Digital Trust Vendors: Call for Action
Dan Gisolfi
Head of Research and Development @ Discover | Distinguished Engineer | IBM CTO | Inventor | Master's in Artificial Intelligence
Our Digital Trust industry has spent a great deal of time educating the masses on the Trust Triangle and the technology behind verifiable credentials and decentralized identity. One of the basic lessons has been that Issuers supply credentials and Verifiers create the demand for credentials. This demand can be in the form of a simple predicate proof ("age verification") or proof of a Government ID. Verifiers may also require compound proofs whereby business policies may require evidence of more than one digital credential document.
Several years ago I submitted a Hyperledger Aries RFC proposal for an Evidence Exchange Protocol. This proposal included a use case focused on the concept of a Digital Notary. My motivation at the time was to explore alternative ways for decentralized identity vendors to solve the supply side of the supply and demand equation. The premise was then, and remains today, if we do not have access to enough digital credentials, there is no reason for Verifiers to adopt Digital Trust products.
Many vendors currently await a market trigger sparked by the promise of an Apple backed mDL. Unfortunately, this is a sign of a poor product strategy. Apple views the mDL as table-sakes with their primary market penetration is focused on the TSA use case. They are in no rush to open the aperture and address broader use cases. For those of us who understand the limitations of the ISO18013-5 spec, any time spent playing follow-the-leader is time wasted!
While my line of sight on this supply and demand equation has shifted from vendor product development to product buyer within the Financial Industry, the key to the problem has not changed. We need to bootstrap credential issuance. We can not wait for some Big Tech vendors to declare when the market will be ready. We can not wait for Governments to lead! We must build upon existing brick?and?mortar concepts like "document notarization" to seed the market.
If you are a Digital Trust product vendor, what is your strategy for bootstrapping credential supplies? Have you consider the notion of a digital notary? Have you considered offering digital notary capabilities as a product to your clients?
Why the urgency?
Since more than two-thirds of the global population use mobile devices and perform a large portion of their financial transactions online, there is an increased likelihood of fraud, especially relating to digital banking. Fraudsters have become very cleaver. They can create new accounts using stolen personally identifiable information that is purchased on the dark web from data breaches or stolen via social engineering tactics like phishing. They then use these new accounts to perform money movement scams via ACH or with P2P Payment solutions (Zelle, Venmo, CashApp, etc). These fraud tactics are just the tip of the iceberg.
While an entire industry is dedicated to fraud detection solutions, we need to look beyond reactionary measures. We need to think proactively. With the rising threat of fraud, it is more important than ever for businesses to ensure?trustworthy?customers, protect consumer privacy and prevent fraud and financial crime.
领英推荐
Digital Trust product vendors need to revisit their favorite KYC Compliance Guide, such as this detailed example. They SHOULD ask a basic question:
How is my product strategy answering the e-KYC needs of the Financial Industry?
The Financial Industry is struggling to balance:
As you can imagine, the consumer experience tends to get less attention than business initiatives around compliance and fraud mitigation. So the challenge to our Digital Trust industry is:
How do we position verifiable credentials as a complement to e-KYC that improves consumers trust and experience in digital banking while proactiuvely helping to prevent fraud?
I posit that the key to success in the digital trust marketplace is a strategy that incorporates digital notary capabilities. Such a strategy will leverage existing KYC processing to enable entities, such as financial institutions, to digitally notarize verifiable credentials for documents they have already verified. This is analogous to the trusted attestations DMVs perform on birth certificates issued by government operated vital record agencies. Specifically, PARTY-B verifies the documents issued by PARTY-A and then PARTY-B issues new credentials containing attestations originally issued by PARTY-A.
We have an opportunity to change the narrative and focus around e-KYC and thereby alter the adoption rate for verifiable credentials. If you believe this is a viable approach worth exploring, please contact me to noodle on this premise.
Founder & CEO at Northern Block | #humantrust
2 年Good post Dan Gisolfi. I’ve referred to digital notaries as proxy issuers in the past - and said that there is a need for proxy issuers to kickstart the consumption of portable/reusable digital credentials. I like the idea. I’ve noticed that people often mix up DL credentials with KYC - because the DL is a typical type of paper document that financial institutions accept as part of their KYC processes.? And the next logical step is for people to think that a digital DL credential (mDL, VC, etc.) is required, but we’ll have to wait until governments become issuers of them.? If a digital trust vendor’s process of creating high levels of assurance around identity attributes (through multi-document authentication, multiple source data options, biometrics, etc.), then they don’t need to become an issuer of a DL - they can become issuers of a verified person credential (or brand it however you wish) that meets FinCEN and FINTRAC guidance. Digitizing a DL isn’t necessarily the path to creating digital trust.
On a mission for decentralized identity & bit-heat confidential cloud
2 年Thanks Dan Gisolfi for this, I wis a little tied up and join the discussion only late. Couple of thoughts: KYC is a complex use case. My experience of the 7+ years I am dealing with #SSI is: Simplicity first. Trying to do it all at once oftentimes has not worked. Particularly if you look at the Web5 discussion, this will all take years before it sinks in with everyone i.e. the broader (IT) world, even all the people who should understand it. I like your "We can not wait for some Big Tech vendors to declare when the market will be ready. We can not wait for Governments to lead!" a lot, it's exactly my mantra. 3 cents: - Government driven innovation hasn't proven to be highly successful (looking at you, eIDAS 1.0), we cannot wait and hope that #eIDAS 2.0 (aka eIDAS 1.0 reloaded) will come and do something useful for the world or at least us EU citizens. - Big Techs have made their bold moves now. This is what we as #SSI community have expected and waited for (in fear?) all along. However, the cards are on the table and the momentum we hoped for is obviously there, so let's harvest it according to our principles. Trust Over IP Foundation Sovrin Foundation We at esatus AG remain committed to the cause! ??
CEO and Founding Partner, TahoeBlue Ltd
2 年Thanks Dan, It would seem that this dovetails well with the "validation agent" program that Stephan Wolf and Global Legal Entity Identifier Foundation (GLEIF) have introduced to take advantage of existing KYC validation in order for that to also provide the basis for validating LEI issuance (and thus removing the redundant costs in order to increase uptake ).
Product @ IBM | Ex-Calendly
2 年Great article Dan! I want it to happen and happen soon. We’ve been hearing the same talking points for years, I hope that we can see real adoption soon.
One simple way of addressing this is the time stamp that will witness the credentials issuance