Is your organization ready for digital identity, and what lies ahead on your path through digital transformation?
As organizations transform their digital processes and focus on digital identity as a key supporting capability, their organizational disciplines, business processes, and technical infrastructure evolve in several recognizable ways.
For the purpose of better understanding the “as-is” state of an organization in this transformational journey, and to assess key areas for business improvement, we have defined four distinct developmental stages, presented here in a framework called the Digital Identity Maturity Model.
Generally, the lower a business ranks on the model, the more at risk it is for missing its goals.
The four stages of the Digital Identity Maturity Model are:
Let’s take a closer look at each stage.
Businesses in the Exploring stage range from organizations that are experiencing significant business pain due to cybercrime, to those that have identified dynamic risk-based authentication as a critical business need. In this stage, organizations are just discovering the depth of the challenge ahead, and are likely struggling in several areas. This often surfaces in higher-than-acceptable fraud rates and the need for excessive manual reviews to authenticate users.
User authentication is generally thought of as an isolated issue for individual departments to solve. Customers often bear the brunt of this with a poor digital experience characterized by extensive step-ups, such as when they use a new device or travel overseas. Authentication itself is typically based on static identifiers, such as email addresses, passwords and PIN codes.
Overall, fraud is kept at manageable levels, but often the fraud department is resource-constrained, inhibiting company growth. For example, eCommerce companies may block cross-border transactions from regions with higher incidences of because of the associated risk and the lack of time and manpower to sift through suspicious transactions. Customers traveling to these regions are usually left unsupported.
Organizations in the Developing stage have implemented digital identity solutions, as their digital transformation is well underway. Authentication has moved from static credentials to dynamic, risk-based assessment.
We have been long advocating that organizations reduce reliance on static personal data and increase reliance on dynamic identity data when engaging in identity verification.
-Avivah Litan, VP Distinguished Analyst, Gartner
These organizations understand the integration points between systems and have mapped authentication into key steps along the integration process, enabling them to operate profitably even in risky geographies. However, these organizations are still in reactive mode. They respond to threats as they happen, and are still figuring out the optimal policy rules for their business.
That said, fraud levels are generally under control and the fraud team can easily handle even peak workloads. Where manual reviews are required, staff is trained to forensically analyze events and isolate anomalies between current and past behaviors.
However, identity assessment and authentication is still viewed as a departmental issue. The organization responsible for the digital experience may begin working more closely with those responsible for customer onboarding and customer service, and the security team may take notice. But authentication is still siloed and delivers an inconsistent digital experience across the customer journey.
In the Embracing stage, organizations have moved to proactively evaluating user behaviors to profile and predict new or emerging threats to the business.
The fraud staff is lean, but there is a desire to push fraud to even lower levels. Cost savings are used to justify incremental investments in people, technology and process refinements.
Identity assessment and authentication is now unified, and there is a system of record not only for digital identities, but also for the review process, which is typically automated via case management.
As new technology is introduced each day, identity plays a major role in financial services and throughout all industries. We see it as one of the driving forces of an organization’s own digital transformation.
-One World Identity
False negatives and false positives are at a minimum, meaning fewer cybercriminals are penetrating the business and fewer users are being routed through out-of-band authentication.
Fraud policies are highly refined and gaining in sophistication. Significant digital transformation is now underway and the organization has developed advanced acumen in outmaneuvering cybercriminals, many of whom have been forced to turn their sights toward softer targets at competitors or in different industries.
At the Leading stage, digital identity has moved past customer-facing systems and is now viewed as a key element of the digital and business transformation initiative.
Digital identities have been implemented broadly across the organization, including in back-end systems housing highly confidential information and mission-critical IT assets.
The organization has achieved a high-level of sophistication in its approach to user authentication, and can move rapidly to capitalize on new products and business opportunities.
Process cycle times are often compressed, helping the organization capture market share by wooing customers with a fresh appetite for a modern digital experience and instant gratification.
In some cases, market dynamics will have shifted to favor companies that already have the built-in advantage of digital identity. This dynamic is readily apparent today in the online lending industry, where a handful of fintech leaders are processing online loan approvals in a matter of minutes.
The open banking initiatives that have taken root following the recent PSD2 movement in the EU and the New Payments Platform in Australia are also fertile ground for rapid innovation enabled by digital identity.
Other industries will likely follow, driven by the desire to achieve first-mover advantage.
In the Leading stage, once siloed departments are now working together. Digital UX, Account Management, Account Support and increasingly the Products teams have joined efforts to extend and refine products offerings. In this stage, business metrics have been prioritized toward increased customer acquisition and retention.
The Digital Identity Maturity Model helps customers better identify the state of their current operations and their immediate needs.