Last year, generative AI and the global IT security situation made headlines. Both have an impact on digital identities and that will not change in the new year.
Philipp Angermann, Director Financial Services DACH at IDnow, highlights five challenges and opportunities that digital services in Germany will face next year.
1. The triumph of generative AI
Generative AI and Large Language Models (LLMs) will make a major market appearance in 2023, especially in the form of ChatGPT. Observers assume that the use of generative AI will become easier and more cost-effective and that a combination of different use cases can generate trillions in economic added value over the next few years. On the other hand, AI developments are bound to have some negative impacts on cybersecurity.
The beginnings can already be observed: social engineering attacks are becoming easier and faster because (cyber) criminals no longer need deep technical know-how to carry them out. Forging images of physical documents may also become easier than ever before. To combat these AI-powered advancements, companies will need to increasingly use AI themselves in the next year - especially human-AI interactions - to stay one step ahead of malicious actors.
2. Tense IT security situation
The IT security situation has worsened in the past year and not just because of AI developments, as the BSI management report on IT security in Germany 2023 recently showed. Due to the tense situation, many players, especially in the finance and fintech industry, will increasingly look for solutions to prevent online fraud and will increasingly rely on multi-layered tools and technologies. This also includes adding so-called “risk signals” to identity checks: These signals can include behavioral biometric data such as typing patterns or mouse movements to detect fraud. They can also use historical transactions with users in the form of device signals to combat fraud, making life more difficult for fraudsters.
3. NFC technology on the rise
Given the tense IT security situation, the use of Near Field Communication (NFC) technology in the area of identification will also see growth in the coming year. Fraud prevention is particularly high with NFC because the chip integrated into the ID card is extremely forgery-proof. The personal data and the biometric photo are stored on the chip. This means that the original data can be validated, even if the identity document has been externally falsified.
Due to various political decisions such as the Online Access Act (OZG) or the introduction of the BundID in additional federal states, there will be a further increase in users of the eID function in Germany in the coming year. According to the BMI, positive developments could already be seen at the federal level this year. The higher penetration rate of NFC-enabled smartphones contributes to this, as does the possibility of combining NFC technology with on-site identification, for example in a gas station.
4. Step-up verification
In addition to the first interaction between the customer and the organization or institution, the further customer journey is also becoming increasingly important in terms of security. Secure and fast user account recovery is a key component in preventing criminals from unauthorized account takeovers. For example, changing your phone number or email address shortly after opening an account is a strong indication of account takeovers or so-called money mules, i.e. people who voluntarily make their access data available to criminals because they want to make easy money. Unusually high transactions can also be a warning signal. This can be counteracted by requiring the user to confirm their identity again via step-up verification. In this way, the necessary level of security can be guaranteed.
5. eIDAS 2.0: The big step into the digital decade
A lot will also change in the legislation in the coming year. At EU level the buzzword is “eIDAS 2.0”. The EU's goal is to create a Europe-wide ecosystem for digital identity. The renewed regulation must be agreed in a trilogue between the EU Commission, the EU Council and the EU Parliament. So hopefully 2024 will be the year in which the regulation, the implementing rules and the associated standards will finally be adopted.
Germany has also started the BMI consultation process on the development of an eIDAS 2.0-compliant infrastructure for a German wallet in summer 2023. The development phase and architecture process is scheduled to begin next year, which will be essential for further acceptance. According to the Digital Identity Index 2023, the identity wallets, as they are being discussed at EU level, have only been used by one percent of the German population. At the same time, the EU plans for 80 percent of citizens to use a digital identity in the form of a wallet by 2030. Major changes in digital infrastructures – on all sides – are therefore inevitable for 2024.
More at IDnow.io