Putting individuals back in charge of their own identities

Person using a laptop with a padlock symbol
(Image credit: Shutterstock)

Many of us have become accustomed to exchanging personal information in return for a product or service - from handing over IDs for car hire to hotels taking copies of our passports. However, it's essential that we exercise caution, especially in a climate where identity fraud is jumping as much as 37%.

Identity has become the key to accessing a wide range of goods and services, and in turn, has become a prime target for malicious actors. Fraudsters are targeting unsuspecting individuals, convincing them to reveal personal information so they can impersonate them. Sophisticated fraudsters are even attempting to hack into identity databases that store the personal information of millions of consumers. It’s no wonder that the frequency of data breaches has increased exponentially. In fact, in 2022 alone, identity theft reached a staggering $42 billion in the US.

Based on the importance of personal information and the risk of fraud that could cost time, money and stress, individuals need to be confident that their identity is protected — whether in person or online.

Identity verification has evolved to digitise the process used in the physical world’s in-person identity check by using a smartphone to verify an identity document and compare it to a selfie.  Doing the process digitally results in a far faster and more convenient solution since it can be done in seconds wherever you are. It can also be more secure by adding technical signals such as geo-location or IP address look-up and cross-referencing against government or commercial databases. These checks can be completed in the background within minutes so it doesn’t impact the end-user experience. Although this is more convenient and secure than the old physical approach of going in-store for an identity check, a drawback is that individuals must still verify their identities every time they want to access a new service and share their entire identity document each time.

The time has come to streamline this process and allow users to verify once and reuse their confirmed identity multiple times, putting them back in charge. How can we accomplish this, and what are the advantages that come with controlling our own data?

Mike Tuchen

Mike Tuchen is CEO of UK-founded digital identity scale-up Onfido.

Empowering users with a shareable IDs

A user-controlled, shareable identity is a credential that can be stored on a smartphone and is backed by a level of confidence that the individual is who they claim to be. Shareable identities can be used in person to go through security at TSA, to check in to a hotel, or digitally to sign up for a new account. A shareable ID solution empowers users to have greater agency and control over their own data by allowing them to control exactly how much information is shared, to whom, and for how long. This includes withdrawing consent and revoking access when the transaction is complete. It also enables users to share only the necessary data to access a service or product, for example, a date of birth for buying age-restricted products, such as alcohol.

It’s not just the individual that benefits, though. Many businesses no longer want the operational burden and liability of having to manage and store personally identifiable information. It’s costly, resource-intensive and for those with a global footprint, requires compliance with a host of different regulatory frameworks. The risk of falling foul of these frameworks can be equally as expensive too. The UK, for instance, has set GDPR infringement fines at £17.5 million or 4% of annual global turnover, depending on which is greater. As of April 2022, there were more than 1,000 fines handed out, highlighting that not only will authorities penalize companies, but many businesses are struggling to adhere to the rules. Different countries have different compliance requirements, and to make it more challenging, compliance is evolving.  As a result, we’ve had some customers demand that they never have access to personal information.

Behind the scenes of shareable IDs

Digital identity comprises many signals to ensure it can accurately reflect the real identity of the legitimate individual. It includes biometric data, ID data, phone data, and much more. In shareable IDs, these unique features are captured through a combination of AI and biometrics, which provide robust protection against forgery and replication, and so provide a high assurance that a person is who they say they are.

Importantly, these technologies provide an easy and seamless alternative to other verification processes. For most people, visiting a bank branch to prove their identity with paper documents is no longer convenient, while knowledge-based authentication, like entering your mother’s maiden name, is not viable because data breaches make this information readily available for sale to nefarious actors. It’s no wonder that 76% of consumers find biometrics more convenient, while 80% find it more secure than other options.

Biometric data is also highly individualized and difficult to forge, so it acts as an effective deterrent against identity theft and fraud – which will be key to the mass adoption of shareable IDs. Out of the hundreds of thousands of attacks that businesses faced in 2022, fewer than 1.5% were attempted biometric fraud, in which fraudsters attempted to gain access to a system by falsifying biometric data.

There’s also the fact that user-controlled digital identities are bound to a device with unique encryption. Not only does this add another layer of security, making it extremely difficult for fraudsters to intercept or manipulate, but it also means that IDs can be strengthened over time. Users can collect verified information about themselves over time, using documents such as a driver’s license or passport, and build a reliable, accurate ID portrait in their wallet.

Security vs convenience

The privacy implications of handing over identities is one thing, but the inconvenience of having to do it repeatedly is another.

Whether it is at a bank or airport passport control, the need to wait in line can waste valuable time and cause considerable frustration. Last year, passengers queued for up to five hours at Heathrow immigration as Covid-19 and Brexit paperwork put an extra strain on the borders, while 5,000 passengers a month missed their flights in Spain due to manual checks and police shortages. Upon leaving the airport, travelers then have to show identity documents again to rent a car or check into a hotel room.

A shareable identity is a user-controlled identity credential that can be stored on a device and used remotely. Individuals can then simply reuse the same digital ID to gain access to services without waiting in line, offering time-saving convenience for all. It’s happening today with companies like Airside and Clear: these companies let you skip the line, by pre-verifying you ahead of getting to the airport and then allowing you to reuse your ID not just for fast-tracking through security but also for accessing the airline lounge or checking your bag faster. A recent example is Alaska Airlines, where international travelers can now verify their passports while still at home, so that they can skip the queue at the airport for showing their passport to an agent and head straight to security.

Shaping the path ahead for identity

By 2026, Gartner estimates that at least 500 million smartphone users will be regularly making verifiable claims using a digital identity wallet. The advent of a ‘verify once, share anywhere’ reality puts the power back into the individual’s hands. From enhanced privacy control to increased convenience, and strengthened security, shareable IDs empower people to regain control over their identities and navigate the digital realm with renewed assurance.

We've featured the best authenticator app.

Mike Tuchen is CEO of UK-founded digital identity scale-up Onfido, is an experienced growth-oriented software and cloud executive with a track record of scaling global technology businesses.