Is Decentralized Identity the Next Game-changer?
- By James Cook, Entrust
- October 25, 2022
There's a moment in the movie The Net when Sandra Bullock, playing a systems analyst and remote worker, gets her identity — and entire life — erased with far-reaching consequences. The year was 1995, and the issue of "personal privacy" was starting to emerge. Major web players, from eBay to Cisco, had by then begun to reflect on global standards for managing personal data.
Fast forward to today, and we find ourselves in a major identity crisis, thanks to the explosion of digital services. The global pandemic has only widened the battlefield for rampant identity fraud as more people shift to online transactions and remote work.
Online fraudsters on the rise
This can be attested to by the rising number and monetary size of online scams since the coronavirus outbreak in 2020. According to the recent Singapore Cyber Landscape 2021 report, phishing has risen by 17% since 2020, mirroring global trends. Earlier in June 2022, police warned of an increase in phishing scams, with at least 28 people falling prey and losing at least SGD114,000.
Banking scams are particularly fraught for both consumers and banks, taking hits on both the financial and reputational fronts. In many instances, customers blame a bank’s scam prevention measures and demand that banks need to be more proactive.
A recent 2022 Global Identity and Fraud Report found that four in five Asia Pacific customers (or 80%) assume businesses will take the necessary steps to protect them from cyber threats.
Which begs the question: what can a business do? How can CIOs and CISOs preserve privacy and trust as identity theft becomes increasingly rife?
A new secure identity paradigm
This is where decentralized digital identity comes in.
What makes this different from existing identity strategies? It is the way critical data is stored and validated. The idea is to give individuals more privacy and convenience with less fraud. One specific implementation of decentralized identity is self-sovereign identity (SSI) which is designed to give an individual or company more control over their digital identity.
Take, for example, Mary, who is registering online for a Singapore driver's license. If SSI is adopted, Mary can present proof through her digital wallet that she is at least 18 years old without revealing her actual date of birth.
In a decentralized identity framework, the users receive verified credentials about themselves from certified issuers such as governments and retailers. These credentials are stored in the user's digital wallet app. When the user presents proof of identity to a company requesting this, the company can verify the proof via a blockchain-based ledger.
Note that the two fundamental properties of a blockchain ledger are that it does not store the user's data and is cryptographically secured to make the ledger tamper-proof.
The movement to decentralized identity is underway, with forward-thinking companies developing the core technologies and roadmaps to build self-sovereign frameworks. This gives users back their privacy, allowing them to choose the personal information they share and who can access it — resulting in convenience with less fraud and friction. This is a win-win for everyone.
However, we still have hurdles to overcome, including mainstream acceptance if decentralized identity is to be adopted as a standard process. Given that personal data is valuable currency to businesses, it is understandable why there is a reluctance to let go of the consumer data monetization model. On the plus side, this model is gaining traction with support from standardization forums such as the Decentralised Identity Foundation and W3C Verified Credentials.
Time for a new chapter
The decentralized identity space is still in its experimental stage. Organizations have yet to figure out how to deploy this technology at scale while factoring in legacy issues, costs, and regulatory requirements.
Some companies are already developing core technologies and roadmaps for establishing decentralized identity protocols. To start building this framework, businesses can benefit from working with a trusted partner with a strong portfolio of identity solutions that includes citizen identity verification (IDV) and user identity to help protect sensitive information.
Whatever the approach, shaping any digital identity strategy should begin and end with the consumer. Ultimately, what benefits the consumer also helps the business in the long run.
James Cook, director of digital security for Asia Pacific & Japan at Entrust, wrote this article.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends. Image credit: iStockphoto/ArtemisDiana