Share this article:
Many of us utilise different digital identities to engage in online activities. From email addresses to social media accounts, we use these digital identities to register and download new mobile applications or even sign up for new online services.
We have enjoyed the conveniences of such easy access, but are you aware of the risks associated with digital identity theft should these service providers not handle the identities well?
How can we stay vigilant of our own digital identity, just like being careful with our identity or credit cards, and minimise the risks of such theft? For small and medium-sized enterprises (SMEs) providing online products and services, who can they trust and partner with to ensure that their online services are delivered to verified and authenticated users?
Clear accountability and good data stewardship are important considerations for digital services when engaging with digital identities so as to ensure that personal data is managed appropriately.
In response to digital identity misuse and probable reputation damage, identity providers like Apple and Google are very cautious about the usage of Apple IDs and Gmail IDs – strong safeguards are put in place to protect digital identities.
In the case of Gmail ID, the user receives a notification when a login attempt using the account takes place. For all online services, it is a good practice to turn on 2-Factor Authentication (2FA) services, if available. This provides an alternate channel through which the service provider and the user can verify the login attempt to mitigate against identity theft.
What this means to SMEs offering digital services is that they can consider using Apple IDs or Gmail IDs for creating accounts and enabling logins to access their services online. These user identities are better managed and in the event of any identity theft, the identity providers are better prepared to handle these security incidents than if you do it by yourself.
One of the key technology trends today is the proliferation of mobile payment options. With the scanning of a QR code or a tap on a Near-Field-Communication (NFC) enabled phone facility, the consumer can carry out transactions without taking out their wallet.
Combining payment with many other periphery services, multi-services providers like Grab provide excellent options to SMEs planning to offer an omnichannel shopping experience. Users of the application and its mobile payment services are able to enable access to their personal data without having to share it with SME merchants.
With strong data privacy enforcement actions and reported data breaches becoming a common occurrence, the less data we gather from a user, the less there is to deal with to fulfil a transaction.
Such data-less business models address concerns about data privacy preservation arising from the collection of personal data. It also allows SMEs to save on resources required to set up a system to capture and manage these personal data.
In today’s zero-trust digital economy, we see more users becoming more demanding about only engaging with verified digital service providers. The multi-services and omnichannel platform created by Grab uniquely balances this need to have the service providers, as merchants, be validated before they can present their services for any Grab users.
What this means to the SME is that any online digital services presented with Grab can be trusted by users. This characteristic of trust is particularly invaluable to new online digital services set up by SMEs.
The user community Grab has built through the Grab Delivery and Grab Pay services is sizeable across the Southeast Asia region. More exciting services recently announced includes financial services like loans and investment plans.
SMEs should leverage such multi-services providers like Grab and tap on their fast-growing user community to acquire more customers in their digital transformation journey.
In summary, SMEs should be encouraged to reach out to multi-channel service providers to enquire how to on-board their products and services to their digital services platform, and reach out to a fast-growing digital marketplace within and outside of Singapore.
Another takeaway, as a consumer of digital services requiring personal data and use of your digital identity, would be keeping track of these new services you have signed up for and using unique passwords for each of these digital services.
Use a password wallet, if required, to help you to remember the password logins to these services and in the event that there is a data breach, your risk and exposure will only be limited to that service you signed up with.
Disclaimer: I am not engaging or working in partnership with any of the service providers named in this article and I am only a consumer, like many of you, who uses their services in my personal capacity on their platforms.
This article originally appeared in the Entrepreneur's Digest print edition #93 and has been edited for clarity, brevity and for the relevance of this website.
About the Author
Gerald Tang | Cybersecurity Audit & Data Privacy Lead, Cybersecurity Division | BDO Advisory Pte Ltd
Gerald leads various strategic partnerships and new business engagements on data privacy and cybersecurity. His primary area of focus is in Cybersecurity Advisory and Audit, Personal Data Privacy (GDPR & PDPA) and Cloud Consulting and Advisory. Gerald has a background founded in cloud and cybersecurity and is currently pursuing his data privacy compliance credentials as a Data Protection Officer (DPO) and Certified Information Systems Auditor (CISA). He has spent a number of years overseeing cloud and cybersecurity projects, including designing complex enterprise and hybrid cloud platforms for government and enterprises.