Global fintech and funding innovation ecosystem

Digital Identity Sins

Forbes | Aidan McCarty | Jul 12, 2021

Digital identity 7 deadly sins - Digital Identity SinsIdentity is at the core of commerce, and every interaction is gated to establish trust. To transact, you must prove something about yourself — tap your credit card, enter a password, state your SSN, show your driver’s license or complete a biometric check.

In the physical world, identity is often trivial. Your very presence helps establish it. But as the saying goes: “On the internet, nobody knows you’re a dog.” The result? A piecemeal vortex of usernames, passwords, CAPTCHAs and lengthy forms forced upon users in a ceaseless effort to replicate the trust of a physical exchange. Current digital identity is expensive, inefficient and ineffective.  Put simply, it’s broken.

It’s broken because companies still lose hundreds of millions every year to fraud. It’s broken because billions of personal data points are breached every month. And it’s broken because organizations independently collect, verify and maintain potentially toxic personal user data.

See:  Digital Identity Isn’t Only For People

Fixing digital identity may be the single biggest opportunity in tech.

McKinsey estimates that better digital ID could unlock economic growth equivalent to 3% to 13% of GDP globally by 2030trillions of dollars of annual value. Government agencies, financial services, healthcare providers, insurance companies, e-commerce sites, travel services and nearly every other industry need better digital identity solutions.

A “good” digital identity — one that is verified, unique, secure and privacy-preserving with user consent embedded by design — empowers better digital interaction for everyone.

To reap the rewards of next-generation digital ID, it’s important to understand where it can go wrong. Here are seven “deadly sins” that threaten digital identity innovation:

1. Lack Of User Consent And Control

Digital identity inherently deals with sensitive personally identifiable information (PII), making user consent and control essential. Currently, regulations like GDPR and CCPA carry stringent requirements around data rights, and more regulations will follow.

Past digital ID systems have a poor track record on user consent and control. Facebook famously exposed millions of users’ data to Cambridge Analytica simply because they were friends of people who took an online quiz. New digital identity solutions must embed user consent by design and enable robust controls to manage access to personal data over time.

2. Siloed Storage And Single-Use Data

My bank, healthcare provider, insurance company, ride-sharing apps and countless others hold enormous amounts of data about me — much of which overlaps.

When I sign up, each requires that I fill out forms supplying the same basic information. And each independently holds my personally identifying data on their servers. This is hopelessly inefficient and needlessly increases my PII threat exposure.

Digital identity should be reusable and portable across organizations.

Read:  5 guiding principles for decentralized identities

3. On-Chain Storage And Blockchain Lock-In

Many new identity systems leverage blockchain technology to create auditable and immutable records. While distributed ledgers and hashing can supply substantial benefits, they must be very carefully designed. A poor implementation can lead to catastrophic identity problems down the line.

Sadly, hashed data is very difficult to unify and catalog: The addresses “123 Test Ave,” “123 Test Ave.,” and “123 test ave” all create distinct hashes. Furthermore, any hash stored on a blockchain may become vulnerable at some point in the future, and there’s no recourse should that occur. If someone hacks your hashing scheme — even 10 years from now — they have access to all of the related data ever issued on-chain.

Additionally, many designs rely on a single (often proprietary) blockchain. This is particularly problematic in light of GDPR. If anyone publishes PII to that chain, every company leveraging the identity solution may be liable.

Continue to the full article --> here


NCFA Jan 2018 resize - Digital Identity Sins The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit:

Latest news - Digital Identity SinsFF Logo 400 v3 - Digital Identity Sinscommunity social impact - Digital Identity Sins

Support NCFA by Following us on Twitter!

NCFA Sign up for our newsletter - Digital Identity Sins


Leave a Reply

Your email address will not be published. Required fields are marked *

4 × one =