The Dangers of One-Size-Fits-All Digital Identity Solutions
According to Worldometers, there are over eight billion people in the world, and this number is continually increasing. The World Population Review reports that two billion are children. This means six billion of the population are adults, living their lives and engaging with a variety of businesses and organizations. Each of these people is a unique combination of age, ability, and education, with a myriad of concerns, preferences, and expectations.
There are also approximately 333 million companies worldwide. Among the audiences they serve are other businesses, consumers, patients, investors, account holders, and other types of clients. Depending on where they are located and who they serve, these companies are also subject to a variety of laws and regulations.
Businesses and their customers and employees are under increasing attacks from cybercriminals who hack their way into personal and business data, commit identity fraud, and steal money and intellectual property. The World Economic Forum writes: “AI and the increase in mobile connected devices provide further areas of vulnerability for cybercriminals to exploit.” An International Monetary Fund blog post about its April 2024 Global Financial Stability Report says, “…the risk of extreme losses from cyber incidents is increasing. Such losses could potentially cause funding problems for companies and even jeopardize their solvency.” According to Statista, the global cost of cybercrime is expected to rise from $9.22 trillion in 2024 to $13.82 trillion by 2028.
To guard against hackers, identity thieves, and other cybercriminals, businesses have turned to digital identity verification solutions. These products enable customers and employees to confirm their identity when they log in to their account or a company application/system.
Some organizations choose an all-in-one, or black box, solution because it simply plugs into their existing IAM or CIAM and may seem like the easiest and fastest way to implement digital identity verification. But these solutions limit customization, and with all the variables in business – including unique use-case needs, customer and employee concerns, technical ability, and expectations – these “one-size-fits-all” approaches curtail long-term success.
The limitations of black box solutions
The simplicity that allows black box systems to market themselves as a quick fraud-fighting solution also restricts their effectiveness. Because they offer a standard solution, they can’t adjust to meet changing business needs, evolving customer and employee expectations, and the increasing sophistication of fraudsters. Three key problems encountered by businesses that choose black box solutions include reliance on passwords, accessibility and experience issues, and the inability to gain data/insights and adapt the digital identity verification process.
Reliance on passwords
Many black box systems rely on passwords, which leaves enterprises vulnerable. The Google Cloud H1 2024 Threat Horizons Report found that password issues are responsible for over half of Cloud compromise incidents. The IBM X-Force Threat Intelligence Index 2024 reported a 71% year-over-year increase in cyberattacks that used stolen or compromised credentials.
The main problem with passwords is that they place too much responsibility on the user and are the least secure authentication factor available to begin with. Users set their password and must remember and enter it correctly each time they access their account. If they are following best practices, it will be a strong password that uses a combination of 12 or more alphanumeric characters that are hard to guess or hack and unique to that account. Unfortunately, the longer and more complex—and therefore, more secure—a password is, the harder it is for a customer or employee to remember it. This leads to common bad habits that compromise security
For example, Nordpass reports that the most common password is 123456, and that it can be cracked by a hacker in less than a second. A LastPass survey found that 65% of people always or mostly use the same password or a variation even though 92% know that using the same password or a variation is a risk. According to a Forbes Advisor survey, 42% of respondents mention using a combination of words and numbers that hold personal significance. Security.org notes, “Using meaningful names and numbers makes work easier for hackers who may already possess personal data.”
It’s not just customers who behave badly when it comes to passwords. In a Keeper Security Workplace Password Malpractice Report, 44% of respondents said they reused passwords across personal and work-related accounts; 57% admitted to writing down work-related passwords on sticky notes; and 14% have shared work-related passwords with a spouse or significant other.
Reduced accessibility and increased friction
Offering only a single way for customers and employees to identify themselves limits the people who can use a system or access a service. Creating, memorizing, and entering a password can be a burden for people living with cognitive disabilities. It can also pose challenges for people living with visual impairment, limited fine motor skills, and literacy challenges.
No matter what level of ability the user has, these password-based systems increase customer frustration across the board. Passwords that are entered incorrectly increase the time to complete a transaction and decrease customer satisfaction. Changing passwords regularly (which is a best practice) is an annoyance, as people are often prompted to do so when they are just trying to get something done online or in-app quickly and efficiently.
Passwords that are forgotten must, of course, be reset. ExpressVPN found that “People waste hours each year resetting passwords,” with the average reset taking three minutes and 46 seconds. Half of the survey’s respondents from the U.S., France, and the UK reported having to reset forgotten passwords at least once per month.
Lack of insight and customization
With black box solutions, businesses have a single approach, a single workflow, and a single dashboard. This cookie-cutter approach means a business can’t see the places in the identity verification process that cause issues for customers and employees – and can’t adopt the processes needed to fix them.
This impacts customer experience and, ultimately, loyalty. The harder it is for a customer to login and accomplish what they want, the more likely they are to look for a competitor with a better UX. Lack of flexibility with authentication factors also directly impacts the bottom line. In 2023, the FIDO Alliance reported, “U.S. consumers abandon a purchase and stop accessing an online service because they can’t remember their passwords 4.76 times per day on average, up from 3.71 in 2022—a 28.30% increase.” An earlier FIDO Alliance survey found that 58% of U.S. consumers had abandoned shopping carts and left an ecommerce site without purchasing due to difficulty signing in. According to CIO, Experian has reported that one in three consumers will abandon their online shopping carts if it takes longer than 30 minutes to complete a transaction.
Think outside of the (black) box
Black box solutions provide limitations in a world of constant change. A better approach is a solution that enables the use of biometric identity verification and provides the power of orchestration so organizations can understand how identity processes affect customers and employees and easily adapt them as needed.
Biometric verification
Biometric verification uses unique physical and behavioral characteristics to confirm the identity of customers and employees. Common biometric factors include fingerprints, facial scans, and voice prints, but retina scans, palm scans, and the (behavioral) patterns in how a person types, swipes between screens, or moves a mouse can also be used for identification.
The user simply presses their fingerprint to a key, takes a selfie, speaks into their device’s microphone, or goes about their business to confirm their identity. Biometric factors are easy to use, offer a wide range of choices, and make online accounts accessible to the largest number of customers.
Biometrics also reduces friction for customers because there’s nothing to remember, forget, or reset. Users can smoothly access accounts and complete transactions in less time than it takes when using passwords. Examples of this include call center authentication solutions where customers can be identified through their voice as they describe their problem to an agent; banking solutions where customers take a selfie for verification; and ecommerce sites where users are recognized with a fingerprint. Biometrics is available across industries and use cases, but the one thing its factors will always have in common is that they offer the safest, easiest security available.
Biometrics offers more security against cybercriminals than passwords do. Biometric factors can’t be stolen and are hard to duplicate. When a customer onboards, after the document validation service confirms their government-issued ID is authentic, a template is made from their captured biometric (a fingerprint, facial scan, or other factor). This template contains just enough information to match the live element and confirm identity. The template is a mathematical representation of the user and is impervious to reverse-engineering. If hackers steal the template, it does them no good without the live element.
Biometrics fosters accessibility, ease of use, and customer convenience in a way that passwords never have – and never will.
Orchestration
Orchestration is a capability within a digital identity platform that allows for control of the configurations of individual components in a workflow, how those components interact with each other, and the sequence of the flow.
These capabilities enable businesses to create customer journeys that both maximize security and minimize friction no matter what authentication factors and channels are used. Orchestration technology combines the power of convenience with the ability to customize via the ease of drag-and-drop code. Customer journeys can be built, deployed, tested, and modified without knowing how to code or needing help from an IT team.
A typical orchestration solution is a flexible framework with seamless integration between components that include identity verification, authentication, recovery, and the integration of third-party applications.
Digital identity platforms that enable orchestration offer customizable yet simple interface design that allows businesses to create and fine-tune the seamless, secure journey customers and employees want.
Invest in a solution for the long-term
Black box solutions are built for the short-term. They allow you to quickly get a functioning – albeit far less secure – digital identity solution up and running. But business success is a marathon, not a sprint, and a digital identity process that’s only made for now and takes a “one-size-fits-all” approach creates blind spots, process issues, and rough customer journeys. These solutions can’t adapt or protect your users and data in the ways needed to compete in today’s digital landscape.
It doesn’t have to be an all-or-nothing decision between fast deployment, security, and flexibility. Choosing a solution from a digital identity company that combines easy integration with the ability to evolve solves today’s problems and lays a foundation for the future. See how Daon TrustX combines ease of use, biometrics, and the power of orchestration in a solution built for long-term success.