Identity Crisis – How to Protect Personal Information in an Increasingly Open World

Following the recent Equifax breach that exposed the personal and financial records of more than 143 million people, identity theft has once again become a hot topic and public trust is at an all-time low.

Consumers are naturally wondering how they can protect their identity at a time when one can’t go online and interact with a product or service without entering some form of personal identification. Complicating matters further is the fact that businesses have never been more interested in cultivating personal details about their consumers, and that people have never been more willing to put their information in the public eye for all to see.

The collection of personal information

Targeted online ads have become so ubiquitous that consumers now expect to see them every day. In fact, if you were to look up a flight to Jamaica this winter, you’d probably brace yourself for an instant barrage of banner ads promoting cheap Caribbean airfare.

But businesses aren’t just following your online breadcrumbs to sell you more products. The collection of personal information is fast becoming an effective way to deliver exceptional customer service, or in the case of Google and YouTube— a better product.

When I last logged on to YouTube, I immediately knew my daughter had been using my account because I was prompted with recommendations for Teen Wolf. (Not exactly my taste, but hey, to each their own). We see this every day when our phones prompt us with weather and traffic alerts, restaurant recommendations, sports scores and more.

Businesses are using our personal information to deliver better products and services, and for the most part, consumers are complicit with the practice as long as it makes our lives better. However, a changing regulatory model may soon alter the way businesses collect and use personal data.

Operating in a wild west environment for the past decade, tech giants such as Facebook and Google are now facing a new privacy law in Europe, the General Data Protection Regulation (GDPR), that is expected to greatly hinder the way the companies use personal data to target ads. While North American consumers will remain unaffected for now, the law could become a blueprint for data protection efforts around the world.

The (give away your personal) information age

As more and more of our personal data is collected, it’s only natural to be concerned with its protection. That’s why we hold businesses, financial institutions and government agencies to the highest of standards when it comes to safeguarding our information.

At the same time, however, many of us are all too willing to give our identity away. A few years back, there was a form going around social media that allowed people to share details on when they were married, the street they grew up on, the names of their pets, and the countries they’ve visited, to name just a few. And, today, people continue to post on their public Instagram accounts and check in on Facebook, letting the world know where they get their coffee, buy their clothes and go to the gym.

This opens us up to what security experts call an “advanced persistent threat”, where hackers wait and watch for personal details that will allow them to walk right in the front door, rather than break in the back. After all, what’s easier— cracking the advanced encryption technology of a large financial institution, or resetting a person’s banking password with the details they left open and exposed on social media?

Consumer convenience is key to protection

For consumers, the advice on protecting yourself is simple— go to your social media accounts and set everything to private. Nothing should be public. For businesses and financial institutions, it’s not so easy. In the security world, you’re always facing the challenge – if I make it difficult for the end user, the end user won’t use the system.

A common example is the IT department that requires employees to enter a new eight-character, alpha-numeric password every 90 days, which inevitably leads to passwords being posted to computer monitors on sticky notes.

Whether dealing with employees or customers, security protocols have to be simple to use. Which is why financial institutions have been smart to incorporate mobile devices in their two-factor authentication methods. Increasingly, now, when a customer signs into their online banking account to send an email money transfer, they are asked to enter a separate code that gets sent directly to their smartphone. Since we’re all more likely to leave home without a wallet than a phone, this is the perfect example of an extra level of security that’s effective without being inconvenient.

Biometrics protects identity & improves customer service

We’re now seeing this same mix of security and convenience at call centres, where Avaya is helping some of the world’s largest financial institutions incorporate passive biometric technology to positively identify their customers. At a time when personal information is readily accessible online, it is no longer enough for customers to identify themselves over the phone with a birthdate. However, customers are also quick to become frustrated when call centre agents ask them a laundry list of security questions.

With new biometric technology, call centres now have the ability to scrub customer voice prints passively in the background while they’re speaking with agents in the call’s introductory phrase. Rather than having customers repeat a common phrase (active biometrics)—which can make some people self-conscious or impatient—call centres can use passive biometrics to verify their customers with 97 per cent accuracy, while delivering shortened call cycles and improved service.

It is this combination of advanced technology and easy-to-use security protocols that will be essential to protecting our identities in an age where people are socially motivated to open up about their lives online, and businesses are financially motivated to capture as many personal details about their consumers as possible. While our identities have never been more public, biometrics and two-factor authentication can still keep them secure.

Tracy Fleming is Avaya Canada’s Senior Technologist.