Netimperative
Netimperative
  • Home
  • Ads
  • Content
  • Mobile
  • E-commerce
  • Social
  • Regulation
  • Video
  • Viral
Menu
  • Apple
  • Amazon
  • Facebook
  • Google
  • twitter
  • WhatsApp
  • YouTube

Guest comment: Digital identity is broken. Can we fix it?

December 20, 2016

Identity fraud and online breaches seem to be dominating the news recently, with Tesco and the National Lottery leading the way. Jeremy Newman, founder and executive director of ShowUp discusses why the password system infrastructure is failing and what needs to be done to eradicate identity fraud once and for all.

While we have all been enjoying a life online, an awkward truth threatens to wreck everything. It is this: a password is the same irrespective of who enters it. This means that when an organisation asks for passwords or other ‘memorable’ information for verification purposes, it is unable to tell the difference between their customer and an impostor.

So why do organisations persist in asking their customers to do something that a fraudster can also do?

Since ancient times passwords have played a role in keeping the enemy from the gates and telling friend from foe. The first use of passwords in the context of computer logins was in 1961 for an early multi-user computer system developed at MIT. Fast-forward to today, and people have to use passwords to interact with just about every supplier, government department and service on offer. Indeed, the way businesses verify customers has barely changed in over half a century.

The problem is that the dominant method of verifying people – testing their knowledge – was flawed from the outset, and it still is.

How we’ve lost our way

Given that passwords cannot distinguish between customer and fraudster, you might hope that this flaw is benign. But it’s worse than useless. By using knowledge-based authentication (KBA), organisations expose their customers to risk.

Knowledge-based authentication drives fraudsters to obtain data by whatever means they can, and then either use it to malicious ends themselves, or trade in it. Vast markets have opened up on the dark web where personal information is being bought, sold and collated, patiently tended in databases like shadow credit reference agencies. The value of this data to criminals lies in the fact that, armed with this data, organisations can be easily fooled. Let’s not forget that KBA is responsible for every phishing email that’s ever been sent.

The reality is that wherever access to a bank account, email account or indeed any online resource at all is controlled with a password, if you know it, so can the fraudsters. All knowledge can be shoulder-surfed, discovered, leaked, hacked, intercepted and (ahem!) guessed.

I believe that passwords persist in part because they give people the sense they have a secret. Until, that is, an organisation gets fooled and customers are left to deal with the resulting mess. They call it identity fraud, but really it’s corporate negligence on a global scale. We live in this Kafkaesque world where we all must jump through hoops to “prove who we are”, while the practice is widely known to be little short of a complete waste of time.

It’s time to change habits

The world is in desperate need of a way to tell the good guys from the bad guys. If it’s not knowledge, then what? What if we could find a means of differentiation that is already present in the population?

The assumption has always been that you cannot see your customer online. As the famous cartoon in the New Yorker had it – on the internet, nobody knows you’re a dog. However, in the past decade this assumption is no longer valid. For the first time nearly everyone has a camera phone with internet connectivity. Therefore it is now possible to draw upon the tried-and tested mechanism of visual identity, and the innate ability of people to recognise one another.

To harness visual identity is to build upon a foundation laid down over several millennia of human evolution. Using this powerful natural capability goes with the grain of everyday experience as opposed to against it. Visual identity is practised by around 7.2 billion people every day, and it manifestly works. Also, there’s no need to distribute anything – no secrets, no special hardware, or even documents.

After many attempts at fixing the problem by adding layers of complexity, we are about to turn full circle. Going back to our roots promises to make the job of the fraudster much harder, while making life much easier for the true customer. There’s an old saying, “People are the weakest link in security”. As ever, it depends on what organisations ask them to do.

By Jeremy Newman
Founder and executive director
ShowUp

Ads, Regulation agencies, email, global, government

Archives

Tags

advertising agencies Amazon analytics Android Apple apps Australia BBC brands Brazil broadband China Christmas comScore content digital marketing ecommerce email Entertainment Europe Facebook France games Germany global Google government images infographic local marketing media Microsoft music Privacy retail Search security smartphones technology Twitter UK video YouTube

Recent Posts

  • Top six Valentine’s Day ads for 2022
  • 2021 Halloween: digital marketing campaigns we loved this year
  • Empowering employees; the critical link between EX and CX
  • Investing in in-app social features is a must in a world that is crying out to be connected
  • QR codes, Gen Z and the future of OOH

Copyright © 2025 Netimperative.

Magazine WordPress Theme by themehall.com

We use cookies to improve the website and your experience. We’ll assume you’re okay with this, but you’re welcome to opt-out
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT