Verifying and establishing one's identity has been a challenge since the dawn of time. Mankind has used many different tools and devices to verify identity throughout the ages. Everything from passwords to secret handshakes to letters, documents, seals and identification cards have been used, most of which can be forged or stolen. One of the biggest deterrents to identity theft up until the digital age was simply native facial recognition - i.e, running into someone who knew the actual person they were pretending to be.
Verifying Identity in the Digital Age
The digital age introduced a whole new level of challenge when it came to authenticating a user because it took away the visual element. At first, credentials were established by entering a user name and password that only the user ostensibly knew. Eventually, however, users showed themselves to be more concerned with convenience over security and protecting accounts with a simple password was not enough. This led to the use of a range of personal information to establish identity until a number of high profile data dumps gathered so much personal information on almost everyone on the planet, that even personal information like addresses, phone numbers, and social security numbers could no longer be used to authenticate identity.
More recently, the use of biometrics has become the most prevalent way to secure accounts and data. Now, before you can pay for a purchase, you may need to scan your thumbprint on a device or have your face scanned using facial recognition software. While this may work to secure some transactions, however, it doesn't work to secure all of your accounts and even your online identity. Today, most people have two identities, their online identity, and their real-world identity. Similarly, this also means they have two identities that can be stolen.
Account takeover is becoming a more and more common practice, which is a form of identity theft. Account takeover occurs when a cybercriminal is able to get a user's username and password changed so that they control access to the account and the original owner is locked out. The fraudulent user may even change security questions or other information that is used to verify the user's identity so the original owner can't even regain access to their own account. What they do not change, however, is the payment information linked to the account, so the original user is left paying for an account they no longer control. In most cases, the original owner can't even cancel the account because they can't even verify their authority to do so. The relative ease of taking over someone else's account has led to the development of a digital signature.
What is a Digital Signature?
A digital signature is a collection of your personal and individual online habits. Ultimately, humans are largely creatures of habit so if you track someone's habits and patterns, it can raise alarm bells whenever you stray from them. For instance, if you make it a habit of getting to the office every morning at 9 am sharp, the same way you have for months or years, then if 9:30 rolls around and no one has seen or heard from you, then they start looking for you.
The same is true of your online habits and patterns. If you regularly use your credit cards for nothing more extravagant than just paying bills or the occasional night out, then a sudden request for authorization for a $5,000 bag will raise alarms. The general region you usually log into an account from and the device you use are also part of your digital signature. As long as you attempt to access your accounts from the device you normally use and from the geographical region you normally inhabit, then you are given immediate access. If you or anyone else attempts to access an account from a different device or geographical region, however, then it can trigger secondary protocols. In that case, you may need to enter or provide additional information to verify your identity such as the answers to pre-arranged questions or a code sent to a pre-arranged phone number or email account.
Protecting You Everywhere
While your digital signature can currently protect many accounts you already hold, digital signatures may soon protect you everywhere online. For instance, when you apply for a loan online, the information you enter is compared to information previously gathered about you and stored in a credit file. Soon, however, the device you use to apply for the loan or other previously verified information may also be used to verify your identity. If you rarely ever visit more than 8-10 different sites or the sites you visit all fit within a very narrow category (cooking, traveling, photography, etc.,) then a sudden visit to a vastly different site might actually raise alarms that the person using the account is not actually the authorized account holder. While the collection and storage of information about you may seem somewhat invasive - and it might be - the truth is, it can also go a long way to protecting you, your assets and even your reputation.
Ready for the next step?
Spot user behaviors and device information that’s suspicious, and stop those fraudsters in real time. We track billions of devices and our fraud analysts add evidence to make this intelligence even more effective.