There has always been a need for strong identity and access management capabilities in the financial services industry, for obvious reasons. Authenticating the identity and access privileges of direct customers, employees, partners and consumers is the most powerful tool for preventing fraud.
But, with the massive digital transformation caused by the pandemic and work-from-home trend, digital identity management is more important than ever for many organizations. A recent study of 12 billion financial transactions between January and March of this year found a 159 percent year-on-year increase in bank fraud attacks and a 728 percent increase in phone fraud attacks. 90 percent of all fraud attacks occurred online.
Even before the pandemic, rapid technology evolution was driving banking and capital markets to virtual business models. With the massive acceleration of this trend in the past 15 months, effective digital identity has become a critical competency for establishing and maintaining trust.
Customer identity has always been at the center of building and enhancing trust for financial services organizations. With the digitization of so many internal processes today, equal vigor may need to be applied to managing identities for employees, contractors, vendors, business partners and even devices. However, managing identities across these groups is fundamentally different from traditional customer identity management.
For example, the steps behind authenticating customers may be significantly different from those authenticating employees, contractors or other people who are closely affiliated with the organizations. For customers, identity is not only focused on ensuring the right people have access to the right resources; it also must factor in the customer experience, which is a critical component to retaining their business. Therefore, organizations need to balance the need to authenticate customer identities with the need to deliver a positive customer experience. For stakeholders closely affiliated with an organization, the steps necessary to authenticate their identities may be quite different, since they may have already been vetted by human resources, or vendor due diligence processes, and the user experience is not as mission-critical as it is with customers.
There is also a greater number of stakeholders in identity management than in years past. What was once the province of IT and cybersecurity, now extends across other organizations in the enterprise, including legal, marketing, compliance and operations. All have a stake in effective identity management. Add to this an increasingly complex risk landscape, and it suggests that organizations may be well served by adopting a broad approach to developing and supporting strong digital identity initiatives. Taking such an approach need not feel overwhelming, however, since advances in machine learning and artificial intelligence (AI) have made it easier to scale identity initiatives by automating many of the routine tasks associated with establishing and authenticating digital identities. Following are five steps to consider when developing a modern identity management program:
By taking a comprehensive approach to digital identity management, financial services organizations can effectively manage the risk challenges of expanding digital footprints and rising customer expectations. In doing so, they can build and extend trust in these most challenging times.
Alex, a Managing Director at Deloitte & Touche LLP, leads the Customer Identity & Access Management (CIAM) offering for the Cyber Risk Services practice of Deloitte Risk & Financial Advisory. He specializes in helping his clients protect their most valuable assets, build trust with their customers, deliver direct cost savings, and recapture revenue by unlocking the value of digital identity. Alex, a former managing director at another Big Four consulting firm and information security architect at a global systems integrator, brings 20 years of experience advising corporate clients across multiple industries on creating a cyber risk culture and becoming stronger, faster, more innovative, and resilient in the face of persistent cyber threats.
Anish is a Senior Manager in Deloitte Risk & Financial Advisory. He leads the Customer Identity & Access Management (CIAM) Strategic Growth Offering (SGO) initiative across all market segments. In this role, he is responsible for building and expanding CIAM solution offering, across sales and delivery, aligned with Deloitte Advisory 5x25 business strategy and Cyber Risk go to market. For over 20 years, Anish has helped large global clients find creative ways to manage continually shifting information and cybersecurity risks. He’s passionate about helping his clients address cyber threat exposures that arise during business-led digital transformations. His strength lies in his learnings and experience across a broad range of cybersecurity disciplines, acquired through designing, implementing, and working with global clients across industries. Anish works with organizations in every sector to help them protect their enterprises and grow their businesses through strong cybersecurity. Across the different roles and organizations, he managed and led product development and innovation, service delivery, business development, practice building, client relationships, and P&L management.