Digital trust is the confidence we have that the systems and technology we use in our digital world are secure, reliable and protect our privacy, and that they are inclusive and fair. All this is underpinned by digital identities, and our belief that we are interacting with genuine people rather than bots or someone pretending to be someone they aren’t.
Unfortunately, we are still overly reliant on analog methods such as usernames and passwords to identify ourselves online and as a result fraud and cybercrime have seen rampant growth rates in recent years.
In the UAE, a recent report by the Dubai Chamber of Digital Economy anticipated that while the national digital economy would grow to well over US$140 billion by 2031, at the same time, cyber-crime currently costs $746 million annually and affects more than 166,000 people in the UAE.
SMS OTPs have become a ubiquitous method for making online identity more secure. Not only does this add friction, it only proves the person who is trying to access accounts online has the device and access to the OTP, but not that the person is who they say they are. Therefore, SMS OTPs are are not an effective authentication method and can be intercepted through social engineering. Thus, many organisations have turned to the use of biometrics to make online identity more robust.
Facial recognition is used regularly as an authentication method from unlocking smartphones to validating an individual’s identification while crossing international borders. However, studies have shown that facial recognition is not an infallible method of authenticating individuals. Research has revealed that facial recognition is significantly less accurate for persons of color and women. In 2018, studies by MIT and Stanford University revealed that three facial recognition algorithms had an error rate of less than 0.8 percent when utilised for light-skinned men. By contrast, for darker-skinner women one of these algorithms had an error rate of 20 percent, while the other two had error rates of 34 percent. This is likely to be due to bias being built into the algorithm throughout its model training. One program’s algorithm, for instance, was developed with 77 percent male and 83 percent white data, restricting its effectiveness outside of that community.
In addition to being prone to bias, facial recognition technology is susceptible to attack – allowing skilled hackers to scam millions of individuals. In one example from 2020, fraudsters hacked the Chinese government’s facial recognition service and stole more than $76 million through fake tax invoices. Facial recognition is also not privacy preserving, and privacy is ever more important to citizens in the MEA region with only 44 percent of customers believing that they have adequate privacy online, according to Callsign’s recent survey.
With weaknesses in facial recognition, we continue to face the challenge of validating people’s identities online. Unfortunately, we continue to trust that in the digital world people are who they say they are, despite the lack of a processes to authenticate them. According to Callsign’s research in collaboration with CEBR, the MEA region has a 15 percent trust gap, which means that customers in this region have greater trust in online and digital services than they do in society. However, if cybercrime and fraud levels continue to rise at their current rate, it could significantly impact consumers’ trust in digital services. We need to fix digital identity to build greater digital trust and hold people to account online in the same way that we do in our physical world, but this needs to be done with technology and processes that people can trust, that are fair and inclusive.
Behavioural biometrics (such as how someone holds and swipes on their phone, types in their email/password, or moves a mouse on a computer) provides privacy-preserving, frictionless, accessible, and inclusive methods to authenticate users in robust and failsafe ways. Behavioral biometrics are unique muscle memory for everyone, making it difficult for a fraudster to replicate, and are a robust way to verify that the user is who they claim to be. Organisations can identify and authorise consumers by collecting behavioral data from the way a user swipes on their phone, types on a keyboard, or moves a mouse. When behavioral biometrics are combined with other intelligence tools such as device fingerprinting, threat and malware detection, they can be used to create a secure online digital identity. Moreover, since behavioral biometrics are based on the user’s behaviour and not their physical characteristics, they also provide an inclusive and unbiased way to authenticate users.
The future of digital trust
Building digital trust has a positive economic impact, and Callsign’s research estimates that a 5 percent rise in digital trust per capita would increase GDP by $3,000. This means that countries can potentially release hundreds of billions of dollars into their economies by simply strengthening digital trust.
To build digital trust, we must first establish robust, secure, inclusive and privacy-preserving methods to identify ourselves online. Once this is achieved, we can trust our experiences and interactions online, and know that accountability for our online behaviors is established. But who is responsible for this?
Consumers in the MEA region believe that responsibility is shared. 77 percent of MEA consumers want the creation of digital identities to improve their experiences of online services, with most wanting banks to safeguard their digital identities. But consumers also think (54 percent) that it is the government and public sector’s responsibility to establish a secure digital world, just as they are responsible in the physical world. Furthermore, 47 percent of regional consumers believe a regulated digital identity system will become a part of their daily life within the next five years. There is a clear call to action for both public and private sectors to work together to build a trusted and sustainable digital economy.
