Microsoft and Mastercard have just announced that they are working together to explore the possibility of creating what they call a secure digital identity. Ideally, this would work universally with multiple service providers such as banks, e-commerce sites, government services and more.
For a long time, it has been the norm whereby verifying your identity online has always been rather tedious – some places make you send digital copies of various identification documents (everyone has their own requirements!).
Besides that, you also must remember whether you’re using an email address to sign in to a site, or a username, plus a different strong password for each site. Imagine if you only have one of each kind of service (such as an email account), it would already require you to probably remember dozens of usernames and passwords.
According to Mastercard’s president of cyber and intelligence solutions Ajay Bhalla, the modern digital identity landscape remains patchy and inconsistent – what works in one country often won’t work in another. This was the premise behind the idea of the secure digital identity.
How a Secure Digital Identity Can Make Life Better
Let’s look at the major areas where this secure digital identity system could make things easier.
Financial Services: Improve and speed the applicant identification process for establishing a new bank account, loan or payment service account
Commerce: Enable a more personalized and efficient shopping experience online and in stores, regardless of the payment type, device or service provider
Government Services: Simplify interactions with government agencies and services – such as filing taxes, applying for passports or securing support payments (e.g., Social Security)
Digital Services: Streamline and provide easier use of email, social media, movie/music streaming services, and rideshare platforms
Ideally, through a combination of identity inclusion, verification and fraud prevention, both consumers and businesses (or governments) can be protected at the same time.
Microsoft and Mastercard also claim that this will also potentially help over a billion people who are not officially recognized, “a majority of them women, children and refugees” by improving their access to health, financial and social services.
Will a Secure Digital Identity Really be Secure?
Unfortunately, the system at this point of time, sounds very much like a password manager which will work as a single-sign-on system. Why unfortunate? Well, password managers also give hackers a single point of attack – all they need to hack into is a single account and they have everything.
This isn’t as unlikely as it seems, despite two large companies like Microsoft and Mastercard working together on it since there has been precedent of failure. Take the case of the data breaches at OneLogin, LastPass and even the more recent alleged debacle at Keeper for example.
Yes, it is true that access to a universally-recognized digital identity could make people’s lives infinitely, it is also very difficult to believe that such a system could really be secured indefinitely. There are simply too many things that can go wrong.
Take the case of the Marriot data breach which we covered recently, where hackers not only stole personal information affecting over 500 million users, but the even apparently stole the keys to decrypt information which was encrypted.
Between a combination of challenges – technological, human and simply sheer chance, anything is possible. There certainly is precedent of systems setup by major companies being hacked into, so the question really would be: What will the consequences of such a system being hacked by?
Much is at Stake but Where Will Responsibility Lie?
Between 2011 to 2016, identity theft has cost 15.4 million US residents over $107 billion in losses. We have no doubt that more recent figures will be significantly higher – and that’s just one country. The Internet is global, much as Microsoft and Mastercard’s reach is.
While many benefits of establishing a secure digital identity system can’t really be disputed, the largest glaring gap we can see is accountability in case of loss. Or perhaps it opens another avenue of potential income for insurance companies, at our expense.