BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Digital Identity: Where We Began, Where We Are And Where We Are Going

Forbes Technology Council

Joseph Burton is the CEO of TeleSign.

Who Are You? A Brief History Of Identity Verification

Identity verification isn't a new concept. As early as 3,000 B.C., there is evidence of fingerprints used to "seal" business transactions on clay tablets in ancient Babylon. Signet rings and seals were used in ancient Egypt as marks of authenticity on official documentation. Tattoos and jewelry as identification were used thousands of years ago to denote status, tribal affiliation and more.

Identity has been used throughout human history to identify criminals, protect transactions and prevent forgeries. At a basic level, identity is used to ensure an individual is who they claim to be. As civilization evolved, so did identity. From the introduction of passports, personal ID numbers, photographic identification and now fully digital identities, identity verification developed in parallel with the growing need to protect and keep accurate records of increasingly complex data, transactions, credit and regulations.

The Internet And Digital Identity Technology

Fast forward to 1983 and the invention of ARPANET, the foundational structure of the internet as we know it today. A digital infrastructure that could connect people all over the globe was truly revolutionary, but it was created without a standard to identify and protect the identity of its users. In fact, anonymity, while not explicitly designed into the internet, is one of its defining and most contentious features.

With the advent of ARPANET and worldwide connectivity, digital messaging, communications and interactions were born. Securing access—and therefore establishing baseline "digital identity"—started with the password, invented in the 1960s by Fernando Corbató (paywall). Securing an account with a password known only to a user could be used to establish an "identity;" however, it was weak: If your password was compromised, so was your account and "identity." So, while we were quickly moving to a globally connected world, digital identity was really at square one.

Protecting Our Digital Identity

As with other digital concepts, we've used our experiences in the physical world to shape the identity verification experience in the digital world. Digital identity, however, presents a unique set of challenges, complexity and risks. In the physical world, when a person goes to a bank to withdraw funds, they might be asked to provide a government picture ID and a password for the account. The verifiers then compare the documents to the person standing in front of them.

In digital transactions, however, the person providing the documents could be anyone—including a fraudster who has stolen an identity. To defend their customers and data against attacks and theft, businesses began to increase security by requiring stronger passwords, automated security solutions and multifactor authentication (MFA) methods to ensure the legitimacy of transactions and the identity of users during the onboarding process.

Defense Is The New Offense

In our digital age, fraudsters are increasingly tenacious and well-funded, attacks continue to increase in volume and sophistication and the stakes have never been higher. As we spend ever-increasing time online—and move more of our lives to the digital realm—virtually all aspects of our lives are now stored and conducted on the internet, from banking and shopping to full-time remote work and endless streams of social media. Data is king, and it continues to be targeted by bad actors seeking to steal a piece of the unprecedented and seemingly limitless financial transactions conducted every second of the day.

Unfortunately, there is no silver bullet to defend against identity theft and other cybercrime—and it is no longer possible to be a step ahead of fraudsters. Today, the best offense is defense, keeping pace with the latest tactics and using data to combat those who seek to steal it. Multifactor authentication—a critical component of effective security stacks—can now be bypassed by savvy fraudsters.

But the phone numbers provided during MFA in a bogus onboarding attempt can provide much more than proof that the user is holding the phone: The number can be analyzed across thousands of attributes to determine the identity of the person behind the number—in milliseconds—to prevent the bad actor from conducting a scheme before it starts.

Today, fraud and its resulting damage to individuals and brands can happen in a flash, so it is critical for businesses to remain vigilant and consider a nuanced, layered approach to fraud prevention.

Our Future Selves: What's On The Horizon For Digital identity

By 2030, 7.5 billion people will be online: buying, selling, learning, connecting and living their lives. They expect to be protected by the businesses they frequent—even as data breaches, user error and complex, clever schemes carried out by sophisticated fraud organizations increase.

At the same time, customers expect a frictionless customer experience, one that inspires confidence and brand loyalty. The balancing act between security and ease of use will remain an ongoing challenge for businesses looking to increase friction for potential fraudsters while decreasing friction for legitimate users they hope will become long-term customers.

Artificial intelligence and advanced authentication methods will continue to evolve, but there is no single solution to fraud prevention. Technologies—including 5G and modern cell phones—are not ubiquitous. Brands looking to scale globally will need to ensure a safe, easy experience for all people—not just the ones in developed regions.

Ultimately, identity is an ancient concept, and its future can be defined by another old idea: trust. The internet doesn't have business hours—it's always on. People expect to be protected continuously, and the brands that excel in the future will be those that instill trust in every customer, for each transaction, every time, all the time.


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?


Follow me on Twitter or LinkedInCheck out my website