By Rob Laurence, Innovate Identity
Believe it or not, nearly 5 years have passed since the first Open Identity Exchange (OIX) Economics of Identity event in London. I recall sitting through a session entitled “imagine a world where …..” and listening to people’s visions for the future of identity assurance and how digital identity would be embraced in our digital world, from the moment we awake until the end of the day. I don’t recall anyone saying “imagine a world where ……. nothing much will change in the next 5 years”. Yet, that is pretty much the reality of the vision. Sure, we have some interesting new technologies and some companies trialing different digital identity concepts. More than 3 million people have a GOV.UK Verify account and NHS Digital is piloting a new way to log in to some health services. But we are a long way from a ubiquitous digital identity that we can choose to use with those scores of organisations and businesses that we interact with online.
What is it that the visionaries and theorists proclaim, that makes digital identity so compelling? And what is it that is countering this, that is holding back its progression?
Digital identity is supposed be more convenient for us, the person. It is supposed to protect us better from having our identity stolen and being used fraudulently. It is supposed to help keep our personal information safe.
Digital identity is supposed to be more convenient for us, the organisation. It is supposed to make our customers’ experience better, to reduce our exposure to fraud and financial crime, and to reduce the consequences of data hacks. It is supposed to be more cost-effective than other methods of identity assurance, delivering more than a billion pounds of costs savings across the UK (according to the OIX Economics of Identity report, published ironically, nearly five years ago).
The OIX paper, The Cost of Doing Nothing, illustrates what impact digital identity could have on sectors such as banking and financial services, travel and the sharing economy. The paper also highlights the economic benefit digital identity would bring. The key to unlock new services and transform existing services.
So, why is the market for digital identity services not progressing at pace?
In my opinion, there are two main reasons:
- The issue of awareness, understanding, confidence and trust
- A lack of a strong-enough compelling reason
Given the hypothetical benefits and cost savings attributable to digital identity, it would seem reasonable to suggest that if we deal with the first reason, the second may well resolve itself.
Let’s consider what a future digital identity ecosystem may look like in the UK. In countries where digital identity schemes exist, they typically have evolved from state national identity schemes or involved a consortium of banks sharing existing customers’ digital identities. Since neither scenario exists in the UK, and government has indicated a desire to see the development of private-led schemes, it seems reasonable to assume that the likely scenario will be a number of schemes emerging in a competitive market. However, for the full benefits of digital identity to be realised, these schemes will need to coexist and interoperate, or we will end up with a fragmented approach requiring us to use different digital identities to access government services, health applications, banking, etc, with the resulting conundrum of delivering scale and cost-effectiveness multiplied several times (more on this later).
An interoperable model can only be successful if confidence and trust can be established across the whole ecosystem.
Confidence and trust can be built on many factors.
- Standards. In a multi-scheme, interoperable model, a consistent and open approach to standards for identity assurance is required.
- Schemes. Different industries and sector will have differing requirements that not only need to be accommodated within standards but need to be reflected in how the schemes have been implemented.
- Certification. The ultimate seal that will enable businesses and organisations to accept a scheme as fit-for-purpose and have in place the necessary safeguards for all parties including the citizen or consumer
- Regulatory approval. In regulated industries, such as those impacted by the UK Money Laundering Regulations, clear guidance needs to be provided to build company confidence.
Building confidence and trust removes many of the barriers and objections arising to the adoption of digital identities. However, one other fundamental issue needs to be addressed? How to build a population of digital identities, quickly and cost-effectively. Could banks deploy their existing customer base? Why should they? If not the banks, why not the mobile operators or gambling sites, both of which have large customer bases with trusted identities.
This, and the work that OIX is undertaking with regard to standards, we will explore next month. There is a link between them …..