Putting individuals back in charge of their own identities

From letting hotels keep copies of our passports to handing over IDs for car hire or air travel, we seldom think twice about the implications of physically sharing our identity documents.

By now, we’ve gotten accustomed to exchanging personal information in return for a product or service we value – but we need to be more vigilant at a time when identity fraud is jumping as much as 37%.

Proof of a person’s identity is the key to accessing goods, services, financial accounts, and opportunities — which makes identity a valuable target, motivating fraudsters to try to gain our trust to trick us into disclosing our personal information so they can impersonate us. They also hack into identity databases that store personal information of millions of consumers. As a result, the frequency of data breaches has increased exponentially. In fact in 2022 alone, identity theft reached a staggering $42 billion in the US.

Based on the importance of personal information and the risk of fraud that could cost time, money and stress, individuals need to be confident that their identity is protected — whether they are in person or online.

Identity verification has evolved to digitize the process used in the physical world’s in-person identity check, by using a smartphone to verify an identity document and compare it to a selfie.  Doing the process digitally results in a far faster and more convenient solution, since it can be done in seconds wherever you are. It can also be more secure by adding in technical signals such as geo-location or IP address and cross-referencing against government or commercial databases. Although this is more convenient and secure than the old physical approach, a drawback is that individuals still must verify their identities every time they want to access a new service, and share their entire identity document each time.

It’s time we streamline this so that users can verify once and re-use their confirmed identity multiple times, and put individuals back in charge of their own identities. How can this be achieved and what are the benefits of controlling our own data?

User-controlled, shareable identity

A user-controlled, shareable identity is a credential that can be stored on a smartphone, and is backed by a level of confidence that the individual is who they claim to be. Shareable identities can be used in person to go through security at TSA, or to check in to a hotel, or digitally to sign up for a new account. A shareable ID solution empowers users to have greater agency and control over their own data by allowing them to control exactly how much information is shared, to who, and for how long. This includes withdrawing consent and revoking access when the transaction is complete. It also enables users to share only the necessary data to access a service or product, for example, a date of birth for buying alcohol.

It’s not just the individual that benefits, though. Many businesses no longer want the headache and liability of having to manage and store personally identifiable information. It’s costly, resource-intensive and for those with a global footprint, requires compliance with a host of different regulatory frameworks. The risk of falling foul of these frameworks can be equally as expensive too. The UK, for instance, has set GDPR infringement fines at £17.5 million or 4% of annual global turnover, depending on which is greater. As of April 2022, there were more than 1,000 fines handed out, highlighting that not only will authorities penalize companies, but many businesses are struggling to adhere to the rules. Different countries have different requirements, and to make it more challenging, the rules are constantly changing. As a result, we’ve had some customers demand that they never have access to personal information.

The technology behind shareable IDs

Digital identity comprises many signals to ensure it can accurately reflect the real identity of the relevant individual. It includes biometric data, ID data, phone data, and much more. In shareable IDs, these unique features are captured through a combination of AI and biometrics which provide robust protection against forgery and replication, and so provide a high assurance that a person is who they say they are.

Importantly, these technologies provide an easy and seamless alternative to other verification processes. For most people, visiting a bank branch to prove their identity with paper documents is no longer convenient, while knowledge-based authentication, like entering your mother’s maiden name, is not viable because data breaches make this information readily for sale to nefarious actors. It’s no wonder that 76% of consumers find biometrics more convenient, while 80% find it more secure than other options.

Biometric data is also highly individualized and difficult to forge, so it acts as an effective deterrent against identity theft and fraud – which will be key to the mass adoption of shareable IDs. Out of the hundreds of thousands attacks that businesses faced in 2022, fewer than 1.5% were biometric fraud, in which fraudsters attempted to gain access to a system by falsifying biometric data.

There’s also the fact that user-controlled digital identities are bound to a device with unique encryption. Not only does this add another layer of security, making it extremely difficult for fraudsters to intercept or manipulate, but it also means that IDs can be strengthened over time. Users can collect verified information about themselves, using documents such as a driver’s license or passport, and build a reliable, accurate ID portrait in their wallet.

Bonus: Balancing security and convenience

The privacy implications of handing over identities is one thing, but the inconvenience of having to do it repeatedly, is another.

Whether it is at a bank or airport passport control, the need to wait in line can waste valuable time and cause considerable frustration. Last year, passengers queued for up to five hours at Heathrow immigration as Covid-19 and Brexit paperwork put an extra strain on the borders, while 5,000 passengers a month missed their flights in Spain due to manual checks and police shortages. Upon leaving the airport, travellers then have to show identity documents again to rent a car or check into a hotel room.

A shareable identity is a user-controlled identity credential that can be stored on a device and  used remotely. Individuals can then simply re-use the same digital ID to gain access to services without waiting in line, offering time-saving convenience for all. It’s happening today with companies like Airside and Clear: these companies let you skip the line, by pre-verifying you ahead of getting to the airport and then allow you to reuse your ID – not just for fast-tracking through security but also accessing the airline lounge or checking your bag faster.

The future of identity

Gartner estimates that by 2026, at least 500 million smartphone users will be regularly making verifiable claims using a digital identity wallet. The advent of a ‘verify once, share anywhere’ reality puts the power back into the individual’s hands. From enhanced privacy control, to increased convenience, and strengthened security, shareable IDs empower people to reclaim their identities and navigate the digital landscape with greater confidence.


About the Author

Mike Tuchen is CEO of UK-founded digital identity scale-up, Onfido. Onfido, an Entrust company, makes digital identity simple. We make it easy for people to access services by digitally verifying them using its Real Identity Platform. The platform allows businesses to tailor verification methods to individual user and market needs in a no-code, orchestration layer – combining the right mix of document and biometric verifications, trusted data sources, and passive fraud signals to meet their risk, friction and regulatory requirements.

Featured image: Adobe

more insights