The critical role of digital ID management in financial services
By Ashley Diffey, Vice President Australia & New Zealand at Ping Identity
With competition in the sector continuing to rise, banks and financial services firms are becoming acutely aware of the importance of effective digital identity management.
Digital IDs have become a vital component in the online services that have proliferated during the past few years. Rather than using a physical branch, both business and personal customers are now much more likely to conduct their transactions online.
For this reason, having a reliable and secure way to confirm the identity of customers has become critical. Financial firms need to be sure that the person or business requesting the service or making the transaction is actually who they claim to be.
In the past, digital ID management was all about maintaining security of centralised IT resources and data. Now, it’s expanded to encompass everything from mobile devices and apps to cloud-based resources and a dispersed group of customers.
The way digital IDs are managed is also changing to give users more control over their own personal data. Identity credentials can be held by a trusted third party and only required details shared with financial institutions when needed.
This approach reduces the amount of personally identifiable information (PII) that has to be collected and stored by a financial firm, which is particularly important at a time when identity theft is becoming increasingly prevalent.
Cybercriminals who have successfully obtained valid credentials can undertake fraudulent transactions with only a limited chance of being caught. The impact on both customers and their financial institutions can be significant.
The rise of synthetic identities
One of the most concerning recent developments has been the rise of synthetic identities. These are created by cybercriminals through the combination of both legitimate and fake data.
For example, a cybercriminal may combine authentic details such as a tax file number or passport with a fake email address and mobile phone number. This is then used to access online financial services and undertake fraudulent transactions.
In response to these sorts of threats, financial institutions are enhancing the ways in which digital identities are checked and managed. As well as validating credentials when a customer initially logs onto a website, the ID being used is also re-checked at different points during the transaction process.
This could be when additional transactions are made, or a request is lodged for a new credit card or personal loan. Each new interaction will require the digital ID to be inspected and deemed to be valid.
As well as validating ID credentials, financial institutions are also increasingly monitoring additional signals associated with a customer requesting access to their systems. These can include things such as the geographic location of the device making the request.
If it is found that the request is coming from a different country, yet the user had logged in just an hour ago from Australia, the attempt can be blocked and flagged for investigation.
Improving the customer experience
As well as maintaining effective security, digital ID management is also an important part of improving customer experiences.
Financial institutions need to find a balance between the need for security and the need to deliver a compelling online service. If their online interface is too complex or cumbersome to use, they risk losing customers to rivals who offer a more streamlined service.
Customers also need to be confident that they have control over how the identity data they are providing is being retained and used by the organisations with which they transact. They need to be comfortable that they can dictate who is able to access the data and the reasons for doing so.
Should a customer opt to discontinue a relationship with a financial services organisation, they also need to have the ability to revoke authorisations and be confident any personal data being retained is deleted. Organisations also need to be able to provide clear proof that all identity information has been managed in this way.
Having an effective system of digital ID management in place also allows financial services organisations to extend the types of services offered to customers. As well as handling day-to-day transactions, increasing numbers are also offering the ability to do everything from opening new accounts to shifting money into other facilities such as term deposits or the share market.
The key word is flexibility. By securely managing digital IDs, financial organisations are able to offer a much richer customer experience. This is being championed by the new generation of digital-only banks and forcing incumbent players to redesign their offerings.
It’s clear that effective management of digital identities will remain a critical requirement for financial-sector firms of all types and sizes. By understanding the risks and taking the necessary steps to mitigate them, firms will be able to maintain security while also delivering a compelling customer experience.