The Importance of Digital Identity Management in the Finance Industry
By Jasie FonHaving a reliable and secure way to confirm the identity of customers has become crucial for financial institutions.
All over the world, digital payment methods are on the rise. The convenience that they offer is unparalleled, and it's difficult to even imagine a time before transactions could be carried out with simply a tap, swipe or click. The online payments boom, however, has a dark side as the ease and abundance of electronic fund transfers have also attracted a surge in cybercrime.
The latest cybersecurity health report by the Cyber Security Agency of Singapore (CSA) revealed that a whopping 99% of organisations that encountered a cyber incident in 2023 suffered significant consequences. The impacts include business disruption (48% for both businesses and nonprofits), data loss (46% for businesses, 60% for non-profits), reputation damage (43% for businesses, 44% for non-profits) and financial loss (31% for businesses, 34% for non-profits).
The Monetary Authority of Singapore (MAS), acknowledging that financial institutions occupy a central role in this evolution, has established regulations and guidelines that compel financial institutions to adopt robust cybersecurity practices, including risk assessments, incident reporting and cybersecurity awareness training.
But regulations are only part of the solution. While MAS regulations provide a solid foundation, digital identity management must also become a top priority for banks and financial institutions.
From the perspective of threat actors, bypassing the typically strong security measures employed by banks would require significant effort and expertise. Stolen credentials, on the other hand, can easily be used to carry out illicit activities under the radar, which makes them a prime target for attackers.
That's why having a reliable and secure way to confirm the identity of customers has become so crucial. Financial firms need to be sure that any individual or business requesting a service or making a transaction is actually who they claim to be.
Beware the Frankenstein identity
In Singapore, many organisations are still relying on basic security measures. According to a recent survey, one-time passcodes were used by 52% of respondents, while digital credential issuance and verification were used by 51%. This is despite the vast majority of global finance respondents expressing concerns about protecting against phishing (99%) and credential compromise (98%).
What's certain is that cybercriminals are not sitting still, and the digital identity landscape has gotten more complex. One particularly troubling development is the rise of synthetic identities. These are fake profiles meticulously stitched together using real and fake data – akin to Frankenstein's monsters of the financial world – designed to deceive even the most robust security systems.
For instance, a fraudster can take a legitimate Social Security number or passport details and combine them with a fake email and phone number to create a believable disguise that allows him or her to access online financial services and conduct fraudulent transactions without raising suspicion.
Evidently, traditional credential verification at login is no longer sufficient. Today’s financial firms require a more layered approach to identity management that includes continuous verification throughout the customer journey. This means that in addition to validating credentials when a customer initially logs in, re-authentication measures are triggered at critical points, such as when the customer is attempting large transactions, applying for new financial products, or even logging in from an unrecognised device location.
On top of that, institutions have to monitor for suspicious activity beyond credentials. For example, a user logging in from Singapore followed by an attempt from a different country within a short timeframe should be blocked and flagged for investigation. This multi-pronged approach is much more effective at identifying and preventing fraudulent activity even when sophisticated techniques like creating synthetic identities are used.
The winning formula for financial institutions
Sure, robust digital identity management keeps things secure. But that's just the start. It's also the key to unlocking a smoother, more streamlined customer experience – one that builds trust and keeps users happy. Thanks to advancements in technology, financial institutions can offer streamlined interfaces that are easy to navigate as well as granular control over data sharing, so users can choose what information gets shared, with whom, and for what purpose.
An additional benefit of robust identity management is that it allows institutions to broaden their range of services, including offering functionalities championed by the new wave of digital-only banks. This flexibility will allow incumbents to innovate and compete in today's dynamic financial landscape.
In short, secure and effective digital identity management is the foundation upon which the future of finance will be built.