Consumers are becoming increasingly concerned about the lack of control they have over their personal data and how it is used. More than eight in 10 Americans believe they have little or no control over their data once it is shared with a company, according to a study by Wakefield Research and Au10tix, an identity verification technology provider. Meanwhile, almost two in three Americans believe threats to their personal data are growing faster than companies can keep pace.
With cybercrime on the rise, financial services companies need to do more to protect their customers’ personal data. Last year, the number of data compromises in the US hit 1,862 – the most on record and a 68% jump from 2020 – according to the Identity Theft Center’s 2021 Data Breach Annual Report and the number of reported cases of identity theft increased to 51,629 last year, according to the FBI’s 2021 Internet Crime Report. In 2019, that number was 16,053.
The Au10tix and Wakefield Research study showed that more than half of respondents are worried about their personal data falling into the wrong hands, while 44% said they had already been victims of personal data theft.
“Currently, third-party organisations often retain the digital credentials people share with them rather than using them for verification and discarding them,” says Guy Mordoch, chief operating officer at Au10tix. “That means every time a consumer shares a piece of themselves it enables others to capture that information and potentially misuse it in the future.”
To reduce that risk, financial services companies should only be using the minimum amount of personal data required to properly authenticate an individual – something that is a deceptively difficult problem – says Mordoch. “The future lies in the tokenisation of digital identities; the ability to split these identities into modular elements, enabling consumers to share only the specific data points they choose,” she says. “This tokenisation will lead to less information exchanged, limiting risk for the owner and the user of that identity data.”
Companies also need to clearly explain in simple language how an individual’s personal data is being used, while outlining the benefits of giving companies access to that data. Companies should also ensure they have clear procedures that govern the requests for the removal or transfer of an individual’s personal data – made easier by the technology powering this tokenisation.
Tokenisation is where we can not only verify the authenticity of an ID but can create a tokenised credential that sits within a ‘digital wallet of choice.’ This is just one of many examples of Au10tix’s commitment to a self-sovereign identity infrastructure. One that furthers a safer, more inclusive world in which a user’s identity is theirs alone.
“Users should be provided with different options for data sharing, and consent should be secured for the option that an individual is most comfortable with,” Mordoch says. “Companies should take this one step further and educate their customers. Users can’t trust you if they don’t understand your processes.”
W3C – which defines standards for the world wide web – has created a data standard called ‘verifiable credentials,’ which gives individuals control of their own digital ID and creates secure digital credentials that can be used and shared as they wish.
“Allowing consumers agency over their personal information proves that trust over transaction is the new global identity mandate for businesses,” says Jonathan Wilson, chief risk and compliance officer at Au10tix. “Consumers proving their identity in an age of increasing digital fakery has become imperative and now is the time to safeguard personal data against security breaches.”
Many consumers are also unhappy with the amount of personal information they are being encouraged to hand over. As many as 86% of Americans believe companies and organisations collect more information than they need, while almost two-thirds of consumers (64%) have quit doing business or working with an organisation because it has asked for too much personal information. Identity verification processes often involve pages of personal data being collected, companies have the opportunity here to meet consumer demands by doing more with less.
This would require consumers to share the smallest amount of data necessary to achieve a specific purpose rather than providing excessive amounts of sensitive information that can be monetised or compromised. By understanding what a customer is intending to do, businesses can identify what information is required for that purpose. By limiting the amount of data requested, businesses can increase consumer trust while continuing to protect their customers against the risks associated with compromised data.
“With increasing pressure on organisations to keep identities safe, there is an imperative to create secure digital credentials for all aspects of life, truly putting individuals in control of who has access to which credentials,” says Wilson.
While greater personalisation in financial services is being driven by insights generated from customers’ personal data, organisations need to balance that with security and compliance considerations to increase trust with customers and improve operational resilience.
“Customer data is critical to innovation and growth for financial services companies, however misuse and failure to protect this data could wreak havoc on the financial services industry,” says Wilson. “For businesses, not taking adequate steps to protect customer data could lead to regulatory penalties or reputational damage that could lead to a loss of customers and operational losses from fraud or other cyberattacks.”
Nearly all of Americans (97%) expect organisations to take action after suffering a data breach, with 70% saying that businesses should alert all current customers if their personal data has been compromised, according to Au10tix.
“Another 69% believe that businesses that have suffered a breach have a responsibility to help victims recover stolen identities. That matters because also at stake are potential financial losses for customers, loss of privacy and potential exclusion from products or services due to perceived risks,” says Wilson.
He adds: “Businesses that do not adequately address consumer privacy and data concerns will be left behind as this new era approaches. Businesses will have to not just stay in compliance when it comes to protecting their customers’ data, they will have to maintain the customers’ trust, which our data shows is paramount to doing business anywhere.”
With the abundance of personal information collected during the application process for bank accounts, lines of credit, loans, and mortgages, financial services organisations are responsible for maintaining securing and protecting this sensitive data.
“Currently, these companies routinely transfer large amounts of personally identifiable information (PII) through a complex web of data agreements, compromising both privacy and security,” says Mordoch. “There is an opportunity for organisations in this sector to work towards a singular, secure repository where customer data lives and can be accessed through a certification system. Today’s technology – particularly federated learning and trust networks – makes it possible to acquire insight from data without acquiring or transferring the data itself.”
More importantly, technology can help reduce fraud. By automating identity verification, Au10tix’s tech can detect fraudulent transactions in seconds using a combination of machine learning and computer vision.
“Consumers’ online identities are the new currency, and the stakes around this currency are high,” Mordoch says. “It’s time for consumers to claim their digital identity, and like all forms of currency, it must be protected from theft and fraud.”
Since the start of last year, Au10tix technology has prevented more than $4.5bn in fraud-related losses across a range of industries, including financial services.
For more, please visit au10tix.com
Promoted by Au10tix