Digital identity control belongs in the hands of the consumer

Register now

Sophisticated security threats are on the rise. In 2017, nearly 1 million more consumers fell victim to identity fraud compared to the previous year. Meanwhile, account takeover reached a four-year high, leading to losses of $5.1 billion.

Many companies use ID forms like Social Security numbers to validate identities. And in 35% of breaches in 2017, Social Security numbers were compromised, or more than credit card numbers (30%) for the first time. While businesses might not be able to stop using Social Security numbers anytime soon, there’s an opportunity to reevaluate the concept of digital identity and ultimately keep consumer data under wraps.

Touted for its ability to shift power over personal data from businesses back to consumers, the concept of self-sovereign identity, or what we refer to as consumer-controlled identity, represents the next step in the identity evolution. For a long time, large organizations have served as the primary caretakers of customer data, but the tables are poised to turn.
The security tools or measures used may not necessarily be better. As a matter of fact, these large organizations spend significant resources on security and typically do an excellent job. The greatest benefit will be in isolating individuals’ information and removing it from a pool of identities representing a large number of people. This eliminates the “honey pot” effect, where organized hackers can spend major time, talent and money for significant gain. It is dramatically less practical and less valuable to attack a single individual’s digital identity.

With consumer-controlled identity, instead of relying upon organizations to protect their personally identifiable information, consumers will be the ones dishing out data access to such businesses. Companies that previously leveraged such data on their own terms would need to receive permission before moving forward. Best of all, consumers won’t have to worry about turning over more information than what’s needed. Consumer-controlled identity ensures identification can be made possible by any particular data point without subsequently sharing other private details.

This changing of the guard may go a long way toward curtailing the recent rise in identity fraud. More than 16.5 million U.S. consumers fell victim to identity fraud in 2017. That’s about an eight percent increase from the previous year.

Although the transition away from physical ID forms, such as SSNs, being used in the digital realm may take time, the potential for improved data security has been enough to entice a number of organizations to pilot its application. The Sovrin Foundation, for example, is pioneering the public use of self-sovereign identity. This decentralized, global public utility for self-sovereign identity is one of a handful of players pushing for greater consumer control over personal data.

Businesses are unfairly tasked with carrying too much of the burden when it comes to protecting the personal information of customers. Soon enough, however, that responsibility may be passed on to consumers. In addition to eliminating the need to share sensitive information online, the advent of self-sovereign identity may give consumers a chance to reclaim control over their data and how it’s used.

For reprint and licensing requests for this article, click here.
Identity verification Payment fraud Retailers Social Security Administration ISO and agent