This special report by my favorite two reports does an excellent job describing why digital identity is currently a major mess, describes several hopeful solutions, but also identifies the major impediments – which is primarily competing interests between citizens, governments, banks, and corporations.
Lately there has also been a lack of definition regarding the several different aspects that need to be considered in any identity system. Step 1 of course is proving an individual is who they claim to be; which by itself is a metaphysical and legal quagmire. Different authenticators typically require different levels of background checks and questions because each authenticator has a different goal (employment history, income history, medical history, birth certificate, Etc.). Once the authenticator “recognizes” the individual Step 2 takes place – tagging the individual so s/he can be recognized quickly in the future. It Today that is still often a passport or a license, but in the digital age it is a string of digital bits that the individual must present as proof they are the same person that was vetted in Step 1. As if vetting the individual wasn’t hard enough, authenticating an individual is another complex process that, when done incorrectly, leaves a range of confounding fraud vectors (as discovered in the initial rollout of Apple Pay).
NIST, PSD2 (Strong Customer Authentication), and other standards and industry groups (such as SAFE BioPharma Association) have documented what needs to be done to properly authenticate an individual, but again, there is no one approach in that every approach is designed for a specific level of assurance. The more assurance required to prove the individual is correctly identified, the more difficult the provisioning and authentication process becomes.
This PaymentSource article provides a great overview:
“Innovation has made communication, information gathering and payments digital, portable, fast and automatic — a fundamental reordering that has revolutionized how people and companies engage with each other and the world.
The problem is, that revolution’s got a big hole: Digital identity. As ID technology automatically embeds in layers of apps, programs and devices, users will spend less time actively authenticating themselves. So the goal becomes the problem. The more authentication gives way to standardized pre-registered virtual keys, the harder it is for the world to know who we are with absolute certainty.
The digital ID market has massive potential, but many fundamental problems that must first be overcome. Among them: The companies best positioned to provide a viable digital ID platform are not the ones best positioned to benefit from it.
There is one common point of agreement, however: The physical keys and static passwords that identified us until just a few years ago are anachronistic, overused, and unsafe. The objective is — or at least should be — to build one virtual key that lets the entire world know who you are. A key that brings a billion new people into the financial system, that shortens lines at grocery stores and airports, that combats data breaches, that effortlessly swims from one app to another, and can’t be duplicated or stolen.
Read the full article here
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group