Business models, fraud and decentralized digital IDs: Future Identity Festival day 1
Digital identity is having its moment. Close to 60 percent of consumers in the UK and the U.S. use some form of digital wallet, while more than a third of organizations are planning to include digital IDs in their organization, according to a survey from software maker Curity. This is why digital IDs were once again the hottest topic in London this week during the Future Identity Festival 2023.
The first day of the two-day conference welcomed speakers from organizations ranging from Decathlon, Vodafone and Booking.com to Mitek, IDVerse and Open Identity Exchange (OIX). The panelists discussed business models, risks such as fraud and hacks, as well as solutions such as decentralized identities.
“The question of digital identity wallets is a very, very timely one,” says Hannah Jeffreys, senior product owner for digital identity at Lloyds Banking Group. The company has recently launched a digital identity app called Lloyds Bank Smart ID in collaboration with Yoti.
The key aspect of digital identity is its reusability, Jeffreys said during a panel covering digital identity strategies for businesses. Users can re-share their identity or attributes across different transactions in multiple industries, from drivers’ licenses to bank account history and healthcare identifiers. It also allows users to control which data they share through data minimization.
Companies benefit too, according to Boris Montin, global head of risk and identity strategy and analytics at food delivery platform Glovo. Digital identity informs them about customer preferences and helps them personalize their experience while increasing security. But companies will face challenges in offering digital identity solutions.
“You all understand the kind of chicken and egg nature of the reusable digital identity market,” says Jeffreys. “Users don’t want a reusable app until there are lots of places that accept it and places don’t want to accept it until lots of users are using it.”
Companies have been facing different challenges across geographies: While using biometrics may be a good way to achieve inclusivity in a country like the UK, it may not be an option in countries where many people own cheaper phones such as Nigeria.
Another issue in some countries is a lack of access to government data, says Duncan McIntosh, lead product owner for strategic identity services at NatWest Group.
The interoperability of digital wallets across different geographies was also one of the most commonly mentioned concepts during the day. The team behind the UK Digital Identity and Attributes Trust Framework, for instance, has been closely watching what is happening across the channel with the European eIDAS, panelists said.
A more pressing concern, however, may be cybersecurity, fraud and the looming dangers of artificial intelligence.
In the old days, criminals used to send letters to banks in attempts to defraud them, says Sally Felton, director for Fraud Risk Management at auditing and assurance company BDO. Thanks to digitalization, they can now spam thousands of people from the comfort of their homes.
“These criminals have no governance committees, they have no sign-off processes. They can react much quicker to weaknesses in systems,” Felton said during a panel on the shifting landscape of fraud and risk regulation.
Organizations have been shy about sharing data because of privacy rules such as the GDPR, even though more data sharing would help prevent fraud, the panelists agreed.
At the same time, organizations need to pay attention to how they are handling customer data. Organizations should be thinking about deleting data, sharding it into segments, or decentralizing it in a way that it cannot be replicated.
“Are we as a society moving away from the honeypot to the world towards something that is more focused on decentralized and/or data minimization?” asked Christopher Briggs, SVP of Identity at Mitek during a panel on privacy.
Laws, commercial models holding back decentralized identity
The Future Identity Festival did not just lay out challenges to digital identity, it also offered solutions.
Identity management has seen different approaches, says Jason Boud, co-founder and CEO at RegTech Associates. Some identities are verified and issued by a single authority like the government. Other identities are federated and issued by third parties such as those from private actors like Lloyds or the UK Post Office. The third way is decentralized identities.
The basic building blocks of decentralized identity have been standardized for a couple of years now, says Damian Glover, senior director of communications at the Decentralized Identity Foundation.
“What we’re now working on is going up the stack,” he adds. “There’s only so far you can go into those basic building blocks you need. You need functionalities that can then sort of exploit those basic capabilities.”
The benefits of decentralization are better resistance to hacks that have been plaguing centralized identity repositories. So-called self-sovereign identities should also give more user control over data. But the concept is still fresh and is currently fighting with skepticism and a bad reputation generated by headlines about blockchain and web3 failures.
“I think that our current legal system and the regulation don’t fit at the moment at all with the idea of decentralization. I think it’s one of those things where you’re always going to be probably behind the technology for quite some time,” says Jacqueline Watts, head of commercial law at the A City Law Firm.
Decentralized identities have yet to find a way towards commercialization. But as privacy becomes more important to consumers and even larger parts of our society move towards the digital realm, decentralized identities will also find their place in the world, panelists concluded.