In a world of remote transactions and all-digital communication, trust matters when we are doing business with someone or accessing a service of some sort. But how can we be sure that the other party is genuine? Or if they are even human?
Identities are quite a complicated thing – a combination of features, demographics, social characteristics, likes, dislikes, and beliefs. Everything from your passport number to your favorite coffee place is a proof point about the uniqueness of your identity. But does this matter at all in the digital space? To some extent, yes. Our digital identities are a mix of unique information that belongs to us, as individual users, and to no one else.
In the digital world that we live in today, businesses from every industry are moving to online models. Shopping has turned into e-commerce, banking is “online banking”, and security is “cybersecurity”. From banking to travel, companies are developing digital infrastructures to connect with their customers in real time and provide them with the expected user experience. It seems quite logical for identification to also be transitioned in the digital space. But did you know that the password “123456” is still used by 23 million account holders? And this is where we start talking about Digital Identity and Digital IDs.
A digital identity simply represents the identity that is claimed online by an individual or an organization. This identity consists of all the generated information about a user’s online activity, including their usernames and passwords, birth date, browsing history, and more. Digital IDs, on the other hand, can be thought of as tangible electronic artifacts that prove identity and make identification possible. Digital IDs, for example, can come in the form of passwords, PINs, security tokens, or a combination of these. They are authenticated unambiguously through a digital channel in order to allow the user to gain access to banking services, government benefits, education, and many other services.
It is hard to grasp that more than a billion people around the world have no way of proving their identity, which makes it difficult for them to access critical services like healthcare, education, voting, and more. According to studies, the widespread usage of digital IDs can unlock economic value that is equivalent to 3-13% of the world’s GDP by 2030, with more than half potentially filling the pockets of individuals.
The most characteristic feature of Digital IDs that differentiates them from paper-based IDs is their ability to be authenticated remotely over digital channels. Unlike driver’s licenses and passports, which are issued by government bodies, Digital IDs can also be issued by any kind of entity – by local and national governments, by a consortium of private or nonprofit organizations, or by individuals.
The technology that is used to perform digital authentication could differ from a Digital ID to a Digital ID, while paper-based IDs are mostly authenticated in the same way. The difference in technology means a difference in the quality of performance and security of Digital IDs. By and large, good Digital IDs must possess the following three attributes.
These principles can ensure that digital IDs are utilized to create value and bring ease and security into the lives of individuals. Should they be neglected, however, the technology can also be used to create harm. There are inherent risks, which, without proper controls, can serve as opportunities for harmful purposes. Such are the motivations of hackers to make profit from the collection and storage of personal data, the motivation of politicians to manipulate the electorate, or to exercise social control through surveillance and restriction of access to payments, social media, and travel.
Some risks are associated with the chance of technological failure, such as the functionality of the hardware or software of digital IDs as well as the infrastructure that ensures effective system use. As the global datasphere is expected to reach 163 zettabytes (one zettabyte is a trillion gigabytes), by 2025, cybersecurity threats also pose an increasing risk.
Being at the cornerstone of the digital economy, digital identities require the close collaboration of different sectors and players to guarantee trust and security across all means of authentication. In simple terms, these players are governments and public service providers, customers, and private sector stakeholders.
Governments and public providers: They create and manage digital identities and ensure the proper supervision of the systems around them. Governments and public bodies use digital IDs to provide trust, transparency, convenience, security, and standardization in law enforcement, regulation, and e-government services.
Individuals: As consumers and members of the civil society, they could use their fully-sovereign digital identity as ePassports, mobile driving licenses, eIDs, as well as for accessing eServices, and eHealth.
Stakeholders from the private sector: Businesses would be able to offer additional, lower risks, and fulfill compliance regulations in all kinds of sectors – finance, telecommunications, e-commerce, IT, banking, and more.
When it comes to the enabling technologies in the digital identity space, it includes AI, biometrics, Bluetooth, IoT, DLTs (deep-level transient spectroscopy), Wireless technology, smart cards, and embedded industrial control systems (ICS).
In the UK alone, around 25% of fintech apps are abandoned due to difficulties in the registration and onboarding process. Should digital IDs have more widespread use, this wouldn’t be a problem.
With use cases in both the civil and business domains, Digital IDs can be used by individuals in six different roles: as consumers, workers, microenterprises, taxpayers and beneficiaries, civically engaged individuals, and asset owners.
According to McKinsey, the four biggest benefits of digital IDs that bring direct economic value for individuals are increased use of financial services, improved access to employment, increased agricultural productivity, and time savings. Whereas, the five largest sources of value for the public and the private sector are cost savings, reduced fraud, increased sales of goods and services, improved labor productivity, and higher tax revenue.
The short answer is that digital IDs are virtually applicable in every single sector. Here are some of the industries and use case examples.
As the Head of Innovation and Design for Visa Europe explains, the three main factors of authentication are something you know, something you have, and something you are. However, in the online space we have been mainly relying on the “something we know” factor – our passwords and usernames, and occasionally on “something we have” – our email accounts and devices. This leaves the last factor “something we are” out of the picture and causes some fragmentations, frustration, and friction.
The frustration comes from the fact that, on average, people have to remember between 70 and 80 passwords. Three-quarters of all Internet users have reported that they have to reset at least one forgotten password in the past 90 days. This causes inefficiency as hundreds and hundreds of different identity management and authentication solutions are doing the same thing. Not to mention that managing constant password resets could cost businesses an estimated US$70 each time.
In essence, that illustrates the scope of the problem passwords cause in the banking and fintech space. Forecasts show that banking and fintech companies will account for close to 62% of digital identity verification spend by 2026. According to a KPMG study, 67% of banking leaders report having already invested in biometrics technology, which indicates that digital IDs are moving slowly but steadily into the financial services world.
A World Bank research points out that 63% of European citizens want a secure single digital ID for all online services, while another 72% want to know how their data is used.
Despite that widely held sentiment and expectations, only about 60% of the EU population in 14 Member States are able to use their national eID cross-border. Only 14% of key public service providers across all Member States allow cross-border authentication with an e-Identity system. The countries that have implemented digital identity models remained mainly concentrated in Western and Northern Europe. Here are the latest developments happening in Sweden, Germany, Denmark.
Denmark has achieved an eID adoption of more than 90% of their citizens. Millions of Danish citizens use public and private digital services through their eIDs. The most recent nation-wide innovation in the digital identity space was the launch of MittID – an eiD solution that allows citizens to access public self-service solutions.
Norway is one of the leading countries in digital payments using eID. More than 75% of all Norwegian citizens use the popular digital payment tool called Vipps.
In Iceland, 95% of the eligible population (13 years or older) has either an eID on a smartphone authentication app or an eID card. Additionally, 47% of those with a driver’s license have a digital license in their mobile phone wallet, which is accepted as a valid identification method in the country.
Starting in, Latvia will provide eID cards as a mandatory identity document for all its citizens and non-citizens over the age of 15. This identity card would be an identification tool guaranteed by the state, so citizens can easily and effectively access any public service.
In May 2021, the European Commission unveiled plans to introduce a bloc-wide digital ID. This EU-wide digital wallet would enable all EU citizens to connect their national digital ID with other personal attributes, such as their driving license, bank accounts, and diplomas, and store all the data on their mobile phones. The vision is to make the European Digital Identity Wallet recognized in all EU member states so that citizens can prove their identity and share electronic documents with just a click of a button on their phones.
To get the first perspective of a founder who is developing a startup for digital identity solutions, The Recursive team reached out to Tomislav Bošnjaković, co-founder and Product Owner of Identyum, a Croatian company developing a tool for companies to digitally transform their businesses. The platform allows businesses to perform online customer identity verification and onboarding, authenticate them, extract external financial data about customers, and provide legally valid e-signing.
The startup is part of the Visa Innovation Program, managed by one of the leading early-stage venture capital funds in the SEE, Eleven Ventures. Here is what he shared about his experience building Identyum and scaling the solution as part of the Visa Innovation Program cohort.
Tomislav Bošnjaković: Identyum is a digital identity provider and is in the business of strong digital identity. Our team has a lot of experience in the financial and banking industry where proof of strong identity is essential, especially if clients want to get services online without going to the branch offices. Our goal is to provide citizens and physical persons with strong digital identity solutions that they can reuse. At the moment, we do have a lot of KYC solutions on the market, which allow users and companies to prove someone’s identity online. However, a person has to do it over and over again for each company and this is causing a lot of friction. In addition, it is time-consuming and it costs a lot of money for companies to integrate all technology needed to do it properly.
Such complex technologies and solutions are something that big banks and corporations can afford, but small and medium ones cannot. They are basically lagging behind because they cannot afford the same technologies as their bigger competitors. Our solution is providing citizens with their own digital identity card or ID wallet, which they can use to access the services of companies from various industries – not only banking but also telecoms, rent-a-car, hospitality, events, etc.
And on the other hand, companies can use our technology to onboard clients with just the friction of the cost that they would pay if they would do it by themselves. We have calculated that over a five-year span, we guarantee about a 60% lower total cost of ownership for a company.
Moreover, when a person has his digital identity card created, he or she can use it beyond the B2C segment. There is a use case in the dating and P2P marketplaces industry, where one person can identify themselves to the other. Another good example would be the gaming industry because we all have accounts on different platforms. Another benefit of this so-called centralized identity is that if a person changes something, for example, their address, they don’t have to change it on 50 different websites.
Identyum is a PSD2 licensed provider and can connect to any bank in Europe to get account information for a person. That means that a verified IBAN or someone’s financial capacity or scoring can also be part of their identity. When it comes to medical information, it is valuable to store all your medical data so that you can have all your records ready anytime you want to have a second opinion or a medical check.
What matters is that only you can control who can access your data. Each time that somebody wants to read something from your wallet, you will get the notification that a specific company or a person wants to see a specific type of data about you, asking you for your consent.
For a couple of years, our current team was working for a Swedish FinTech, which was a data aggregator from banks. This was before PSD2 so we had to connect to bank API’s in order to extract account information for a person. The biggest problem was identifying that this account belongs to the same person. Then we realized that KYC is a big problem that needs to be solved especially in the digital era where nobody wants to go to branch offices and instead expects a 24/7 online service.
This is how the idea came about. When we started in 2018, digital identity was a term that didn’t exist. For example, if someone were to type “digital identity” in Google, they would get various things around KYC. The interesting thing is that in less than 2 years, the European Union realized the necessity of e-ID digital identity. Actually, there is a regulatory draft that would make a framework for ID wallets and issuing ID cards in a digital way. What we would like to become is one of the pioneers in Europe, that will address this new regulation and offer that kind of service on the market.
We are already part of some of the early adopter programs such as The European Blockchain Association, which aims to create a verification system for university diplomas. Since we are a private company, we are part of such programs as technology providers. We are closely monitoring everything that is happening in the EU regarding digital identity as we neither want to miss out on an opportunity nor move too fast for customers’ expectations.
We were founded in November of 2018 and the first big milestone for us was in the fall of 2019 when we became PSD2 licensed service provider. For us, this was a big accomplishment because we were the first such company in Southeast Europe.
We bootstrapped our development for the first year and a half, before receiving investment from EU grants. At this point, we still haven’t raised any VC capital. However, we do have paying customers including the neobank that I mentioned, pension funds, crypto exchanges, and other companies that need KYC and holdings that consist of several businesses.
In terms of traction, we are proud that one global neobank chose us as their provider of KYC and electronic signatures in Croatia and Slovenia. Later, we became a partner of a trusted service provider in Croatia, which is issuing digital certificates. They trust our technology of identification to issue electronic certificates to their citizens. So basically, citizens don’t have to go to any branch offices to get certificates anymore. At the moment, what we want to do is to become one of the recognized identity wallets across Europe and to offer our services to all EU citizens.
Considering how much competition there was before entering the program, we were flattered to be among the 16 selected companies. The workshops with industry experts and mentors really helped us prepare pitch decks for potential future investors and connect us with potential partners from Bulgaria and Greece.
Decentralization again stands at the heart of future innovations. Tests of blockchain technologies to streamline the development of an e-residency program have already been done in Estonia. Such blockchain-based self-sovereign identities have been explored for decentralized digital ID architecture for the last 3-4 years.
In addition, as smart borders and airports keep emerging, there will be an increasing push towards biometrics technologies and specifically technologies for face recognition identification.
There are a couple of trends that will keep fueling the growth of digital ID innovations as well as its widespread adoption.
As the metaverse is attracting the interests of more and more users and businesses, the adoption of Web 3.0 identities would have to go parallel in order to ensure security for all parties involved. The best remains yet to be seen.