Page 26 - GS230602
P. 26
CoverStory
Co v er St o r y
Shikiar expects early, high-profile implementations by "API management plays a key role in digital identity, par-
other leading brands to boost adoption and encourage ticularly in authentication and authorization," he said.
consumers to replace passwords with non-phishable pass- "With API management, we provide an open ID to con-
keys. He noted this will enable users to access online ser- nect, enable and standardize the authentication and au-
vices securely and easily, and the networked economy will thorization process, to ensure that only authorized indi-
subsequently benefit from reduced fraud and increased viduals have access to specific APIs, meaning it has access
service consumption. to specific functionality."
Subscription services Federated strategies
Shikiar pointed out that consumers are becoming more Identiverse researchers noted that reusable identity is
interested in simplifying and securing their identities on- achieved through the use of identity federation, which al-
line, which, he noted, has led to subscription service offer- lows different systems and applications to recognize and
ings in the space. trust the same digital identity.
"Twitter and Meta rolling out identity verification as a sub- Torqueto noted the federated principle also applies to API
scription service has brought identity verification into the management, adding that organizations leveraging mul-
mainstream vernacular," he said, while questioning how tiple tools within an API omnichannel strategy can detect
this will help prevent trolling, misinformation and online when they're under attack, mitigate damage and identify
scams and whether verification service offerings should which API is affected. He also described identity protec-
be required or offered as a free public service. tion trends as follows:
Todd Robertson, senior vice president of business devel- • Zero trust security: "A hot trend that means you as-
opment at ARGO, mentioned his company has integrated sume no layer of your infrastructure is safe, even the
LexisNexis True ID, an automated forensic analysis solu- intra service communications that have its encryp-
tion designed to quickly authenticate identity documents. tion. The permissions used are the least permissive
The solution can verify government IDs from around the as possible. Zero trust will add security layers on top
world and is available as a standalone application or host- of your environment, making it even more difficult
ed service, he noted. for the attacker."
"Consumers want to use digital and physical channels to • Decentralized identity: "It's a self-serving identity
manage their finances and meet their goals," he said. "That that's currently gaining traction. Users have full
means financial institutions must have a complete strat- control over their digital identities, including their
egy to serve these needs and address the risk exposure by personal data. They're now using this centralized
blending the right technology innovation, risk foundation technology, i.e., blockchain, or a distributed layer of
and relevant operational functionality to align customer technology to actually establish this identity - the
experience and service." APIs have this role. This crucial tool enables this in-
teroperability within secure interactions between the
API lifecycle management decentralized identity itself and identification."
Filipe Torqueto, head of solutions, USA at Sendedia, wants • Consent and private management: "It's a common
to see the identity community evolve faster in response theme in open banking. Your banking data is yours,
to new variants in phishing and AI-powered attacks on not the bank's. It belongs to the individual. Any ac-
banking and financial services. tion in the open banking ecosystem requires the final
user's consent. It's privacy management. If the con-
"In the post-pandemic world, identity, especially in the sumer doesn't want their data to be shared or sim-
digital universe, will become increasingly important," he ply doesn't want to participate, they have this right.
said. "It is evolving, yet there is a gap between this evolu- There's GDPR, California Consumer Privacy, and
tion and the overall technological evolution in terms of the other international laws that protect data privacy."
adoption of identity technologies into normal services like
banking, financial services, retailing, etc." Synthetic identity threats
Christina Luttrell, CEO for GBG Americas and IDology,
Torqueto urged businesses and service providers to meet advocated using a multi-layered approach to fight all
new threats with new, more secure technologies. As data types of identity fraud, including synthetic identity, which
leaks and new attacks threaten an increasingly interop- she characterized as insidious and fast-growing in the
erable financial ecosystem, he added, the industry must United States. Layered data sources and alerts can notify
adopt new identity technologies such as API management, enterprises when deceased individuals' records or address
which protects users across digital channels and apps, all verification are in play, she pointed out.
of which are served by APIs.
26
