As our lives become increasingly digitised, our online footprints are changing significantly. Most notably, the level of personal information being shared online and collected from us is growing. A digital identity can be used to authorise access to a wide range of services and information, by using an allocated username, email or password – to transfer money, shop online or access a social media account for example – in the same way a passport can be used for travel or to verify age. As a result, our digital identity is changing the face of personal identity as we know it and leaving consumers vulnerable.
The power of one
The array of personal information now publicly shared via social media can be a highly attractive prospect for cybercriminals. When in the wrong hands, it can present a clear opportunity for those with fraudulent and malicious intent. Just one element of personal information can be all a cybercriminal needs to steal an individual’s online identity – providing them with the ability to withdraw funds from a bank account or even apply for credit cards or loans in another person’s name.
Despite rising concern around the security of personal data, our recent research revealed a surprising lack of awareness regarding the actual value of people’s personal data. The research found three-in-five (59 per cent) consumers worried about the security of their personal information, but in the same research almost three quarters (73 per cent) said they would be prepared to give up their name in exchange for a free coffee, and an astonishing third (33 per cent) would even be prepared to share their date of birth. This highlights an obvious disconnect between the public’s concerns and their behaviour online.
Generational security divide
Findings from the millennial generation were even more worrying. As many as 80 per cent of this generation would give up their email address for a coffee, and 42 per cent would give up their mobile phone number, with baby boomers (26 per cent) being much more likely to keep that information a secret. Whilst this personal data appears to be seemingly nominal pieces of information, sharing it, without a thought to how it can be used, puts digital identities at risk.
A phone number can be used with reverse lookup services to obtain an address, which can provide hackers with all they need to steal an identity. Once a cybercriminal has access to a home address there is nothing stopping them using this along with your full name to find out additional information, all of which can be put together to set up a credit card or even steal money from an existing bank account. Sharing a date of birth can be just as harmful – for many a date of birth is an easy password or PIN to remember, and with a bit of trial and error it can deliver quick results for hackers.
Turning data security woes into precautionary action
The ramifications of sharing personal data are widely known , yet this clearly isn’t translating into precautionary behaviour. This is a theme that can be seen particularly among younger generations, who are far more laissez-faire with their personal information than their elders. This is further supported by our research which found only 43 per cent of Generation Z (those born after 1995) would be concerned with giving away their mother’s maiden name, whereas 74 per cent of Baby Boomers would. As this piece of data is one of the top password security questions, providing a mother’s maiden name could directly help cybercriminals access consumers’ personal accounts. Perhaps safeguarding personal data is one area where younger generations could learn from their more cautious elders.
Protecting digital identities
Businesses and organisations need to act now and adopt innovative methods to protect digital identities and reassure consumers that their personal information is safe when going online. Fingerprint biometric-enabled devices are just one wave of innovation that can empower consumers to take control of their own digital identities. By moving towards something the consumer is (i.e. their fingerprint), rather than something they know (like an email address or password), consumers can be safe in the knowledge they are the only person able to authenticate online or digital activities.
Traditional methods of online identification can be easily shared and stolen. Fingerprint authentication, however, does not possess any of these issues, therefore providing a far more robust form of identification for consumers when authenticating themselves across both online and offline platforms. This technology can help to rebuild consumer faith in data protection by removing the current assumption that cybercrime is inevitable.
In today’s hyper-connected world, so much of our personal information is willingly shared and left on show for cybercriminals to take and use to access online accounts. To remain secure, consumers must be reminded about the value of their personal information and the importance of protection. Now is the time for companies to work with consumers to stay one step ahead of fraudsters and embrace the latest technological advances in order to combat data protection insecurities directly.
David Orme, Senior Vice President, IDEX Biometrics ASA