Digital identity is not the easiest concept to define, according to an update from Juniper Research.
It overlaps with other, similar, areas. The crossover with areas “such as security, privacy and data management can be significant, and in some cases, they are indistinct.”
As noted in the update from Juniper Research, in the US, the NIST (National Institute of Standards and Technology) describes digital identity as ‘the online persona of a subject.’
The report from Juniper Research added that the term ‘persona’ is “used as an individual who can present themselves in a variety of ways online.”
The definition varies between countries. This definition is “further complicated by the current multi-use ecosystem of digital identity.” These digital identities are “made up of identifiers and patterns that are unique to the subject’s identity, these are called attributes.” The World Bank defines digital identity as ‘a set of electronically captured and stored attributes and credentials that can uniquely identify a person.’ These attributes can be core biographic data, “such as name or address, biometric features, such as fingerprints or iris scans, or knowledge-based secrets, such as a password or a pet’s name.”
As mentioned in the report, another form of attribute “is online activities which can be behavior patterns, search history or other such details.” These all “make up PII (Personally Identifiable Information).”
Not all information is “needed to establish PII and can remain anonymous.”
In the context, Juniper Research defines digital identity as:
“A digital representation of an entity, which can be one or more individual pieces of identity data, an event, or a signal such as an assurance indicator and similar, yet to be determined, item defined by industry.”
The latter part of the definition is important, as concepts “such as decentralised
identities, IoT (Internet of Things) identities, robotic identities and other emerging identities become increasingly prevalent.”
As mentioned in the report, digital identity attributes can be “represented or materialised through credentials, such as a government identity number.”
Once this identity has been created, it can be “used, and reused, to confirm a user’s identity in online transactions.”
This moves digital identity from “the realm of establishing an identity to verifying it. This can be seen in the use of digital identity in authentication.”
Authentication can be “defined as the verification of true ownership.” This transforms collected data “into verified data, confirming accuracy and forming the basis of trust, which can be used going forward in an identity system.”
For this to work, the data that “forms the digital identity must be authenticated and tied to an individual.” This makes pre-authentication “especially important, as any malicious actors who are able to steal identity information at this stage will be able to pass later authentication steps; using a seemingly authentic but fraudulent digital identity.”
Ensuring the accuracy of this step is “not just important for individuals’ security, but also forms the basis of compliance, in the form of KYC (Know Your Customer) checks.”
The Juniper Research report added:
“As the economy grows increasingly digitalized, identity systems are becoming part of multi-component ecosystems. This change is brought about by an increased use of APIs (Application Programming Interface), open standards and identity networks. The increase in identity networks is due to the growing availability and convenience of verification.”
The report further noted that the number of digital identity apps in use “will exceed 4.1 billion globally by 2027; rising from 2.3 billion in 2023.”
This represents “a growth of 82% over the next four years.”
The report concluded:
“This increase will be driven by the use of government-backed digital identities to replace physical identity documents as a source of verification for third-party apps, such as banking and financial services. This will be critical, as businesses aim to reduce identity theft and meet increasingly stringent KYC (Know Your Customer) regulations.”