We’ve all made those phone calls to our utility providers, insurers or other organisations where we are asked to answer questions that confirm our identity.
Now, most people don’t have a problem with confirming who they are once but having to do it over and over again when transferred to another department inside an organisation makes for a pretty ordinary customer experience.
The problem is that without what is known as a ‘know your customer’ process, it is impossible for an organisation to ensure it is talking to the correct person.
This process is not particularly interesting but behind it sits what I believe will be one of the hottest IT trends over the next five years – identity management.
Identity management is a broad term but by definition it “deals with identifying individuals in a system (such as a country, a network or an enterprise), and controlling their access to resources within that system by associating user rights and restrictions with the established identity.”
The problem we all face is that we have to justify who we are and repeat this process for different companies. Compounding this issue is that sensitive information – such as our passport number, date of birth etc – is then shared with a third party.
Fundamental to this whole issue is to prove who you are. Let’s remember that we are talking about identity management at a macro level (country) and not about this at a micro (company level).
Once we have this distinction clear, the whole discussion makes more sense.
Players in the identity management sector
There are several start-ups and new players in this arena. Let’s start with a local organisation headed by Pascal Nizri who is an executive at HSBC and has founded an intriguing startup named CHEKK.
CHEKK is essentially your own database that you use to grant access and updates to your identity details. You control this and your various providers are given access as required.
Then there is KYC.com (know your customer) is a data sharing utility that enables us to control identity management data. It’s a joint venture between Markit and Genpact and operates out of Hong Kong and Singapore.
US-based, Cambridge Blockchain, is one of the ‘new age’ blockchain companies that has a public/private blockchain to manage identity management tasks.
While I’ve just shared three different companies that all play in this new and highly competitive space, my belief is that we will see the winners emerge in the next five to seven years. But it’s not going to be an easy transition as we don’t ever want to use multiple identity management masters.
We all want convenience and control. But it seems that one of the largest challenges to conducting ‘know your customer’ is the regional variation for cross border compliance. Every country has slight variation of requirements.
The practical issue, may mean that ‘macro’ means country and not ‘universal’. Let’s remember that we all live in a world with multiple currencies and also where we use different railway gauges.
To get a universal standard is always difficult and the convergence takes time.
The promise of Blockchain
The ultimate is the vision of blockchain-based identity, which promises to empower users to be in complete control of their identity.
Just imagine being able to have a single sign-on to move between each and every site that you have to visit. And do this with the assurance that you feel that your personal details are well protected.
If you boil this down a blockchain can be used to uniquely authenticate your personal identification and this will mean you retain ultimate control.
I would assume that this will be a battle that is fought and the current giants of the world Facebook, Google prefer you to stay within their ‘walled gardens’.
At present, you may already use OAuth-based identifications we routinely perform on the Web to login into signing to Facebook, Twitter or Google.
However with Blockchain, once you have registered your details, then it is about linking these third party sites to be authorised.
Baby steps first?
My view is that Blockchain is a very natural choice in this space. However, I would expect that this will be not where the world starts. We will see multiple standards emerge in every country, before a natural winner then arrives.
It will then take time for convergence for a potential universal identity management solution to emerge. All told, I would say this is a 5-7 year journey and won’t be resolved overnight.
Yes it is a nuisance to have 40 different passwords, but this degree of change is not a simple one. There are vested interests at stake across businesses and with existing internet players.
But just imagine having a single identity management solution that is secure and that you trust and control. I’d buy that!
David Gee is the former CIO of CUA where he recently completed a core banking transformation. He has more than 18 years' experience as a CIO, and was also previously director at KPMG Consulting. Connect with David on LinkedIn.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.