Every individual. Verified. Digitally.
By the end of the decade.
An ambitious goal, to be sure, and one that the U.N. wants to achieve, using methods that would promote financial inclusion and give visibility to billions of people who are, so far, invisible.
In perhaps the most sweeping example, the member states of the United Nations have embraced, as part of “sustainable development goals,” a target to “provide legal identity for all, including birth registration,” by 2030.
The creation of digital IDs also has the beneficial effect of helping governments and companies combat financial fraud and money laundering activities.
In today’s digital age, the concept of “identity” is changing on the global stage, especially when it comes to eCommerce. The U.N. directive has its challenges in a world where, so far, there are no global or even regional standards as to what data can be collected to create, maintain or verify identities. The challenges are illuminated in especially stark relief in developing economies where some of the most basic official documentation may be lacking.
But, in an interview with Karen Webster, Zac Cohen, chief operating officer at Trulioo, cautioned against a “one-size-fits-all” approach to the digital identity space.
To get a sense of just how fragmented the process remains across digital ID creation, consider the fact that the interview came just a few days after Kenya’s highest court temporarily suspended the country’s new, and national, biometric identity program. The initiative will be on hold until the government enacts new laws that would safeguard data security.
The program was and is sweeping in scope, seeking fingerprints, other biometric and personal data tied to tens of millions of residents.
On the other side of the spectrum, of course, lies the massive national ID program put in place a few years ago in India, where through the Aadhaar Act, which is now the world’s largest biometric ID system, offers a unique 12-digit ID number to citizens, and now covers more than 1 billion. Back in 2018, India’s Supreme Court voted to uphold the legality of the country’s Aadhaar program, saying the database does not violate the right to privacy.
The Core Principles
Cohen told Webster the U.N.’s policy represents “the right goal to set. But what we need is a few model examples to build really successful ID schemes around. Any ID scheme that is built without security, privacy, and financial inclusion among the chief principles, is just going to be missing the core purpose of the system itself.”
Those core principles, said Cohen, are critical no matter if the stakeholders looking toward digital IDs are countries or enterprises.
The key challenge, in his opinion, lies in establishing the underlying proofs of identity.
“In many developing nations, standard-issue identity documents are not universal, so is an individual included without the prerequisite documentation?” he asked. “The result is a difficult challenge that must ask ‘how can you build a profile out of what is available?’”
The Layered Approach
To ensure that someone is being identified correctly, said Cohen, it’s important to take a holistic approach created through disparate data points, because a one-size-fits-all approach won’t work. In addition, a layered approach can help set the stage for future generations of citizens and customers, including efforts to create digital IDs.
“You also have areas under that umbrella [of digital ID creation] such as AML [anti-money laundering], KYC [know your customer], fraud and repetitive authentication that need to be considered as part of the layering,” he recommended. Risk is reduced each time a layer is added, the Trulioo COO said.
Once the ID is established, the question of liability emerges — especially as merchants and banks rely on tokenized and digital IDs that still, despite best efforts, may wind up compromised.
As Cohen told Webster, “If you don’t have an approach that is privacy first, security first and regulatory first, it will show when these areas are tested by regulators and the courts alike.” Liability needs to be shared across the chain, he said, but the first pieces of data and the initial relationships between the end-user and the organization that they are directly interacting with are the most important.
The Micro Level
Drilling down to the micro-level — the operations within a company — institutions large and small need to find (or create) a group that can run pilots to digitize a significant number of manual processes around handling user identity, user onboarding and user monitoring.
Think of technology as a vitamin, he said — in the first instance, it can help companies grow, and embrace digital IDs as an inexorable part of doing business. In the second case, technology can help firms address pain points and mitigate risks with proper awareness and systems in place.
“There is ample technology to help solve these challenges. The key is basing that selection process on versatility; a solution that's going to be flexible because we know that change is guaranteed and continuous, both internal and external,” he told Webster.
That includes deploying technology that gives access to multiple solutions depending on the use case, with the option of layering in marketplace technology providers. Integration must be simple and developer-friendly, he advised.
“It all becomes much easier to plug other business units of your organization into that platform or use case,” he said. But such initiatives also require what he called “executive sponsorship,” where CEOs help articulate and shape these pilot programs and other tech-driven efforts.
Looking ahead, Cohen told Webster, “Innovations in digital identity represent the strategic difference that can help make or break companies over the next several years. And if they get it right now, they’ll position themselves for huge success in the future.” He added, “If they don’t, they’re going to be left behind.”