Since the start of our COVID-induced digital transformation, cybersecurity has become a hot topic and shone a light on the lack of awareness around cybercrime, and more specifically, identity fraud. The number of identity theft cases has grown exponentially on a global scale, exposing the high risks of both personal data loss and access to vital institutional resources. The increased use of social media and online shopping has created modern digital identities which are fragmented, and the risk of exploitation because user data is stored on cloud servers.
Data is the most valuable commodity of our modern economy, making these servers digital gold mines. These large, centralized data servers on the internet contain personally identifiable information for millions of people and have become the targets of the modern day cybercriminals we call hackers. Hackers look for this information to exploit financial avenues such as public assistance, medical insurance, or financial institutions, by stealing critical identity information and using it for profit at the victim’s expense.[1] Improvements to cryptography and blockchain technology allow for the risks regarding identity theft to be reduced by centralizing ID verification to a restricted network with increased security.
Identity theft is a rapidly growing criminal enterprise in the United States, and the number of reported cases of ID theft increased from just over 650,000 in 2019 to nearly 1.4 million in 2020 according to the U.S. Federal Trade Commission (FTC).[2] The underlying reality is that simply having unique data points such as a social security number, driver’s license, or address are no longer sufficient verification methods to preventing fraud. If a cybercriminal gains access to even one of these unique data points, restoration of the victim’s identity and conviction of the fraudster becomes nearly impossible. The risks of storing identifying information on physical documents is not a viable solution because once an identifying document is compromised there is no paper trail that can be used to pinpoint the perpetrator. Similarly, entering identifying information online can result in a data breach which can reveal identifying information to hackers.
In principle the cloud is safe, however the overall safety of data hosted in the cloud is based on the integrity of cloud service providers and the way in which the identity information is accessed and used. A significant portion of organizations validate identity online by verifying copies of the data hosted on the cloud servers. This method leaves servers vulnerable to hackers who can access personal data if the server storing that information is compromised. However, through blockchain technology, the risk associated with identity verification is mitigated because you do not receive a copy of the data, rather, you are able to view the non-fungible asset via its location on the chain. The technology requires the documents location (or digital wallet) to link to the digital identity of an individual. Integration of blockchain allows anyone with permissions on the network to verify the user’s identity and confirm the ownership of the actual identity document rather than relying on the personal information contained on the identity document for verification.
The process of storing identity on a blockchain would involve turning identity documents into “tokens” and storing those tokens on a distributive ledger run by the US government. If an identity verification system like this were implemented at the federal level it would allow agencies to verify identity by providing an authentication check with the blockchain network for anyone attempting to use digital identity to access resources like public assistance or financial services.
To verify a request, an institution would be provided with a digital identity by the user and would request verification from the user’s digital identity on the chain. This would route through the federal network and appear within the federal web application for logging in to a digital identity. The customer would authenticate the request to verify their digital identity, which would allow regulators to verify that the authentication came from the correct digital identity on chain. The best part of this authentication system is that the original data on the identity documents (such as a customer’s date of birth, Social Security Number, address, or photo ID) is never revealed on the request which reduces risk for both customers and institutions and would also allow for greater AI integration via facial recognition or unique biometric indicator readers (such as retinal or fingerprint scans) to further future-proof the system from potential fraud.[3]
The transparency of blockchain integrated with identity offers a chance to revolutionize the way we verify individuals in all industries. Even if a hacker were able to compromise data on the network, those changes would be reflected on the ledger and would notify each participant on the network of the exact changes that were made and allow for seamless restoration of a person’s identity. Additionally, any changes a cybercriminal would attempt would leave a digital trail leading to the perpetrator because the digital asset ownership would need to change from the victim to another digital identity address for the document to be usable to the fraudster.
The ID verification processes currently in place have security issues which can be alleviated by implementing blockchain technology which would offer incomparable security and transparency to reduce theft of identity documents and provide information to identify fraudsters. Currently, there are multiple states including Colorado and Louisiana which are integrating digital identity by allowing agents of the state to accept digitalized versions of a driver’s license. Louisiana’s LA Wallet app allows users to house a digital driver’s license which can be accepted by state police and quickly identify counterfeit IDs with a touch activated seal similar to biometric data.[4] Nationalizing this process to encompass federal and state issued identity documents would increase security, reduce fraud, and increase access to identity via encrypted wallets which could be stored on cell phones as that technology becomes more advanced via AI integration of features such as facial recognition or biometric scanners.
[1] 7 Types of Identity Theft & How Blockchain Can Protect Against Data Attacks (bbntimes.com)
[2] New Data Shows FTC Received 2.2 Million Fraud Reports from Consumers in 2020 | Federal Trade Commission
[3] Digital Identity is Coming... Powered by Blockchain | Alexandria (coinmarketcap.com)
[4] Which states have digital driver’s licenses? Apple to offer digital ID - Deseret News