The technological research and consulting firm Gartner, Inc. predicts that by 2026, at least 500 million smartphone users will be regularly making verifiable claims using a digital identity wallet (DIW). Identity verification (IDV) in the form of a user taking a picture of their identity document and a selfie is commonly used today. It establishes confidence in the identity of a person during a digital interaction when curated credentials do not exist, are not available or do not provide sufficient assurance. However, due to challenges with the traditional IDV model, solutions based on portable digital identity (PDI) have emerged.
“The market is entering a transition period as PDI solutions are starting to mature, which in the next five years, will reduce the demand for standalone IDV,” said Akif Khan, VP Analyst at Gartner.
Challenges with Identity Verification
The current IDV model of a user being asked to do the ID-plus-selfie process repeatedly, is not ideal. “The processes in place today are focused and limited to core identity data (name, date of birth, address etc.). As more and more processes move online, there is a need to tie many other attributes to a user’s identity, such as educational or workplace qualifications, proof of employment, not to mention healthcare data,” said Khan.
A PDI is best defined as a digital identity that contains all the necessary attributes for identifying someone in the digital world. PDI also means that the user maintains some level of control over security and privacy.
The principle of PDI is that the user formally proves their identity with a trusted entity, and once authenticated, it is recorded as an identity assertion. That identity assertion is either stored with the party that verified their identity (centralized model) or saved in a DIW on their smartphone (decentralized model). Decentralized models also offer the benefit of using verifiable credentials, which allow users to make assertions without revealing more data than they need to – for example, proving that you are over 18 years of age without sharing your date of birth.
Governments are already taking action. The European Commission (via eIDAS Regulation) will require all EU member states to make a DIW available to citizens by 2026. However, many vendor products are available today that enable organizations to benefit from PDI for targeted use cases.
“Chief information security officers (CISOs) do not need to wait for a government to provide all citizens with a PDI solution,” said Khan. “For example, in the workforce, CISOs can use a readily available decentralized identity wallet product and issue it to their employees. The wallet could then be integrated into their employee onboarding, account recovery and IT help desk workflows. This is ultimately improving security by introducing strong authentication and improving UX by removing the need for repeated IDV.”