Although most of us are eager to put the afflictions of another pandemic-fueled year in the rearview mirror, 2021 was overall, another banner year for digital identity. If 2020 was the year that accelerated digital transformation and pushed digital identity into the mainstream, then the impact of COVID-19 in 2021 was kerosene on an already well-lit fire. Looking back on the predictions we held for 2021, how did we do?

Incumbent fraud prevention platforms go on a buying spree - pushing the industry towards comprehensive, integrated digital identity solutions that include everything from identity resolution and customer onboarding to ongoing account management

The pandemic provided fraudsters with a carnival of new opportunities not quite seen before in the history of digital security. With the growth of new digital consumers (many using online banking or shopping for the first time) performing transactions online, fraudsters were able to hide in plain sight. According to the FTC, this festival of fraud led to a rise in consumer fraud theft to $3.3 billion in 2020, up from $1.8 billion in 2019. Additionally, the influx of government funds to support COVID relief measures, created new fraud vectors to steal data and conduct attacks. At least $36 billion of the $360 billion in U.S. CARES Act unemployment benefits were lost, primarily due to fraudulent claims. In the U.K., as much as $35 billion in COVID-related loans may have been fraudulent.

Organizations and governments alike found themselves unequipped to weather the storm, creating ample opportunities for fraud prevention players to bolster their platforms, grow via acquisition, or establish a greater foothold in existing market position. A few highlights from this year include:

• Equifax acquires Kount for $640MM to embed an ecommerce fraud prevention platform and trust network into Equifax’s existing information solutions
• TransUnion acquires Neustar for $3.1B to diversify from its core credit solutions with digital marketing and fraud mitigation capabilities
• Socure raises a $450MM Series E at a $4.5B valuation, with 500% YoY bookings growth. SocureID+ holistically integrates point solutions across identity verification and fraud platform prevention backed by an ID graph and consortium network
• Forter raises $300MM for a $3B valuation, and doubles its revenue growth. Forter launches Trusted Identities to apply their identity graph and decision engine to consumer authentication and eCommerce account takeover
• Riskified begins trading on NYSE (RSKD) and is valued at $3.3B

We saw this one coming. Here, we give ourselves an A.

Proving your identity will be more common at checkout and when trying to watch mature content online

Age assurance is rapidly becoming a defining issue for the future of the internet. New regulations for age assurance not only impact service providers that offer age restricted goods and content; the very fabric of how apps and platforms are designed must now be protective of children by default. The EU Audio Visual Media Services Directive (AVMSD) and the UK Age Appropriate Design Code (AADC) are already proving to be significant in reshaping the way that content is delivered to children across new and emerging media platforms. Although these laws are regional, it is expected to be received as a template for other developing regulatory standards around age verification, as was the case with Europe’s General Data Protection Regulation (GDPR) and data privacy. Resultantly, age assurance regulations are gaining momentum, and teeth. A few highlights from this year include:

• Whistleblower Frances Haugen electrifies Washington with her testimony on how Facebook harms children in pursuit of breakneck growth
• AADC takes effect in September 2021. It amends EU’s GDPR to include compliance requirements for not only services aimed at children, but those likely to be used by them. Penalties for non-compliance include up to 4% of global turnover
• TikTok, Twitter, and Facebook are called to minimize data collection on children and to offer privacy options that default to maximum security
• Online Safety Bill: as soon as last week, UK Parliament offers a series of recommendations on draft legislation to further tighten legal requirements on platforms

If there’s one prediction we might have preemptively called and can rollover into 2022, this might be it. We continue to have eyes on this and in the meantime, you can read our latest Age Assurance Report that covers the impact this emerging issue has on the state of digital identity.

We give ourselves a B+.

The world adopts digital identity wallets as contact tracing will become mandatory for everyday activities

As the COVID-19 pandemic has demonstrated, there is a clear and present need for trusted proof that an individual is free from infection and/or has received accredited vaccination. Many countries worldwide authorized the adoption of contactless biometric solutions at airports and border crossings and began piloting digital immunity passports. A few highlights from this year include:

• State and federal governments roll out their own vaccine passports. NY state, as an example, rolled out Excelsior Pass, a QR code that matches the state’s vaccine records.  Several passport apps can be added to a digital wallet (i.e. Apple Wallet), promoting behaviors that support future adoption of digital identity wallets
• Private sector solutions expand their digital wallets to include COVID-19 vaccine status including ID.Me, Yoti, and CLEAR’s Health Pass. Organizations that rely on proof of status can build trust and safety efficiently while keeping the economy moving

COVID passports beat walking around with a laminated, fraud-prone, physical vaccination card. In that arena, we give our prediction a solid A. The question, however, is if reliance on vaccine passports will usher adoption of digital identity wallets more broadly. As of today, all signs point to definitely maybe.

Liminal’s Q3 Consumer Identity Survey, 73% of consumers say they want more autonomy over their digital identity. 60% responded that they would be likely to adopt a smartphone-enabled drivers license. Digitized services may be coming to a smartphone near you. This past year, several countries launched over 10 new eID initiatives in an effort to digitize civilian identity and access to government services. Europe is a pioneer with 22 eID schemes currently either active or in development. Additionally, the U.S. recently announced that TSA is preparing to accept mobile drivers licenses (mDLs) in 2022.

This is another one we’ll be tracking well into the new year. Overall, we give ourselves a B+.

Digital identity initiatives get the Biden Bump

In 2012, the Obama administration unveiled the Consumer Privacy Bill of Rights, as part of a “comprehensive blueprint” to improve consumers’ privacy protections and ensure that the Internet remains an engine for innovation and economic growth. Better ID Coalition, led by former Obama administration executives, unveiled their blueprint to introduce the bipartisan Improving Digital Identity Act of 2020 in Congress. So, what’s happened since then? A few highlights from this year include:

• In May, the President signs a new charter to overhaul the digital architecture of the federal government and improve the nation’s cybersecurity
• In July, the President follows up with a National Security Memo to expand public-private cooperation on cybersecurity issues;
• In November, the President signs a $1T infrastructure bill that allocates $2B towards cybersecurity
• Of the 46 tasks President Biden mandated, 19 are now complete

Cybersecurity remains a priority, and Congress can further strengthen CISA and improve the nation’s cyber defenses. As for our original prediction, Congress introduced the Improving Digital Identity Act of 2021 which hopes to introduce a Digital Identity Task Force to promote interoperable digital identity verification in the public and private sectors. We do believe that Personal Identity Ecosystems are the future for interoperable, privacy preserving, and user-centric identity credentials, although organized efforts are still in nascent stages.

They didn’t quite get the Biden Bump this year, and we’re giving ourselves a C.

The passwordless revolution finally arrives

The death of the password has been a long time coming. The reasons for the tenacity of the password are simple – it’s a technique as old as the internet, easily understood, and ubiquitous for consumers. The average consumer has to manage 100 or more online accounts with an unfeasible number of unique passwords to create and manage. As a result, consumers most commonly settle on 2-5 variations of the same password. Liminal’s Q3 Consumer Identity Survey shows that 45% of US consumers follow this practice for password management today. It’s not for lack of trying. Today’s authentication providers have the technology in place to kick passwords to the curb. Using Apple’s Face ID to unlock a phone is the most common example. This is an area where digital identity solutions stand to shine. A few highlights from this year include:

• Transmit Security raises $543MM, the largest Series A funding round in cybersecurity history; funding will help support biometric authentication so that people never need to remember a password again
• HYPR raises $35MM in a Series C, capitalizing on the need to eradicate passwords as organizations shift to remote work
• Startups activity in an emerging space; Stytch raises $90MM in a Series B at a $1B valuation and Magic raises $27MM in a Series A

We still have hope that the passwordless revolution is in the not too distant future. Once it makes landfall, we also think this will open new doors for adaptive authentication, behavioral biometrics, and many other “passive” technologies that show promise beyond strictly B2B applications. Time will tell, but in 2021, 123456 took the crown (again) as the top password.

For that reason, we give ourselves a C.

To 2022 and Beyond

Perhaps what’s more important than how we performed on our initial predictions is just how far digital identity has come. 2021 is the year in which we can say that digital identity established maturity in what was otherwise still considered a relatively nascent field. It’ll breathe new life into expectations for 2022, and we’re already pontificating how things will shake out.

Read our predictions for 2022!