There has always been a need for strong identity and access management capabilities in the financial services industry, for obvious reasons. Authenticating the identity and access privileges of direct customers, employees, partners and consumers is the most powerful tool for preventing fraud.
But, with the massive digital transformation caused by the pandemic and work-from-home trend, digital identity management is more important than ever for many organizations. A recent study of 12 billion financial transactions between January and March of this year found a 159 percent year-on-year increase in bank fraud attacks and a 728 percent increase in phone fraud attacks. 90 percent of all fraud attacks occurred online.
Even before the pandemic, rapid technology evolution was driving banking and capital markets to virtual business models. With the massive acceleration of this trend in the past 15 months, effective digital identity has become a critical competency for establishing and maintaining trust.
Customer identity has always been at the center of building and enhancing trust for financial services organizations. With the digitization of so many internal processes today, equal vigor may need to be applied to managing identities for employees, contractors, vendors, business partners and even devices. However, managing identities across these groups is fundamentally different from traditional customer identity management.
For example, the steps behind authenticating customers may be significantly different from those authenticating employees, contractors or other people who are closely affiliated with the organizations. For customers, identity is not only focused on ensuring the right people have access to the right resources; it also must factor in the customer experience, which is a critical component to retaining their business. Therefore, organizations need to balance the need to authenticate customer identities with the need to deliver a positive customer experience. For stakeholders closely affiliated with an organization, the steps necessary to authenticate their identities may be quite different, since they may have already been vetted by human resources, or vendor due diligence processes, and the user experience is not as mission-critical as it is with customers.
There is also a greater number of stakeholders in identity management than in years past. What was once the province of IT and cybersecurity, now extends across other organizations in the enterprise, including legal, marketing, compliance and operations. All have a stake in effective identity management. Add to this an increasingly complex risk landscape, and it suggests that organizations may be well served by adopting a broad approach to developing and supporting strong digital identity initiatives. Taking such an approach need not feel overwhelming, however, since advances in machine learning and artificial intelligence (AI) have made it easier to scale identity initiatives by automating many of the routine tasks associated with establishing and authenticating digital identities.
Following are five steps to consider when developing a modern identity management program: