Teaching and Learning the Importance of Digital Identity Authentication

Businesses and organizations are looking for information and answers. Be ready to meet this demand.

So many customer engagements occur digitally today that it’s essential for businesses to know who connects to their networks and enters into contracts and agreements. At the same time, the process can’t be so intrusive that people look for ways to bypass it. If they turn it off, the network won’t be protected from hackers who might gain access and upload malware, spyware, or ransomware.

Learning about digital authentication options – and teaching your clients about them – will help you create a partnership that protects businesses and consumers.

Digital Identity Authentication Basics

Digital authentication allows users to identify and confirm who they claim to be. Authentication can occur remotely, preventing the need to travel to an office or mail documentation. Once a user is onboarded into the digital authentication system, and their identity is verified, they can access a platform or website by using an authentication method, such as:

• Entering information that only the user knows, like a password or PIN
• Using a smart card or a token device
• Reading the user’s biometric traits, such as fingerprint or facial recognition

For businesses like banks or healthcare facilities handling sensitive data, two-factor digital authentication using a combination of methods provides an extra layer of security.

EU Guidelines

As much of Europe moves to digital authentication for proof of identity, regulations provide guidance on designing these systems compliantly.

The eIDAS (electronic IDentification, Authentication and trust Services) provides mandatory regulation of electronic signature systems for all EU member states. It also covers the services of trusted digital authentication providers.

Another guideline used by member states is the 5AML (Anti Money Laundering Directive). To help combat identity fraud, companies are obligated to do their best to know their customers and try to ensure the true identity of their users – and companies that don’t comply with 5AML face heavy penalties.

Electronic Signatures for Digital Authentication

The electronic signature (or eSignature) is a crucial piece of digital authentication. An eSignature is similar to the concept of a traditional handwritten signature, except it is accomplished entirely online. As a result, it is used in commerce and public administration for signing contracts, making requests, and other transactions.

In the EU, eIDAS regulations recognize three types of eSignatures. The levels vary based on confidence in the identity of the user.

• Simple Electronic Signature: Digital authentication via the simple electronic signature offers the lowest degree of confidence of the three types. It is easier to acquire than the other two but is less trustworthy in assuring the user’s identity.

• Advanced Electronic Signature: This level provides a greater degree of security. Using an advanced eSignature means the signer’s identity has not been changed, nor has the document. eIDAS specifies four requirements that must be met with an Advanced Electronic Signature. It must:

• Be unique to the person signing
• Allow the person to be identified
• Have a high level of trust
• Enable any subsequent modification of signed data to be apparent

• Qualified Electronic Signature: For the digital authentication method representing the legal equivalent of a handwritten signature, businesses should choose the Qualified Electronic Signature. It includes all the Advanced Electronic Signature specifications but takes the security level up a notch. This signature is produced based on a certificate issued by a qualified authority, which identifies the signer. It is considered legitimate, original, and inviolable enough to be admissible in court.

Biometric Authentication Method Options

Another variety of digital authentication is based on biometrics, often these three types:

• Voice recognition: Each person has a unique voiceprint. Voice biometrics is a secure authentication method, but technology solution providers (TSP) should take the need to eliminate background noise into account to ensure accurate authentication.
• Fingerprint: Fingerprints are also unique biometric identifiers. This familiar technology is used in many devices and applications and is expected to become more widely available
• Video authentication: Videos offer a highly secure way to recognize a face. This is the sole method allowed by eIDAS for onboarding customers remotely.

Each business must choose which digital authentication format is best for its needs, and the use cases will determine which method or combination of methods is most suitable. TSPs must also ensure that the organization’s digital authentication system will integrate with its IT systems.

Flatten the Learning Curve

Your clients likely have questions and need information on requirements and standards for new digital authentication requirements for identity verification. Learn regulations and requirements and be ready to advise clients on the best methods for their operations and the technology that will support them. Remind your clients that digital authentication is about more than compliance. It’s an essential part of protecting their businesses.