The recent Equifax breach has prompted renewed speculation about a possible successor to Social Security numbers for personal identification in the US. Has the time finally arrived for a new – and more secure – form of digital identity?
A secure, universal identifier is intuitively appealing, but soon runs up against a couple of harsh realities. From a security point of view, repeated use of the same identity is a no-no. Regardless of the technical security underlying any solution, breaches can and will happen – probably as a result of human error. The more systems there are involving a single identity, the more likely a breach and the more devastating the consequences.
A widely-used digital identity also has substantial privacy drawbacks. The more different data sets are connected, the more we reveal about ourselves. With ever more powerful data mining and artificial intelligence, we are already revealing far more about ourselves than perhaps we should.
So should we rule out the idea of a single identity in favour of separate identities and verification systems for each organisation we interact with? While security and privacy suggest we should, experience hints otherwise.
From the individual’s point of view, a single identity is hugely convenient. Maintaining security with multiple identities has always proven problematic. The temptation to reuse or write down passwords is almost overwhelming. And for those who follow current best practice by using a password manager, doesn’t that create a single point of failure?
Equally, while many will talk the talk on privacy, experience suggests that consumers are quite happy to sacrifice privacy for convenience.
From the point of view of digital identity provider, creating a widely-used digital identity is an exciting opportunity. For governments, it has the potential to boost efficiency (and to exert increased control over the citizens in regimes that lean that way). For banks, perhaps digital identity offers a way to regain a measure of control to offset the disruption of Fintechs and open data? Meanwhile tech companies such as Facebook have already shown the huge financial value that is on offer.
So, security experts and privacy advocates have good reasons to worry about any kind of universal identity. But consumers, and the organisations they deal with, have already shown their preference. Which side will win out? And will it be governments, bankers or tech companies that have the muscle – and the trust – to create the digital identity standards of the future?
ID & KYC Summit US November 7, 2017. New York
Finance Edge’s next ID & KYC Summit US will be held in New York on Nov 7 – bringing you the best minds in KYC, AML, CDD and client onboarding