On the internet nobody knows you’re a dog was stated in the legendary New York Times cartoon that captured the spirit of privacy and anonymity in the early days of the internet.
Even though anonymity is still a hot topic and sought after in the online world, times have changed. With the ever-increasing growth of fraud, misinformation, social media as a primary channel for media consumption, and online transactional services, a verified digital identity is crucial in making any digital service succeed.
Banking is one of the areas where the ability to verify one’s identity in a secure and compliant manner is a prerequisite to access basic services. Looking at the unbanked population of the world today, it is estimated that as much as 1,5 billion people lack access to everyday banking services due to their inability to prove their identity through a valid birth certificate, passport, proof of residency through utility bill or some other means to fulfill traditional KYC-procedures.
In addition to accessing digital banking, most of us also have verified our identity through a plethora of services like Google, Facebook, Apple, TikTok, and the list goes on through various means of identity verification that make up an interlinked web of interdependencies, where one of your identities vouch for your eligibility to access another service.
Two-factor authentication or biometric identification often rely on your mobile phone, and when you choose to log in with Facebook, you authorize Facebook to represent you online. While this is often convenient for easy and quick access to the latest mobile app you want to try out, you are paying a price by allowing Facebook to share and sell, not only your data but also your digital identity.
However, your digital identity is more than your login credentials. This is merely the authentication that connects you with the digital you. Your digital identity consists of thousands of data points that make up a profile of who you are and your preferences. Today, your digital identity is scattered all over the internet where Facebook owns our social identity, retailers own our shopping patterns, credit agencies hold our creditworthiness, Google knowns what we have been curious of since the dawn of the internet, and your bank owns your payment history. As a result, we are all analyzed in detail to predict our future behavior and monetize our digital identities.
Not only do we lack ownership of our own data, but our fragmented digital identities where various third parties own bits and pieces only gives part of the picture and also propose vulnerabilities for those third parties. As an example, fraudsters have started to take advantage of this in countries with no national identifier by creating synthetic digital identities by signing up digital services and applying for credit. Even though the initial credit application is rejected, a credit file is automatically created, and thus creating a digital paper trail for a non-existing person. With approximately 10 million new consumer credit files generated in the U.S. each year, synthetic identities can be very difficult to detect. Over time, these synthetic identities gain access to credit, and bank losses due to synthetic fraud are estimated to amount for somewhere between 1 -2 billion USD each year.
While tech giants such as Apple, Google and Meta are constantly competing in owning your login credentials by allowing users to log in to third-party accounts with their respective login credentials. As an alternative, self-sovereign and decentralized identity schemes which empower individuals to control their digital identities without relying on centralized authorities have been proposed through several instances. Where the European Union is exploring decentralized digital identity through initiatives like the European Self-Sovereign Identity Framework (ESSIF).
This is set to be an integral component in the European Digital Identity (EUDI) Wallet which is set to provide all EU citizens, residents, and businesses with access to a secure and interoperable digital identity solution by 2026. This wallet will enable users to link their national digital identities with various personal attributes, such as driving licenses, diplomas, and bank accounts, ensuring mutual recognition across the EU
However, a self-sovereign identity has its weaknesses, namely ourselves as human beings. We tend to be forgetful, and sometimes downright unreliable. Letting users keep the only key to access their digital identities is a recipe for disaster the moment someone forgets their password or pass away. There is nobody to call and no forgot password button to reclaim the ownership of the identity.
It is difficult to envision a future of digital identity without relying on some kind of identity custodian that maintains a verified connection between your physical and digital self, ensures that no data is used without consent, monitors malicious behavior and provides user support in case of a lost key. This is far from an easy solution and should be provided by a regulated entity. One thing is for sure, such a solution rely on trust and must give the end user full ownership of their own data similar to data portability under GDPR.
There is too much at stake when it comes to our digital identities to remain unvigilant of what is going on, as shown numerous times through both data breaches where our personal data is compromised and sophisticated fraud methods where our identities are hijacked to conduct malicious activities.
Digital identities are foundational building blocks of the digital world we all are a part of, and must be secure, user-centric, and privacy-preserving. As technology continues to advance, so much digital identity schemes as well as our awareness as individuals and organizations.
