Listen to this story
Actor Sunny Leone became the latest victim of digital identity theft. She claimed that someone used the details of her PAN (permanent account number) and took a loan for INR 2,000 from Dhani Loans and Services. It seems that she wasn’t a lone victim but many others also became the victim of the same attack with the exact modus operandi.
In 2021, security software provider Norton released a report in which it said that over 27 million Indians experienced identity theft in the past 12 months. It also conducted a similar survey on Indians and found that around 60% of them have been a victim of cybercrime within the last year.
Experts claim that such incidents happen because of the existing centralised digital system. One password is required for each service that owns the account. This resulted in password proliferation and, eventually, in a secondary market for password managers. Security is also jeopardised since businesses are forced to deploy identity management systems that are beyond their area of expertise.
Centralisation poses threat to identity
In a centralised system, the users create accounts to access systems and authenticate transactions with numerous identity providers. To provide services, businesses gather and preserve sensitive and personal data about their customers.
As a result, experts explain that our digital identities are dispersed over the internet,
increasing the risk of ID theft, credential compromise, and breaches—which could all have serious, long-term repercussions for both people and corporations. Meanwhile, an increasing number of services are mandating verified identification and depending on cumbersome, time-consuming, and inconvenient processes to build trust.
The plausible solution to this problem is in decentralisation of identity.
Decentralised identity gives the power back to public
In a decentralised model, the user verifies and stores verifiable credentials from issuing authorities in a digital identity wallet. When a service provider requests authentication, the user can start the process through their digital wallet, providing only the data required to finish the authentication process and a token that contains verification information.
Decentralised identity systems can be used to securely share and verify cryptographically verifiable credentials across an ecosystem or ecosystems (such interoperability is emerging). Users can view and manage their verifiable credentials in an identity wallet and share them with others while maintaining their privacy.
This is possible, for example, through selective disclosure and Zero-Knowledge Proofs. A “cryptographic procedure that enables users to verify information without actually releasing the information—verifying just that the information is truly right with a very high probability” is
known as a ‘zero-knowledge proof’. Relying Parties or Verifiers can swiftly and simply verify that the shared credentials are authentic.
Real world use cases
It’s not necessary for shopping sites to accumulate and maintain both credit card numbers and personal information. Instead, secure transmission of verified payment and shipping details is made from users’ wallet.
In the banking industry, applications for loans that once required mounds of documentation are now submitted and approved fairly quickly.
In an online forum, residents can talk about local issues and express their opinions with people they know to be neighbours rather than bots or faraway provocateurs.
Decentralised identity will revolutionise the banking system
Experts believe that decentralised identifier (DID) systems will address the inefficient identity verification system of the banking system and will change the industry for the better. But how?
DID systems use the zero-knowledge proof process, where customer identity and spending patterns are converted as DID documents. The solution is built on an ecosystem of trusted bodies and customers—all of whom will play the role of issuers, verifiers and holders.
The power of anomaly detection systems is enhanced by DID use. It will be straightforward to integrate these technologies with the current ones in order to improve privacy and boost the prevention process. The additional security DID will provide without sacrificing customer privacy would be priceless. However, in order to leverage it, businesses will have to invest in building a peer-to-peer ecosystem of trust since DID works best in a permissioned blockchain network.
Online fraud detection at a bank utilising decentralised identity management
Experts emphasise that the ability, right, and authority to choose our relationships and associations—as well as whom to share them with—underpins our digital individuality. Decentralised identification is a step toward a community-owned identity infrastructure that can better reflect the types of interactions we have in the actual world. It serves as the cornerstone for a more equitable internet.