Ajay Bhalla is a guest speaker at the 22 May Oxford Blockchain and Fintech Symposium, as well as in Oxford Fintech
We need to talk about our digital identity crisis.
Being able to prove who we are unlocks almost every door in modern life. Just about every task we perform leaves a digital footprint. Authentication and verification lie at the heart of every transaction.
So why is it so painful?
People online are often not who they say they are. And it’s not just humans. The explosion of hyper-connected devices and the dawn of the Internet of Things mean it’s just as likely likely that a fridge or a robot is trying to verify an identity or prove its own. In such a hyper-connected world, security is only as strong as the weakest link.
So identity is everything. But just now people are paying too high a price for it. Every day they hand over sensitive personal information online to access digital services. They often don’t know how that data’s used, where it’s stored, how safe it is, and who’s making money from it.
Consider for just a moment the number of places your personal information is scattered. How many online retailers, social media entities, healthcare services or utility providers have you entrusted with your most sensitive data, including your bank card details?
The more personal data that is stored online, the harder it is to control the integrity of this data and protect our digital identity. The increasing instances of hacks, data breaches, and identity fraud are a wake-up call. Many organizations are simply unable to secure the personal information that comprise our digital identities.
It doesn’t have to be like this. So this is how it’s going to change.
First, we start with a simple premise: Your data belongs to you and you control how it’s used.
Second, you won’t need to replicate your personal data across every website and service you use.
And third, you won’t need passwords, PIN numbers and security questions. You won’t need to dig out a birth certificate just to open a bank account, or find a witness for a passport application.
It’s a simple as saying: “Hi. This is me.”
This is how it works.
It requires a safe, fast and effective system for sharing, verifying and storing our digital identity data.
The kind of system Mastercard uses to process 60 billion transactions across more than 220 countries every year. The stakeholders of this system are the parties responsible for corroborating our digital identities, from government agencies and banks to mobile network providers and postal authorities. It works: We’ve spent 50 years stewarding complex stakeholder arrangements and defining standards in global interoperability.
This digital identity network won’t rely on retaining people’s sensitive information in a central database. The vulnerabilities are all too apparent — these are honeypots for fraudsters. Instead, emerging technologies such as blockchain are enhancing trust in digital transactions and will play a central role in authentication, paving the way for the secure platforms that move beyond simple identity and access management.
So instead of a central database of people’s most personal data, imagine if each of us had the power to pick and choose which elements from our collage of data we share with whom. And all of the parties entrusted with this data worked together under a common system and standards. It would — it will — remove so many pain points where identification is required: voting, paying taxes, accessing healthcare, applying for a mortgage — even crossing borders.
A secure digital identity comprising data from trustworthy sources would, for example, allow me to prove I’m old enough to buy alcohol without revealing my date of birth. Or let me vote without revealing my address. Or take out a mortgage without providing three years of bank statements.
There is an opportunity now to design and deliver a universally recognized and globally interoperable digital identity service backed by government, business and society. A service that enhances citizens’ rights to privacy, ownership, transparency and accessibility to their data, while putting security first.
Our business was founded on the facilitation of a trustworthy, simple, and effective way for consumers to interact with merchants. Verifying identity has always been at the heart of that process, from a 16 digit number, to Chip and PIN, then thumbprint and a new generation of processes based on biometrics and behavioral analytics. We don’t even need to store data. Instead, we digitally bind the data securely to the individual’s device, a protocol recognized by all mobile payment systems.
Currently every digital service — whether banking, government, health, travel or retail — is trying to address issues over digital identity and authentication alone. But we all share this digital ecosystem and we need to work together to define the standards and regulations to better secure it.
Ajay Bhalla is President, Mastercard Global Enterprise Risk & Security. He leads the team that develops product solutions to ensure the safety, security and experience of our products and solutions for consumers, merchants, partners and governments around the world. Ajay also serves on the company’s management committee and can be reached on LinkedIn here.