Mahi Sall, Advisor, Fintech-Bank Partnerships, Payments and Financial Inclusivity
January 25th, 2023
Mahi Sall is the CEO & Founder of FinXpair, a Berlin-based strategic advisory boutique firm focu[...]
Digital Identity Sins
Forbes | Aidan McCarty | Jul 12, 2021
Identity is at the core of commerce, and every interaction is gated to establish trust. To transact, you must prove something about yourself — tap your credit card, enter a password, state your SSN, show your driver’s license or complete a biometric check.
In the physical world, identity is often trivial. Your very presence helps establish it. But as the saying goes: “On the internet, nobody knows you’re a dog.” The result? A piecemeal vortex of usernames, passwords, CAPTCHAs and lengthy forms forced upon users in a ceaseless effort to replicate the trust of a physical exchange. Current digital identity is expensive, inefficient and ineffective. Put simply, it’s broken.
It’s broken because companies still lose hundreds of millions every year to fraud. It’s broken because billions of personal data points are breached every month. And it’s broken because organizations independently collect, verify and maintain potentially toxic personal user data.
See: Digital Identity Isn’t Only For People
Fixing digital identity may be the single biggest opportunity in tech.
McKinsey estimates that better digital ID could unlock economic growth equivalent to 3% to 13% of GDP globally by 2030 — trillions of dollars of annual value. Government agencies, financial services, healthcare providers, insurance companies, e-commerce sites, travel services and nearly every other industry need better digital identity solutions.
A “good” digital identity — one that is verified, unique, secure and privacy-preserving with user consent embedded by design — empowers better digital interaction for everyone.
To reap the rewards of next-generation digital ID, it’s important to understand where it can go wrong. Here are seven “deadly sins” that threaten digital identity innovation:
1. Lack Of User Consent And Control
Digital identity inherently deals with sensitive personally identifiable information (PII), making user consent and control essential. Currently, regulations like GDPR and CCPA carry stringent requirements around data rights, and more regulations will follow.
Past digital ID systems have a poor track record on user consent and control. Facebook famously exposed millions of users’ data to Cambridge Analytica simply because they were friends of people who took an online quiz. New digital identity solutions must embed user consent by design and enable robust controls to manage access to personal data over time.
2. Siloed Storage And Single-Use Data
My bank, healthcare provider, insurance company, ride-sharing apps and countless others hold enormous amounts of data about me — much of which overlaps.
When I sign up, each requires that I fill out forms supplying the same basic information. And each independently holds my personally identifying data on their servers. This is hopelessly inefficient and needlessly increases my PII threat exposure.
Digital identity should be reusable and portable across organizations.
Read: 5 guiding principles for decentralized identities
3. On-Chain Storage And Blockchain Lock-In
Many new identity systems leverage blockchain technology to create auditable and immutable records. While distributed ledgers and hashing can supply substantial benefits, they must be very carefully designed. A poor implementation can lead to catastrophic identity problems down the line.
Sadly, hashed data is very difficult to unify and catalog: The addresses “123 Test Ave,” “123 Test Ave.,” and “123 test ave” all create distinct hashes. Furthermore, any hash stored on a blockchain may become vulnerable at some point in the future, and there’s no recourse should that occur. If someone hacks your hashing scheme — even 10 years from now — they have access to all of the related data ever issued on-chain.
Additionally, many designs rely on a single (often proprietary) blockchain. This is particularly problematic in light of GDPR. If anyone publishes PII to that chain, every company leveraging the identity solution may be liable.
Continue to the full article --> here
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
 |  |  |
Support NCFA by Following us on Twitter!Follow @NCFACanada  |
Related Posts
Federally Chartered Banks and Thrifts May Engage in Certain Stablecoin Activities- Equity crowdfunding is here to stay
- Jack Ma’s Double-Whammy Marks the End of China Tech’s Golden Age
- Ask Richard: Advice for Dadpreneurs
- Expert Roundup: DeFi Smart Contract Audits
- UK Investment Crowdfunding Platform Seedrs Releases 6 month Infographic
Leave a Reply