Digital identity – the representation of individuals using online credentials such as usernames, passwords and biometrics – can be employed by both governments and businesses to streamline the provision of services to citizens and customers.
Governments are at different stages of implementing digital identity management systems. But the technology can pose risks such as identity theft, fraud and the invasion of privacy.
“A digital identity is a true, real-time representation of an individual online. In today’s digital world, where much of our interactions, transactions and civic duties are online or underscored by digital processes, a valid, authentic digital identity is critical,” said Lance Fanaroff, co-founder and chief strategy officer at iiDENTIFii.
Digital identities can be made up of several data points, including biometric data, usernames and passwords, identity numbers, driver’s licences, and dates of birth. They can also include account information (profiles and linked accounts) and device information (device IDs and internet protocol addresses), said Fanaroff.
Having a secure digital identity means citizens can access services quickly and easily, provided they can verify themselves. In most instances, verification is carried out using biometric tools such as a fingerprint reader or facial recognition technology. This removes the need for people to carry physical IDs, which are expensive to create and are vulnerable to loss or theft.
In countries where digital identities are already commonplace, a driver at a roadblock need only scan their finger on a biometric reader to confirm their particulars, including ownership of a valid driver’s licence. Similarly, applications for government jobs or other social services would not need to be accompanied by certified copies of IDs.
Applications
The most prevalent example of digital identity usage in South Africa is in the banking sector, where biometrics are used to verify that a person carrying a physical ID in a branch is really who they say they are. But digital identities can be used in other ways, too, like for proving to an establishment that a patron is at legal drinking age without giving out names and sharing ID numbers.
For these systems to work, they depend on the integrity of a central population register, or database. In South Africa, the department of home affairs is the arbiter of truth when it comes to identity, and all other systems that plug into its database rely on the accuracy of the information stored in there.
Read: Boost for tech skills as home affairs visa concession extended
Last month, home affairs minister Leon Schrieber called for a digital overhaul of the department and its systems, citing a reliance on manual inputs as a major enabler of fraud.
“When things are paper based, when they are not being tracked, and when they are not digital or online, there is just far too much space for people to exercise discretion and say, ‘If you pay me something, I will process it in the following way.’ That is why the really fundamental reform we need at home affairs is digital transformation,” said Schreiber.
The onerous security requirements on banks make their digital identity management systems particularly reliant on home affairs. The South African Banking Risk Information Centre (Sabric) said in response to a query by TechCentral that the home affairs process to develop a digital identity for citizens still has a long way to go. According to Sabric CEO Nischal Mewalall, home affairs must focus its attention on a few key focus areas:
- Improving identity management systems, including building systems for banks to verify visas and permits;
- Ensuring the stability of infrastructure for banks to access verification services without service downtime;
- Enabling seamless integration between the central identity register and banking systems to streamline the verification process;
- Ensuring that any updates or corrections to identity data (including information on deceased persons, lineage information and blocked or fraudulent IDs) is efficiently processed and communicated to banks to prevent discrepancies; and
- Increasing public awareness and understanding of digital identity security.
The security of such systems is a major concern. According to iiDENTIFii’s Fanaroff, one of the biggest risks is that a cybercriminal can pose as a person’s likeness to gain access to their money or data.
“This is known as a presentation attack and is done by ‘spoofing’ a person’s facial, voice or fingerprint characteristics.”
Read: How R109-million Postbank cyberheist was orchestrated
Another risk is a “digital injection attack”, where a cybercriminal intercepts the digital authentication process so as to transact on a person’s behalf or gain access to company funds and data. “The rapid development of AI means that these methods are not only easy to access and use but can be scaled rapidly.” — © 2024 NewsCentral Media