Don’t miss another episode of Truth In Data! Click on the red bell in the lower-left corner of your screen to receive notifications as soon as the episode publishes.
Data for today’s episode is provided by Mercator Advisory Group’s viewpoint– Distributed and Self-Sovereign Identity Solutions: Part 1, Technology Overview
Self-Sovereign Identity, Zero Trust Security & Decentralized Identifiers:
- Self-sovereign identity places individuals in control of their own personal data, its release, and the granularity of its release
- Zero Trust Security is set to replace firewall security model, and it requires increasing authentication with increased access
- Decentralized Identifiers eliminate backend integrations by making users share and own their own identity – no central authority
- Current identification solutions like government-issued SSN numbers, or licenses, intermingle identity and authentication
- But there are two challenges: identify who the person is, then recognize who they are on return (authentication)
- To help with the authentication challenge, each card network has made significant acquisitions:
- Mastercard acquired NuData Security
- Visa implemented Visa ID Intelligence
- AMEX acquired InAuth
- The smartphone is quickly becoming the platform for secure authentication using traditional, biometric, and behavioral biometrics
About the report
Technological issues driven by the needs of distributed ID (DID) and presumed to be years away should already guide investments in EMV 3D Secure authentication. Both the authentication technology and risk models for EMV 3D Secure should be carefully considered to protect these investments from early obsolescence, the author asserts, according to a new research report by Mercator Advisory Group, Distributed and Self-Sovereign Identity Solutions: Part 1, Technology Overview.
In past reports, Mercator discussed how biometrics would quickly replace passwords and showed the importance of mobile authentication using Fast Identity Online (FIDO). The latest report takes into account new technologies including Secure DNS, distributed IDs, and self-sovereign identity, which is an identity and authentication model currently adopted by IBM, Microsoft, and Mastercard. Part 2, the forthcoming companion report, profiles technology providers in this space.
The new report explains how distributed ID (DID) and self-sovereign identity solutions (SSI) will cause the consolidation of the two platforms that financial institutions implement separately today for identity and authentication. The report indicates that consolidation benefits the consumer by delivering total control over the release of personal information and eliminating the paper chase required to collect validating paper documents and benefits the financial institution by eliminating validation of paper documents and offers the potential to participate in a new revenue generating service.
“The benefits of self-sovereign identity are clear, and major platform providers, including IBM, Microsoft, and Mastercard, have announced adoption of this model, which returns control of identity to the individual,” commented the author of the report, Tim Sloane, VP, Payments Innovation, and Director, Emerging Technologies Advisory Service at Mercator Advisory Group. “However, the more immediate concerns are that several current identity implementations appear to be in direct contrast to this model, including the Sign In with Apple implementation. In addition, the investments being made today in authentication are likely to be obsolete if these new technologies are not taken into consideration.”
This research report has 20 pages and 4 exhibits.
Companies mentioned in this report include: Accenture, Aetna, Amazon, American Express, Acxiom, Apple, Barclaycard, Desert FCU, EMVCo, Epsilon, Equifax, Experian, Facebook, Fair Isaac, FICO, FIDO Alliance, Finicity, Google, GOV.UK Verify, Harte-Hanks, IBM, InAuth, Intelius, iRespond, LexisNexis, Linux, Mastercard, Microsoft, Nok Nok Labs, NuData, Office of Management and Budget, Oracle, Replicon, SAFE-BioPharma Association, Samsung, TransUnion, USAA, Veridium, Verifiable Organizations Network (VON), Visa, W3C, and Yes.