Debunking Identity Myths: 5 Common Misconceptions About Digital ID, Biometrics, and Privacy
Over the last decade, our lives have become increasingly digital-centric. A survey by the American Bankers Association found that 71% of respondents prefer to manage their bank accounts through a mobile app or computer. E-commerce sales, which surged during the pandemic, are expected to increase by another nearly 9% this year. And hybrid and remote work levels remain higher than in the past, increasing the use of company systems and accounts from outside the physical office.
With this proliferation of digital accounts, the number of times a person must authenticate their identity has also increased. Juniper Research predicts that there will be over 70 billion digital identity verification checks this year, a 16% increase over last year.
Simply using online services means a person has a digital identity. Many governments around the world are also creating official digital identities for their citizens with the vision that, in addition to streamlining access to their commercial and employment accounts, these identities will simplify and expand access to government benefits and services.
While many accounts still use passwords for access, others require the use of biometric factors, such as a fingerprint or facial scan. The 2023 Online Authentication Barometer from the FIDO Alliance reported that “biometrics is both the preferred method for consumer log-in and what they believe is most secure.” The PYMNTS.com and AWS study, “Tracking the Digital Payments Takeover: Biometric Authentication in the Age of Mobile,” found that 51% of online buyers used biometrics instead of passwords.
We also live in an age where many of the companies we do business with collect PII (personally identifiable information) from us. In 2023, 79% of global companies collected personal data on individuals living in North America, Western Europe, and other regions. Businesses also lose our information and credentials to criminals through data breaches. In the first quarter of 2024 alone, the Identity Theft Resource Center recorded 841 publicly reported data breaches, nearly double the number from only one year ago.
And it’s not just businesses. Governments, from Canada and El Salvador to the UK, Switzerland, India, and Kuwait, are among those that have been targeted in the past year. This has created an era where consumers may be inclined to distrust businesses and government. So, despite their increased security and convenience, misconceptions around digital identity and biometrics abound. Daon is here to help debunk them.
Myth #1: Digital identity means I’ll lose my privacy
Digital identity and biometric data are considered personal data and protected by data privacy laws. According to the United Nations Conference on Trade and Development (UNCTAD) Global Cyberlaw Tracker, 71% of its 194 member states have implemented data protection and privacy laws and another 9% have draft legislation. These laws include rules that require transparency as to how biometric data is to be used, for how long, and to ensure that the customer explicitly consent to the use.
The European Union Digital Identity framework includes features that give users full control to choose which aspects of their identity and data they share with third parties and to keep track of their sharing.
This is unlike physical identity, where, for example, everyone who checks your age on your driver’s license or government ID also has access to your address and other information they don’t need for the transaction at hand.
Another privacy benefit of digital identity is that it can’t be lost. With physical identity, documents can be easily misplaced and used to commit identity crimes. But if a digital identity is secure using strong biometrics, it can’t be used by anyone who is not you.
With a digital identity protected by robust biometric authentication, you can gain greater control over the privacy of your information.
Myth #2: Biometrics can be easily faked
Biometric authentication factors are inherently safer than passwords or other knowledge-based authentication (KBA) factors, which can be hacked, forgotten, or guessed. But with the increased (and increasingly sophisticated) use of generative AI tools, the perception that biometrics can be easily faked has risen, too.
We’ve read the stories about people being scammed by deepfake voices purporting to be a loved one in trouble or a manager asking for data/money to be transferred. We’ve seen the digitally manipulated videos of Taylor Swift giving away Le Creuset cookware and Tom Hanks recommending a dental plan. It’s no wonder that people are concerned.
But the thing to remember is that today’s best solutions from digital identity verification companies use the power of AI and machine learning to protect against criminals and to accurately authenticate legitimate users.
For example, liveness detection technology ensures that a facial scan or fingerprint is from a live human being and not from a still image, video, or other presentation attack. Anti-spoofing technology detects synthetic speech and voice replays.
AI advancements enable more sophisticated attacks by criminals — but AI tools (good AI) also provide strong defenses against these attacks.
Myth #3: My biometric data will be stored in a giant database
It’s a common question: Are biometrics safe? When you open an account or onboard for a service that requires biometric authentication, a template is created of your facial scan, fingerprint, or voice. Then the template is, in fact, stored in either a database or on-device, under FIDO standards. The latter places the customer’s biometric under their full control.
But a biometric template is different than a biometric (and vastly different from a password). If a hacker steals a password, they have exactly what they need to pose as you or another legitimate user. They can access work or personal accounts, steal money or data, and commit other types of fraud. If the password has been reused across multiple accounts, it opens the door to even more damage and potential use in credential stuffing attacks.
Even if the account is secured with two-factor identification, this is most often a four- or six-digit code sent via email or text that can be hacked or stolen (like with SIM-swapping schemes).
A biometric template, on the other hand, contains only the data points necessary to identity you when it is paired with the live element — your finger, face, or voice. Device-side storage offers the most secure form of authentication, as the user is in full control of their stored biometric credentials.
So, while biometric templates are stored in a database or on a user’s own device, they offer more security for customers, employees, and companies than traditional authentication methods.
Myth #4: Digital identity is only for big tech companies
Practically every business today needs to have an online presence for their customers, no matter their organization’s size. Many companies (of all sizes) also have remote employees. Relying on passwords for account access leaves them all vulnerable.
A 2023 study by Accenture found that 43% of cyberattacks were targeted at small business. The average cost of a cyberattack for a small and medium sized business is $25,000. The 2024 Verizon Data Breach Investigations report revealed that 54% of small and medium business data breaches involved compromised credentials and that the motive for 98% of the attacks was financial.
The financial damage goes beyond what’s stolen or paid in ransom, though. When word of the breach gets out, affected customers can leave and potential customers will stay away.
Using biometrics as a primary authentication method or in conjunction with existing authentication in a multi-factor scheme enables a business of any size to improve the protection of customer, employee, and business data. It can also enhance a business’s reputation by maximizing security and minimizing customer or employee friction during login.
Quite simply, no business today can afford to avoid digital authentication.
Myth #5: If I don’t use digital identity, I’m safe from online fraud
If you do almost anything online – shopping, banking, playing games, booking flights or hotel rooms, making dinner reservations – you have a digital identity and are potentially exposed to online fraud. But the answer isn’t to live life completely offline and miss out on the advantages and convenience that digital access and services offer.
The security and transparency of your data and how it is handled is what provides fraud protection. With typical digital identity schemes, your data is centralized but, as we’ve discussed above, you also have more control over how it’s used. If it’s secured with a biometric factor instead of a password, your digital ID has additional protection against online fraud.
With digital security, as with most things, the truth is that there is no way to be 100% safe 100% of the time. But digital identity safeguarded with biometrics is, by design, going to reduce the exposure of your personal data and to decrease the likelihood of identity theft and online fraud.
Learn more about digital identity and Daon’s biometric authentication solutions.