Digital Identity (R)evolution
Traditionally, identity verification was based on human interactions and physical documents, mainly issued by central or local governments.
But in today's world, where relentless digitalization and 24/7 connectivity continue to transform everyday life, you can no longer rely on those physical identification methods alone.
Digital transformation is driving customer experience.
The expectations on the consumer's side have changed.
Today, a great consumer experience means convenience, real-time, and mobile-first.
In short, consumers/customers/citizens want a seamless experience.
On the other hand, they demand more security and protection. They want to be sure their data are safe and kept private.
Robust digital identity schemes are deeply needed.
It's become clear that the future growth of online business requires the existence of reliable and strong digital identity schemes.
They will allow new players and incumbents (both public and private) to authenticate, identify and operate efficiently and safely using the latest technologies, such as biometrics, blockchain and AI.
Stricter regulations are being put in place
Moreover, regulators are taking an increasingly active role.
- In the EU, for example, the GDPR (General Data Protection Regulation) is the latest addition to a raft of new initiatives that already includes PSD2 (second Payment Services Directive) and eIDAS regulation (electronic Identification Authentication and Trust Services).
- In the U.S., the CCPA (California Consumer Privacy Act of 2018) becomes effective on January 1, 2020. This regulation may become a model for a federal framework in the country.
As we advance, compliance will demand robust protection, privacy, and user control.
The case for ID interoperability
The key issue to operate with our digital identity is the validity that others give to the veracity of the attributes of our digital identity.
Just think about it.
Let's suppose A trusts B and B trusts C. Can A trust C?
Digital identity needs, therefore, a provider that will bring enough trust, security, and convenience at the same time.
- In the private sector, many service providers have built their identity system, often based on user and password. They have failed to provide consumers with data privacy, security and a seamless authentication experience.
- On their side, the public sector has started surfing those new digital identity trends and technological waves. More and more countries are building national eID schemes using it mainly to offer access to governmental and public online services (Germany, Spain, Italy..). The Estonian digital identity scheme is one of the most successful and highly developed.
Nevertheless, with the increasing emergence of different services that require identity validation, the private sector may expect identity provider systems that can administer identities and credentials differently for multiple service providers to be linked to government systems.
"As public identities have been created by different authorities, interoperability and the collaboration between different entities to offer complete solutions is decisive," said BBVA Research.
The weaknesses of those fragmented and siloed identity schemes have paved the way for those last years for new pioneer ID federation initiatives that have met broad service provider and end-user adoption, with leading banks offering a nationwide Digital Identity solution.
In most cases, those federations have been pushed by banks, bringing the natural trust for securing data, protecting privacy, being the fundamental basis to reach many users, and offering more innovative services.
One of Europe's most successful Mobile ID federations is the mobile application itsme®, built by Belgium Mobile ID, a wide consortium of Belgium's leading banks and mobile network operators.
As mentioned in our Digital Identity white paper (see below), those federated identities schemes will continue to develop as they properly answer to consumers' and services expectations:
- User-centric solution with a streamlined onboarding process
- Cooperation among major stakeholders across segments for a broad consumer reach is key for mass adoption & trust
- Strong brand to bring trust and confidence to all parties
- Key initiators typically include banks as critical identity providers
- High security with authentication solutions obtained by the latest technologies
More recently, another type of Digital Identity Provider is emerging, more decentralized, based on technology such as blockchain, putting end-users fully in control and allowing different service providers to share identity verification attestations.
This type of scheme is called Self Sovereign Identities (SSI).
Three types of digital ID schemes: siloed, federated, and based on self-sovereign identity.
The future of digital identity schemes
Looking at the future, we don't need a crystal ball to bet on the development of many digital identity schemes based on consortium, where financial institutions will have a clear role to play.
For those who take the opportunities available to them, there will be many decisions to make – not least between the Federated and Self-Sovereign models.
Ultimately, there is no "one size fits all' solution.
First, identity is tied to a country's cultural characteristics and regulatory framework.
A successful Digital ID scheme will need to reflect these local factors, too.