n the real world, proving your identity is pretty straightforward. When you show up in person to open a bank account, rent a car, book a hotel room, gamble at a casino or purchase alcohol, you present your government-issued ID, proof of address or whatever else might be required for the transaction, and the company you’re doing business with can physically see that you are who you claim to be.
This process gets far more complex in the digital world. Now, these same companies must find a way to verify you are who you say are, even though you aren’t physically there to present your ID or documentation. Companies must find a way to assure your digital identity matches your real-world identity.
In simple terms, your digital identity is the compilation of information about you that exists in digital form — this can be everything from your date of birth to something you like on Facebook.
What Makes Up a Digital Identity?
The information that forms your digital identity can be grouped into two broad categories: your digital attributes and your digital activities. These pieces of information, either alone or combined together, can be used to identify you.
Digital Identity: Currency for Fraudsters
Your digital identity acts as a sort of currency on the web. In your favor, your digital identity can give you access to your accounts, allow you to open new accounts and give you credibility to engage in a trustworthy way with people, products and services online. On the flip side, the fact that your personal information exists online means that it is subject to hacks, breaches, copycating and theft. And with 4,000 publicly disclosed data breaches and 4.1 billion exposed records in the first six months of 2019 alone, much of that previously personal information is now public information.
How Digital Identity Information is Exposed:
- Public Wi-Fi networks
- Unsecured websites
- Third-party data breaches
- Phishing attempts
- Weak or limited number of passwords
- Deepfake videos, voice and graphics
- Location sharing settings
- Adding strangers to social media accounts
“All the information is available if you know where to look,” explained Robert Prigge, Jumio president, in a keynote on the lasting impact of data breaches at the Sibos London 2019 event. “There’s a very vibrant marketplace for identity information that can be resold and used against you.”
This “vibrant marketplace” is known as the dark web — a network of sites within the deep web, not accessible by search engines or through normal web browsing means. On the dark web, identity data is acquired, sold or dumped.
While people tend to think of Social Security numbers as valuable, they can be purchased on the dark web for as little as a dollar. Banking information can garner $15 to $20, credit card details can range from 25 cents to $60, and at $350 a pop, medical records are among the most valuable.
These marketplaces don’t just have individual identity data — they have bundles that combine a passport, a selfie and a utility bill to make the job of a fraudster that much easier.
Just having one or two pieces of someone’s digital identity can have a cascading effect that leads to an even more complete digital identity that can be used to access more and more secure, valuable accounts. Your pet’s name? Right there on Instagram. Your mother’s maiden name? Available on Facebook. Your date of birth and email address? Pretty darn easy to track down.