In our last blog on reusable identity, we discussed significant developments in the UK, EU, and US that give us reason to believe there is increasing potential for mass adoption of the technology in jurisdictions across the world. However, for widespread adoption to occur, both governments and businesses will need to accept valid forms of digital identity. Citizens and consumers alike will need to be persuaded to create and share their identity attributes so that they may gain access to critical products and services. With that said, the need to prove the benefit of reusable identities to both individuals and relying parties is equally crucial.
What’s getting in the way of digital ID wallet progress?
Practitioners and academics have long debated the conundrum of how to get to a tipping point of mass adoption for digital id wallets. Which comes first, the chicken or the egg? Do businesses wait until there is a critical mass of demand for digital identities amongst consumers before accepting the need for it, or do consumers wait until enough businesses start embracing and accepting it before adopting it themselves? The answer is potentially both, but both cannot occur at the same time.
In the UK, behind-the-scenes working groups of trust schemes have postulated that around 10 million consumers will need to have downloaded a digital identity wallet before they become of real interest to larger corporate organizations. Only then would they consider tapping into this network as part of a customer acquisition strategy. However, the cost of marketing to encourage that many consumers to download a digital identity wallet without there even being a necessary business or government purpose presents a real challenge.
So how can we expect this market to grow? One way is to rely upon governments to build state-backed solutions. New South Wales in Australia is a great example, with the NSW government’s Digital Identity Future Vision. The UK government is also building its own version of a single-sign on digital id app called One Login.
However, these projects are long-term initiatives and there are significant risk factors that need to be taken into consideration to avoid failed attempts such as the Gov.UK Verify project, where fewer than half the expected number of government public services adopted the technology and less than one-sixth of the forecasted 25 million users. Many public sector use cases ended up needing to be reversed out of the scheme.
It is also no small factor that in many countries there are large public concerns that state ID solutions could be used to collect personal data on citizens. Whether these concerns are right or wrong, they need to be addressed. Until then, negative sentiment will remain and propagate, likely leading to continued delay in widespread adoption.
Mitek’s solution to growing the market for digital ID
At Mitek, we have an alternative perspective on how we think the growing electronic identification market could develop, with institutional client businesses playing a key role.
Many of our institutional clients have consistently indicated their interest in digital identity wallet technology. Of particular interest is Mitek’s identity wallet, which has been developed by our own engineers. Many companies are keen to explore options for using our identity wallet as a white-labelled business product with customized branding, or by integrating our wallet capability into their own native app, which is made possible by our low code SDK feature.
The ability for our clients to use our wallet, or the functionality of our wallet, and push it directly to their customers means they can, for the first time, easily and readily deploy a reusable identity solution across their entire portfolio of brands, products, and service lines.
For organizations, the most significant benefit of using an identity wallet, or by being able to access our identity wallet through their own native app, is the ability to offer a quasi-customer passport, or a unique customer digital identification with a unique and single view of that individual. This tool allows their customers to quickly and easily port between different brands and platforms through the initial assertion of a pre-created identity and authentication using personal information such as biometrics for login and safe returning passage.
If organizations want to adopt a digital wallet in this way, i.e. as a business-to-consumer product, they will experience cost savings in onboarding a particular customer across different group business lines (which is usually duplicative in cost and potentially creates several records of the same person). Another positive outcome is that it also serves to protect the customer’s account as biometric authentication completely mitigates the need for usernames and passwords. This level of protection significantly reduces the risk of account takeover.
Once a bank account has been opened through the sharing of an identity from the wallet, all that is needed to log back into the online service is an assertion of a tokenized customer ID credential (in the form of a digital cryptographic certificate) from the wallet and a selfie to generate a biometric face match to confirm that the customer is the same person within the business’s records. This is a fast, easy and highly secure process.
Walled gardens vs interoperability
The drawback to this initial deployment of digital identity technology is that we do not see this as creating interoperable identities across a network of businesses and services. We predict that businesses will only want to deploy the identity (which they have initially paid for) across their own brands and not necessarily want the identity to be reusable across other organizations and their respective brands.
It makes sense that if a company is going to launch its own identity network and cover the initial cost of verification, it will most likely not want its competitors to benefit from the reuse of that identity within their own networks, and for only a fraction of the outset verification cost. Instead, companies may wish to maintain their own identity network so that it can only be used across its own group of brands and service lines. This essentially limits the identity solution to within a walled garden that’s entirely ring-fenced.
However, the limitation of when and where someone can share their pre-created company ID would only be a temporary concern in the early stages of identity wallet adoption, most likely just a one to two year period. As government and consumer use cases spawn simultaneously and identity adoption begins to proliferate, company IDs will begin to open to the wider digital ecosystem as demand increases in the general market. This will deliver an alternative revenue stream, product differentiator, and brand association for companies. With their millions of customers, brand recognition, and trust index scores, many of the larger banks are now beginning to understand the potential for this alternative business model, whilst also protecting their customers against identity fraud.
In order for this level of interoperability to play out, we will need a common set of identity standards, policies, and protocols by which identity verification and attributes are shared by all identity providers and received by all relying parties. This blossoming academic subject, with its technical architectures and rule bases, is now the subject of professional working groups, involving the brightest minds in identity.
We are delighted to say that Mitek is involved in this process because we believe that, although achieving global interoperability of identity is one of the biggest challenges of our generation, it has the power to unlock the ability to offer any service (business or government) to anyone, anywhere, and at any time. This is the true power of digital identity and something we believe is achievable before the turn of the next decade.
About Gareth Narinesingh
Gareth Narinesingh is Head of Digital Identity at HooYu, a Mitek company.