Our regular review of recent news from around the decentralized identity community. In this edition, advice for financial institutions, how more global equality can be achieved through digital identity, and how following regulations does not always mean your data is secure.
By Tim Spring
Digital Identity and Social Media – the Big Picture
As Ingo Rube, founder of KILT Protocol, a decentralized identity blockchain network, explains, “Digital identity on the internet is fundamentally broken.” He describes the difference between identity — everything that makes you who you are as a person, your name, education, job, hair color, family, etc — and a credential, something that tells people or systems who you are, and which is usually issued by an organization or government in the form of an ID card, passport etc.
Credentials like ID cards work because we control them: we use them to access things in the real world; and if someone else tried to use one belonging to us, it would likely not work as the photo wouldn’t match. There is, in other words, something in a physical credential that signifies unique ownership and, as with passports, features that signify the credential is authentic and not fake. These don’t always work but they represent an identity layer that the internet, for historical reasons, lacks. Instead, third-party platforms like Facebook function through user profiles so that you can log in to, and have a presence, both on Facebook and affiliated websites. This is known as federated identity. The trade off is that Facebook and other federated identity providers are able to track your activity and sell the data you generate online to other parties. At the same time, your profile data is stored in centralized databases that become prime targets for attackers.
Rube ends by calling for a decentralized identity solution using verifiable credentials that could be stored on our local devices – such as a mobile phone. We agree!
The Growing Significance of Trusted Digital Identities in U.S. Financial Services
A new report by the American Bankers Association takes a look at the increasing reliance on digital identities by the financial sector and what the sector can do to take advantage of developments in digital identity.
There are three major customer-facing areas where strong digital identity solutions can mitigate fraud – which according to the Consumer Sentinel Network Data Book 2021 by the Federal Trade Commission increased by 120% during the pandemic. These three areas are:
KYC — Is this identity valid? Is this the customer’s identity?
Authentication — does the system recognize these credentials?
Transaction authorization — what is the risk of the transaction? Should this transaction be allowed to go through?
Weaknesses in any of these areas can result in fraudulent activity. To prevent this, the most important thing is to strengthen up-front verification of credentials. This is because attempting to suppress fraud at the transaction stage of a purchase or money withdrawal is more difficult, especially as transactions become faster and the system only has so much time to infer if there has been fraud or not. Stronger checks upstream lead to less fraudulent identities and less fraud over all
Digital Identity Verification Can Lead To A More Equitable Future
Blake Hall, CEO of ID.me, discusses the increased need for digital identity online and specifically addresses the growing demand for virtual access to government benefits and medical documents. Demand has been rising not only due to the recent global pandemic, but also as governments take interest in the technology as they realize the financial incentive, with a recent report from the McKinsey Global Institute showing that countries that implement a digital identity system could increase their GDP by 3-13%. The UN also recognizes the benefits of more portable and secure digital identity in itsSustainable Development Goal (SDG) target 16.9 (“legal identity for all, including birth registration, by 2030“). Hall points out how an increase in access to digital identity will lead to a more equitable future as certain demographics, including people without banks, homes, or non-English speakers, typically have a harder time meeting the identity verification requirements that are currently in place.
When Regulations Don’t Do Enough To Protect Critical Infrastructure, Digital Identity Can Help
This article contributed to Forbes by Wes Wright, CTO at Imprivita, highlights the current cyber threats to healthcare, manufacturing, and the supply chain. Wright notes that while the government has been issuing regulations for the past 20 years, it has failed to keep personal data safe. Technology is advancing fast, and even compliance with the strictest regulations does not ensure that an organization’s “attack surface” is protected. The traditional “perimeter” or “wall” around most organizations is obsolete, as Chase Cunningham explained in a recent Indicio article, and too many people from all around the organization need remote access to too much data. The only realistic way to ensure that the right people have access to sensitive information is through a strong digital identity solution. At Indicio we recommend using privacy-preserving and tamper-proof verifiable credentials tied to biometrics,learn more about our solutions for creating Trusted Digital Ecosystems here.