The growing “Digital Identity” and ” Multifactor Authentication” trend

Market Overview

Proving one’s identity is clearly critical to participation in societal, political, economic, even cultural life. Trust is a precious commodity earned over time and challenging to build between consumers and businesses in an online world. This requires businesses to apply the right tools and relevant information to identify them. Unlike face-to-face encounters, digital interactions lack the visual cues that normally builds trust. As digital interactions seem anonymous businesses and consumers must find ways to establish mutual trust.

Digital commerce is expected to grow globally at 20% CAGR by 2022, reaching nearly $ 6 trillion in value and digital banking users (online and mobile) exceeded 2 billion in 2018 with an expected 11% CAGR (2019-2023), where mobile banking users are expected to be 58% of the global banked population in 2020. That means it is imperative that businesses build meaningful digital customer relationships based on trust. What does it take to build trust online? Practically speaking, it is about maximizing both security and convenience.

There are some important differences and similarities between authentication and digital identification, which need to be outlined to understand the markets.

Identity verification – Identification is the method to prove we are who we say we are. This is different from identity, which is a person’s unique group of characteristics. Identification is the method to authenticate identity.

• Today, varied forms of identification methods are used to prove identity. Electronic ID Verification companies (eIDV) stand for a significant part of the ID verification solutions on the market.
• The identity verification market size is expected to grow from $ 7.6 billion in 2020 to $ 15.8 billion by 2025, at a Compound Annual Growth Rate (CAGR) of 15.6% during the forecast period (Markets and Markets).

Authentication – Authentication is the extension of the first identity verification in a user’s onboarding. Once the user’s identity has been verified, the user authenticates themselves to make the purchase, get the loan, or open an account.

Digital Identity and Digital Identification

A trusted digital identity is a set of verified attributes that provide an authenticated link between a person and their unique digital identity. These attributes can be biometrics, identification documents, or third-party verification procedures, among others. A trusted digital ID is usually created in three steps: capturing verified attributes, verifying the records, and digitizing the ID.

The World at a glance

Proving one’s identity is clearly critical to participation in societal, political, economic, even cultural life. Still, more than a billion people in low-income economies lack any formally recognized ID – either paper or electronic – negatively impacting underprivileged groups in Africa and Asia. A digital identity presents a life-changing solution opening up for access to retirement and unemployment benefits, education, healthcare, voting, and more.

Financial institutions

Digital ID could give access to financial services for 1.7 billion-plus world citizens who are presently financially excluded, according to the World Bank (2020). In contrast, millions of consumers open new accounts daily in the digitally connected parts of the World, with online stores, telecom, streaming services, ridesharing apps, and, naturally, banks.

Opening a bank account includes time-consuming and complex KYC (Know Your Customer) checks and repeated identity verification throughout the entire client life cycle. KYC help identify money launderers, tax fraud, and other criminal activities.  With the entry of PSD2 and customer convenience demands, physical, face-to-face identity verification methods are no longer rational; they slow down onboarding, frustrate pressed-for-time customers, leave room for human error, and are hard to scale. Digital identity verification is the logical approach, accelerating the entire process, opening up access, and eliminating barriers like time, geography, and cost. Mobile banking users are expected to be 58% of the global banked population in 2020.

The covid-19 pandemic effect on online banking

The no-contact, quarantined pandemic has pushed a global shift towards digital transactions, speeding up trends already in place. Consumers firmly demand digital transactions, and banks and businesses must find ways to build trust in a Covid-stricken world.

(Deloitte Digital, October 2020)

State and government

Besides security for both nations and citizens, well-implemented digital ID programs can provide individuals and businesses with access to the entire set of governmental services. Creating a trust framework for digital ID is therefore high on every government’s to-do list. In many connected countries, like Sweden, Belgium, Estonia, Finland, and more, a national mobile digital ID, valid for both physical and digital realms, is already a reality for millions. Sweden stands out as it has raised the bar very high in digital identity verification and authentication. Most Swedes use their smartphone to identify themselves over the internet without ever having to show a physical ID. Instead, authentication is done with the trusted mobile identification solution Mobilt BankID, which today is the Swedish national standard for mobile and online digital identification with a 98% adoption rate and 8 million users. Mobilt BankID is also recognized by the Swedish government.

Commerce

In-app purchasing, person-to-person payments, and e-wallets result from consumers’ relentless demand for instant access to their money. This is why the most convenient and readily available device of them all – the smartphone – is the payment channel of choice. Sending money to friends and family, shopping, or doing day-to-day things like paying a bill inside various apps are examples of consumer behaviours taking off phenomenally. In doing this, today’s consumers also expect a seamless customer experience. So, for merchants, customer enrolment is all about the balance between security and customer experience.

A complex ID verification/authentication process will turn customers away. A well-designed digital identification/authentication method, on the other hand, allows businesses to doubtlessly know their customers while providing enhanced security, greater scalability, better user experience, and regulatory compliance. Moreover, digital ID verification boosts efficiency and lowers the costs of handling customer credentials.

• The global Post-COVID-19 Identity Verification Market Size is forecasted to grow from USD 7.6 Billion in 2020 to USD 15.8 Billion by 2025, at a Compound Annual Growth Rate (CAGR) of 15.6% during 2020-2025 (Research & Markets).
• The major growth drivers for the market include increasing digitization initiatives, increasing fraudulent activities and identity theft during the last decade, and Increasing use cases of digital identities among verticals.

The arena for digital identification has risen due to recent years’ demand for greater security and data privacy, in line with the growth of digital services Worldwide. The market is fragmented and diverse, and a clear definition of what constitutes a digital identity – which can be presented with a digital ID – is yet to be determined.

To evaluate the Identity Verification market, it’s necessary to add a dimension beyond the number and type of digital ID providers, and it’s the kind of authorizing source(s) the digital IDs use for identity proofing:

• Centralized ID – Centralized IDs are stored in large databases that are vulnerable without adequate protection. Peoples’ identification information might be stolen, shared without consent, abused, or lost. Used widely today to fulfil AML and KYC regulations.
• Federated ID – Often pushed by banks. Federated identity only handles authentication – all the other identity components are still based on the centralized model. Used widely today to fulfil AML and KYC regulations.
• Decentralized ID – The decentralized ID is stored in a place that the individual fully controls (the device). It is unique, cryptographically strong, private, and portable. The decentralized ID can be accessed without a middleman. Sometimes called “good identity. Does not yet fulfil AML and KYC regulations.

Multifactor Authentication

Multifactor authentication is recognized worldwide as the most secure method to on-board new customers to services that demand strong customer authentication (SCA). In addition, it assists in compliance with strict regulations such as the Anti-Money Laundering (AML) Directive and PSD2 in Europe.

Today countless vendors are claiming to offer multifactor authentication (MFA) solutions. However, they still have security flaws – primarily as they still depend on passwords or other authentication tokens.

What has been considered the most secure form of authentication is password-less. Password-less authentication emerged as a type of MFA that replaces the password with a safer alternative, like biometrics or PIN codes. This form of authentication requires two or more verification factors that are secured with a cryptographic key pair.

Besides the technological security solution, multifactor authentication tends to rely entirely on user experience as the main driver and primary competitive advantage.

Overview of fraud and cyber threats

The ease of online shopping, peer-to-peer money transfers, and seamless payment systems makes identity the new treasure trove when it comes to cybercrime. Cybercriminals hijack identities and grab credentials in numerous ways: skimming’s, phishing, malware, and significant, brute force data breaches, to name a few. As data is everywhere, the avalanche of digital services has created numerous customer touchpoints and a long tail of micro-moments that widens the attack surface, and where each one poses a possible entry point for an attacker. Cybercriminals know that businesses, in many cases, rely on weak passwords, SMS or email link confirmation, or One Time Passwords (OTP) to authenticate their users – all of which are very easy to crack, hack, and steal. Data that’s been stolen ends up on the dark web – a part of the deep web – a hidden part of the internet that is not indexed or accessible by search engines. The dark web is where cybercriminals buy and sell malware and cyberattack services, which they use to assault unsuspecting victims, businesses, governments, and individuals.

The FBI has estimated the size of the deep web at as much as 5,000 times larger than the “surface web,” and growing at an inconceivable rate. So, there is a considerable gap between the amount of data being produced today that needs security and the amount of data that is actually being secured, and this gap will broaden as a consequence of all things digital. Nearly 90 percent of all data created in the global data sphere will require some level of security by 2025 (Data age 2025: The evolution of data to life-critical, Seagate, March 2017). Once an identity is stolen, an impostor can pose as the actual customer, using their standing and track record to open new accounts, take loans, or use a person’s credit cards to make unauthorized transactions. More than 2 in 5 consumers worldwide have already experienced a fraudulent event online at some point in their lives, with the highest incidence occurring in the United States, closely followed by the UK and the lowest in the European, Middle East, and Africa region.

Another downside is that identity theft, and account takeovers are increasingly threatening businesses. Besides substantial financial losses on both sides, account takeovers, data leaks, and credit card fraud can tear banks’, public entities’, and merchants’ reputations apart. Many reports are stating multi-billion-dollar costs after an actual cyberattack and the gruesome costs for preventing them. In a widely cited estimate by The World Bank, institutions lose nearly three dollars once associated costs are added to the fraud loss itself for every dollar of fraud.

• Companies are expected to spend over $1 trillion over the next five years in cybersecurity for PCs, mobile devices, and the Internet of Things (IoT) devices (WEForum).
• An estimated $113 billion will be spent on protecting mobile devices alone (BI).
• The estimated costs for criminal data breaches will be more than USD 8 trillion over the next five years (Juniper Research).
• Personal credentials stolen by cybercriminals will reach USD 5 billion by 2020.

Estimated global losses from cybercrime are projected to hit just under a record $1 trillion for 2020 as the coronavirus pandemic provided new opportunities for hackers to target consumers and businesses (Center for Strategic and International Studies).

The Identity, Authentication and Fraud Solutions opportunity

The digital-ID opportunity grows as costs drop, technology improves, and access to the internet and smartphones goes up. The digital infrastructure that supports digital ID grows in range and decreases in cost daily. As usernames and passwords are no longer secure, even forbidden for banks as a method of authentication according to PSD2 new security approaches are needed.

The market for Identity, Authentication and Fraud Solutions will reach 28 billion dollars by 2023 and identification will be an increasingly important component of that market. (BCG Research and analysis).

• While compromised credentials cause 81% of data breaches, identity and access management represents only 8.5% of security budgets. (Bright TALK).
• One of the critical functions of a government is to collect and archive national records. This includes everything from property records and registers of births, deaths and taxes, to Parliamentary proceedings.
• Protecting digital identity, gaining data visibility and protecting employees are indispensable challenges for the years ahead, according to the 2018 security predictions report by security firm FireEye.

Market trends:

Drivers and opportunity: Increasing digitalization with initiatives, such as eID and intelligent infrastructure.

• The digitalization of the world has brought so many identity-related frauds to light and urged businesses to take stringent measures for securing them. With increasing digitalization across governments and private sectors worldwide, identity verification has become a vital component where verified identity is mandatory, such as border controls and digital services’ access. With initiatives across countries, such as electronic ID cards (eID), smart border control that uses facial recognition for identity verification and authentication, and smart cities and intelligent airports where video analytics and liveness detection is used for ID verification, secure identity verification has become a crucial part of online security in these areas.
• The leading drivers for authentication and authorization technologies can be grouped into three high-level categories. First, there is no argument about the reality or impact of the trend towards expanding access to information through the ever-increasing numbers of mobile workers and telecommuters and the extension of the enterprise network to customers and business partners. The need for portable authentication credentials is increasing, simultaneously with an exponential increase in the size and complexity of our networks. Second, the volume of sensitive and high-value information accessed remotely continues to rise, and where there is value, there are people who will try to obtain it — called the Willy.
• The pricing of identity verification solutions and services is decided on the basis of a few factors, such as price per verification, linguistics, data storage, and technical support.
• BFSI vertical to hold the largest market size during the forecast period: The increased digitization of banking processes, such as digital on-boarding and digital payments aimed toward improving the customer experience, are also driving the need for identity verification around the globe.

North America to hold the largest market size during the forecast period: North America is expected to contribute the highest market share in terms of revenues during the forecast period as it is a technologically advanced region with an increased number of early adopters and the presence of significant market players. Factors such as the development of government initiatives, like intelligent infrastructure, smart cities, digital identity-based driver’s license and increasing integration of various technologies, such as AI, ML, and blockchain, for securing digital identities are suspected of driving the demand for identity verification market.

Asia Pacific is expected to contribute to the fastest-growing region with the highest CAGR during the forecast period as it is getting equipped with the early adoption of new technologies. The government takes factors such as Initiatives towards tackling identity-related frauds, mainly for strengthening eKYC to verify identities, such as compliance regulations initiated by countries, increasing demand for cloud-based identity verification, and increasing identity-related cyber-attacks are driving the revenue growth in this region.

• The largest and fastest-growing region globally with a population of 4.5 billion people. (China, India and South-East Asia). According to a report by Oxford Economics, all 10 of the world’s fastest-growing cities across the globe from next year through to 2035 will be in India.
• Asian economies are well positioned for robust growth, with GDPs expected to rise by an average of 6.3 % in the following years. Emerging markets in Asia are also the best performers in economic growth in recent years, especially when compared with emerging markets outside of Asia.
• More than 1 billion people within the region still have no access to formal financial services meaning, no formal employment, no bank account, no meaningful ability to engage in commerce online or offline.
• By some estimates, only 27% of adults have a bank account, and only 33% of companies have a loan or line of credit.

Conclusion:

Established identity solutions providers and startups alike are building capabilities and pursuing patents and acquisitions. In 2017, there were 226 identity deals funded via the private equity market, according to CB Insights, up from 123 in 2012. Yet even with all the investment and interest, the market still lacks a clear leader.

Below are three significant challenges to explain why this is the case:

• Different products and services place unwanted burdens on consumers. Current solutions ask users to play an active role in protecting and verifying their identity.
• Providers use identifying data in a suboptimal way. In the offline world, certain mainstay types of data, including driver’s licenses, passports, social security or tax ID numbers, credit histories, and knowledge-based questions, have long been used to verify identities.
• Providers lack cutting-edge technology or aren’t able to use it effectively. Artificial intelligence and machine learning can significantly simplify and crucially automate identity authentication.

The market presents a paradox. The startups that have promising technology often don’t have sufficient scale, while the established players that do have the necessary scale frequently don’t have the innovative technology. Either way, compelling advances in identity authentication aren’t utilized to their full potential.