The Real Identity Blog

How can we secure identities online? In a brief video interview with Yale Insights, Socure’s Co-Founder and Chief Strategy Officer Sunhil Madhu discusses the current state of affairs when it comes to data breaches and fraud (spoiler alert: it’s safe to assume everyone’s data has been stolen several times over); the ways in which current tokenization efforts are not enough; and how social networks and connections are the wave of the future (and the present) when it comes to verifying and securing identity.

In today’s digital world, identity verification is becoming increasingly important as the threat of identity fraud continues to grow. In 2017, there were more than 1,200 data breaches, with more than 2 billion separate identities stolen. Already in the first half of 2018, identity theft and synthetic identity attacks have more than doubled from Q4 of 2017. Traditional identity verification uses static rules and linear models applied to credit bureau data, which is often stale and easily accessible to fraudsters because, if we’re being honest, your birthday, Social Security number, and mother’s maiden name have already most likely been leaked in some previous data breach. So with these kinds of numbers, it’s clear that companies must rethink how best to originate user accounts online and develop new approaches for verifying their users. 

We’re all familiar with the stats: Last year’s Equifax breach left upwards of 145 million people’s personal identity information (PII) in the hands of fraudsters. Since 2005, more than 816 million individuals’ records were stolen in more than 4,500 reported breaches. In 2018 alone, major companies like Whole Foods, Kmart, and Under Armour have already experienced breaches, exposing hundreds of millions of customers’ personal data. Data breaches are so common now that it’s safe to assume that no one’s information is private and that we’ve all been hacked. As a result, it’s on us to think carefully about how fraudsters are actually using the PII they steal. And in order to best protect businesses and consumers, it’s on us to reconsider the traditional approaches to identity verification —which clearly aren’t working.