Oxford Languages define identity as the fact of being a person or thing. According to the World Bank ID4D data, over a billion people around the world do not have official proof of identity. In Asia-Pacific, up to 20% of the population lacks an ID.
Even as governments race to implement national digital identities, private sector service providers like banks or insurance are not always able to make use of these ID system features, even where the public entities can do so. In less developed sectors of economies, the challenge is even more significant reflecting broader gaps in digital infrastructure, capacity, access, and literacy.
Juniper Research estimates that by 2024, governments around the world will have issued 5 billion digital identity credentials. The question becomes will private sectors embrace these by then. The follow-up question to this – is how we securely access, use and manage these identities.
In the current world, the individual is viewed as new person whenever they have an interaction with a new entity, which gives rise to the situation of individuals holding multiple identities.
Accredify CEO and co-founder Quah Zheng Wei says your identity in the new digital world will put you at the centre of all data interactions. “Meaning you only need one single digital identity to authenticate yourself and to get access to different ecosystems and services around the world,” he added.
What “verifiable identity” solves
Quah says verifiable identity “allows you to control what you have and whom you share it with, in terms of personal data.”
He claimed that it grants an individual data ownership and consent management over his data. In a way, it reminded me of the promises of General Data Protection Regulation (GDPR) – that ownership of one’s data belongs to the individual and that person can decide who gets access to what part of his or her information.
“Verifiable identities contain documents that are issued by Distributed Ledger Technology, which means these documents are tamper-proof and traceable back to the source. By granting access to certain data points within your verifiable identity, you can prove whom you are based on your data, such as education qualifications, healthcare records, and even automobile licenses,” he elaborated.
Previously, it was not possible to do so without sharing all your personal information without any discretion.
Where does identity security sit
Quah noted that individuals and organisations have ownership over their verifiable identities, which means organisations are relieved from being custodians of their stakeholders’ data.
He explained that verifiable identities can help organisations quickly establish relationships with stakeholders without having to go through lengthy authentication processes since verification is simplified to a simple QR code scan.
“As verifiable identities can be built for both individuals and organisations, this simplified and reliable verification method can bolster an organisation’s identity security strategy as well as secure KYC or KYB processes in high stakes, high-value business scenarios, such as an investment or an M&A,” he commented.
Why adopt verifiable identity
Asked why it makes sense to adopt a verifiable identity, Quah claims it can facilitate a better user experience from onboarding to offboarding since individuals can use the same verifiable identity for any data interaction, and verification is streamlined into a QR code scan.
They reduce the risk of data breaches since data ownership is transferred to the owner and does not sit with the organisation. “Lastly, verifiable identities contain immutable and tamper-proof data at each data field level, which can also be obfuscated, preserving information integrity. In these ways, verifiable data facilitates compliance with data protection regulations,” he touted.
The first step in verifiable identity adoption
To begin building a verifiable identity on the blockchain, individuals and organisations will have to create, control, and manage public and private key pairings on the blockchain that make up a verifiable identity.
“Organisations and individuals may not have the ability to do so, and this is where Accredify comes into play – by acting as a bridge between the Web 2 and Web 3 ecosystems. We manage private and public key infrastructure for organisations, so enterprises can easily adopt verifiable identities without needing to develop Web 3 capabilities in-house,” said Quah.
How to avoid vendor lock-in
In the adoption of emerging technologies, there is always the risk of vendor lock-in. Quah claims that Web 3 (using public blockchains) circumvents this because it provides perfect interoperability between different ecosystems.
“This means it is sufficient for organisations to work with only one solution provider. Enterprises will decide whom to work with based on which provider can provide the best UI/UX and has the most meaningful downstream integrations,” he opined.
Click on the PodChat player and listen to Quah talk about digital identities and what he calls verifiable identity.
- Let’s start with a base and move from there. Define identity in the context of today’s digital economy? How many identities can one person have that can be used to authenticate him or her?
- What is verifiable identity? What is/are the problems it aims to solve? Is this the only approach to solving the same problem?
- Who owns the identity in these verifiable identities? Where does it sit in an organisation’s identity security strategy?
- What are the benefits of this solution at IT/tech level, user level, the perspective of security, and from a compliance perspective?
- Will this use of verifiable identity introduce latency, and friction to the user experience?
- Given that there are many approaches to verifying identity, how does an enterprise decide which verifiable identity solution providers when looking to introduce verifiable identity as part of its security strategy?