How we prove that we are who or what we say we are during digital transactions and interactions is set to become one of the defining features of the next stage of the human digital transformation. Today, we are living with early attempts to solve the problem that is no longer fit for purpose. At best, the multitude of different ways we log in, confirm our identities, and establish trust in claims made during digital exchanges, has become profoundly inconvenient. At worst, they have left us in a connected world which is neither safe nor secure, and in which we seem to have completely lost control of our most personal information. The next-generation solutions to the digital identity challenge could change all of this.
In the short term, new solutions are likely to move us towards the promise of a single Digital ID that allows us to simply, safely and securely navigate a connected world. This single ID could allow us to swiftly cross an international border and hire a car, use multiple credit cards, change our bank account, and at the same time act as a robust login tool for any and every online digital service we chose. Furthermore, the promise is that it could do all of this whilst affording more privacy to an individual than is currently the case. Looking further forward, the changes could be even more profound. The ways that we digitally manage, share and verify our personal information could completely redefine the human digital experience. Current digital business models that seem immutable could collapse. Centers for digital power might shift radically. And the current personal data ‘land grab’ could be replaced by a new digital norm in which individuals can finally make meaningful claims to data ownership and control. However, there are a number of potentially calamitous pitfalls to navigate along the way. Some of these could lead to whole new kinds of digital dystopia.
The digital identity verification market is projected to reach $12.8 billion by 2024, despite the fact that digital IDs are still largely underused in the world today. PYMNTS’ Digital Identity Lifestyle Capsule found that 71.2 percent of financial services customers were satisfied with password authentication alone, and similar proportions were satisfied with email address verification and PINs. Newer digital identity verification methods, like biometrics, could provide far superior authentication protocols and offer customers more seamless experiences while protecting against fraudsters. Digital IDs could also greatly enhance the gig economy, and third-party providers are hard at work to make this happen.
Digital ID verification could prove to be exceptionally useful in banking. New regulations, like the European Union’s Revised Payment Services Directive (PSD2), require banks to provide each other with access to account information and transaction data. This means that there is more incentive than ever for a unified digital identity system that allows users to seamlessly verify their identities across a range of FIs. One country that has long been exploring digital IDs’ possibilities is Sweden, where a number of large banks — including Danske Bank, Länsförsäkringar Bank, and Swedbank — introduced the BankID system in 2003. The program allows citizens to use the BankID smart card or mobile app for digital identification, conducting transactions and signing documents — actions that are considered legally binding in Sweden and the EU. More than 8 million people, or 80 percent of Sweden’s population, use the system.
Digital identities could also help improve the gig economy. Gig workers almost never meet their employers face to face, making reliable remote identification processes crucial to ensure customers’ safety. Such offerings could also help match gig workers to jobs based on their qualifications. Stories abound of consumers hiring construction contractors that did not have the right tools or freelance copy editors that made critical errors because they were unqualified. Employers could use a digital ID system to review potential workers’ qualifications, and workers could automatically filter searches so they only show gigs that meet their exact qualifications. Digital ID is also useful in bookkeeping. Many drivers work for both Uber and Lyft and have different user accounts for each. This makes it difficult for them to determine how many hours they have worked and how much they have earned, especially when managing taxes or applying for loans. A single unified identity solution that works across both accounts could drastically simplify this process and open the door to portable benefit schemes for gig workers.
Third-party providers are working to provide these fields with such digital ID verification solutions. London-based startup Yoti specializes in quick authentication and age verification for online services, and its verification procedure works on a granular basis. It releases just enough information to prove a user’s identity without oversharing. The startup has partnerships with both private enterprises and government agencies. Heathrow Airport uses Yoti’s system to perform quick self-checkouts and biometric passenger analysis.YouWho is a South African mobile and web application that validates customers’ identities by comparing a real-time photo of a user’s fingerprints against the country’s National Population Register (NPR). The app leverages biometric technology, artificial intelligence (AI) and algorithms to confirm the ID. YouWho does not store fingerprint information on its devices, granting users control over their own data and protecting the app against hackers.
These benefits are essentially useless if fraudsters are allowed to run amok with users’ personal data. Security is a perpetual customer concern, but most still rely on password-based systems or 2FA processes that are vulnerable to cyberattacks. “Through brute force, phishing or third-party login processes user accounts may fall prey to data breaches,” Mathias Klenk, CEO, and co-founder of Passbase said in an interview with ITPro Today. “When deploying authentication, businesses should avoid simple two-factor authentication methods like one-time passwords over SMS, voice calls or emails. Digital ID solutions should instead rely on biometric technology and digital verification of government-issued identification, which not only allows providers to make digital IDs vastly more secure but also grant users more control over their information. These methods are compatible with zero-knowledge proofs, meaning users can choose what information to share. Passwords are currently king, but the widespread recognition of more seamless and secure digital ID methods could very well take that crown.
The next two years will see some of the most accelerated evolutionary changes experienced so far by public stakeholders and their partners in the field of secure digital identity. In particular, these changes represent essential considerations for authorities that want to make digital identity and on-line services (particularly mobile services) defining features of their modernization processes in the years to come. Expect to see:
The ID will become ever more mobile. Of course, it doesn't take an expert to recognize we've entered an era in which mobile connectivity dominates. But it's worth emphasizing that the trend shows no sign of abating. And the implications for digital ID are profound. Look at some of the facts:
- 76% of internet use in 2019 was mobile according to Zenith's Mobile report. Mobile devices (also including tablets) are now the major means of accessing the internet for users.
- Google – a company that knows a thing or two about the future of technology - is steadily moving towards a mobile-only world.
- The lesson for all digital ID stakeholders is clear: prepare for mobile-first
Identity is the link that connects an individual to his or her community. For public authorities, the key challenge in the next two years will be to create harmonious digital bonds that secure the relationship between new mobile identities and wider society. This is only possible through a public framework of trust, built on guarantees of private data protection and security. Measures taken to bolster security and combat fraud are generally well accepted by citizens. These are, of course, sovereign matters par excellence. The Cambridge Analytica revelation mid-2018 was (once more) a good illustration for the need for a robust digital identity framework, privacy by design and regulation. Facebook offered none of the 7 principles of Privacy by Design. Robust security measures will be the obvious response to new demands for trust in all exchanges between citizens and public authorities. In terms of privacy protection, the General Data Protection Regulation of May 2018 (GDPR) for the European Member States represents a major step forward for data protection and privacy. 28 countries are impacted including the UK.
Around the world, the shift of populations to urban environments is already one of the defining trends of the 21st century. Inevitably, technological developments are becoming inextricably linked with this mass migration. The digital or the smart city is becoming the model that ensures consistency in all the links between urbanites, their wider communities and public authorities. This includes, of course, eGovernment and/or mGovernment, within which digital identity is the key that unlocks the individual's access to a rich array of services and support. Or, to put it another way, the smart city is set to become our new playground. By their very nature, smart cities are mobile environments. The digital ID will, therefore, represent the 'virtual umbilical cord' that continuously links each individual to their public and social life. The message for public authorities is clear: national digital ID creates an unrivaled opportunity for local creativity.
Faced with an increasingly challenging economic landscape, governments are inevitably searching for new opportunities for sustainable, harmonious growth. As regulatory environments take shape, close collaboration between the financial world, central and local public authorities and digital communications operators will support effective solutions and implementation of best practices. Of course, the real source of new business opportunities is not digital identity itself, but the myriad of applications it enables. This is where banks and other operators will see a bottom-line return on their investment. As already outlined, the march of the digital ID is well underway. The focus will, therefore, be on the adoption of the new structures and regulations that are needed to govern the associated services and transactions. Because evidence of uptake of digital ID and associated services are multiplying. Giving us the clearest signals since the concept was first introduced some fifteen years ago that a tipping point has been reached.
The digital ID evolution – as broad as it is dynamic - will continue to move forward. The citizen is the fundamental driver of these changes. Millennials now make up a majority of employees and a growing proportion of total citizen populations. They are reshaping the culture of our institutions. Ultimately, this tech-savvy generation is being proved right. The older generations, by finally joining in and adopting these forms of technology, can break out of their isolation, stay in contact, and preserve social and especially family bonds. Recently happening equally strong dynamics across the following three stages:
- From theory to proof-of-concept: 2018 and 2019 will be the year of proof-of-concept for the blockchain in public services - specifically in areas such as e-government and health care. Questions on the real interest of self-sovereign identity for digital identity will be answered.
- From proof-of-concept to pilot: As it moves from a proof-of-concept technology into secure and interoperable solutions with new standards, 2019 and 2020 will be the "years of the pilot" for digital driver's licenses, digital credentials on mobile, and virtual/digital and cloud passports.
- From pilot to implementation: Countries will move more quickly than expected, and we could reach a tipping point over the next 12 months. Many national ID schemes are approaching critical mass.
Because there is so much going on in this space today, it’s worth summarizing some key takeaways. First, identity and access management and physical security tasks need to be dealt with as one joint task, not two separate ones. Treating them as separate may be a sign that your teams are not aligned internally.
Second, next-gen identity and access management systems, such as those that integrate biometrics and IoT sensors, have incredible potential but also come with intangible concerns, such as privacy issues. These issues need to be addressed concurrently as part of any digital transformation effort.
Third, before any digital transformation undertaking, make sure you know what the end state is supposed to look like. Not only might you be building more risk and fragility into your system than you bargained for, but new technologies on the horizon may completely alter the expected return on your investment.
Lastly, don’t overlook the human component when facing the digital/physical security challenge. Humans are the glue that connects these two realms — and a critical part of successful digital transformation.