Today’s digital world lacks a credible identity system that is universally consumable and can be trusted by counter parties across industries. Further, all crowd sourcing based solutions lack credibility and verification that is needed to address regulatory requirements. Getting, all the industries, governments and consumers across hundreds of jurisdictions to agree on a framework is a challenge. A great deal has already been written on challenges in creating universal identity (Vinay Gupta, 2017). The problem has been part technical and part political.
Owning identity itself is hard for individuals
Verifying real identities requires mass consensus and adoption
Centralized systems are unreliable in long term due security and political risks
Identities need to constantly remain validated and updated
Limitations of mass adoption by different stakeholders
As we rapidly adopt digital technologies with smartphone penetration slated to reach 4 billion by 2022 and new technologies like IOT, blockchain, AR/VR and digital currencies getting ready for mainstream adoption, the need for cybersecurity has never been greater. The identity theft losses are reaching $16b1 annually in USA alone. The cost of KYC & AML is $15bn in the financial industry only. The latest forecast from Gartner Inc. says worldwide information security (a subset of the broader cybersecurity market) spending will grow 7 percent to reach $86.4 billion (USD) in 2017 and will climb to $93 billion in 2018. Global spending on cybersecurity will exceed $1 trillion cumulatively over the next five years, according to Cybersecurity Ventures.2 [Cybercrime attacks are expected to cost us $6 trillion a year by 2021. In a single year, cyber terrorism could cost us three times more than the entire U.S. housing and real estate industry is currently worth. The Chairman of IBM calls it the “greatest threat to every profession, every industry, every company in the world”. Cisco cites a report saying it will be more profitable than the global trade of all major illegal drugs combined. ATT calls it the greatest transfer of economic wealth in history.]3 The identity data today, lies fragmented and owned by different corporations, having conflicting monetization objectives. It’s often secured by fragile passwords or rely on one-time passwords for recovery that are easy to hack with commonly available tools. With the explosion of web content and services, it has become hard to keep track of logins, profiles and passwords. MSISDN based one-time passwords still offer a temporary relief but the system is extremely vulnerable to hacking, lacks identity attributes and has no identity verification. On the other hand, social networks are limited by the number of people who join, remain centralized and committed to conflicting incentives to monetizing the identity data they are trusted with. They often subject the users to undesirable social noise and comparison. This positions them at odds with consumers volunteering data to build strong profiles. Further, the social footprint created on such networks still rely on the users to update the social profile without any real external validations. This has enabled the prevalence and spread of fake identities. Government and Industry are desperately looking for a solution. “More than 100 developing countries lack functional civil registration and vital statistics. Some countries like Malawi and Ethiopia have registration rates in the single digits. Experts estimate that there are 1.5 billion people without a legal identity. That’s the equivalent of all of China going untracked.
Providing everyone on the planet with a legal identity would expand access to democracy, unlock economic and legal rights, facilitate the provision of healthcare and education, and accelerate global economic development. In fact, it’s hard to overstate the implications if we were to get this right.” (ID2020.org, 2016) Gartner believes a decentralized identity model that is built on a common identity trust fabric will become more feasible in the coming years. (Gartner, 2016) Governments are now holding businesses and banks responsible for AML and KYC. Europe has recently witnessed a complete overhaul of data privacy under GDPR that is going live in May 2018 putting steep penalties on breaches. All countries are likely to follow suite.
