How to Deliver Biometrically Secure Digital Identities at a National Scale
by John Duggan, SVP of ANZ & SE Asia
July 27, 2023
Biometric digital identity solutions are becoming more widely available across many different industries and in countries around the world. On one hand, digital IDs enable the freedom, ease-of-use, and speed that’s become synonymous (and necessary to keep up) with our modern digital lives. On the other hand, this online freedom is now so accessible that digital identity security systems often struggle to stay ahead of the demand for always-on services.
That’s why large-scale, secure, digital identity credentialing systems, especially those leveraging biometrically enhanced technologies, are the next frontier in digitization. Without them, we cannot achieve the digital infrastructure needed – or the security and convenience they require – to sustain the digital access we’re used to.
Global efforts to implement nationwide digital identity frameworks offer an excellent opportunity to review large-scale identity credentialing systems up to this point. It’s also important to consider the role of biometrics in establishing future digital identity systems where all aspects of an individual’s identity management and credentialing can be done seamlessly online, anywhere, and at any time.
Growth of National Biometric ID Systems Worldwide
Over the past decade, countries like Singapore and Sweden have taken steps to create digital identity credentialing systems that can be supported at a national level. The potential benefits to society are endless, as citizens can use these programs for everything from banking to accessing healthcare services to getting driving permits – and more.
However, and perhaps ironically, security has been the primary roadblock to the large-scale rollout of these systems.
Although everyone agrees that secure digital identity verification and authentication are often what both slow the creation of a centralized, fully adopted digital identity framework and are what is absolutely necessary for its success, not all agree on how to improve the speed of a framework’s rollout. While parties discuss internationally agreed-upon security specifications that should be included in authentication systems, some current expansions of digital identity credentialing systems are still very much experimental.
As more countries consider national identity strategies, they are taking the security challenge in stride. For example, Thailand is the latest country with a program laboratory and is currently developing a nested credentialing system that includes a blockchain digital ID infrastructure and a government-operated mobile ID app.
Diverging from the more centralized government efforts in Sweden and Singapore, the Thai government’s approach envisions itself as more of a facilitator – by promoting public-private partnerships – and as a service provider, with identity provider partnerships (IDPs) designed to grow into a larger digital credentialing ecosystem. The nested structure being executed in Thailand already has more than nine million registered citizens.
The infrastructure also includes the D.Dopa mobile ID app, which requires in-person registration at a local government office, and which the Thai government hopes to register 10 million citizens for by the end of the year. The app is linked to a phone number and a biometric system.
But this program can only continue if there’s a high degree of confidence in its users’ verified and authenticated identities. While digital identity security technologies have come a long way, there are still challenges to overcome.
The Evolution of Digital Identity Security Technology
When internet usage became ubiquitous in much of the world in the early 1990s, it was clear that we needed methods for controlling which users could access what information electronically. At first, this was accomplished with usernames and passwords. While that technology is still used today (known as “legacy” or “traditional” authentication methods), it leaves the user prone to identity theft and the organization using these methods vulnerable to fraud, reputational damage, and security breaches.
As a result of these risks, the cybersecurity industry grew at a phenomenal rate – and experts predict that the international cybersecurity market will only continue to do so, at a CAGR of more than 23% that will reach a value of $46.3 billion by 2027. Although digital security technologies are improving at incredible speeds, cybercriminals are keeping pace. Experts at Cybersecurity Ventures estimate that the cost of cybercrime will grow from roughly $8 trillion in 2023 to $10.5 trillion by 2025.
Governments working to deploy digital identity frameworks, including ID programs at nationwide scales, all face this threat. Adopting biometric technologies will inevitably help clear this step and deliver robust, optimized digital credentialing systems that will stop criminals from infiltrating these ID infrastructures.
Ongoing work to improve digital identity security often comes at the cost of user experience. Added identity proofing mechanisms can be time-consuming and cumbersome for organizations and frustrating for users as they jump through hoops to access their online accounts. As a result, these processes are frequently wrought with inefficiency and fail to eliminate major security vulnerabilities throughout the digital environment.
Further, without developing the digital infrastructure strategically, it’s not easy to keep up with the updates necessary to maintain ongoing regulatory compliance, especially as security technologies improve.
That’s where Daon comes in. With over 20 years of experience in the digital identity security and biometrics industries, our identity proofing solutions address all of these concerns using the innovative technology we’ve developed to help global customers scale their systems to hundreds of millions of users. Keep reading to learn more.
How Biometric Identity Authentication Will Transform the Digital Security Environment
Our physical features, like our faces, voices, and fingerprints, make us the unique individuals we are. These factors, known as biometrics, are virtually impossible to steal or duplicate if they are protected by modern authentication protocols.
Existing digital identity authentication technologies can recognize a significant number of biological markers through fingerprinting, facial recognition, iris recognition, retina scanning, and voice recognition. There is also another subset of biometrics, known as behavioral biometrics, which studies and uses bodily movements that are products of our genetics and muscle memory – like how much pressure is used to type on a screen, how we navigate keystrokes, and more – as authentication factors.
But too often, the day-to-day systems we use rely on outdated (legacy) authentication factors like one-time passwords (OTPs), PINs, and USB tokens, leaving both organizations and users vulnerable to fraud. That’s why Daon offers biometric MFA (multi-factor authentication) to ensure our clients and their customers have the power of choice, security, and ease-of-use when it comes to authenticating themselves.
Let’s take a closer look at Thailand, where a digital ID program is being rolled out, and consider how biometrics are currently being employed for identity proofing and where there remains room for adopting biometric technologies.
In-Person vs. Remote User Onboarding
In-person registration is a time-consuming and often cumbersome process. It’s not only laborious for the organization tasked with registering new users manually (a process that generally takes about 30 minutes), but the user must also allocate at least three times that amount of time: traveling to the enrollment location, registering, and then the journey back could entail over 90 minutes spent on onboarding. The costs involved are also something to consider, as wages, travel expenses, paperwork processing, and even the financial burden of maintaining a physical location is a pricey commitment for organizations to make.
By automating identity proofing and verification during registration, often referred to as KYC (know your customer), the process can be reduced to only a matter of minutes and eliminate almost all of the costs involved in the manual registration process. By adopting the most advanced biometric identity proofing systems, this transition dramatically improves the status quo without affecting risk management. Thailand could benefit from such a system, as opposed to relying on the in-person onboarding method they currently use.
Continuous Authentication and Regulatory Compliance
Since digital identity security will always be a cat-and-mouse game, the key to maintaining a competitive edge is continuous innovation. Industry-leading biometric technologies that foster seamless Identity Continuity, a foundational principle of Daon solutions, can give any organization the edge they need. When a device becomes lost or otherwise compromised, a smooth re-enrollment process made possible by a simple facial scan in combination with a security pin, for example, could minimize user disruption, take less time, and save an organization the cost of a password reset or the resource drain of call center representatives being overloaded with such requests.
Biometrics-enabled credentialing systems have the potential to transform all aspects of our lives, from identification for critical services to integrated government IDs to healthcare access, education, and accessible digital transactions for everyone. It’s essential to keep an eye on how these innovations continue to shape the trajectory of enterprise and our societies.
The Power of Daon’s Innovative Biometric Technologies
Daon has a marked history of success working with EU countries in the creation of existing national ID programs by delivering industry-leading biometric solutions and futureproof technology. With Daon as a partner, countries can develop enhanced user experiences that don’t require on-site sign-ups and establish secure digital identity credentialing systems that will be agile for years ahead.
Daon’s mission is to build trust between organizations and their customers by enhancing their shared digital identity ecosystem. This includes a full spectrum of services, including secure customer onboarding (KYC), strong customer authentication, and account recovery – all within a common framework (Identity Continuity) and digital scheme to ensure that your organization can adapt to the digital environment just as quickly as it can evolve.
Learn more about how we’re pushing the boundaries of what’s possible in digital identity security and get a personal demo by contacting us today.