Electronic seals: Understanding Digital Identity Challenges for Businesses
With the European Union's implementation of the eIDAS 2.0 regulation in March 2024, digital identity frameworks have been significantly strengthened, placing trust at the heart of IT systems. This legislative initiative is designed to provide reliable mechanisms for data protection and the management of digital identities at a time when digital systems are increasingly threatened by advances in AI and quantum computing.
Though digital identity is usually strongly associated with individual identities, it's interesting to consider digital identity as a broader ecosystem, including not only individuals but also State organisations and corporations. For the latter, the threats linked to identity theft, fraud and fake documentation are escalating, adversely affecting their reputation and operational capabilities. For businesses, therefore, digital identity carries substantial significance. They must be able to guarantee the authenticity and the origin of both the documents they issue and those they receive, to maintain high levels of trust with their partners.
Understanding the concept of digital identity
Simply put, digital identity encompasses all data that allows to identify a person or an entity via digital means. With cyberattacks becoming more sophisticated, protecting this identity is a paramount challenge. As citizens, we are now generally aware that our identity can be stolen and that we need to be in control of the personal information we share online. However, the risks of theft and identity fraud are not limited to individuals alone and businesses are equally at risk. Such attacks can indeed lead to severe repercussions, including reputational damage, erosion of customer and partner trust, and significant legal and financial burdens consecutive to the management of such crisis.
When trust collapses: real case examples of compromised business identities
Several recent cases demonstrate how acts of sabotage or the use of false identities can erode trust within an organisation.
-
Vinci's press release hoax
On November 22, 2016, Bloomberg News' Paris office received a press release allegedly from Vinci, announcing a downward revision of its financial results and the dismissal of its Chief Financial Officer. Bloomberg promptly published the news, causing the market to react sharply and Vinci's stock price to plummet by over 18%. However, within minutes, Vinci refuted the claims and retracted the release, but not before significant damage was done.
The information was in fact a counterfeit press release sent by hackers to destabilise Vinci, a successful case of identity theft, which also resulted in sanctions from the French financial regulatory authority (AMF) against Bloomberg for spreading false information.
-
The deepfake executive scam
In February 2024, an employee at a Hong Kong firm executed a transfer of 200 million Hong Kong dollars (approximately 24 million euros) after falling prey to a sophisticated version of the "President scam". Initially, the employee received a suspicious wire transfer request via email from his CFO in London. However, his doubts were alleviated after a video conference with the CFO and other colleagues. It however turned out that all participants, except himself, were deepfake avatars generated by advanced artificial intelligence using collected internet video images of the CFO and colleagues.
These examples underscore the vital need for effective security measures to protect corporate identities and manage online identification elements.
Protecting business identities with electronic seals
The electronic seal, as provided by companies like Evidency, is based on eIDAS-qualified timestamping and serves as the modern equivalent of a physical company stamp. The electronic seal is a legally recognised method to verify the authenticity and integrity of digital documents.
This solution, based on algorithmic encryption, offers dual protection: it provides unquestionable evidence of document origin and authenticity, alongside a guarantee that the documents remain unaltered. Furthermore, its application on a PDF is readily verifiable by everyday corporate tools, such as Adobe.
As digital landscapes evolve, the challenge will be to ensure that these tools can withstand future technological threats, including those posed by quantum computing. Efforts are already underway to enhance cryptographic standards and maintain the inviolability of these systems against emerging threats.
Best practices for strengthening digital security
1. Control data sharing by limiting the disclosure of sensitive company information (such as executive videos, signatures, organisational charts...) to essential sharing only.
2. Verify document identity and origin by implementing a double-check policy for high-risk transactions and by training employees sitting in sensitive roles such as finance and HR to verify the authenticity of documents they receive.
3. Secure access to critical data beyond basic identification, by using traceable solutions like timestamping and archiving, to prevent hacking or sabotage.
Conclusion
As this article demonstrates, digital identity theft and related frauds are becoming increasingly sophisticated, propelled by powerful new AI technologies such as deepfakes. These breaches can cause substantial damage to a company’s reputation and financial standing. It is imperative for organisations to address vulnerabilities proactively, ensuring vigilance, traceability, and protective measures are in place to secure business identities effectively.
Evidency is a qualified European specialist, providing electronic timestamping services and other digital trust solutions. We are a Qualified Trust Service Provider (QTSP) certified by the French ANSSI, in accordance with the European eIDAS regulation. We enable companies to easily secure large volumes of critical data and documents for evidential purposes.
Welcome to techUK’s 2024 Digital ID Campaign Week! On the 14-18th Oct, we are excited to explore how our members are increasing efficiency for both businesses and users, combatting fraud, as well as what creative and innovative ways our members are expanding our understanding of Digital Identities.
Whether it’s how we’re communicating, shopping, managing our finances, dating, accessing healthcare or public services, the ability to verify identity has quickly become a critical vanguard to the Digital Economy.
Follow us on LinkedIn and use the hashtag #UnlockingDigitalID to be part of the conversation!
Upcoming events
Latest news and insights
Get our tech and innovation insights straight to your inbox
Sign-up to get the latest updates and opportunities from our Technology and Innovation and AI programmes.
Contact the team
Elis Thomas
Elis Thomas
Elis joined techUK in December 2023 as a Programme Manager for Tech and Innovation, focusing on AI, Semiconductors and Digital ID.
He previously worked at an advocacy group for tech startups, with a regional focus on Wales. This involved policy research on innovation, skills and access to finance.
Elis has a Degree in History, and a Masters in Politics and International Relations from the University of Winchester, with a focus on the digitalisation and gamification of armed conflicts.
- Email:
- [email protected]
- Website:
- www.techuk.org/
- LinkedIn:
- https://www.linkedin.com/in/elis-thomas-49a1aa1a1/
Authors
Stéphane Pere
Stéphane Père is the Managing Director of Evidency. Formerly the Chief Data Officer at The Economist Group, he has over 20 years of international experience in technology and media.