A worldwide digital identity standard is lacking, but in many forms of digital-era fraud, thieves steal digital identities to pose as legitimate customers and commit crimes like bank account takeover and mobile subscription fraud. While the need for stronger digital identities is rarely disputed, whether CSPs can step in to fill the void as secure digital identity brokers is subject to debate.Some CSPs are delivering and driving adoption of digital ID brokerages, but they are struggling. In the US, for example,
Zenkey is a joint effort by AT&T, T-Mobile, Sprint (now T-Mobile) and Verizon to provide a superior alternative to digital identity brokerages provided by social media giant like Facebook. Zenkey effectively tokenizes the subscriber information operators already hold to protect customers from digital identity theft.
While Zenkey is available to any developer that wishes to use it, the effort faces numerous hurdles:
- It isn’t global
- Its brand isn’t widely recognized like Facebook or Google
- Its superior security is not likely understood by consumers
- It is starting from zero adoption
- It does not solve for digital identity establishment at the point of subscriber sign-up
Empowering identity owners
What Zenkey does well, however, is give digital identity ownership back to the individual and tokenize digital identity so that no personal information is exposed or monetized.
For individual people worldwide to gain control over and own their digital identities, “the architecture has to change,” says Chris Drake, CTO for iconectiv, the US policy administrator for the country’s Calling Number Verification service. “There needs to be a digital ID and it needs to be tokenized so it can be unique and shield people,” he argues. “That obfuscation should be the only thing that is presented.”
Drake contends that every individual should be issued a secure digital ID that would be governed by a public key encryption system like that for SSL certificates, and this kind of fundamental change is only likely to happen by government mandate.
“Governments need to recognize we are all living in a digital economy, and it’s time to issue legitimate, tokenized digital IDs to people based on authentic, verifiable credentials,” he says.
A few nations have taken the lead on establishing digital identity standards as part of their official, national identity documentation methods. For example,
Estonia is recognized as a world leader on a national level. A full 98% of Estonians have government issued identity cards coupled with official digital identities. Similarly, more than
70% of the populations of Sweden, Norway, Finland and Denmark have been issued official digital identities. Digital identity is also emerging in Poland. In most cases, however, when companies seek digital identity solutions, they don’t turn to government agencies for answers.
Can CSPs step in?
Whether this commercial gap represents an opportunity for CSPs to offer digital identity brokerage services is unclear.
GSMA and Juniper Research argue that mobile digital identity demand will grow more than 800% in the next five years, representing a $7 billion worldwide business opportunity for CSPs. GSMA also points out that mobile identity systems are easier to scale than the card-based systems governments are developing. But some experts are skeptical.
“Most operators aren’t in the business of selling fraud solutions, and it’s not something operators may be prepared to step in and deliver,” says a senior fraud manager for a large European operator group.
He says that although operators may provide data like SIM tenure to banks via APIs to support their risk-based decisioning, banks tend to “factor that into their risk infrastructure.”
“Is the banking industry going to ask telecom to do that (digital identity) for them? They’d rather have the data,” he argues.
Multi-industry collaboration may be needed
A single-industry approach may not be best because verification of digital identity is a requirement for many industries. Indeed, digital identity theft and fraud are cross-industry problems. An ideal solution would include parties from across stakeholder industries like telecom, financial services, retail and travel.
This would likely require government cooperation. Scanning official documents like passports and national IDs, coupled with document analysis and biometric factor matching, is now considered best practice in digital onboarding. Any digital identity collaboration would also need to be regulated in terms of data privacy, authorized use and data monetization. Digital identities should be tokenized as well, and as is the case with Zenkey, ownership should reside with the individual.
A diverse, multi-party approach would give customers the ability to sign-up across a broad range of apps and physical points of presence, likely whichever they trust most. A recent survey by FICO, for example, found that nearly 70% of people would trust banks to provide biometric identification, such as a fingerprint or iris scan. By contrast, only about 8% would trust a social media company.
A multi-party approach would make adoption easier for consumers, although it would put greater onus on participants to ensure consistent alignment with the end-to-end standard. Given, however, that crimes like account takeover fraud, which often involves personal bank accounts being emptied,
grew nearly 350% between 2018 and 2019, there would seem to be plenty of impetus for industries to rally around a digital identity effort and solve this massive, collective problem.
To learn more, check out our new report: 
