The current approach to digital identity management is unsustainable. It’s become necessary to move away from intermediary and provider-controlled models toward user-controlled digital identity. Last week, challenges to this undertaking, along with potential solutions, were discussed at K(NO)W Identity Conference in Washington, DC. These are my top five takeaways.
1. Identity is a critical element of any business transaction or social interaction.
Your identity is essential because it tells people who you are. When you buy something online, your payment card is linked to funds as well as identifying information that the business can verify. When you apply for a loan to buy a house or a car, the bank must ensure you will be able to pay it off. When you meet someone new, you have to make sure they are who they say they are before you reveal anything too personal. Participants in both social and business networks must know who they are dealing with. If they don’t, it’s difficult to guarantee a transaction will be completed according to the terms that have been set.
Most institutions have KYC (know your customer) requirements for identifying and verifying the identity of anyone they interact with. However, an individual’s identity is not defined by a single attribute such as a name, user ID or address. Various attributes, including work, financial and social history, are used to define a person. Figuring out how to manage these attributes in the digital age is a formidable task.
2. Digital identity fraud and personal data theft are primary challenges for both individuals and businesses.
Identity-related crimes can have far-reaching legal, monetary and emotional consequences. Every day, sham businesses deceive consumers out of their hard-earned cash while fraudsters hijack payment card details and accounts. Both individuals and businesses are at risk of becoming victims. With every data breach that hits the news, it becomes clearer how easily personal information can be fabricated, misrepresented or stolen.
To combat the rise of identity fraud and theft, companies of all sizes are being required to implement measures to comply with federal privacy laws to safeguard non-public information about customers, patients, clients and employees. However, traditional methods of protecting identity are quickly becoming ineffective. Lost revenue and having to pay penalties for non-compliance are powerful incentives to finding a new approach.
3. Decentralized identity can be better managed with blockchain, a distributed ledger technology.
By default, identity is decentralized: individuals must give their personal information to various companies and government entities to interact with them, but then they have little to no control over how that data is used. Thus, it’s critical to establish trust among users, identity providers and relaying parties. With blockchain, all participants can use an agreed-upon set of identity attributes to authenticate, verify and authorize individuals to engage in transactions. An individual can also control access to personal data, while presenting a single, cohesive view of his or her identity to those that need to know it.
4. Permissioned blockchain can deliver the capabilities needed to meet the security, privacy and consent requirements of identity management systems.
A permissioned blockchain framework such as The Linux Foundation’s Hyperledger Fabric — one of the open-source community projects maintained by The Linux Foundation’s Hyperledger — has the following features:
A shared, immutable ledger with one version of the truth.
Smart contracts ensure verifiable and signed business logic is executed in each transaction.
Known participants verify transactions and ensure records are valid.
Privacy and security measures grant access only to permissioned parties.
With open, interoperable platforms, identity can be verified in a more robust manner. To learn more about building trusted identity networks on blockchain, read this report from the IBM Institute for Business Value.
5. Established as well as emerging technology vendors are innovating around identity management with blockchain.
In Canada, SecureKey Technologies is working with IBM to enable a new digital identity and attribute sharing network using IBM Blockchain service and built on Hyperledger Fabric. The benefits of such a network are twofold: network members can control what identifying information they share, while organizations can efficiently validate the customer’s identity and arrange new services.
The internet has facilitated new ways of interaction and communication, but it has also increased our vulnerability to fraud. Individuals and businesses are looking to blockchain to protect and manage identities in the digital age.
If you missed these sessions, be sure to check out the replays here:
Many experts say that a password-based login is an insecure approach to online interactions and that multi-factor schemes add friction that reduce user adoption and productivity. Obtaining assured authentication of a person’s identity while adhering to new data privacy laws and regulations presents a minefield of security and customer experiences issues that are costly and […]
A survey by the National Coffee Association finds that 64 percent of Americans, age 18 and over, drink coffee daily. After factoring in the less-caffeinated casual coffee drinker, this results in 400 million cups of coffee consumed daily in the United States. That may seem like a lot, until compared with most European countries who […]
Identity and control of personal identity is top of mind, given recent events as well as the European Union’s General Data Protection Regulation (GDPR). A lot of our identity is shared without our explicit consent, gets stored in locations we are unaware of, and when compromised creates tremendous setbacks. Almost everything we do in the […]