Digital Identity: What to Expect in 2018

January 11, 2018

Blog

2017 was a profoundly important year in digital identity.  The tide turned decisively against usernames and passwords, with more than 86% of consumers expressing doubts over the security and convenience of the format, and mobile network operators around the world agreeing collaborations on alternative solutions.  With 76% of mobile users in Q4 2017 indicating a desire to use a single sign-on identity service provided by their mobile operator, operators around the world met this challenge with great success. In Europe for instance, operators in Germany and Belgium launched identity solutions for use in transport and financial services; in Asia, Korean operator SKT produced a solution now adopted by 99% of Korean websites; and in the United States, the four largest operators announced their joint taskforce on mobile authentication with the GSMA’s Mobile Connect.  This move by operators into the identity space is a prime example of the wider global trend: towards treating digital identity as a complex and sensitive matter, which can no longer be entrusted to simple tickboxes and memorable phrases.  This being the case, then, what are some of the imminent developments in digital identity that we can expect over the coming year?

The digital identity market will certainly continue to be powered by the financial services industry.  In a sector so reliant on consumer trust, the ongoing digitisation of transactions and account access is driving ever more investment in identity management. Banks now collectively spend more than $1 billion per year funding research and development of identity solutions, making them the world’s leading investors, over even national governments and police agencies.  The focus of that investment in 2018 will be on ‘unique identity’ systems: methods which combine multiple factors as a matter of course, to verify a person’s identity with far greater certainty.  Passwords and PINs, which can on their own be compromised, will increasingly be combined with aspects of what a consumer has (say, a specific mobile device), who they are (their biometric information), and where they are (using for instance their geolocation or IP address).  Banks have obvious commercial incentives to ensure consumer confidence, at a time when identity theft has reached an all-time high; they also face an onslaught of tighter legal requirements over the coming year, as governmental bodies, in particular in Europe, try to respond to consumer anxieties over digital identity protection.

2018 will be a year of major regulatory change in Europe.  In May of this year, for instance, the EU’s General Data Protection Regulation will come into effect, in a drive to harmonise data privacy laws across Europe.  GDPR is the latest measure designed to give EU citizens greater rights over their personal data, granting them more control over how that data is collected, stored and passed on – the onus will soon be placed firmly on individual companies to guard against privacy breaches and cyberattacks on the consumer data they hold.  GDPR is widely seen as highly stringent in its requirements, with fines of up 20 million euro to be levied against organisations failing to meet them, including those in the public sector.

Serious questions abound over readiness, however; research indicates for example that in Ireland more than a third of organisations processing personal data are yet to begin preparations for GDPR, with more than half still using insecure methods such as email to transmit sensitive data.  Malcolm Harkins, Chief Security and Trust Officer at Cylance, has therefore described GDPR as “the Y2K of 2018” – that, while many companies may give outward assurances of their readiness for the new guidelines, behind closed doors there may be a good deal of apprehension over ability to comply in time for the first round of audits.  We can expect to see the EU making an example of some high-profile multinational who fails to meet the requirements in the first years of adoption, as it seeks to emphasise its seriousness about the new regime.

The imminent adoption by EEA member states of the revised Payment Services Directive will also make 2018 a “game-changing” year for retail banking.  In recognition of the rise of third-party fintech payment systems, the new PSD2 regime is designed to create a level playing field for all payment service providers.  Essentially, by stripping banks of their monopoly on customer account information and payment infrastructure, while strengthening consumer protection through requirements on ‘strong customer authentication’, PSD2 aims to stimulate innovation in how everyday transactions are performed and authenticated – improving security, convenience and choice for the end-user.  Accenture have warned financial institutions against treating PSD2 as just another compliance exercise: with 1 in 5 online transactions set to be made through mobile devices this year, remote payment practices are changing rapidly, and banks should regard next week’s adoption as a catalyst to accelerate improvements in their own digital payment systems.

Europe is thereby likely to become something of a legislative trendsetter in digital identity management, with the outcomes certainly watched with interest from Asia and the Americas.  As 2018 unfolds, technological developments currently in their infancy will rapidly become the norm: as AI and chatbots are rolled out in more and more contexts, for example, they will provide a greater range of opportunities for hackers, and consumers will expect to see measures taken to allay these.  As the Internet of Things grows, so too will the dangers associated with security breaches; where the hacking of an automobile factory may previously have resulted in loss of revenues or customer data, for instance, the cost may now be measured in human lives.  And as the Cloud environment reaches maturity, ensuring its security will become of paramount importance to many players in the ecosystem.  While the challenges are numerous, they are part and parcel of a maturing technological landscape which, over 2018, is set to prize the security of our digital identities like never before.

Back

Strong Mobile Customer Authentication under PSD2: Comparisons and Cons The new PSD2 regulations will bring about major changes to the digital security landscape. Among the most significant of these will be the requirement to use strong customer auth...

Read more | See all Identity Resources

Mobile Connect for Cross-Border Digital Services: Lessons Learned from The GSMA has released the results of the Mobile Connect and eIDAS implementation pilot. The year-long collaboration brought together several public and private sector organisatio...

Read more | See all Identity Resources

Mobile Authentication: Capitalising on China’s Identity Market China Mobile have firmly established themselves in the digital identity market. The network operator’s identity service, Mobile Authentication, offers a range of authentication...

Read more | See all Identity Resources

Mobile Connect in the GSMA Innovation City @MWC18 Mobile Connect, the mobile industry’s identity solution, will be present at Mobile World Congress’ GSMA Innovation City where attendees will have the opportunity to e...

Read more | See all Identity Resources

Presentations from the Mobile Connect Summit Singapore The Mobile Connect Summit was a forum for all stakeholders engaged with digital identity and  addressed the status of Mobile Connect deployments both globally and in the Asian m...

Read more | See all Identity Resources

Mobile Connect Privacy Principles The Mobile Connect Privacy Principles are intended to guide the use of personal information in Mobile Connect branded services. Mobile Connect enables verified authentication, au...

Read more | See all Identity Resources

CAPS Report on Authentication and Mobile Payments to aid Implementatio With PSD2’s Regulatory Technical Standards now published, the broader financial ecosystem is moving closer towards full-scale implementation of the EU’s revised payment servi...

Read more | Visit Identity Blog

eIDAS Pilot Recommends Mobile Connect for Cross-Border Digital Service Having removed many of the barriers to European cross-border trade by way of the Single Market, the European Commission’s vision of a Digital Single Market aims to create secur...

Read more | Visit Identity Blog

MWC18: Operators Poised to make Unique Contribution to Securing Trust As the digital economy grows, and the Internet of Things expands, digital identity authentication will play an increasingly routine role in the lives of billions around the world...

Read more | Visit Identity Blog

Securing Trust in India’s Digital Citizenship Jai Rajaraman, Vice President and Global Head of Technology User privacy has been at the forefront of debates over digital identity since their inception.  The case of Aadhaar, ...

Read more | Visit Identity Blog

Digital Identity: What to Expect in 2018 2017 was a profoundly important year in digital identity.  The tide turned decisively against usernames and passwords, with more than 86% of consumers expressing doubts over the...

Read more | Visit Identity Blog

China Mobile Now Scales up GSMA Mobile Connect for Global Authenticati China Mobile have announced their intention to advance in the digital identity market Sihan Bo Chen, Head of Greater China, GSMA A steady rise in spam and fraudulent activity in ...

Read more | Visit Identity Blog

Mobile Connect at Mobile World Congress 2018 February 26, 2018 The GSMA’s Identity team will be present at this year’s Mobile World Congress 2018, where Mobile Connect, the mobile industry’s identity solution, will be showc...

Read more | See all Identity Events

MWC18 Seminar: Data Attributes as the New Digital Identity Currency February 26, 2018 During this seminar we will focus on how attributes are becoming the new digital identity currency and how cross border identity transactions will shape ecommerce. A number of di...

Read more | See all Identity Events

MWC18 Seminar: How are Identity Regulations Shaping the Digital World? February 27, 2018 The seminar will focus on how technology and digital services are increasingly facing new challenges and opportunities to keep pace with today’s digital transformation. During ...

Read more | See all Identity Events

Contact GSMA Legal Email Preference Centre Copyright © 2018 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.