Talk of digital twins ordinarily sparks associations with evil lookalikes and doubles, who have appeared in Gothic novels and horror films for centuries. The notion is not entirely out of place.
Fraud is now the most common crime in the UK, with identity fraud taking the lion’s share at 58%, with 223,163 cases recorded in 2019 alone. 19 out of every 20 identity frauds involves a fraudster who has used an innocent victim’s name to apply for products and services. Roughly half of all identity fraud is linked to the misuse of a bank account, and worryingly, malicious actors are increasingly praying on the young and over 65s. For those affected, the ordeal may feel like discovering they have an evil (digital) twin, who is out to get their hard-earned money by masquerading as them online.
Creating a digital identity hasn’t been a priority for many, over the years. Why take the ‘risk’ if you can get great customer service and apply for a loan or mortgage face to face? Now, COVID-19 has turned the tables on that.
Mushrooming digital identities
Having a digital identity has not just become useful. It’s now essential for anyone seeking digital services, credit, or government support online. According to GOV.UK, out of 2.6 million self-employment claimants in the UK, 54% had no prior digital identity credentials. Digital identities – our digital twins – have become a necessity.
With cyber security and fraud threats growing, many will be wondering if their digital twins ‘behave’, once created. What if someone takes control of that digital identity? What if something goes wrong? Questions around protection and control are valid and won’t go away any time soon. But there is a silver lining: the more mainstream digital identity verification becomes, the more protected we are.
Let me explain. Once your digital twin is created and securely verified, it minimises the chances of someone else creating and claiming it on your behalf (just like website URL domains). The more genuine digital identities are created – and linked to by government support services, for example – the less risk of fraud there is. There are, of course, still some risks, namely from synthetic identities (where a digital identity is an amalgamation of several real or imaginary personas). But these are not yet mainstream – and technology exists to help stamp them out.
The point is that once a digital identity for a real person is created and verified, it becomes much harder for anyone to put that identity ‘stake’ in on their behalf. Knowing this, governments around the world now look to strengthen consumer identity protection by issuing cleverly encrypted passports and ID documents, following the lead of Estonia with technologies like NFC. Closer to home, the UK looks at consumer rights around digital identity to enable its wider use across the country, all while protecting residents and boosting the economy.
These ambitions are both timely and attainable. The more widespread and secure the use of digital identities becomes, the more we’ll keep attackers at bay. Technology has a major role to play, too. Using trustworthy digital ID verification technologies with the highest security assurance – without compromising speed for security – will be key to safeguarding our digital identities in the long run.
Security trumps speed
Take the example of GOV.UK Verify, the digital sign-up and verification portal that helps UK residents access 22 government services online. Since the onset of the pandemic and ensuing UK-wide lockdown, the demand for GOV.UK Verify’s services skyrocketed, as millions were looking to access Universal Credit applications, business and self-employed payments, car registration, and tax services. At its peak, the demand increased to 400 applicants per minute.
Now imagine, all those applicants’ identities had to be digitally and securely verified with as little delay as possible. GOV.UK Verify made the decision to prioritise security over speed to ensure consumer protection from the risk of identity fraud – even if it meant slightly longer ‘virtual queues’ before processing capacity could be scaled up to match demand.
When the pressure and stakes are high – like in the midst of the pandemic – security must trump speed. We know all too well that not all genuine IDs can be checked automatically. Some do not conform to modern document standards. There can be inconsistencies in document images, as well as limited data-capture technologies available.
There are inconsistencies across countries, too. Estonian IDs can be digitally verified with 100% assurance by using NFC (Near Field Communications) on smartphones, as a clever chip with 2048-bit public key encryption is embedded in each ID. Other countries’ identity papers aren’t as technologically advanced. For instance, some Italian paper ID cards still do not support even the most common Machine-Readable Zone (MRZ) enabled digital ID verification checks, making those documents extremely difficult to verify ‘remotely’. It’s then easy to see why, once the legitimacy of an ID document is no longer in doubt when verified digitally, the entire process becomes faster and much more robust. All that’s left for the consumer is to take a selfie to check liveness and face comparison to the document.
How do we protect our digital twins?
As a society, we shouldn’t be afraid of our digital twins. Nor should we worry for their destinies. But we can’t afford to be complacent either. The ever-increasing sophistication of forgeries means that fraud detection technology needs to constantly evolve and improve. Even the most sophisticated AI and machine learning-based verification technology has to have a back-up plan – this is where human forensic experts can be deployed to verify and authenticate IDs based on the risk profile and the assurance level required.
Governments have a huge role to play, too. Upgrading the sophistication of ID documents will ensure that the authenticity of physical identity papers can be verified digitally with potentially 100% certainty, which will be a huge step in the right direction.
By helping protect consumers from identity fraud, we’ll save them from scratching their heads when asked by a certain someone in the run-up to Christmas: “Has your digital twin been naughty or nice this year?”