Identity and Access Management (IAM) is increasingly important in finance for quite a few different reasons. First, we have continued to see an increase in the number of regulations surrounding data privacy. Initiatives like GDPR are being passed by various legislative bodies from around the world, ensuring that businesses establish better data privacy measures.
Regulatory compliance is a big motivating factor for companies to change the ways in which data is managed. However, this isn’t the only catalyst for better identity management systems. As users of various websites and mobile applications grow more concerned over data privacy issues, organisations are now having to rethink how to proactively protect user data rather than become reactive after an event (i.e. a large-scale data breach) occurs.
Current Flaws in ID Management and Impact on Finance
There are a number of issues with current ID management systems in the era of Web 2.0. Let’s break down some important focus areas and try to understand how various issues have affected organisations and consumers.
First, it’s clear that most companies in finance are failing at data security. Unfortunately, many organisations depend heavily upon the use of trusted third-party companies to handle data storage and security. While this isn’t always a bad idea in theory, the reality is that many of today’s information security companies are unable to effectively combat hackers. Most recently, we saw this occur when Cathay Pacific’s data breach exposed sensitive information of at least 9.4 million passengers. Information like phone numbers, dates of birth, frequent flier membership numbers, and passport and government ID numbers were all stolen.
While Cathay Pacific isn’t a finance company per se, it does rely upon database technologies to complete transactions, store identity information, and more. This means that any size hack puts consumer data and business reputation at risk. Meanwhile, this problem also impacts financial institutions themselves as financial information of their customers (i.e. credit and debit cards) have the potential to be exposed. In this particular incident, Cathay Pacific customers were rather lucky that hackers only obtained 27 credit card numbers and that zero corresponding security codes had been exposed. Still, this event should make companies wonder whether there are better secure technical solutions available. Looking at the 2018 Study on Megatrends in Cyber Security from the Ponemon Institute, respondents viewed lack of suitable technologies as the biggest potential factor for a decline in the cybersecurity posture of their respective organisations in the next three years. Even more alarming is the fact that this number increased from only 33% in 2015 to 53% in 2018.
Second, businesses have to constantly consider the costs of implementing security solutions. When it comes to most ID management systems used today, companies have to choose between cost and performance. The costs of keeping data more secure have risen significantly in recent years. While implementing a more expensive technical solution might be helpful, there is always the risk that the negatives of doing so will outweigh the positives. Regardless if a company is a new startup or an established enterprise, any increase in the cost of keeping data secure puts a strain on the goal to improve the bottom line. Again, examining the the Ponemon Institute survey, both in 2015 and 2018, over one-third of participants cited lack of funding as a potential reason for a decline in their organisations’ cybersecurity posture.
Finally, understanding how user interfaces and user experiences relate to ID management is a key component of maintaining a high level of service. Just because a solution is new doesn’t always mean it works better than what’s already being used. For example, some users might not want to go through more hoops (i.e. multiple logins or complicated user account registrations) to access a particular service. Additionally, even things that seem like minor details (i.e. a simple change in the design of a login interface) could dissuade current and potential customers. Organisations have to consider questions like, does implementing two-factor authentication really make user data more secure, or does it create another obstacle to user adoption? Is 2FA the one-stop security fix that it was supposedly intended to be? Many businesses and customers have found that 2FA solutions don’t solve the core security issues of ID management. In 2017, hackers were able to intercept and redirect 2FA codes of bank accounts in order to steal funds from customers.
Blockchain Solutions for Identity Management
Now, let’s examine how blockchain can vastly improve ID management, especially when compared to the outdated solutions that are still in use today.
From a security perspective, blockchain can provide a number of innovative solutions. For example, blockchain technologies like encryption via public-private keys can work much better than traditional, password-based login systems. The fact that blockchain data is immutable also means that hackers can’t somehow change information that has already been written on the blockchain. In contrast, traditional ID management systems are much easier to hack, meaning data can easily be falsified and/or stolen. As a result of an over-reliance on older security architectures vs. blockchain, identity fraud is very much still a major issue today.
Regarding cost-benefit analysis, blockchain can also benefit businesses and consumers alike. For example, if blockchain can make identity management much more secure and more cost-effective, the benefits of adoption would then easily surpass the potential downsides. The reality is that blockchain technologies are continuously changing and improving. This means that implementing a blockchain solution in 2014, for example, would be astronomically more expensive than it is today. Back then, it would have also been difficult to accomplish simply due to a lack of frameworks/infrastructure, lack of expertise, and other factors. Now, in 2018, there are several blockchains that can provide excellent solutions at much lower costs. We should expect that the real-world implementation of blockchain will only become easier to achieve and less costly over time. This means that small and large traditional finance companies will soon be able to better manage customer identities while also reducing associated operational expenses.
The ability to improve user experiences is another area in which blockchain technology can shine. For many years, blockchain projects have been focused on specific areas like developing unique consensus algorithms, improving scalability to allow for more data to be processed on-chain, and much more. These efforts aim to make blockchain increasingly more functional. However, we are just now beginning to see the emergence of blockchain projects that are heavily focused on improving user interface design. In the era of Web 2.0, we have simple-to-use interfaces but lack secure database technologies. As of late 2018, the era of Web 3.0 faces the opposite problem. However, as blockchain projects start to implement more user-friendly interfaces, we can expect that companies will begin to adopt these new technologies that aim to improve data security as well as user experience.
In finance, identity is an important way for consumers to access a variety of services and for businesses to mitigate risk. However, as the above examples demonstrate, current systems utilised for ID management have faced and continue to face many significant issues. Blockchain has emerged as a potential solution that can benefit both businesses and consumers by improving AML/KYC compliance and identity check processes, significantly reducing fraud risk.
For more information on the possibilities of blockchain in ID management, click here to read our complete guide.