Identifying the potential in digital identity
You unbox the new phone from its upcycled, responsibly sourced seaweed packaging. With a glance to the screen, its sensors boot up, identify you, and connect you to your iCloud account. And as you are leaving the store, the 7G connection downloads your apps and configures your settings. Outside, your new phone launches your favorite car-sharing app and guides you to a nearby car, which it unlocks and starts for the ride home.
While the scenario above is aspiringly fictional, parts of it are already reality. India is on the cusp of seamless Voluntary and Integrated Customer Experience, or simply VOICE. In this digitally optimized future landscape, consumers share data with service providers voluntarily in return for data integration. That is, the user could use a single mobile app to pull data from multiple providers, such as banks, airlines, hotels, ISPs, and telecommunication operators. Instead of logging into multiple websites and interface with different apps, the user would enjoy a seamless customer experience.
The realization of VOICE requires a thriving digital/electronic identity (eID) ecosystem that includes identity providers, identification service providers, technology infrastructure solutions, and entrepreneurial businesses with innovative applications for enhanced customer experiences.
Building trust in eID
To appreciate the potential of how eID can improve customer experiences, you must first understand the building blocks of digital identity.
Building Block 1: The Trust Triangle
The first building block of digital identity is the trust triangle connecting three stakeholders: the identity holder, the issuer, and the verifier. Using the diagram from Bankenverband, below, we can visualize the concept better.
When someone applies for a new mobile phone number, in the context of the trust triangle, they are the identity holder. Their passport – issued by the Government of India – is the proof of identity they provide to the telecom company, the verifier. The telecom company trusts India, the authority that has verified the person’s identity to issue a passport. (Agreed, some business models might require a third party to add another layer of security, but we will ignore it for the sake of convenience).
Building Block 2: Attributes
The multinational cybersecurity company Avast defines digital identity as “any personal data existing online that can be traced back to the real you.” Personal data, aka attributes, could include:
4. Account balance
5. Credit history
6. Passport number
7. Vaccination history
Credentials like Aadhaar, India’s national eID scheme, the German identity card, and the many other national digital IDs are similar attributes.
Building Block 3: Levels of Assurance (LOA)
Levels of Assurance refers to the degree of confidence in the claimed identity of a person – how certain a service provider can be that it is you using your eID to authenticate to the service, not someone else pretending to be you. There are multiple LOA models on the market. Some consulting firms have a four-tiered model, some three, some more. The European Commission, for example, has developed a three-tiered LOA:
1. Low – for example, member enrolment by self-registration via a webpage with no identity verification
2. Substantial – for example, enrolment with two-factor authentication, 2FA, requiring a username, a password, and a single-use code sent to the user’s mobile phone
3. High – for example, enrolment in-person at a government office and authenticated with a smart card
Building Block 4: Interoperability
The #GoodID movement defines interoperability as “the ability for digital identity technologies or systems to communicate with each other or work together.” This is critical to increase its adoption. Take the case of India’s Unified Payment Interface ecosystem. The National Payments Corporation of India enabled two important developments to facilitate interoperability. First, UPI wallets could transact with each other regardless of the user’s bank account. Second, UPI was integrated with WhatsApp. Both these played a role in providing many use cases for end-users where people preferred mobile phone transactions. This enabled speedy adoption of the UPI platform.
Have you observed how some applications allow you to sign in using your Google, Facebook, or Apple accounts? That sort of interoperability helps users. They do not have to remember each new password they create for every website, a “single sign-in” is sufficient. In the realm of digital identity, an end-user should be able to use a single mobile application for self-identification across platforms for diverse services. This is made possible when an ecosystem is developed so that it allows for apps to communicate with one another.
Digital identity in the world today
The eID space in India and abroad is abuzz with activity. As our lives move online, it is a natural development that our identities are electronically transformed as well. Estonia plans to link digital identities to digital wallets. Through this linkage, personal data attributes are shared with service providers and the individual’s ID is authenticated. Spain recently rolled out Apple Wallet support for the EU Digital COVID Certificate. This allows a private player, Apple, to hold data issued by the government – a pairing I explore further below. The Mumbai-based eID startup IDfy recently raised US$11 mn from TransUnion International & Blume Ventures. IDfy’s solutions help its 500+ clients across industries ranging from banks and financial services to ecommerce and telecommunication and to healthcare.
At a systemic level, the Institute of International Finance, along with 150 experts, co-authored and published the Global Assured Identity Network (GAIN) white paper. The paper proposes a user-centric approach to usher in the next identity paradigm. Instead of placing the onus on the user to remember countless passwords and to log to access each service, the user enlists a trusted and regulated provider to provide the verification. According to The Paypers, a news source in the payment sector, GAIN will offer an alternative to “Big Tech,” addressing concerns about data privacy mismanagement as well as threats to democratic norms and economies.
What should governments be mindful of?
Research by Isabel Skierka from ESMT’s Digital Society Institute underscores two critical aspects of digital identity which policy makers should keep in mind, as these ecosystems continue to develop. One, they should question who controls and governs the digital identities of individuals and organisations. Two, they should ensure that robust IT security systems and strong data protection policies are in place. In a recent issue of ESMT Update, the business school’s internal magazine, Skierka says, “The success of a national digital identity solution requires the cooperation of the public and private sectors within a common governance framework.” Extending this argument further, governments could also be wary of where the data stored, leading to more stringent data localization laws in the years to come.
Our future with eID
An interesting public-private partnership thought experiment: If Apple’s Face ID is paired with the Aadhaar ecosystem, we can expect some interesting use cases. For example, if any online service provider needs age verification, the Apple Wallet would be capable of proving it. This opens up numerous electronic know-your-customer (eKYC) applications in financial services and the possibility of instant check-in and check-out in the hospitality and retail domains. These all underscore VOICE.
Digital identity also holds considerable potential in the development of smart cities. The applied science and technology development company Battelle lists four components of a smart city: analytics, transportation/mobility, health, and environment. Of the four, eID plays a critical role in three – from assisting in quality data capture for good analytics for both prescriptive and descriptive analytics to facilitating seamless payments and permits for smart transport. The IT security firm Imprivata echoes the importance of digital identity in enhancing patient care, securing healthcare systems, and managing patient data access.
The growing importance of eID is a positive externality of the raging global pandemic. As the world embraces a digital-first approach in multiple aspects of life, individuals are increasingly required to couple their online avatars with verifiable digital identities. The benefits of a mature digital identity ecosystem help both businesses and consumers. For businesses, customer identification and verification processes can be sped up. This lowers customer abandonment rates. For financial institutions, advances in digital identity lower the risk of fraud. The second benefit would be the lowered costs for businesses. Lowered costs for businesses can be passed to consumers or cash can be reallocated to cover other critical overheads, thus incentivising businesses to step up their roles in developing the digital identity ecosystem. As the digital identity ecosystem continues to evolve, it provides customers a chance to voluntarily share their data, which is transmitted between different businesses in a larger, integrated ecosystem. The first benefit of engaging with such a mature ecosystem for consumers would be the enhanced customer experience. Second, such an ecosystem would allow speedy access to services. These benefits to both customers and businesses voice a clear case for digital identity.