Commercial ID relies ever more on user control: Digital identity at MWC19 Los Angeles

The need for trusted digital identity is growing rapidly with the world’s digital economy: with 4.5 billion internet users globally, there are more points of attack for cybercriminals than ever before.  In the UK for instance, hackers stole £1.2 billion through financial fraud last year, and in the US there were 14.4 million victims of identity theft – 1 million of whom were children.  $1.7 trillion is forecast to be lost in the US alone through cybercrime between 2019 and 2023, with losses around the world surpassing $5 trillion in the same period.

That’s why the global market for digital identity solutions is projected to more than double within five years, growing from $6 billion today to around $12.8 billion by 2024.  The task now is working together to align the development of such services with good business sense, for the benefit of all: without consumer confidence the digital economy’s growth will stall, but only where the provision of digital identity can be made commercially viable will the ecosystem scale at the pace required.

It was with this in mind that leading industry players met last week in Los Angeles, to discuss how the challenge can be met, and the commercial opportunities most effectively realised. Mobile network operators are uniquely positioned to act as gatekeepers of identity, but the business case must be there – and the growing range of commercially compelling use cases for the mobile industry was the focus of the GSMA’s identity seminar at MWC19 Los Angeles, From Risk Scoring to Blockchain: Analysing Revenue Streams in Digital Identity.

A key milestone in this process has been the development of ZenKey, a single-sign-on service devised collaboratively by the Big Four operators in the US.  Assistant Vice President at AT&T Johannes Jaskolski told delegates that ZenKey’s journey has not an entirely easy one – was marshalling agreement between giants competing in the same field ever likely to be? The venture has indeed, however, yielded successful cooperation, through agreement on shared priorities.  Among these priorities, Mr Jaskolski explained, was making a solution which placed the user very much in the driving seat.

“The user is always in control – this is paramount. Nothing happens unless you set it up. You can be sure that service providers are who they say they are, and once you’re comfortable with that, you can choose which attributes you share with them, with explicit consent at every step of the way.” That this emphasis on user control can be combined with delivery through a device, that billions carry on their person as a matter of course, places operators at a clear commercial advantage.

With convenience and a common commitment to privacy on their side, the mobile industry can most effectively create value in the identity market by playing to their other existing strengths. Adaptive authentication is one such approach.  Ryan Gosling, Head of Business Development at Callsign, set out how operators need not necessarily reinvent the wheel to protect their subscribers, and use existing operator data instead.

What makes mobile data attributes actionable as tools in digital identity, Mr Gosling explained, is the ability to place them in context in real time, allowing for automated and seamless identity verification services – of considerable utility, for instance, in online banking. By collecting and comparing thousands of inputs, Callsign can verify a user after three interactions to 99.9% accuracy – allowing any potentially suspicious call diversions or SIM swaps, for instance, to be flagged and checked as a matter of course.

Mobile operators, then, have some clear incentives to invest in a mobile attributes platform: they can enhance the protection they offer their subscribers, while improving the digital experience at the same time, funded by monetisation of mobile data they already produce – creating new and growing revenue streams in the process.  Turkcell’s work with Organon Analytics provides another useful case study here. By using machine learning to create insights from the enormous pools of existing data generated in the course of cellular communications, Turkcell has developed a new risk scoring proposition based on predictive modelling to assess the likelihood of fraud.

By considering factors like the number of devices a single SIM is logged into, and behavioural information such as how frequently users appear to request their own information from Turkcell, a risk score is generated which will prompt a bank or service provider to query a risky transaction. The personal data is handled through hashed MSISDNs so no service provider outside of Turkcell can see any information on the user beyond a fraud score – in fact even Organon Analytics themselves cannot reach the raw information.

Decentralised identity (DID) through distributed ledger technologies like blockchain may at a glance not seem an obvious route for operators; the mobile industry however has a range of roles to play in this emerging family of technologies.  As Dr. Kang-Won Lee, Senior Vice President at SK Telecom explained, operators can help customers manage their identities via blockchain on the go via a mobile wallet; they are also already regulatorily obliged to know their customers, so can issue verified KYC data; and they can support verification through APIs for service providers.

Operators are in fact much closer to delivering decentralised identity services, then, than they may appear – Dr Lee set out a range of scenarios in which operators could work together to bring about solutions in payments, insurance, multimedia, mobility and more. “We want to get cross border use cases up and running, and we suggest operators collaborate to help make that happen,” reflected Dr Lee; “that could be by creating DID test networks together, developing joint pilot use cases, or join the regular DID conference call with the GSMA’s Identity Programme. We’ll certainly be showing our own progress at the next Mobile World Congress in Barcelona next year.”

As Principal Program Manager at Microsoft Nasos Kladakis pointed out as the session drew to a close, decentralised identity is fundamentally about protecting users from data breaches while handing control over personal information back to them – but this must be possible in a convenient method. “Our self-owned identity must seamlessly integrate into our lives and gives us complete control over how our identity data is accessed and used,” Mr Kladakis summarised. If the mobile industry can work together to achieve this, within its own ranks and the broader identity ecosystem, operators stand to lead this vital global market which is set to double in value within just a few years.