Digital identity is a Blockchain empowered process that allows the instant verification of customer data. Reducing both the enrollment time and fraud potential for new customers.
Many businesses struggle with creating an efficient Know-Your-Customer (KYC) process. Acquiring a new customer is very important for a business, yet during the KYC phase, the worst customer experience is delivered to the customer. Digital identity is a concept that allows new customers to bring their own personal data directly to a business, instead of the business having to scrape the information from multiple sources. The personal data can instantly be verified and can, therefore, be trusted. Proving trustworthy data instantly allows the customer to use the desired services directly. In this way, digital identity will optimize the Know-Your-Customer process.
Digital Identity Explained
A digital identity is simply an account that can be used to identify someone online. The account lives on the device of the users, for example, a phone app, which contains a collection of digital documents. These documents have personal information about the user that are verified by trusted third parties. For example, a user might have a driver’s license, a criminal record, income statements and multiple insurances on their account (Figure 1). The user is completely in control of their account. The user can grow their profile with as many documents as they would like, while they remain in full control of who they will share their data with.
Figure 1: Digital Identity of a user. In this example, the user has a driver’s license, criminal record, income statement and car insurance attached to their online profile.
Building a digital identity
To start building their digital identity, the user needs to retrieve their own personal data from parties that provide trust regarding the information. These trusted third parties are called issuers. For example, a government entity is a good issuer for a driver’s license, while a university would be the issuer of diplomas.
Let’s say we have a user called Bob who wants to add his university diploma to his digital identity. Bob logs into the website of his university. This allows him access to his personal records. The university has provided a service where Bob can download his records to his digital identity at the click of a button. In the background, the university also digitally signs his diploma and uploads the signature to an immutable, or unchangeable, ledger. Bob will also receive the location of this signature in the ledger.
Signatures on a distributed ledger
The uploaded signatures show that the university has checked the diploma from Bob and have signed a statement saying that the information is correct. This signature is now stored on the immutable ledger, meaning that it cannot be removed. From the signatures, no personal information can be extracted. Whenever Bob wants to use this diploma, he would share both his records and the location of the signature with another company. This company can now verify if the diploma is valid.
Distributed Ledger Technology
Once the signature is uploaded by the university it will remain their permanently. This provides trust in the signature as Bob nor anyone else can alter it later on. We used Distributed Ledger Technology (DLT) in the Proof-of-Concept project from VX Company, to make sure that the signature cannot be changed. DLT is an umbrella term for Blockchain and similar technologies that provide an immutable ledger. We used IOTA as this DLT provides a feeless and public network, meaning that the user does not have to purchase cryptocurrencies.
Figure 2: Adding personal information. When a user wants to have a digitally signed document for their profile, they log in to the website of the responsible issuer. The user downloads their personal information from the website. The issuer digitally signs this information and puts the signature on IOTA. The profile of the user remembers which issuer signed the document.
Impact of a digital identity
The users can share their data with any business, which can instantly verify if the data is valid. The impact of such a system can be surprisingly big. It gives businesses methods to increase protection against fraud, increase the speed at which documents are verified and improve the customer experience during these processes.
The verification process
Once the user shares their personal information with a business, the verification process can automatically begin. No additional checks between the businesses and the issuers are needed since the information provided contains a link to the digital signatures from the issuers. Using a cryptographic algorithm, the businesses are able to verify within seconds if the provided information matches the signatures. If the user altered their data without the permission of the issuer, the verification will fail. If the verification is a success, the business knows that the received document is valid according to the issuer. The business can also verify if the issuer has not edited or retracted their signature.
Figure 3: Instantly verify the information. The user shares their data with another company. The company can then verify this information by comparing it with the signature on IOTA. They verify if the data is unaltered and who signed it.
Fast and trustworthy customer information
With the current KYC process, it would often take days or weeks to verify the information of a new customer, while a business supporting digital identity would have a trustworthy profile about the customer in a matter of seconds. This provides a much better customer experience as their services could be provided on the same day at which the new customer signs up. For example, one could request a mortgage online and purchase the house the very same day. Reducing the time it takes to enrollment can make a business very attractive to potential new customers.
Digital Identity proves to be a solution in business processes where the user needs to supply documents to provide proof of their identifying information. Currently, this information is supplied via physical documents or the documents cannot even be provided. One example, where proof cannot be provided, would be the online age verification for purchasing alcohol. In the Netherlands, a simple click on the button “I am above 18” is sufficient. It was recently announced that the law might get more strict, forcing age verification (Source: nos.nl). With a digital identity, proof of the age of the buyer can be submitted.
Fraud within car insurance
In the world of car insurance, users are legally obligated to supply correct information regarding their driving history, however, this information cannot be verified by the insurance company. To combat this, insurance companies in the Netherlands actively work together to expose fraud, which saved 101 million euros in 2017 (Source: verzekeraars.nl). However, it is unknown how much undetected fraud cases are costing insurance companies.