Imagine this common scenario: You’re at the airport, ready to check-in and board your flight. You know the drill. Show your passport and boarding pass, check-in your bags, and go through security. It’s the same process no matter which airport you’re in. That’s because everyone knows and accepts the passport as a legitimate and unique identifying document.
While the process is pretty straightforward in the physical world, the same cannot be said for the digital realm. When the internet was first built, no one envisioned the need for an identity document that would allow us to enter and exit various sites and applications. Fast forward to the present and identity has become heavily siloed online.
Each service provider—whether it’s your social media platform, bank, healthcare provider or government—has their own means of verifying the identity of an individual using their site, and they each store that data separately, inaccessible by other providers. As a result, the average person has 191 accounts, each with varying credentials that they share over and over again to multiple parties. Rather than allowing people to carry trust with them across different websites and platforms, every new interaction requires a new confirmation of identity, meaning trust is always reset to zero. On top of tedious and time-consuming onboarding processes, users open themselves up to the risk of hacks and fraud each time they share their data. The need for a more efficient, user-centered experience is becoming clearer each day. But it also needs to be balanced with providing safety, security, and adhering to regulatory compliance.
Enter reusable or portable identities. It’s a new way of verifying a user’s identity online through a single, unified identity management platform. That means all forms of ID—from governments, hospitals, insurance companies, financial institutions, and any other online platform that requires personal identification—live in one place. This allows anyone to easily verify and share personal data across a whole host of online service providers. You’re also able to choose which credentials to share with each service provider. A reusable digital identity gives users control of who can access this information and establishes trust between parties.
Why the reusable identity market is growing
According to the new research report, “The Market Opportunity for Reusable Identity and How to Get There,” published by Liminal Strategy Partners, the size of the reusable identity market is expected to grow from $32.8 billion USD in 2022 to $266.5 billion USD by 2027. There are several drivers for the present market demand. Reusable identity addresses several prominent issues in today’s broken digital identity infrastructure. For example, customers expect more UX-centered and privacy solutions that are based on their needs, not the enterprise’s.
Electronic ID initiatives around the world (such as Estonia ID) are progressively being used for more than just proof of identity. There has also been a record amount of financial investment and support into backend identity solutions. In 2021 alone, $34.3 billion USD of capital was invested into the market. The combination of an eroding public trust in the state of digital privacy, the global COVID-19 pandemic accelerating digital transformation initiatives, and big tech players like Apple and Google introducing digital wallets, have created market conditions that position the need and readiness for reusable identity. However, as Filip Verley, Group Product Manager at Google Identity puts it, “For the market to work, all major players—big tech, regulators, and service providers—need to come together and play their role.”
Advantages and disadvantages of reusable identity
In order to lay down a solid foundation and properly navigate a trusted digital identity framework for digital ID, businesses and organizations must understand both the advantages and disadvantages of reusable identity.
- Trust and ease of use trust built into a single package. One of the best things about a reusable identity is that there are pre-existing comparables in the physical world. For example, a driver’s license is a universally accepted form of identity verification. This makes the task of educating users about how reusable identity works much easier and increases trust in the using this method of verification.
- Improves the login process by using pre-verified digital credentials. A reusable verified identity is built upon strict processes of verification and authentication. Once a user passes all the checks needed to initially create a credential, their identity is secured. The login process becomes more seamless and secure at the same time.
- Enhances customer privacy and control over shared data. By limiting the number of data transfers containing personal information, a reusable identity framework reduces the risk of falling victim to hacking and identity theft. Additionally, because credentials in a reusable identity are easily federated, users can limit sharing to only the information required.
- Ensures compliance with up-to-date local and international laws. When managed from a single platform, compliance with quickly-evolving data privacy laws can be more easily supported.
- Consolidating identity management across different devices and platforms. Consumers and enterprises have always been forced to navigate disparate identity systems. Vendors each have to invest in their own identity infrastructure, which, when not executed well, increases friction during the onboarding process.
- It can be difficult to get a digital identity. In the UK, the Government Digital Service developed GOV.UK Verify (aka Verify) as the government’s flagship ID verification platform in response to a ministerial agreement on the need for a cross-government identity assurance initiative. Verify was intended to be the default way for people to prove their identity when using digital services that need to know who the user is (such as claiming tax back and receiving benefit payments). Although they projected a 90% verification success rate when they first launched the project in 2015, there were only 48% of identities successfully confirmed in 2019. One reason for this was that the bar for identity verification was set very high and users had to pass multiple checks to get to a level 2 assurance.
- Digital IDs are easily replicated. Synthetic identity is a growing and serious threat for online identity. Deepfakes are increasingly being used to create hard-to-spot fraudulent IDs. To counter this, placing emphasis on digital life rather than digital identity alone can help combat the success of deepfakes over time. Unusual signs of behavior can be detected and flagged by the system.
- Delegation is currently not an option. Just like how we are able to delegate our identities to people we trust in the real world, we need to be able to do that in the digital world as well. Digital identity systems have struggled with this for both technical and legal reasons. An identity service must be flexible enough to handle these types of transactions. This means being able to set restrictions over delegated control, including revocation. Both user and service admin need to have access to control. Most digital identity services do not currently meet these requirements.
- Requires large-scale buy-in before adoption. Consumers and vendors alike need to be able to see how reusable identities can support and protect users throughout the entire customer journey. Educating the public and building consumer trust around data privacy and user experience takes time. In addition, implementing reusable identities requires an entire paradigm shift, where cross-industry participation and collaboration becomes the norm rather than the exception. It may take recognized customer brands like Apple and Google to enter the space first to set the scene for public trust, adoption, and scale.
There is much left to be explored when it comes to the adoption of reusable identities. However, given the current climate around data privacy, increasing privacy regulations, public and private credential growth, and the unprecedented investments made into backend digital identity solutions, its adoption may come sooner than later. Once digital identity service providers are able to grow trust and acceptance, it will be easier to create seamless and safer online experiences with minimal friction for users.
Mitek is committed to staying at the forefront of the most advanced cybersecurity and identity verification technologies, having recently acquired HooYu, the leading KYC and customer onboarding digital identity solution.