Everyone uses identity documents regularly, which are shared with third parties without explicit consent and stored at an unknown location. Whether a person needs to apply for a loan, open a bank account, buy a sim card, or book a ticket, identity documents are used. Government institutes, banks, and credit agencies are considered the weakest point in the current identity management system as they are vulnerable to theft and hacking of data. Thus, the blockchain comes with the possibility of eliminating the intermediaries while allowing people to manage identity independently. But before moving to blockchain, we need to understand how identity management works and what are the challenges in the existing process.
What is a blockchain and how it works?
Blockchain is distributed and decentralized ledger technology which helps to securely store & distribute the data among all the network participants without any central control. Blockchain consensus protocol/algorithm replaces the central authority to validate the transaction authenticity. Blockchain builds the chain of blocks in the ledger where each block is linked to its previous block.
Blockchain is designed to bring all the ecosystem participants on the common agreement before adding any new transaction on the Blockchain ledger. Whenever any party initiates a transaction, Blockchain uses a consensus protocol to circulate the same transaction across all the participants to get their consent on the transaction before persisting that in the Blockchain ledger. Once all the participants agree on the transaction, then Blockchain replicates the same transaction to all the participants’ ledgers to build trust and transparency in the network. Having the same replica of transaction ledger for all the ecosystem participants helps to avoid Data reconciliation problem for smooth settlement among all the participants.
What are the problems and challenges of the traditional identity management system?
In case of online transactions it is required that individuals disclose specific personal information before they can proceed to access services. For example, before financial transactions can be carried out on platforms such as Amazon Pay, PayPal and Google Wallet, among others, users are always required to input their sign up/login details — i.e., financial and personal details. Thus, every time an individual discloses this information, it gets stored on numerous internet databases. As such, digital clones of one and the same individual spring into existence across these different platforms. This also could cause a lot of security issues, so we could say that gaining access to a major database exposes all the personal information of users and exemplifies the high vulnerability of the current system.
Most systems in place rely heavily on obtaining individual data without the knowledge of the owner, and third parties can gain access to this data without the user’s knowledge. Moreover, information contained on these online databases can be shared with third parties without the subject’s consent. When the control is left in the hands of those who own the database, the user has little or no choice in deciding whether or not they want their data shared with other parties.
The problems highlighted above point to the fact that identity management systems face the following four major challenges: Identity theft, combination of usernames and passwords, KYC onboarding and Lack of control.
- Identity theft
People share their personal information online via different unknown sources or services that can put their identification documents into the wrong hands. Also, as online applications maintain centralized servers for storing data, it becomes easier for hackers to hack the servers and steal sensitive information.
- A combination of usernames and passwords
While signing up on multiple online platforms, users have to create a unique username and password every time. It becomes difficult for an individual to remember a combination of usernames and passwords for accessing different services. Maintaining different authentication profiles is quite a challenging task.
- KYC Onboarding
The current authentication process involves three stakeholders, including: verifying companies/KYC companies, users and third parties that need to check the identity of the user.
The overall system is expensive for all these stakeholders. Since KYC companies have to serve requests of different entities such as banks or healthcare providers, they require more resources to process their needs quickly. Therefore, KYC companies have to charge a higher amount for verification, which is passed to individuals as hidden processing fees. Moreover, third-party companies have to wait for a long time to onboard the customers.
- Lack of Control
It is currently impossible for users to have control over personally identifiable information (PII). They do not know how many times PII has been shared without their consent or where all their personal information has been stored. As a result, the existing identity management process requires an innovative change. Using blockchain for identity management can allow individuals to have ownership of their identity by creating a global ID to serve multiple purposes.
Blockchain offers a potential solution to the above challenges by allowing users a sense of security that no third party can share their PII without their consent.
How blockchain can help in managing identity?
Blockchain can be used to create a platform that protects individuals’ identities from theft and massively reduces fraudulent activities. Blockchain platform helps to bring multiple parties including identity provider, customer & identity verifier on the same platform. The idea behind bringing all the parties on the same platform is to reduce the verification time, effort & financial burden of the enterprises which helps them to bring customers on board quickly.
The technology can also help businesses build strong blockchains that handle the issues of authentication and reconciliation encountered in several industries. Additionally, it can allow individuals the freedom to create encrypted digital identities that will replace multiple usernames and passwords while offering more comprehensive security features capable of saving customers and institutions valuable time and resources.
Individuals can also easily create a self-sovereign identity on blockchain. A self-sovereign identity simply refers to an individual identity which is fully controlled and maintained personally by the individual. It becomes difficult to steal such an identity from an individual, and this handles the issue of identity theft that is common on the traditional identity management system. The use of permissioned blockchains could also provide a decentralized method of registration which connotes that an individual would get an identity that isn’t dependent on any centralized authority and cannot, therefore, be controlled or interfered with by any third party without the individual’s consent.
Most of the enterprises while doing customer onboarding request for their identity before granting them access to use their resources. Upon receiving customer identity, enterprises depend on the external vendor for Identity verification which is itself a time consuming and costly process. Enterprises are spending huge amounts of money on this identity verification process. Identity management process based on blockchain, helps to save time, effort & cost for enterprises and help them to seamlessly onboard customer without involving the external vendor. Blockchain-based identity management system aims to bring enterprise and customer on the Blockchain platform so that external vendors which are an additional burden on the enterprises can be removed from the process. The result is improved trust, security, simplicity, integrity and privacy.