Why Reusable, Smart Credentials Will Win Over Physical, Analog Identity Verification
Published on Forbes.com
Showing a form of identification is a process most of us experience on a regular basis. When you open a bank account, seek employment or a gig, use healthcare facilities, apply for loans, etc., you provide your personally identifiable information (PII) such as your social security number (SSN), date of birth (DOB), driver’s license (DL) and/or other biographic information.
We do these things to establish some level of “trust” with another party. We’re forced to give out various types of PII during different interactions—and many times, we repeatedly do so for the same purpose on different occasions.
But we must ask ourselves: Why are we repeatedly trying to establish trust by letting organizations collect our personal data to validate our credentials?
The simplest answer is that we don’t currently have widespread, verified data portability. If we as consumers were able to combine and verify our credentials for good just once, we’d be able to move through everyday interactions without exposing so much of our personal data to every business or organization we encounter.
Individuals and businesses need a comprehensive solution: a self-sovereign, reusable digital identity that works for both parties. A way to solve this would be a reusable “smart credential” that enables consumers to own and control their verified data without handing over their underlying personal information for verification purposes.
A “wallet” akin to the Apple Wallet enables people to hold individual credentials in a digital form. But what if each person started to use a single, dynamic credential that’s always current and can render progressively higher levels of trust that can satisfy the different verification needs of businesses? Then the person with the credential and the business could exchange the necessary level of trust (e.g., verification of identity, a criminal background check or a comprehensive background check) with zero private data exchanged. Here are three reasons I believe reusable smart credentials will win over physical, analog identity verification, based on my company's experience working on a multi-industry, portable smart credential.
Reason 1: Reusable smart credentials reduce privacy concerns.
Here’s food for thought: According to a 2021 Upwork study, 59 million people in the United States did freelance work in the prior year.
To get hired and onboarded, these freelancers had to repeatedly share their Social Security numbers (SSNs) and other personal information with multiple people and companies, putting all parties at high risk of data breaches.
A smart credential reduces that and other risks. Instead of having to constantly provide personal data to prove your identity or eligibility, you’ll have a digital smart credential that’s permanently assigned to you—like a digital QR code—that organizations can use to verify your identity as needed, including selective disclosures such as age verification or any type of eligibility affirmation. You won’t have to constantly give out different forms of identification to different businesses for various transactions, such as getting hired for a gig or securing a loan.
Reason 2: Portable smart credentials minimize the risk of identity theft or compromise.
Sharing your SSN doesn’t come into play solely when you’re getting hired. You have to provide your SSN when you join a new health insurance plan, apply to higher education programs, fill out a loan application and more.
Social Security numbers are frequently targeted in data breaches, as are other types of information people regularly provide, like addresses and DOBs. For instance, according to a May 2022 article in the Texas Tribune, personal data of approximately two million “Texans who filed claims with the Texas Department of Insurance was exposed and publicly made available for nearly three years.” That data included “Social Security numbers, addresses, dates of birth, phone numbers and information about workers’ injuries,” the publication reported.
Providing any type of information about yourself online puts you at risk of a data breach. In its Q1 2022 report, the Identity Theft Resource Center found that “the 404 publicly-reported data compromises in the U.S. represent a 14 percent increase compared to Q1 2021.”
Portable, reusable digital identification minimizes the risk of data breaches because it minimizes the number of times you give out your data. You don’t have to show anyone your driver’s license or disclose your SSN, address and other PII. Instead, you simply present a smart credential that lets the organization in question verify your identity via a trust exchange network (similar to a credit card verification network).
Reason 3: Portable smart credential streamlines identify verification.
Beyond privacy, identity theft and data breach concerns, these credentials also streamline and standardize identity verification and other trust-related checks.
More interactions have become digital, especially since the onset of the pandemic. Today, digital and remote transactions are the norm. Businesses should prioritize concentrating on making those interactions with new and existing customers hassle free to ensure superior user experiences. A portable smart credential could streamline online activities such as opening bank accounts and filling out hiring forms without needing to continually enter and share PII. What PayPal and Apple Pay have done for monetary payments, a portable smart credential can do for identity and trust verification.
Single-Industry Versus Multi-Industry Solutions
I expect some industry-specific digital identification solutions will continue to populate the market, such as in education, travel and other regulated industries. Others will be applicable across industries and use cases that require progressively higher forms of trust beyond identity verification.
In the name of "user experience" and speed of transaction, businesses currently tend to focus on collecting data that’s the lowest common denominator—PII that’s “obvious,” such as a user’s SSN or DOB. Identity portability solves these core challenges of user experience and speed of transaction while maintaining the integrity of any transaction requiring trust verification.
A reusable smart credential is simply a verified collection of pertinent data that inherently belongs to the individual and should always be under their control. Any third party that is relying on verifying the individual should be able to do so without requesting any PII. People shouldn’t have to hand out their SSN and other PII to confirm their eligibility to access a service or benefit, be associated with an organization or perform a particular task.
And yes, there are situations where reusable digital identity will be tough to implement, such as in parts of the world with technology gaps and/or bad digital record management. Leaders in this space and the businesses that adopt portable, reusable digital identity verification should keep access and inclusion top of mind.
Soon, reusable smart credentials representing progressively higher forms of trust for a variety of societal transactions will populate the market—and businesses must prepare for this shift toward greater protection of people’s privacy and data.