Digital identities in shopping

Part
01
of two
Part
01

Confirming Digital Identities

A recent global survey found out that 69% of consumers living in countries with a significant history of online fraud are concerned about their security when doing online transactions. The survey further found out that 51% were less likely to do any online financial transactions, with 47% stating that they were making fewer online purchases than expected. The findings of this survey are a clear indicator that both online sellers and buyers want to confirm who they are engaging, with the primary objective of verifying their identities. After conducting our research, we were able to identify how small businesses and individuals confirm each other’s digital identities when shopping online and how these practices are expected to change in the next five years.

Key Findings

How small businesses confirm the digital identities of their online buyers

Because of their financial limitations, many small online businesses rely on the thousands of data sources available worldwide to confirm the digital identities of their respective online buyers. With the help of government databases and credit bureaus, many online sellers manage to get and confirm their buyers’ digital identifications. For example, according to a recent World Bank report, 82% of all the countries that issue national ID cards have rolled out electronic ID programs (eID) and most of these countries already have digital ID schemes tied to various functions. With many countries adopting the digital IDs, many small businesses are taking advantage; a good example is Australia and other developed countries, where online sellers can download apps to verify the digital IDs of their online buyers. Some notable aspects that an online seller is able to confirm include the photo of the individual, the date of birth, which confirms the buyer’s age and other security features.

Smaller businesses also confirm their online buyers using new technology sources that include mobile network operators, social media, internet of Things (IoT), mobile apps, and biometrics. Some of these identified sources easily enable small online businesses to identify and verify their online buyers and thus get a clear picture of them. On the other hand, small businesses that have professional online presence use an authentication code, biometric data point, and the date of birth to identify and verify their online customers. Other online sellers have devised other innovative ways that enable them to profile their buyers’ interactions, and when they notice changes in their customer’s behaviors, they act promptly to protect both their interests and those of their respective customers.

How individuals confirm the digital identities of their small business online sellers

Individual online buyers confirm the digital identity of the online sellers by looking for reviews at Yelp, Facebook or any other social media sites where they can see the feedback of the previous customers. Other notable ways that the individual confirms the digital identity of their online sellers and particularly small businesses is through sites such as Ripoff Report where previous customers identify businesses that they have had difficulty engaging with, while purchasing online products or services. Others have sought to confirm the digital identity of their online sellers by verifying their information such as the phone number or the email address, with the objective of establishing whether they are legitimate. With modern-day technologies, online buyers are able to confirm online sellers with the help of traditional methods such as business registries and government databases. Newer sources such as mobile apps and social media have proved pivotal for individuals to verify their online sellers.

How these practices are expected to change or evolve in the next 5 years

#1. Expansion of national ID schemes and federated digital identity

Research by Gemalto revealed that by 2021, the number of electronic National ID cards would reach 3.6 billion globally. This will play a pivotal role for both small businesses and individuals engaged in online businesses, for instance, the federated digital identity would enable the linking of a customer’s digital identity and attributes. This data will be stored across management systems and thus become a new normal that will balance the consumer security and convenience. On the other hand, Acuity points out that robust eID system will provide excellent opportunities for global, regional, and national transaction infrastructures, secured by a digital identity that is trusted.

#2. Increased use of biometrics

According to Google intelligence, there will be at least 120 million online customers using mobile biometrics every day by the year 2020. In this aspect, biometrics will continue to advance in the coming years as an identity verification technology. This development will see a continued migration to new digital identification systems and the end of security breaches currently linked with the use of passwords.

#3. Digital identity will be more mobile in the future

Numerous indicators and signs show that mobile phones will be the most secure digital identity solution in the future. Presently, mobile phones have all the components that are required to take all the aspects of digital identity in the next few years. With a combination of mobile apps, both small business online sellers and individuals engaging in online businesses will easily identify each other digitally.




Part
02
of two
Part
02

Digital Identity Issues

According to 2018 online survey by The Harris Poll, approximately 60 million Americans have been attacked by identity theft. This survey also shows that almost 15 million consumers underwent identity theft in 2017.

Online shopping digital identity issues/problems faced by small business and individuals

Some issues and problems small business and individuals have with digital identities that prevent them from completing online shopping includes;

The fragmented nature of digital identity

One of the challenges faced by small business and individuals during shopping for goods and services online with regard to digital identity is the fragmented nature of digital identity. The fragmented aspect of digital identity generates different challenges for customers intending to carry out an online purchase. When customers and companies are consistently made to re-identify themselves due to the fragmented nature of digital identity, it leaves them frustrated and unable to complete online transactions.

Lack of proper verifiable identity attributes

It has been observed that so many individuals do not have enough verifiable identity attributes, which should help them obtain the proper level of certainty to allow in the creation of digital identity. According to research, "It is possible that all UK citizens do not hold some verifiable identity attributes accepted to create a digital identity to the higher levels of identity assurance."

In the UK for instance, around 75% of the population has a
passport and 76% have a driving license. Many UK citizens are not registered to vote and therefore these details cannot be verified. This turns to produce an issue for identity verification by making the passage to obtaining a digital identity for some citizens.

"An estimated one billion people around the world half of which are in Africa lack official identification to prove who they are. And many millions more have forms of identification that cannot be reliably verified or authenticated."

It can be challenging for people based outside the US to easily verify their PayPal account. The reason is that some countries do not have the specific bank accounts PayPal requires for their account verification. This makes it complicated for an individual to complete an online purchase.

Cybersecurity

Security is becoming an important root of anxiety for companies and individuals during an online purchase. Digital identity management systems may be subject to serious compromises such as data theft, loss or cracking of passwords, token compromises, jeopardized system hardware, illicit communications surveillance and phishing. "In 2016, reported data breaches 70 increased by 40%, setting a record in the US. Major hacks resulting in the release of private information are increasingly common, and identity theft is widespread."

Data protection law

According to findings, data protection law affects digital identity immensely," especially in Europe where the main regulation on this matter is the General Data Protection Regulation (GDPR) that came into force in the EU in May 2016 and will be fully adopted by 25 May 201866." The law covers both physical and digital identity management in a large "number of provisions that reinforce the idea of individual control over one’s own data, the most important of which are: right to access, right to be forgotten, right to portability and right to data minimization." This law is having an effect on individuals digital identification.

Lack of standardization and interoperability

"Identity management is fragmented, there is a lack of standard means to assign, list or share identities. Each identity provider (whether public or private) stores the information in a different way. Data about users is gathered and stored in many places. Furthermore, millions of people around the world do not have official identities and are usually excluded from the protection of a State. In a digital society, the lack of such identity will make these individuals even more excluded from online purchase."
Sources
Sources

From Part 01
Quotes
  • "Companies with a professional online presence often have reviews at Yelp or a listing on Facebook or other social media sites where you can see feedback from clients."
  • "Sites like Ripoff Report identify companies that customers have had a difficult time with."
Quotes
  • "An authentication code, a biometric data point, your date of birth – each piece connects back to you, verifying your identity to others and showing them that you are the person you say you are."
  • "There are thousands of data sources worldwide that can help to verify individuals and businesses. Government databases, credit bureaus, and business registries are just a few of the more traditional ones, but newer sources such as mobile network operators, biometrics, social media, mobile apps and Internet of Things (IoT) offer a new set of data to help complete the picture and identify and verify more people from around the world."
Quotes
  • "Check reviews on the seller. Look for reports of bad experiences; Verify the seller's information - is the phone number or email address legitimate?"
Quotes
  • "Federated digital identity — linking a consumer's digital identity and the attributes, which are stored across multiple, unrelated identity management systems — will become the new normal. It achieves the seemingly impossible: balancing consumer convenience with security."
Quotes
  • "Authenticating and validating a consumer’s identity accurately is crucial for businesses of all shapes and sizes."
  • "A growing group of governments around the world are turning to new digital identity tools and credentials to help validate citizens’ identities."
  • "In the United Arab Emirates (UAE), for example, the country’s Telecommunications Regulatory Authority (TRA) recently released UAE PASS, in partnership with digital identity technology provider Smart Dubai."
  • "Meanwhile, in Europe, the European Union’s (EU’s) electronic identification, authentication and trust services (eIDAS) regulation went into full effect last month, forcing the EU’s 28 member states to recognize official national eID systems."
Quotes
  • "By profiling your interactions with them, and then noticing changes in your behavior, they can act more intelligently to protect your interests, and theirs."
  • "Asking you to create an account with a unique identifier — they need a way to maintain information about you so they can provide you with a personalized experience."
Quotes
  • "At a global level, by early 2017, 82% of all countries issuing national ID cards had rolled out eID programs, according to the World Bank Most developing countries have some form of digital ID scheme tied to specific functions and serving a subset of the population"
  • "One example of a national identity system is India’s UID programme. The Unique Identification Authority of India (UIDAI) is a statutory authority established on 12 July 2016 by theGovernment of India, under the provisions of theAadhaar Act 2016"
  • "The UIDAI is mandated to assign a 12-digit unique identification (UID) number toall Indian residents based on their biometric and demographic data."
  • "Estonia has probably the most highly-developed national ID card scheme in the world.Its citizens can make arrangements regarding municipal or state services online in minutes. Since 2002, about 1.2 million credit-card sized personal identification documents have been issuedthatallow citizens to be identified and sign documents"
Quotes
  • "Digital ID can facilitate many types of interactions between two parties, most often individuals and institutions, producing benefits for both. Individuals can use identification to interact with businesses. "
From Part 02
Quotes
  • "Cross-border transactions are also 15% more likely to entail device spoofing and 22% more likely to involve identity spoofing. Better yet, the people behind many of these transactions may not be people at all. Bot attacks against merchants are numbering more than 1.3 billion per quarter. That’s an incredible torrent of over 600K bot attacks per every hour of every day!"
Quotes
  • "At present citizens have different user names and passwords for most transactions online e.g. a doctor’s online appointment user name and password will be different to the user name a password requirement for accessing a financial services product. These requirements to use multiple user names and passwords create headaches for both the citizen and the organisation. "
  • "As a consequence of these difficulties interacting there are use cases, which may be more difficult, online. Cancelling a doctor’s appointment, accessing financial information or a tenant reporting a fault with their property. There is a cost associated with these use cases that could be reduced if it were proven that a single digital identity made it easier to transact across services without the need for multiple user names and passwords. "
Quotes
  • "ncreased concerns on privacy In every project related to the implementation and management of an identification system, issues about privacy and personal data protection quickly appear.41 The privacy principle involves the idea that the data subject must decide how, where and by whom that information is used. Use of personal information comprises initial collection and all subsequent uses. Accurate data protection and respect for consumers’ privacy are fundamental for transactional purposes. If consumers do not feel that their data are protected, they will not transact online. A recent global survey42 shows that, in countries with a significant history of online fraud, 69% of consumers expressed that they are ‘much more concerned’ about their online security than they were just a year ago. This affected their online behaviour, with 51% less likely to do financial transactions online, and 47% making fewer online purchases."
  • "Data protection law affects digital identity immensely, particularly in Europe where the main regulation on this matter is the General Data Protection Regulation (GDPR) that came into force in the EU in May 2016 and will be fully adopted by 25 May 201866. The regulation includes both physical and digital identity management in a large number of provisions that reinforce the idea of an individual control over one’s own data, the most important of which are: right to access, right to be forgotten, right to portability and right to data minimizatio"
  • "Lack of standardization and interoperability As we have explained before, identity management is fragmented, there is a lack of standard means to assign, list or share identities. Each identity provider (whether public or private) stores the information in a different way. Data about users is gathered and stored in many different places. Furthermore, millions of people around the world do not have official identities and are usually excluded from the protection of a State. In a digital society, the lack of such identity will make these individuals even more excluded."