The expansion of the 5G architecture promotes real-time communication and supports the digitization of many areas of life. This results in a veritable boom in digital identities in order to gain access to various devices and networks.
83 percent of applications already require some type of authentication in order to gain access to online services. By 2030, all populated areas in the EU should be equipped with a 5G network and 80 percent of citizens should use an e-ID.
As diverse as the possibilities offered by the new 5G technology are, the consequences that companies have to consider in order to avoid future problems are increasing. As the number of digital identities increases, not only does more data exist that needs to be protected, but the attack vectors for cybercriminals also increase.
Digital identities and data at risk
Today, Europeans already have an average of over 90 digital identities, which are formed from collections of electronic data. The total number will increase as the implementation of the Internet of Things (IoT) continues. The growth of identities arises from the fact that millions of accesses to intelligent networks and devices are necessary permanently, for example, to call up data that has been created, control it, or initiate actions.
When storing and processing personal data, data protection is of the utmost importance. Identity theft, also known as “Broken Authentication”, the unauthorized change of identity, and unauthorized access to personal data are possible abuse scenarios with unpleasant consequences. Cybercriminals can use tax, banking, and medical records or reporting records to bring about far-reaching changes.
Data protection violations result in severe penalties from official supervisory bodies, for example, if the General Data Protection Regulation (GDPR) is violated. According to a study by Varonis, each stolen or lost data record costs an average of 120 euros. This may seem manageable at first, but only until you realize the total scope of such problems: In the first half of 2020 alone, 36 billion data records were published due to data protection violations. Such a data breach will cost an average of EUR 3.17 million.
New user needs versus digital identities
When it comes to digital identities, the balancing act that many companies now have to master in order not to be left behind in the competition takes place between usability, data protection, and security. On the one hand, security and data protection must be guaranteed, on the other hand – especially when dealing with customers – small obstacles and intermediate steps play a major role and cause interruptions in interaction, for example when buying goods.
With an extreme reduction in waiting times, 5G communication can ensure that these are barely noticeable for users. Complex processes are all the more important and noticeably worsen the user experience. Registration processes have to be convenient, simple, and, above all, quick for users to carry out; after all, we have integrated the fast pace of the online world into our bio-rhythm.
According to our survey of expectations regarding the handling of online logins, long login or registration forms are one of the main frustrations of German consumers 43 percent. 78 percent of consumers would even give up their registration if the process is too laborious. Dr. Catarina Katzer, an expert on cyberpsychology behavior, explains this through the psychological effect of attribution: users blame platform operators for lengthy procedures and the resulting termination; they do not question their own impatience, after all, their own actions are often not perceived as faulty.
Nevertheless, users are well aware of how dangerous insecure data management is – 65 percent expect companies to store their personal data securely. According to Dr. Explain Katzer through the psychological risk discounting: The danger is misunderstood because a virtually locked door cannot be haptically visualized. Companies are all the more asked to implement secure processes that are not reflected in the registration process.
Before online access is possible, it must be ensured that it is carried out by people with the necessary authorizations – the keyword is authorization – and that the digital request that comes in this person’s name was actually made by this person – i.e. authentication.
With adaptive multi-factor authentication (MFA), authentication processes are adapted to the security risk, which is calculated based on factors such as the location or the sensitivity of the data. If a person logs in from an unusual location or wants to access sensitive payment data, an additional factor is requested, for example via biometric proof or a code sent by e-mail or SMS. This minimizes the risk of a credential stuffing attack in which stolen credentials are used to access other accounts, as this defense measure is difficult for cybercriminals to overcome.
At the same time, the user-friendliness increases, after all, these measures are only used in the event of suspicious behavior. 40 percent of German consumers are more willing to log in if they can use multi-factor authentication. Registration processes using single sign-on (32 percent) or biometric authentication (31 percent) are also more likely to be accepted than, for example, registration via social logins (24 percent). This may be due to the fact that with this type of registration a higher level of insecurity is perceived, while the risk of hacked biometric data does not appear obvious. In addition to the safety-first approach, companies should strengthen trust and provide information so that users can make conscious decisions.
All in all, for companies it is not a question of always making the latest technologies available, but of knowing the individual customer and user needs well. Is Twitter used often? Then social logins would be a good choice, which would simplify the registration process for this target group. However, IT managers and marketing decision-makers are the second most popular option to offer this login option, although it is – generally – the least accepted.
Such discrepancies should be analyzed and addressed. With the increasing use of 5G in particular, users will continue to internalize faster communication and be even less willing to accept laborious and lengthy processes. The fact that 78 percent of consumers would already give up the tedious registration process is a clear signal: Uniform solutions lead to frustration and abandonment, while registration processes that are as personalized as possible play into the hands of the need for speed and convenience. For users, this is clearly the task of online service providers. At the same time, security awareness will continue to grow and demands the highest level of compliance from companies.
For companies, the technologies mentioned can therefore represent the tightrope in the balancing act between usability, data protection, and security. However, as with the acrobatic original, good preparation and a feeling for the high risk are still essential.
Takeaways about digital identities
So far, by 2030, we realize that all populated areas in the EU should be equipped with a 5G network and 80 percent of citizens should use an e-ID. In the first half of 2020 alone, 36 billion data records were published due to data protection violations. Such a breach will cost an average of EUR 3.17 million. With an extreme reduction in waiting times, 5G communication can ensure that these are barely noticeable for users. Complex processes are all the more critical and noticeably worsen the user experience.
Registration processes have to be convenient, simple, and, above all, quick for users to carry out. 65 percent expect companies to store their personal data securely. With adaptive multi-factor authentication (MFA), authentication processes are adapted to the security risk. An additional factor is requested if a person logs in from an unusual location or wants to access sensitive payment data.
40 percent of German consumers are more willing to log in if they can use multi-factor authentication. Registration processes using single sign-on (32 percent) or biometric authentication (31 percent) are also more likely to be accepted. 78 percent of consumers would already give up the tedious registration process. For companies, it is not a question of always making the latest technologies available, but of knowing customer and user needs well.