Posted on: Monday 19th of October 2015
Every organisation wants to know when its dealing with customers that they are who they say they are. Sometimes a user name and password is enough assurance, or the fact that they have successfully logged on to another service such as Facebook Connect. Sometimes – especially if payments or fraud are a possibility – organisations want more proof.
Trouble is, current methods of identity assurance are broken. Every organisation has created its own processes, leading to massive duplication of effort by both organisations and their customers. And the processes that have been created are not very secure.
Numerous solutions have been proposed, one of the most ambitious being Verify, the UK Government’s identity assurance programme. Under this programme a range of private sector companies will compete to provide individuals with secure identity tokens that they can use to log-in to all Government services and, in the future, private sector services too.
Three things stand out about Verify. First, it operates on a ‘make once, use many times’ basis. Once individuals have got their identity tokens they can use it again and again. This cuts out a huge amount of the costs created by duplicated effort. Second, it’s a person-centric approach – the individual is given their own identity – a personal information asset which they can use to manage their lives a little more efficiently. Third, it’s privacy protecting. Once the identity has been created, individuals don’t have to hand over lots of other rich information like passport or driving licence number. They just have to hand over their single, assured identities which proves ‘I am who I say I am – you don’t need any more data about me’
What are the implications of such developments?
According to recent Ctrl-Shift research, identity assurance costs UK businesses and consumers around £3.2bn a year. That’s a big market. However, after an initial period of growth as identity services grow to critical mass, these costs will fall dramatically, because new electronic ‘make once and use many times’ approaches to identity assurance are so much more efficient.
The potential of ‘verified attributes’
But there is a huge untapped potential within this. Every ‘identity’ is made up of a collection of verified attributes, such a birth certificate, driving licence, passport. But once we stop to think about it, there are countless attributes about individuals that can be verified. Some examples including their employment status, their educational and other qualifications, their rights and entitlements, their purchases and purchase histories, their financial transactions, their medical diagonistcs, DNA and health records. And so on.
We are moving towards a world of attribute exchange, where routinely and as a matter of course, when individuals do business with organisations they can offer up a variety of verified attributes to support, inform and streamline the interaction. In this world, every organisation is both an attribute provider and an attribute user – creating rich and vibrant ‘market’ for verified attributes.
It’s sensible – and indeed economically and ethically logical – for the individual to become the natural point of integration of this increasing array of verified attributes about the person. This will only be achieved by the individual giving permission for attributes to be shared between organisations or other people, or holding them as secure electronic tokens in their personal data stores.
Individuals will be able to use these verified attributes to manage every aspect of their lives better: their homes, their money, their health, their lifestyles, transport and so on. This is where the emerging market for PIMS (Personal Information Management Services) kicks in – a market which Ctrl-Shift estimates will be worth at least £16bn in the UK.
But who will be the main players in this burgeoning market for verified identities and attributes? How will it reach critical mass, using what technologies, standards and platforms? What are the commercial opportunities and business models? And what the new value opportunities for consumers, customers and citizens.
We’ll be exploring these questions in a special ‘Identity and Beyond’ track at our Growth Through Trust conference in London on December. We’ll hear Mike Bracken, formerly at the Government Digital Service and The Guardian and now at the Co-Op, distil his experiences and map the opportunity as he sees it. We’ll hear from the Digital Catapult about its initiatives to establish a trust framework for personal data and to enable a market for verified attributes. We’ll hear from companies taking part in the Verify programme, and entrepreneurs innovating around identity and verified attributes.
Every personal, or personalised, service starts with identity in some form. So cracking the challenge of identity and verified attributes in a way that sustains trust and enables innovation and growth is key to the future of the personal information economy. This is your chance to learn from those at the cutting edge of tomorrow’s identity landscape.