The advent of self-sovereign identity represents a fundamental technological shift akin to when the internet started being used by enterprises for e-commerce. But self-sovereign identity is much more than a web shopping cart or mobile map application. Instead, it may be the key to addressing both the concept of native payment and of an identity layer, neither of which were initially incorporated into the commercial internet.
Not convinced? That reaction is understandable, said Alex Preukschat, global head of strategic blockchain projects at Evernym and co-author of Self Sovereign Identity, published by Manning Publications.
"Initially, it sounds like, 'Identity? What could this be about?' But it really means everything," Preukschat said. "Once you start thinking about it, there's almost nothing online that doesn't touch upon your identity."
This shift will introduce a whole spectrum of self-sovereign identity use cases and features with far-reaching implications. Of course, the potential benefits will vary based on an organization's industry, size, compliance requirements and other business considerations. However, there are distinct self-sovereign identity use cases that organizations and their security leaders should be aware of in anticipation of this technological shift.
In the following excerpt of Self-Sovereign Identity, Preukschat and co-author Drummond Reed identify how self-sovereign identity use cases make it an attractive option to organizations, with benefits that include fraud reduction, reduced customer onboarding costs and improved e-commerce sales.
4.1 Feature/benefit category #1: bottom line
This category represents the easiest sale in business: features and benefits that deliver directly to a company's bottom line, that is, they either make a company more money or save them money—quickly. Following are five ways SSI can do that.
4.1.1 Fraud reduction
The first and fastest way SSI can help the bottom line is reducing fraud. Javelin Strategy reported that in 2016, 15.4 million consumers were victims of identity theft or fraud, costing a total of $16 billion dollars in losses. Javelin also reported that new account fraud—criminals opening up new accounts under victims' names—increased from $3 billion in 2017 to $3.4 billion in 2018.
Although the potential savings from fraud reduction varies by industry segment, for some industries it is one of the largest potential sources of savings. For example, the National Health Care Anti-Fraud Association estimates that in 2017 health care fraud costs the United States about $68 billion annually — about 3 percent of the nation's $2.26 trillion in health care spending.
Bottom line: even if fraud reduction was the only benefit of SSI, it would warrant a massive investment by businesses and governments around the world. Indeed, fraud reduction is one of the primary reasons the global credit union industry is embracing SSI as its first major use of blockchain technology. See the Digital Banking chapter in Part 4.
4.1.2 Reduced customer onboarding costs
The cost of customer onboarding varies by industry, but in financial services in particular, the cost of Know Your Customer (KYC) compliance has gone through the roof. According to Thomson Reuters, out of 92% of the firms they surveyed, KYC onboarding processes cost an average of $28.5 million. Ten percent of the world's top financial institutions spend at least $100 million annually on it. And onboarding a new financial services customer takes anywhere from one to three months on average.
There is also a steep cost for not being compliant with these regulations. In 2018, Fenergo reported that a staggering $26 billion in fines had been imposed on financial institutions worldwide for non-compliance with KYC, Anti-Money Laundering (AML), and sanctions regulations in the last decade.
Although SSI is not a silver bullet for all the complexity of automating customer onboarding and ensuring KYC and AML compliance, it is in fact a major new weapon in this arms race—a weapon that benefits all three sides: customers, financial institutions, and regulators. By securely and privately digitizing the information required by these regulations— and enabling it to be cryptographically verified in real time with a full audit trail—SSI has the potential to save all three groups many billions of dollars annually. And it can reduce customer onboarding time from months to days or even hours.
4.1.3 Improved ecommerce sales
Statista forecasts that the total value of global retail ecommerce will reach $3.45 trillion in 2019—up from $1.34 trillion in 2014 and $2.84 trillion in 2018. Nasdaq predicts that by 2040, around 95% of all purchases are expected to be via ecommerce.
More than a third of online Black Friday 2018 sales were completed on smartphones. But on average, only 2.86% of ecommerce website visits convert into a purchase. In fact, the global cart abandonment rate for ecommerce is close to 70%. The Baymard Institute averaged out rates from 40 different studies, which give rates from as low as 55% to as high as 81%, to arrive at a global average of 69.89%.
When you add the fact that 80% of online shoppers stop doing business with a company because of poor customer experience, the improved convenience, privacy, and safety of shopping with an SSI digital wallet means the impact of SSI on improving ecommerce sales is something that no online merchant can afford to ignore.
4.1.4 Reduced customer service costs
Customer service has become one of the primary battlegrounds of modern business. Gartner predicts that 89% of businesses are expected to compete mainly on customer experience.
But it is an expensive proposition. Forbes reports that in 2018 business were losing $75 billion per year through poor customer service—up $13 billion since 2016. According to Infosecurity Magazine, just one persistent customer service issue—lost passwords—costs businesses an average of over $60 per incident.
SSI can have a massive impact on improving customer experience (CX) and reducing customer-service costs. Passwordless authentication is only the start—the rest of this chapter is filled with examples such as permanent connections (no more losing track of customers), premium private channels, workflow automation, and integrated loyalty management. All of this goes straight to the bottom line—the Temkin Group reports that even a moderate improvement in CX will boost the revenue of a typical $1 billion company an average of $775 million over three years.
4.1.5 New credential issuer revenue
All of the preceding apply to a company's existing lines of business. SSI also opens up new revenue opportunities for a surprisingly wide variety of companies. Any business whose interaction with its customers produces a measure of knowledge about their attributes and interests—or a measure of trust in their behavior—is now in a position to monetize that data in a permissioned and privacy-respecting way: by issuing their customers (suppliers, partners, contractors, and others) verifiable credentials that help them leverage this knowledge. Even better, customers themselves can be the distribution channel for this knowledge to verifiers who need it.
And verifiers will pay for that valuable knowledge for the same reason they pay for customer profile data (from data brokers), credit history (from credit rating agencies), background checks (from background verification companies), and other customer data sources today. SSI can transform this current market much the same way the Web transformed the newspaper classifieds market, the auction market, or the retail market. For example, SSI can provide the following:
- Broader, richer, and more diverse profiles of the customer than those available from third-party sources today.
- Fully permissioned and GDPR-compliant data because the customer is the vehicle for sharing the information for their own benefit.
- Fresher, richer, and more contextual data about preferences, interests, and relationships.
- Selective disclosure of attributes in a way that is all but impossible for direct behind the-customer's-back data sharing agreements.
4.2 Feature/benefit category #2: business efficiencies
As important as the immediate bottom line is, SSI's larger impact will be in re-engineering business processes—a field known as business process automation (BPA) or more broadly as digital transformation. This kind of paradigm shift does not happen very often; it is analogous to the transition businesses underwent from snail mail to email, from phones to fax machines, and from paper to the Web.
As we illustrated in chapter 3, these efficiencies are not limited to just one area of facet of business, but accumulate across entire workflows and even across entire industries. In this section we will look at five areas where SSI can directly impact business efficiencies.
Perhaps no area of Web experience is more despised by individuals and companies alike than login. The 2015 TeleSign Consumer Account Security Report said the following:
- 54% of people use five or fewer passwords across their entire online life
- 47% of people use passwords that are at least 5 years old
- 7 in 10 people no longer trust passwords to protect their online accounts
In 2019 Auth0 reported that:
- The average American email address has 130 accounts registered to it.
- The number of accounts per user is doubling every five years.
- 58% of users admit to forgetting their password frequently.
- The average internet user receives roughly 37 "forgot password" emails a year.
But besides the sheer hassle, the real impact of username/password-based login is the friction.
- The average person has between 7 and 25 accounts that they log into every day.
- Around 82% of people have forgotten a password used on a Web site.
- Password recovery is the number one request to help desks for intranets that don't have single sign-on portal capabilities.
In short, by moving from conventional login to SSI auto-authentication—using an SSI digital wallet instead of a username and password—we can finally "kill the password." It will be like replacing frequent, error-prone toll booths with a wide-open, well-paved highway. Everyone can go about their business faster, more easily, and more safely.
About the authors
Drummond Reed has spent over two decades in internet identity, security, privacy and trust frameworks. He is the chief trust officer at Evernym and co-author of the Respect Trust Framework, which was honored with the Privacy Award at the 2011 European Identity Conference. Reed is a trustee and secretary of the Sovrin Foundation, where he serves as chair of the Sovrin Governance Framework Working Group and has served as co-chair of the OASIS XDI Technical Committee since 2004.
Alex Preukschat is global head of strategic blockchain projects with Evernym. Preukschat has been active in the Bitcoin space since 2013 and leads SSI Meetup, a global SSI community to share knowledge in the identity space. He is a co-founder of Blockchain España and Alianza Blockchain Iberoamérica and author of multiple reports and books about blockchain and identity.