When users introduce themselves to businesses online, they most often do so with a combination of a username and password that becomes their identifier. It works in the same way as if you had written your information to a directory. Each organization establishes its own directory that represents their customer base and over which they have overall control.
This is also the reason why users need to register for each new service; with each of the next steps requiring them to disclose more to the business. In doing so, the latter gradually gain insight into their lifestyle and purchasing habits, whereas the rapid technological development and globalization allow them to thoroughly analyse them through their age, gender, location, interests etc. This kind of segmentation is also a prerequisite for businesses to be able to reach their customers with more personalized messages and offers.
Entering the same personal information at each new registration soon becomes tiring for users. An even bigger problem is the security of such information, as the combination of username and password should not be duplicated or stored on computers with Internet access, which in practice means that users have dozens of combinations at the same time, which they tend to quickly forget.
Some digital services therefore offer users the option of logging in with the same identifier, or in other words a combination of a username and password that they otherwise use to access the most popular platforms, such as Facebook, Twitter or Google. This seems like an ideal and easy solution, but it’s important to note that this provider an access to the personal information that these platforms have.
In many countries, some services, especially those of a more sensitive nature (e-taxes, e-education, online banking, etc.), are also accessible with the help of personal digital certificates, certificates or through a dedicated application. From a security point of view, such solutions are actually safer, but far more expensive for providers. The user experience also suffers, as installing them is usually more complicated and limited to just some personal devices, and it also increases the number of steps required for a particular task through validation and codes via sms or email.
“The common denominator of digital services today, therefore, is that they are all “rental relationships” where users are dependent on the conditions set by providers; and in doing so, they often unaware give away valuable personal information,” explains Tomislav Mučič, CEO of Netis, where under the AceBlock brand they develop innovative solutions for secure online communication and personal data management based on blockchain technology. “Digital identity of a user, alone and outside of a particular web service, does not exist at all, since it is merely a collection of different information held by companies about it.”
As Mučič continues, the problem arises because many of our personal information is available to different providers on the web, but users don’t have any control over them. “This poses a major security risk, as hacking into a central system can instantly hurt thousands, even millions, of individuals who have trusted the company.” Remember the high-profile scandals, including Cambridge Analytics, the Marriott chain of hotels, or Capital One, and the whole list is, of course, much longer.
Such cases also occur in Slovenia, when for example medical records of patients of a certain hospital appeared online. “Therefore, today’s way is neither “practical” nor sustainable.” From the provider’s point of view, this means that they must retain and manage an extremely large amount of personal data, which is expensive; and at the same time, they must check the data of the individuals repeatedly with an external service which can ensure that the data is authentic. This usually means that processes are complicated and time-consuming for the user.
We live in a time when the term identity is becoming extremely broad. In the real world, we express it in physical form and with certain ubiquitous statements, such as a passport, ID or driver’s license. But we are also entering relationships on the Internet where we need confirmation of who we are, except that we do not yet have a proper equivalent here.
According to Mučič, the crucial transition that we urgently need and which will enable a significantly greater number of efficient, secure and trusted digital services is the appropriate digital identity (SSI – Self-Sovereign Identity). SSI is based on the concept that digital identity becomes a right for every individual. Because it is portable, it allows one online privacy and free movement between different web providers or services from one point. In his view, this is possible only in the way that the individual becomes the owner of the data and autonomously decides which provider or for what purposes and for how long he will share his data with.
SSI-based solutions are also being addressed by giants such as Microsoft and IBM; and many legal bodies which are involved in the standardization of digital identity at EU and national level. “Initiatives are growing in all corners of the globe to equate digital identity with physical identity, thereby simplifying and securing procedures for logging into online systems,” says Mučič, and continues that a safe, verifiable and thus trustworthy entry point is essential, because in addition to being used for commercial purposes, it can also build the necessary infrastructure for digitizing public services, health and education, “which is of particular importance in this moment of time, when our habits are radically changing. “
By keeping all personal information in one place, digital identity eliminates the efforts to collect personal information that has already been collected elsewhere. Of course, this begs the question: Is the solution which is proposing data is no longer owned by an organization profitable at all? “The answer is an absolute yes,” says Mučič who is convinced that the solution is extremely interesting for companies that are today legally responsible for personal data. “By establishing a kind of independent identity system that can be trusted by everyone – companies, organizations, governments and public institutions -companies can actually increase their operational capacity without having to manage the data.”
Therefore, even in the case of SSIs, companies can still access all the data they need for segmentation, however in this case the data is made available to the users themselves. Mučič is also certain that SSI will in the future stimulate the development of many innovative business models, since companies will be able to offer some benefit or added value (such as a lower bill, coupon, discount) to an individual in return for analyzing their data, thereby building loyalty, with less effort required to give the user a more targeted and personalized offer.
“SSI is still a concept in these moments that cannot be realized without practical application. In addition to standardization at the global level, we also need a large enough pool of companies and services that can be managed in this way, “adds Mučič. At his company Netis SSI solutions based on blockchain technology are already being developed through pilot projects with business partners from the energy and healthcare sectors; but as he puts it, they can be applied to a number of others: “A secure identity is a prerequisite for a world where we also need to be digitally connected if we are to survive. In my opinion, straightforward networking between companies, especially from different industries, will be crucial now and after covid-19 crisis.” With one identity – which is technologically backed by different safeguards than existing ones – several complementary services can also be integrated into the joint offering. For example, in the case of tourism, these could mean a union of caterers, accommodation providers, recreational activities, tour guides and local festivals. The user would receive offers, benefits, coupons and tips from all of the above, and make payments through a single, completely secure mobile app, depending on their preferences and location. “This would offer him a unique, personalized experience and an exceptional user experience and make him use the service longer,” Mučič further explains.
The article was originally published in Slovene newspaper Finance in a segment IKT Informator and is available here.