Article by Sphere Identity CEO Katherine Noall
The advent of the internet has revolutionised the world, becoming an integral part of society with almost every aspect of everyday life moving into the digital dimension. In today’s information age, troves of personal data and records on almost any individual are readily available to anyone with an internet connection, making them a prime target for cybercrime, hacks, and identity theft. As the technology landscape continues its rapid advancement, so does the need for adequate security measures.
Most online transactions require some form of identity verification, otherwise known as Know Your Customer (KYC), as a precautionary measure to prevent fraud and comply with anti-money laundering (AML) regulations. As such, internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.
Data is now fuelling businesses, and consumers’ personal information is quickly becoming the most valuable resource as companies utilise the gathered data to power everything from research and development to targeted marketing strategies. However, storing vast amounts of consumer data in centralised databases makes it extremely attractive for hackers and bad actors.
According to the global risk report published by the World Economic Forum 2019, cyber attacks and data breaches have been listed as the fourth and fifth most serious risks facing the world today. This report rings true when we look at Singapore’s recent HIV data leak scandal earlier this year, whereby 14,200 people’s personal information and health records were made public by an individual who hacked the central server where this information was stored.
Unfortunately, the current centralised state of the internet limits the amount of online data that can be protected. With all the information about an individual being passed through various centralised servers, users often have very little control over their own data. However, with a decentralised identity, individuals would be able to play a more dominant role in controlling their own online identities and keeping their information private, rather than leaving that responsibility in the hands of self-serving organisations. Similarly, integrating blockchain technology can prove advantageous for organisations as well.
As we look back over the past number of years, there are numerous cyber attacks that stand out. On the back of one of the most notorious data breaches of 2018, the Facebook—Cambridge Analytica data scandal where millions of users’ data was utilised for political purposes without their consent, and the infamous Equifax cyber attack of 2017 that affected 140 million individuals, collecting personal information or using customers’ data without their permission could certainly be deemed as a privacy infringement. According to CA Technologies’ Digital Trust Survey and Index study in 2018, the Asia Pacific and Japan region reported that 63% of consumers have no trust in the ability of an organisation to safeguard and protect their user data.
As the world’s most in-demand resource is no longer oil, but data, and with hacks, leaks, and breaches rampant, it is no longer just consumers that are affected. A LexisNexis survey on the True Cost of AML Compliance revealed that compliance costs are on the rise, with KYC accounting for 14% of AML compliance costs. Furthermore, the costs are also driven up by the increasing amount of time it takes to onboard a customer, making the entire process not just costly for the business, but tedious for the consumer. With increasingly heavy administrative processes, KYC is indirectly making products and services less attractive to buy, leading to increased abandonment rates which, in turn, affects a company’s bottom line.
Aside from reducing the time needed for KYC verification processes, decentralisation eliminates the need for third-party agencies, which contribute largely to the additional costs associated with AML compliance. Decentralised identity solutions also allow users to have more control over the information they release, by giving individuals the option to choose what information should be shared with a particular organisation, and making it clear when and how it is being shared.
Just recently, IBM announced its plans to streamline its KYC process by implementing blockchain technology to provide improved efficiency for consumers when authentication is required. Faced with rising costs and mounting customer dissatisfaction, corporations are beginning to realise the need for compliance processes to be automated and streamlined, by replacing the slow and tedious use of paper or lengthy online forms with emerging technology such as blockchain.
Presently, there is much energy being placed into the development of decentralised technologies that will help to bring the concept of self-sovereign identity to life, and 2019 will undoubtedly see such promising solutions coming to fruition. Optimally, the benefits of the solution should be two-fold — streamlining identity verification processes while restoring control of sensitive personal information back to the users.