The benefits of remote digital identification

Marcel Wendt at Digidentity explains how remote digital identification could have limited the fallout from the TfL cyber-attack

 

The recent cyber-attack on TfL disrupted services and compromised employee and customer data. This has meant that over 30,000 employees have had to travel to TfL’s headquarters to reverify their identity and reset their passwords.

 

This highlights key vulnerabilities in outdated security practices. There is a growing urgency for organisations across sectors to transition to more advanced, flexible, and secure digital identity solutions in response.

 

Problems of traditional password systems

This TfL disruption reveals a weakness of traditional password-based systems. Passwords are highly vulnerable to a wide range of cyber-threats, from phishing attacks to credential stuffing, an easy point of entry for hackers, which have long been the go-to for securing access to sensitive systems.

 

An additional issue is password hygiene. Some aren’t aware that their password is weak from the outset, or reuse passwords across multiple accounts out of convenience. One password breach can result in loosing multiple platform information to the bad actors.

 

Hence, it is important that organisations start to take a step back from the traditional password systems and step towards more advanced, secure alternatives. For example, by utilising biometric identification employees can securely reset their credentials without needing physical presence.

 

Avoiding operational downtime

One of the greatest costs of cyber-attacks is the operational downtime they create. It disrupts work, leading to delayed services and, in some cases, lost revenue. In TfL’s case, password resets and identity reverification are becoming a labour-intensive and expensive process that could be solved by adopting more modern solutions.

 

The traditional method of face-to-face identification – with checks based on physical presence – can make the registration process for these identities take days or sometimes weeks. However, remote identity verification technology is designed to confirm an individual’s identity securely, and fast, eliminating the need for physical presence.

 

Businesses need to streamline the verification process by removing the need for employees or customers to identify in person. This approach also empowers companies to respond more effectively to incidents, while avoiding the logistical nightmare of requiring large-scale physical identity checks.

 

Cross-industry issue

Although the TfL incident occurred in the transportation sector, there are lessons to be learnt across many sectors, including healthcare, finance, and government.

 

Recent research shows how individual UK healthcare organisations are losing a staggering £544,000 per year due to delays in verifying a candidate’s identity and credentials through in-person checks. In healthcare where staff shortages are already critical, these delays are negatively impacting patient care. Similarly, the finance industry, where clients trust institutions with sensitive financial data, it is crucial to prevent unauthorised access, secure transactions, and mitigate the fallout from breaches.

 

However, in many cases, the responsibility is typically placed on the consumer as they are the ones initiating payment. As victims who willingly send funds, albeit under false pretences, in an authorised push payment (APP) transaction, consumers may face financial loss as banks may claim they’re not responsible.

 

Customers need to understand that they are their own accounts’ first line of defence. While it is the bank’s responsibility to protect assets, it is also important for customers to protect themselves.

 

Overarchingly, any business that handles sensitive information and relies on password-based systems is susceptible to similar risks. By using advanced verification and authentication methods, companies can easily add layers of security, making it more challenging for malicious actors to impersonate legitimate users and conduct fraudulent transactions.

 

Time for action

If the TfL cyber-attack teaches us anything, it’s that we cannot afford to remain reliant on outdated verification methods. Modern threats demand modern solutions, and whilst we cannot eradicate threats for good, we can work together to limit the operational damage they cause.

 

By embracing remote identification, companies across the board can provide security and flexibility for their employees and limit the logistical headaches when disruption arises.

 

Not only does this create better protection for employees’ data, but also streamlines hiring procedures and the ability for compromised businesses to spring back into operation.

 

---

 

Marcel Wendt is CTO and Founder at Digidentity  

 

Main image courtesy of iStockPhoto.com and da-kuk