Just a small excerpt of hacks in recent years which show that sensitive identity data isn’t safe within centralised servers and that both public and private institutions‘ security measures are lagging behind the advances in technology.
As a consequence, trust in institutions and their ability to securely store data is at an all time low. From the companies‘ perspective, these security breaches are costing billions in lost revenue from lack of trust. Even banks – long the trusted guardians of data – aren’t immune to this and are losing trust, especially among millennials.
Lack of control over the fate of personal data is a growing concern. Depending on which study is cited, 60-80% of people worry about their data being sold to third parties and used for non-consensual reasons. And while regulation such as GDPR reflect these growing concerns, companies‘ data policies and technology are still playing catch-up.
From a user experience perspective, the typical internet user is forced to maintain a myriad of different identities and is forced to trust centralised guardians of data, who have failed them many times in the past. For companies and governments, many identity-based processes such as those for government visas or KYC systems in banking still require manual verification.
Distributed ledger technologies (DLT) such as blockchain can solve the above problems by giving consumers self-sovereignty over their digital identities. Through an indisputable, decentralised ledger, DLT facilitates third party verification while conserving consumer privacy, minimises the potential for hacks while reducing the need for middlemen.
How they do this can be explained along four dimensions.
DLT is „trustworthy“ as no single entity can control or manipulate the data on it. Further, the lack of a single, centralised point of attack drastically reduces the possible attack vectors for hackers, providing extra security for consumer data. Responsibility over the digital identity lies with its owner, who is free to choose who can gain access to it. By giving explicit consent, the consumer can temporarily or permanently grant access to their identity while retaining ownership and responsibility. This eases the burdon of compliance on institutions while offering an opportunity to regain waning trust with consumers.
Data on a distributed ledger has a public and a private side. While the private key containing or linking to the data is only accessible to the owner of the identity and allows the signing of documents or data, the public key can be shared with private or public institutions in order to verify the correctness of the data. This means that third parties can verify the digital identity – e.g. for the KYC process in financial institutions. Furthermore, decentralised distributed ledgers ensure that data stored on it is indisputable, allowing greater cooperation between institutions.
The use of DLT gives consumers transparency over how and when their identity is being used and by whom. The increased transparency and control over one’s own identity can even lead to new business models. Instead of companies such as Facebook controlling data and reaping the economic benefits, individuals can rent out their own data on a data marketplace. This increased transparency of identity management incentivises more responsible interaction with data, also leading to greater consumer trust.
In the current world, companies and governments act as intermediaries that create trust between unrelated parties. However, companies must be prepared for a world in which trust is provided as a native feature of DLT and processes such as verification can be automated with smart contracts. Whether its data aggregators, or external auditors, many companies may need to rethink their business models and ensure they are still creating value once the intermediation of trust becomes commoditised. On the flipside, these advances also present an opportunity, as the elimination of verifying middle-men can make processes more efficient and cost-effective.
Use Cases for Digital Identity
Self-sovereignty through digital identity enables consumers to retain control of their data, while selectively allowing financial institutions to access it. This facilitates compliance in the complex regulatory landscape. Furthermore, the KYC process is drastically sped up as consumers can authenticate themselves and can even be automatically approved or denied through smart contracts that verify the data. A single digital identity promotes trace-ability around the globe and helps regulators crack down on financial crime such as money laundering.
Digital identity can enable tamper-proof prescriptions. The doctor would create an entry in the ledger which can be transmitted to the pharmacy with the patient’s consent. Subsequently, the prescription’s expiry is stored securely in the ledger. This also facilitates monitoring for drug abuse. Furthermore, patients can grant hospitals insight to their entire medical history, eliminating the current black box system and giving new doctors a much more sound basis for consultation. Patients could also share their data with researchers through a data marketplace and be compensated for their data.
Government agencies in the UK, China and India – among others – are conducting pilot projects in a wide variety of use cases. Documents requiring high verifiability such as business registrations, patents or property rights can be tied to a digital identity and replace error-prone paper-based transactions. Digital identities can be tied to elections, securely enabling voters to vote from anywhere and removing the need for a paper trail while maintaining transparency and subsequent accountability. The issuance of government ID or other documents can be sped up through instant verification and rule-based processing.
In e-commerce, a unified digital identity creates a more fluid user experience and removes the need for the countless digital identities consumers currently have. Furthermore, it can enable a DLT-based reputation system that is based on digital identities that can track credit-worthiness and allow hassle-free online commerce while minimising risk for retailers.
How can we help?
Capgemini has end to end competence along the complete innovation process by leveraging internal resources as well as key partners, allowing us to assist you along a five-step process from ideation to implementation.
(Source: Capgemini Invent)
Initially, it is vital to understand the disruptive nature of DLT and how it can solve pain points. The scope is diverged in the discovery phase to brainstorm a variety of solutions – for example, through tailored design thinking workshops – before narrowing down the focus to the solutions with the greatest business impact and prepare them for prototyping. The prototype is then matured into a fully-fledged business proposition that includes a commercial model of implementation.
The greatest hurdle towards building a successful MVP is the future scaling potential of the DLT solution, which we keep in mind throughout the whole process, whether using a lightweight platform such as Tendermint or a more complex one such as Hyperledger.
In addition to the integration efforts into existing systems and eco-systems, the implementation into a live platform must be supported through internal coaching as well as creation of an external network effect for adoption in some cases. Furthermore, the live implementation is supported and constantly updated to remain cutting-edge.
A distributed ledger based digital identity solution can improve your operating efficiency, improve data compliance and reduce potential for fraud – all while offering a better, more transparent user experience for your customers. Talk to us to find out where to start!