically every business today needs to have an online presence for their customers, no matter their organization’s size. Many companies (of all sizes) also have remote employees. Relying on passwords for account access leaves them all vulnerable.
A 2023 study by Accenture found that 43% of cyberattacks were targeted at small business. The average cost of a cyberattack for a small and medium sized business is $25,000. The 2024 Verizon Data Breach Investigations report revealed that 54% of small and medium business data breaches involved compromised credentials and that the motive for 98% of the attacks was financial.
The financial damage goes beyond what’s stolen or paid in ransom, though. When word of the breach gets out, affected customers can leave and potential customers will stay away.
Quite simply, no business today can afford to avoid biometric authentication.
Myth #5: If I don't use digital identity, I'm safe from online fraud
If you do almost anything online – shopping, banking, playing games, booking flights or hotel rooms, making dinner reservations – you have a digital identity and are potentially exposed to online fraud. But the answer isn’t to live life completely offline and miss out on the advantages and convenience that digital access and services offer…
Read our full article?to finish Myth #5 and learn more about discerning digital identity truth from fiction!
?
Conor White is part of the core team that founded Daon. He joined the company as Chief Technology Officer in 2001 with the goal of designing and delivering trusted experiences that put human beings back at the center of digital transactions. In 2015, Conor accepted the role of President of the Americas, where he led all Daon activities across North, South, and Latin America. Then, in 2023, he accepted the role of President, Strategic Initiatives, where he leads efforts to find Daon’s “next big thing.” Conor holds a B.Sc. in Computer Applications and an M.Sc. in Computer Science from Cork Institute of Technology. He is also a graduate of the Executive Leadership Program at Stanford University Graduate School of Business. In his spare time, Conor enjoys traveling, playing bad golf and spending time with his wife and sons.