Digital Identity : Central to Fintech Revolution

- Shivani Bisht, Graduate Engineer Trainee, CDO office

In 2009, India had no nationally recognised form of identification. Indians carried separate ID cards relating to various government functions—taxes, subsidised food, cooking gas, water—but none served as an all-purpose identification throughout the country. And often what ID systems did exist were so systemically tainted that half of the names on the rolls were fake, while the neediest, the very people for whom the social programs were designed to help, were excluded.

The digital ID system in India was conceptualised to provide efficient, transparent, and targeted delivery of subsidies, benefits, and services, to the residents of India. It was also intended to prevent the exclusion of residents who do not possess any identity documents. Hence, biometric technology and big-data processing were put forward as solutions for conducting digital identity verifications.


AADHAAR AS A DIGITAL IDENTITY OF DIGITAL INDIA

Aadhaar is a 12-digit, unique identification number underpinned by biometric authentication which provides a secure, safe, and unique proof of identity for India’s citizens, with no criteria for eligibility. This means that a thumbprint or iris scan at the point of service delivery can act as ID, for example when opening a bank account, or as a digital signature for a paperless cash transaction.

It was envisaged to form the basis of service delivery and access to further digital infrastructure. This digital infrastructure includes India Stack which comprises financial applications such as Digi Locker, eSign, eKYC, Unified Payments Interface (UPI), and Aadhaar Auth.

Aadhaar is the single largest factor that contributed to the exponential growth in fintech products in India. With an Aadhaar-enabled e-know-your-customer (e-KYC) facility, a fintech platform could onboard customers quickly and at a fraction of the cost of using physical documents.

While systems such as the BHIM (Bharat Interface for Money) and UPI (Unified Payments Interface) are Smartphone-based processes for peer-to-peer transactions, the Aadhaar enabled payment systems are for the rest of the population in the rural areas who aren’t tech-savvy. It particularly helps the underprivileged section of society who isn’t comfortable with using mobile payment methods or bank cards.


BIOMETRICS AS A DIGITAL IDENTITY

Biometrics is the measurement and analysis of unique physical or behavioral characteristics (such as fingerprint, face, or voice patterns) used to verify personal identity. This is done by creating and saving different templates of a certain biometric modality that can be analysed digitally. Essentially, it’s a way to create a digital representation of a person or, their identity. If we use traditional ways to verify our identity, such as a password or a token, it is possible for us to hand it over to someone else. But biometric templates are not transferable – we cannot hand our face, fingers, or behavior to anyone else – and so it is much harder to get access to a biometric template through fraud than other methods. This makes biometrics ideal in circumstances where trust and strong protection of digital identity is required.

Some major tech and market trends in the segment:

1. Biometrics is expanding to retail & consumer markets to address problems with current PIN & password auth

2. Smartphone manufacturers are now turning to biometrics to authenticate device access

3. Biometric solutions are being deployed for multiple payment use cases, including leveraging smartphones for POS purchases and using biometrics as a second form of authentication at ATMs.

The downside of biometric data is that once it is breached, the data is compromised for life. Therefore, biometric data deserves special attention when it comes to data storage and protection.


Future of Digital Identity, And the Challenges That Lie Ahead

Organisations worldwide are today making efforts to ensure their digital identities are safe and hack-proof. Many existing methods used by corporate workers to log in, validate credentials, and conduct safe Internet browsing are becoming cumbersome.

In 2022, businesses will need to find agile, cost-effective ways to implement secure digital identities and also address the following challenges:

1. Basic hygiene

One of the most significant challenges in 2022 would remain the fundamentals like timely off-boarding of employees who are leaving, deactivating or eliminating orphan and inactive accounts, better focus on entitlement management, and so on. Businesses need to practice basic hygiene to avoid being hacked by malicious attackers, whether big or small. Organisations should also be open to adopting new technologies that offer better digital identity protections.

2. Cloud identity security concerns

The growing adoption of the cloud has necessitated the need to secure it at all times. Old security mechanisms are no longer considered appropriate in the age of cloud computing. Thus, enterprises must thrive to adopt a Zero Trust-based approach, in which data and identity serve as new basics to be protected. Organisations must dissolve inactive identities that can enhance system vulnerabilities and expose critical resources to threats. To get through the complication and correctly manage any cloud infrastructure, it’s critical to accurately analyse the overall security to determine the identities that are susceptible and the problematic privileges.

3. Baggage of 2021

As enterprises opt for a cloud-first approach, the same difficulties involving identity security in 2021 will become even more common in 2022 and post that. The contemporary system of hybrid networks presents security experts with a novel difficulty in implementing a complete strategy for monitoring all identities and entitlements. In order to discover loopholes and avoid intrusions, businesses must be cautious with their approach towards monitoring security identities.

4. Striking a Balance

It gets difficult to maintain equilibrium between identity security and IT admins. IT administrators tend to preserve the corporation’s identity data from cyber-attacks through simple and secure identity management solutions. However, additional use of software and tools further creates difficulties and lowers the efficiency of the team. Thus, it becomes important to strike a balance between identity security and ease of use.

5. Ransomware Attacks

Ransomware attacks showed no signs of dying down this year and the trend could continue unabated over the next few years. Poorly-secured digital identities, a favorite target of cybercriminals, will continue to be a major vector for malicious cyberattacks. Organisations should keep this factor in mind and invest in strong digital identity security systems to secure all identities at all times.


The Future of Identity on the Blockchain

Blockchain technology is still in its early years and there are of course immense challenges ahead in fully replacing our antiquated systems of identity management with modern technology. Robust and cryptographically secure blockchain programming is a muse, but user-friendly simplistic interfaces, regulatory oversight, and consensus standards must be set before widespread adoption is possible.

As industry leaders and advocates drive blockchain forward through the future, we’re reminded how far we’ve come and the future of where we’re going. The purely financial incentive for institutions to clearly store and transact with their customer’s data will save substantially on the bottom line. Liability caused by increased security vulnerability will pressure larger enterprises to adopt more modern technology to keep their customers’ data safe. As the technology matures, solutions will evolve and the best blockchain applications are yet to come.


Integration of blockchain and biometrics to redefine digital identity by 2030

Behavioral biometrics, digital government, eCommerce, banking, and airport security could see some of the biggest and most notable changes over the next decade as developments in artificial intelligence, blockchain technology, and biometrics enable the creation of global solutions for the digital ID.

“By 2030, advancements in blockchain technology will lead to its integration with biometrics, resulting in the establishment of a single-token digital identity for individuals.”