Digital Identity : Peeling Back the Onion

Sachin Mahajan, Director, TELUS

The Internet without high assurance identity services is akin to a house without plumbing and electrical wiring. We are now collectively starting to launch various products & services to simplify people’s life but the real goal is to build a strong foundation to allow Digital Banking, IoT and other services to unleash their true potential with a friction-less user experience.

What is Digital Identity?

There are way too many definitions & perceptions about digital identity, which partly is the problem.  For me, it is as simple as “a mechanism for an individual or a business entity to identify themselves on the internet with some level of assurance (trust).”

Some of the others include:

• Digital Footprint left behind when one surfs the internet :

Companies such as Google and Facebook create online profiles of people to provide a focused, relevant and contextual experience. For e.g. if I searched google images for the key word “Jaguar”, I would instantly be shown images of a car whereas my wife would be shown images of the almost extinct Panther species.

• Online persona adopted or claimed by an individual:

I came across a company from the UK, whose tag line is, “When your heart stops beating, you’ll keep tweeting’”.  It is somewhat of a controversial app that updates an individual’s Twitter feed in the same style as they would normally tweet. In essence ones digital persona would continue to live even beyond the grave. A very interesting thought indeed.

• It comprises of characteristics, or data attributes, such as Username and password, Date of birth, Social security number etc. and a million other boring definitions

Why should one care about it?

Two simple reasons: Economics and superior quality of experience!

• Did you know that MasterCard and Visa charge anywhere between 1.5-3.5 percent of the transaction value in the physical world vis-à-vis 6-9 percent in the online world!!! The reason for the disparity is as simple as the inability of companies to authenticate people digitally in a secure, reliable & robust manner!

• Did you know that between Google, Facebook and other online giants, they collectively make an average of USD 200-250/North American broadband user annually? What that means is that “Digital Identity” has let them unlock USD 50+ Billion of annual revenue and growing!

• Did you know in 2012, the average cost of recovering from identity fraud was upwards of USD 20,000 with almost 50 percent people admitting that if their identity was stolen they would not have the means to manage the recovery process.

What are the different levels of assurance of digital identity?

The following chart helps provide a framework to begin to better understand and categorize the various levels of assurance & Strength of Authentication across multiple digital channels:

Source: Consult Hyperion/Telus

Levels of assurance:

• Level 1 – Little or no confidence in the asserted identity’s validity an example of it would be registration requests on a news website

• Level 2 – Some confidence in the asserted identity’s validity

• Level 3 – High confidence in the asserted identity’s validity to enable accessing sensitive personal data online

• Level 4 – Very high confidence in the asserted identity’s validity. A typical use case would be providing remote access to a law enforcement database

Digital identity is evolving quickly and is becoming a key enabler across multiple portfolios; be it IoT, Security, mobile wallets or e-commerce.  Consumers are being presented with a greater variety of low assurance authentication methods as the competition to become the de facto identity provider among some of the world’s biggest companies is heating up (Apple, Facebook, Google, Amazon etc.). On the other hand Telcos (AT&T, TELUS, Vodafone, O2), Banks and Governments are focusing on higher assurance authentication methods, where its imperative to know the identity of the person on the other end (Medical Insurance, Drivers license renewal, Access to medical reports, Registry services etc.) It clearly is a fascinating space right now and I can’t wait to see how we help it evolve over the next few years.