Digital ID and authentication – why mobile is best
Mobile is the only channel that is secure, while being (near) universally available and will be critical in securing Africans' digital identities.
Most experts agree the phone can provide digital identity and authentication better than any other technology. The phone adds an element of ‘something you have’ (the handset) to the ‘something you know’ (a password or social media log-in). This means any criminal that has stolen someone’s PIN or password also needs that person’s device.
There are three major benefits to mobile ID and authentication
- It is convenient for users
A person’s phone is always with them. This makes the mobile a single authenticator they can use over and over again, across diverse services.
- It is inexpensive to administer
Most enterprises do not want to collect people’s personal details and verify their identities. It costs money, it is intrusive and it adds a regulatory and legal burden.
- It is flexible
The problem with most traditional ID systems is that they are all- encompassing. So, if a service merely wants to know if someone is over 18, they may have to ask for an ID that also discloses that person’s address, marital status, birthplace and so on.
- It provides a better user experience (UX)
While security is important to users, if the authentication process is too cumbersome for a user they may be inclined not to use the service at all. Providing effective authentication services requires a combination of security and good UX. Many mobile authentication methods provide great UX, without compromising strong security.
Authentication on mobile
Within the mobile model, the user provides his or her phone number upon registration with a service such as a bank, school, e-retailer or employer. The provider can then use the customer’s mobile number to verify their identity, using one or a combination of mobile authentication methods.
A user’s mobile phone can be used to generate a one time password (OTP), an OTP can be sent to the device, an app on the device can authenticate a login or transaction, or enable out of band (OOB) authentication via a separate channel on the mobile phone. Where biometrics are used as part of a multi-factor authentication process, the mobile device can be used by a customer to capture biometrics such as voice, finger prints etc. to verify the user’s identity.
Obviously, this process can work across any analogue or digital service. And when a service takes place on a mobile site or app, it will be even quicker. In this instance, the user experience for authenticating a transaction can be near-on seamless. Providing robust identity and authentication options on mobile is critical to the success of Africa’s digital economy. Mobile is the only channel that is secure, while being (near) universally available and will be critical in securing Africans’ digital identities.