With the vast levels of fraud and related criminal activities that are now taking place globally, establishing trust in a person or business has become urgent. As such, Know Your Customer (KYC) and Know Your Business (KYB) processes are used to mitigate related risks and verify customer identities across many industries, not just financial.
Digital ID development has been pivotal in this space. The way businesses and people prove who they are is evolving rapidly. We’ve moved from talking about digital ID to prove who a person is, to talking specifically about digital ID wallets holding a variety of credentials proving a person’s eligibility. For education, employment, or travel, for example.
There’s been a shift in thinking from wallets that carry credentials – where issuers verify the wallet owner before credentials are issued into them – to wallets that are themselves ‘trusted’.
When a key trusted ID credential – such as the EU’s national ID card or UK credentials verified to a level of trust by certified ID Service Providers – is placed securely within a wallet, it forms a ‘trust anchor’. The wallet becomes ‘trusted’.
Trusted credentials from various sources, education credentials from universities, for example, can then be linked easily to the trust anchor and placed, stored, and managed in that wallet. The burden on issuers to establish trust in an individual before releasing credentials into their wallet is removed, making it easier to release credentials into the ecosystem.
When these credentials are presented to relying parties from that wallet, the burden to ensure the credentials were issued legitimately is removed, because the wallet has already established the trust element.
There’s a separation between the storage of credentials and their presentation in a consistent format. For digital ID to be interoperable across sectors and borders, with all parties fully engaging, digital ID wallets must deliver many types of credentials in a consistent format. If relying parties can’t consume them easily, their route to digital ID adoption will be slower.
All markets have this gap and there’s much still to do here. To ensure the consistency of personally identifiable data in its EUDI wallet, the EU has recognised the importance of consistent data schemas for different types of credentials. However, it’s yet to prescribe the format for other trusted credentials that will be vital to the ecosystem, like education or employment.
Programmes ensuring that credentials can be issued in a consistent format are needed, and trust frameworks, which provide the rules and guidelines around digital ID, will play a vital role here. While frameworks do not need to go into great detail around the technical implementation of wallets, as is the case in the EU, they should be extended to support wallets, and more specifically, provide conditions to ensure credential issuer presentation consistency. This will ensure interoperability can be achieved across the ecosystem.
Governments can play a valuable role here by developing robust trust frameworks. Wallets, however, should be developed by the private sector. Creating, managing, and evolving wallets that accept multiple types of credentials is complex and costly. It goes beyond what any government does today. The focus for governments should be ensuring that only framework-approved private sector wallets hold government credentials. This would help alleviate privacy concerns about governments monitoring citizens’ movements through wallets.
Trusted digital ID wallets will be a game-changer in digital onboarding processes, but we believe they must be ‘smart’ to ensure end-user engagement. The EUDI wallet is progressing quickly, but it’s not yet a ‘smart’ wallet. Users will need help to understand which credentials, or parts of a credential, are needed, what’s missing, and how to obtain them, to prove they are who they say they are. These are complex requests and users will need guidance through the process.
Similarly, relying parties onboarding users digitally will need guidance to process complex transactions. There’s a market opportunity here for a new ‘smart agent’ role. Certified wallet providers can focus on the storage of credentials in wallets, but the processing element - what credentials users have or need, and how they are presented – could be done through smart agents interacting with users on behalf of relying parties.
The UK is extending its trust framework to enable certified private sector wallets, recognising wallet providers as separate from ID providers.
There’s still a need for consistency and we’ll be calling this out with governments. Digital ID wallets are complex, as are the digital ID transactions they enable. To ensure digital IDs are widely adopted, we need to make sure they are easy to consume.
Ultimately, ‘trusted’ wallets are where the EU and the UK are heading, albeit through different wallet provider strategies. This subtle shift in thinking from wallets to trusted wallets will prove a crucial one in the mission to establish trust inclusively, easily, and confidently.
This editorial was initially published in the Emerging Technologies and Trends in Identity Verification, KYC, and KYB Report 2024. The report dives into the latest practices and technologies that enable financial institutions and regulated entities to reduce fraud, build trust, navigate evolving regulatory and compliance requirements, and cut operational costs. You can download your free copy here.
Nick is known for his in-depth knowledge of the identity industry, its challenges, and requirements, across various sectors. As Chief Strategist of the Open Identity Exchange (OIX), an influential non-profit trade organisation with a global presence, Nick is leading the development of clear guidance around interoperable, trusted identities with organisations globally.
The OIX is an influential non-profit trade organisation with a global presence that is on a mission to create a world where everyone can prove their identity and eligibility anywhere through a universally trusted ID.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now