Is it time to drop our identity to become frictionless?

How the data behind the identity is driving services and will help move us away from knowledge-based verification.

Artificial intelligence and digital identity

In the identity and access management (IAM) space, we talk a lot about identity. There is an historic reason for this as well as a psychological one. After all, when we do something online, we are doing it as a digital version of ourselves, aren’t we?

As a fan of reductionism, I’d like to turn the idea of digital identity on its head. The tasks we do, even simple ones like signing into an account, are done using data, not identity. It is this data that we need to focus on to move away from some of the more annoying aspects of getting hold of a digital identity.

Moving the discussion from online identity to data

If you have ever registered for an online account that requires you to be identity checked, you will be able to answer the question, “What is the barrier to getting an online identity? Going through a process to apply an assurance level to an identity is a pain. You get caught up in multiple sections, each designed to drill down into the question, “Are you really who you claim to be?”

One of the biggest annoyances for users in this process is the dreaded knowledge-based verification (KBV), which consists of a series of personal questions. This concept of asking questions related to an individual's life--for example, “Who was the company you took out a loan in 2000 with?” (yes, I really did get asked that)--seem great on paper, but in reality, they are almost as easy for fraudsters to acquire an answer as for you to remember or search for.

To continue reading this article register now

Make your voice heard. Share your experience in CSO's Security Priorities Study.