Digital identities: five challenges for 2024

28 January 2024
| No comments
Digital identities: five challenges for 2024
Advertising

Share post

Last year, generative AI and the global IT security situation made headlines. Both have an impact on digital identities and that will not change in the new year.

Philipp Angermann, Director Financial Services DACH at IDnow, highlights five challenges and opportunities that digital services in Germany will face next year.

Advertising

1. The triumph of generative AI

Generative AI and Large Language Models (LLMs) will make a major market appearance in 2023, especially in the form of ChatGPT. Observers assume that the use of generative AI will become easier and more cost-effective and that a combination of different use cases can generate trillions in economic added value over the next few years. On the other hand, AI developments are bound to have some negative impacts on cybersecurity.

The beginnings can already be observed: social engineering attacks are becoming easier and faster because (cyber) criminals no longer need deep technical know-how to carry them out. Forging images of physical documents may also become easier than ever before. To combat these AI-powered advancements, companies will need to increasingly use AI themselves in the next year - especially human-AI interactions - to stay one step ahead of malicious actors.

Advertising

Subscribe to our newsletter now

Read the best news from B2B CYBER SECURITY once a month



By clicking on "Register" I agree to the processing and use of my data in accordance with the declaration of consent (please open for details). I can find more information in our Privacy Policy. After registering, you will first receive a confirmation email so that no other person can order something you don't want.
Expand for details on your consent
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. Detailed information can be found in our Privacy Policy. You can unsubscribe from the newsletter at any time. You will find a corresponding link in the newsletter. After you have unsubscribed, your data will be deleted as soon as possible. Recovery is not possible. If you would like to receive the newsletter again, simply order it again. Do the same if you want to use a different email address for your newsletter. If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.

CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyze the behavior of the newsletter recipients. This can include It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletter is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest. For more information, see the privacy policy of CleverReach at: https://www.cleverreach.com/de/datenschutz/.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

2. Tense IT security situation

The IT security situation has worsened in the past year and not just because of AI developments, as the BSI management report on IT security in Germany 2023 recently showed. Due to the tense situation, many players, especially in the finance and fintech industry, will increasingly look for solutions to prevent online fraud and will increasingly rely on multi-layered tools and technologies. This also includes adding so-called “risk signals” to identity checks: These signals can include behavioral biometric data such as typing patterns or mouse movements to detect fraud. They can also use historical transactions with users in the form of device signals to combat fraud, making life more difficult for fraudsters.

3. NFC technology on the rise

Given the tense IT security situation, the use of Near Field Communication (NFC) technology in the area of ​​identification will also see growth in the coming year. Fraud prevention is particularly high with NFC because the chip integrated into the ID card is extremely forgery-proof. The personal data and the biometric photo are stored on the chip. This means that the original data can be validated, even if the identity document has been externally falsified.

Due to various political decisions such as the Online Access Act (OZG) or the introduction of the BundID in additional federal states, there will be a further increase in users of the eID function in Germany in the coming year. According to the BMI, positive developments could already be seen at the federal level this year. The higher penetration rate of NFC-enabled smartphones contributes to this, as does the possibility of combining NFC technology with on-site identification, for example in a gas station.

4. Step-up verification

In addition to the first interaction between the customer and the organization or institution, the further customer journey is also becoming increasingly important in terms of security. Secure and fast user account recovery is a key component in preventing criminals from unauthorized account takeovers. For example, changing your phone number or email address shortly after opening an account is a strong indication of account takeovers or so-called money mules, i.e. people who voluntarily make their access data available to criminals because they want to make easy money. Unusually high transactions can also be a warning signal. This can be counteracted by requiring the user to confirm their identity again via step-up verification. In this way, the necessary level of security can be guaranteed.

5. eIDAS 2.0: The big step into the digital decade

A lot will also change in the legislation in the coming year. At EU level the buzzword is “eIDAS 2.0”. The EU's goal is to create a Europe-wide ecosystem for digital identity. The renewed regulation must be agreed in a trilogue between the EU Commission, the EU Council and the EU Parliament. So hopefully 2024 will be the year in which the regulation, the implementing rules and the associated standards will finally be adopted.

Germany has also started the BMI consultation process on the development of an eIDAS 2.0-compliant infrastructure for a German wallet in summer 2023. The development phase and architecture process is scheduled to begin next year, which will be essential for further acceptance. According to the Digital Identity Index 2023, the identity wallets, as they are being discussed at EU level, have only been used by one percent of the German population. At the same time, the EU plans for 80 percent of citizens to use a digital identity in the form of a wallet by 2030. Major changes in digital infrastructures – on all sides – are therefore inevitable for 2024.

More at IDnow.io

 

Matching articles on the topic

DeepSeek: Criminals use it to spread malware

According to experts, the rapid spread of generative AI applications is creating new opportunities for cybercriminals. The new AI chatbot DeepSeek has already ➡ Read more

Cyberattacks: A threat to the supply chain

With the steady progress of digital transformation in recent years, companies have become increasingly dependent on numerous partners and suppliers. ➡ Read more

IT security: Invest in the right measures

German companies are investing in IT security, as a recently published study shows. The question is, however, whether they are doing so correctly. ➡ Read more

Cyber ​​attack: MDR extremely reduces insurance losses  

A Sophos study of 282 claims shows: The value of cyber insurance claims from companies using MDR services is on average 97,5 percent ➡ Read more

Ransomware trends: Cybercrime scene in upheaval

Ransomware: Large players like LockBit and ALPHV/BlackCat seem to be passé, but new, not yet established groups are moving into the emerging gaps. ➡ Read more

AI and its even greater advantage in cybersecurity

Together with Chester Wisniewski, Director, Global Field CISO at Sophos, we discussed various aspects of the use of artificial intelligence ➡ Read more

AI-generated fraud: Preventing deepfakes, AI voices, and fake profiles

AIs generate everything for the user – including a lot of content for fraud, such as deepfakes, AI voices, or fake profiles. Users ➡ Read more

The growing number of machine identities is becoming a problem

In most German companies there are significantly more machine than human identities, and this gap will narrow in the coming ➡ Read more

Stories
, , , , ,