Digital Identity (R)evolution
Traditionally identity verification was based on human interactions and physical documents, mainly issued by central or local governments.
But in today's world, where relentless digitalization and 24/7 connectivity continue to transform everyday life, you can no longer rely on those physical identification methods alone.
Digital transformation is driving customer experience
The expectations on the consumer's side have changed.
Today, a great consumer experience means convenience, real-time, and mobile-first.
In short, consumers/customers/citizens want a seamless experience.
On the other hand, they demand more security and protection. They want to be sure their data are safe and kept private.
Robust digital identity schemes are deeply needed
It's become clear that the future growth of online business requires the existence of reliable and strong digital identity schemes.
They will allow new players and incumbents (both public and private) to authenticate, identify and operate efficiently and safely using the latest technologies such as biometrics, blockchain and AI.
Stricter regulations are being put in place
Moreover, regulators are taking an increasingly active role.
- In the EU, for example, the GDPR (General Data Protection Regulation) is the latest addition to a raft of new initiatives that already includes PSD2 (second Payment Services Directive) and eIDAS (electronic Identification Authentication and Trust Services).
- In the U.S., the CCPA (California consumer privacy act of 2018) becomes effective on January 1, 2020. This regulation may become a model for a federal framework in the country.
Going forward, compliance will demand robust protection, privacy, and control for users.
The case for ID interoperability
The key issue to operate with our digital identity is the validity that others give to the veracity of the attributes of our digital identity.
Just think about it.
Let's suppose A trusts B and B trusts C. Can A trust C?
Digital identity needs, therefore, a provider that will bring enough trust, security, and convenience at the same time.
- In the private sector, many service providers have built their identity system, often based on user and password and failing to provide consumers with data privacy, security and seamless authentication experience.
- On their side, the public sector has started surfing those new digital identity trends and technologic waves. More and more countries are building national eID schemes using it mainly to offer access to governmental and public online services (Germany, Spain, Italy..). One of the most successful and highly developed is the Estonian digital identity scheme.
Nevertheless, with the increasing emergence of different services that require identity validation, the private sector may expect identity provider systems that can administer identities and credentials differently for multiple service providers to be linked to government systems.
"As public identities have been created by different authorities, interoperability and the collaboration between different entities to offer complete solutions is decisive," said BBVA Research.
The weaknesses of those fragmented and siloed identities schemes have paved the way for those last years for new pioneer ID federation initiatives that have met broad service provider and end-user adoption, with leading banks offering a nationwide Digital Identity solution.
In most of the cases, those federations have been pushed by banks, bringing the natural trust for securing data, protecting the privacy and being the fundamental basis to reach many users and offering more innovative services.
One of the most successful Mobile ID federations in Europe is for sure the mobile application itsme® built by Belgium Mobile ID, a wide consortium of Belgium's leading banks and mobile network operators.
As mentioned in our Digital Identity white paper (see below), those federated identities schemes will continue to develop as they properly answer to consumers and services expectations:
- User-centric solution with a streamlined onboarding process
- Cooperation among major stakeholders across segments for a broad consumer reach is key for mass adoption & trust
- Strong brand to bring trust and confidence to all parties
- Key initiators typically include banks as critical identity providers
- High security with authentication solutions brought by the latest technologies
More recently, another type of Digital Identity Provider is emerging, more decentralized, based on technology such as blockchain, putting end-user fully in control and allowing different service providers to share identity verification attestations.
This type of scheme is called Self Sovereign Identities (SSI) and this is exactly what is Thales Trust ID Network.
3 types of digital ID schemes: siloed, federated, and based on self-sovereign identity.
Thales Trust ID Network
This new Digital Identity Solution, built in partnership with R3 and deployed on financial-grade distributed ledger Corda, is a decentralized digital ID platform based on Blockchain.
It allows service providers to simplify customer identity management and streamline the due diligence process while enabling end-users to be in total control of their identity.
Thales Trust ID Network entitles end-users to full ownership of their identity and total control over who can have access to their personal information.
And from the banks' point of view, it helps streamline new customers onboarding, and access to up to date, accurate, and reliable data about their customers.
This limits the risk of ID theft and fraud and provides a convenient and secure Identity Management service.
So what's the magic formula?
The future of digital identity schemes
Looking at the future, we don't need a crystal ball to bet on the development of many digital identity schemes based on consortium, where financial institutions will have a clear role to play.
For those that take the opportunities available to them, there will be many decisions to make – not least between the Federated and Self-Sovereign models.
Ultimately, there is no "one size fits all' solution.
For a start, identity is very much tied to a country's cultural characteristics and regulatory framework.
A successful Digital ID scheme will need to reflect these local factors too.