Digital Identity: What is to come?By csc |
By Nuria Aguado, CMO, Validated ID
It is estimated that the pandemic lockdowns of 2020 drove businesses and consumers to the web at a rate 5 to 10 times higher than expected. Around the globe, people were impacted by the public health crisis triggered by COVID-19 in nearly every aspect of daily life, and, as a result, digital transformation has become a priority.
Five years from now, many of us will use digital channels to verify our identity on a daily basis. As we head towards mass adoption of digital IDs, the need to securely verify identities is stepping up a notch. In addition to the European Union taking the lead, other organizations more focused on COVID immunization proofs such as IATA and Good Health Pass are promoting the change, and there are initiatives even focused on the future HR landscape, like Velocity Network.
A new dawn for countries and industries thanks to technologies like the Self-Sovereign paradigm. Digital identity verification will look entirely different in ten years. But, how would it look?
A new EU legal framework will be launched in September 2022, and it will boost the adoption of the new paradigm in digital identity. Multiple pilots will be running per country, and the use of Identity Wallets is expected to be fully operational by 2023.
Governments and institutions are aware that they need to provide an environment to encourage adoption. As a result, the EBSI/ESSIF project, led by the European Commission, which involves member states as well as private developers like Validated ID, is very relevant to this context.
However, business and large companies have a different problem in mind that also needs to be tackled: cybercrime is on the rise. Recent data indicates that cybercrime has grown progressively more serious in the last year. It’s likely that the number of identity thefts will double in 2021 from 2020, and the consequences of being unprepared could be devastating.
Customers are also important, aren’t they? After all, this framework is being developed to cater to their needs. Today, consumers expect access to secure services online. Therefore, there are the 3 key assumptions that can be made about how identity verification processes will appear:
- Digital: Online transactions are the only way to get around the demise of face-to-face interactions.
- Private: Centralized approaches have proven inefficient to ensure private data. Furthermore, login credentials are fairly easy to steal without advanced protections.
- User-Centric: Users will be the common factor for every interaction.
4. Reusable: When data relies on the user, onboarding once and again with the same info will no longer be necessary by the providers.
The current methods of identifying identities
The most common services used for verifying a person’s identity online have different problems:
On one hand, identity solutions based on certificates are not easy to use; they require citizens to move physically to government offices to prove their identity once, and this step discourages most people. On the other hand, solutions based on social networks identities are easier to use but still users don’t have much control of their personal data that is shared on social networks.
Second Factor Authentication processes have been established as a good alternative for replacing passwords, as logins based on user and password have been proven to be not reliable enough. Other industries, such as Banking, are using streaming video identification for completing the authentication process. Finally, electronic signatures, biometrics, and face authentication methods are also valid identity verification services.
The key to online identity authentication these days is not about the applications but, most importantly, about identity verification itself. How can you prove that you exist? It is a recommendation to modernize identity systems so that individuals may ask a trusted third party who knows them authoritatively to verify their identities. These personal details will be stored in their digital ID wallet. To comply with privacy, more steps need to be taken:
The first one is to allow companies and governments to authenticate digital credentials via standards like Open ID for easy integrations. The second one, as Sovrin states, is to ensure that companies and governments are able to revoke digital credentials in the event that an identity is stolen.
Secondly, one of the biggest barriers to digitalization of our time is the lack of digital credentials, and the benefits of having an interoperable ID wallet for all citizens is now more visible than ever. Luckily, Spain and Germany are committed to pushing this agenda. Germany already has a national SSI-based digital identity ecosystem that now involves more than 60 stakeholders. As for Spain, members of Alastria, one of the main organization leading the way, comprise more than 200 businesses and public sector organizations. With these joint forces, further use cases are expected in the coming months.
Nuria Aguado is CMO at Validated ID and has over 20 years of experience in communication and advertising for multinational companies operating in Europe. Masters in Communication and Marketing Management at ESIC Business School.