Customer Futures Perspective: The business of digital identity is… business?
Digital ID today is organisation-centric, fragmented, lacking context, privacy-eroding, and narrow by design. What's not to love?
Hi everyone, thanks for coming back to Customer Futures. Each week I unpack the fundamental shifts around Personal AI, digital customer relationships and customer engagement.
This is the PERSPECTIVE edition, a regular take on the future of digital customer relationships.
If you’re reading this and haven’t yet signed up, why not join over a thousand executives, entrepreneurs, designers, regulators and other digital leaders by clicking below. To the regular subscribers, thank you.
PERSPECTIVE: The business of digital identity is… business?
Welcome to the second in a short series of posts about digital ID.
The first post explored why digital identity is broken. And why paper ID credentials are a model for smarter ‘open-loop’ identity ecosystems.
I pointed out that we need to meet our human requirements, not just business needs.
In this post, we’ll look at how we approach digital identity today. We’ll see that our ID systems and platforms can’t - by design - ever scale to meet our digital economy’s needs. Because they are ‘closed-loop’ from the start.
In the next and final post, we’ll look at what we can do about it.
Let’s start by reminding ourselves why paper ID credentials meet our human requirements:
they are centred on the person
they are accessible
they are varied
they work across contexts
they are private
they can be used in limitless combinations
Now let’s look at each of these from the business perspective. Consider how organisations actually design our digital identity solutions today.
1. Centred on the person?
Nope - our identity systems are built for organisations, not people
Each company has its own way of doing digital ID. Their own version of identity credentials.
We’re asked for various membership numbers. Account numbers. Email addresses. Widgets, tokens and cards. Different sets of secret questions and one-time passwords.
Digital identity doesn’t start with the individual. It starts and ends with the company and its own systems.
And quite reasonably. Why would each business solve another company’s problem? And potentially take on more cost to do so?
Yet the more organisations that the individual deals with, the more they must use different ID solutions… in different ways… using different information.
It’s quite impossible.
Especially when the average person has relationships with over 150 organisations - most of whom are ‘going paperless’. Not to mention the other 40 businesses that the average household has to interact with.
2. Accessible?
Of course not - they’re fragmented and exclusive
Today’s digital identity solutions make life even harder than it already is.
By definition, our digital solutions exclude billions. Those without devices, those without connectivity, and those without digital footprints.
But for those with privileged access to smartphones and the internet, our digital IDs remain ridiculously frustrating to use.
They require complicated steps and hoops to jump through. Long forms to complete. With information we can’t remember or didn’t know in the first place.
Forcing customers to choose between passwords that are easy to remember (but therefore easy to steal), or passwords that are hard to remember (and therefore difficult to steal).
And when that’s all over, they’ll then demand that you fish out a random code, or click on a suspicious link. All sent, of course, to different emails and phone numbers that you might even not have access to at the time.
It’s nuts.
And none of this even touches the sides of the issues facing those vulnerable populations who can’t get started with digital at all.
3. Are they varied?
Perhaps - but we’re missing the value
Digital apps are now piercing every aspect of our daily lives. Accompanied by an explosion of digital identity solutions to serve them.
Each relies on a rich set of customer attributes and data points.
Varied! Excellent!
But there’s a snag.
All that data is permanently locked up behind company and department walls.
Tonnes and tonnes of data about me and my life that neither I, nor other groups I trust, can access or use. All because today’s digital identity infrastructure prevents that data from being shared easily or securely.
My bank has a broad and deep picture of my financial life. They could make any number of valuable attestations on my behalf. That my bank balance is above a certain threshold. That I have a certain income. That I am creditworthy for a particular purchase.
And it’s the same for all the retailers, telcos, governments, supermarkets and healthcare providers I deal with.
What a colossal waste of an opportunity.
Why?
Because each of them, with my express permission, should be able to reuse that data. To create value for me. To build trust. And to create even more value for the business.
It should be obvious. The more value they create for me, the more I’ll trust them. And the more I trust them, the more data I’ll share.
4. Useful across contexts?
Sometimes - but at a cost
As I’ve already pointed out, we can only really use our digital IDs in one place: at the organisation that gave them to us.
My digital loyalty app can only be presented at the supermarket.
My digital employee credentials can only be used to get into company systems and buildings.
My gym membership number is only useful at the gym.
It’s the opposite of my paper ID credentials, which I can use anywhere I need to. To get a discount. To get access. Or even to trigger a specific experience.
But around 2011 there was a digital ID breakthrough: Social Login.
The now widely-adopted “Login with ABC’ button. It saved customers from having to create or remember new usernames and passwords. And it massively improved conversion for websites.
But of course, there was a catch.
Both the customers and the businesses had to sign up to pretty dense, and it turns out invasive, Terms and Conditions. Tracking customers across sites, recording what they did where, when and why.
Utility won over privacy.
But it couldn’t work everywhere. Regulated businesses were unable to (and still can’t) support Social Login due to risks of fraud and liability concerns.
Just try logging into your hospital or bank with LinkedIn, Google or Facebook.
But oh, the wonderful user experience. Organisations like governments, banks, telcos and airlines could only wish that they could provide digital ID experiences like the social networks.
But they just couldn’t get around the compliance risks. The security risks. The privacy risks.
So everywhere else I still need to create - and remember - an impossibly long list of usernames and passwords.
Lastly, and while we’re here, take another look at the idea of ‘useful across contexts’.
Imagine you have just moved to a country and need to get set up in a new job.
To get paid you need to provide bank details. For that, you need to open a new bank account. But for that, you need proof of address. But you won’t have that yet as you haven’t been sent ‘verified’ documents like a utility bill.
And so it goes on and on.
It’s painful because you have been unable to use your identity credentials across contexts. In this case, to share trusted identity data from your home country.
These aren’t edge cases. This is life.
5. Private?
Don’t be ridiculous
Almost all mainstream digital identity applications trade away customer privacy in return for improved security and better user experiences. (See the point about Social Login above).
Almost everywhere, organisations have to choose two out of the three. Privacy, Security, Experience.
And in far too many digital identity applications, user privacy is expressly ignored. Where the very business model depends on collecting more and more personal data to create an identity record. Later to be sold, analysed, and used for customer targeting.
We have an ecosystem of digital identity solutions that are neither private nor secure. (And in the rare case they are both, the user experience is often terrible.)
6. Limitless combinations?
No - we get narrow solutions where the computer says ‘no’
How many times have you had to re-type your mobile number, or date of birth in a form online?
And when you provide the wrong format or type of information, most digital applications just say ‘no’.
We all know that today’s digital ID systems are brittle and inflexible. They are narrow by design. They require specific data sets to work, and cannot cope with different formats or types of identity info.
And what happens when the customer can’t register or log in? They turn to other channels like call centres and physical stores to get something done.
All leading to extra costs for business. To lower margins. To fewer sales. And to lower customer satisfaction.
Remind me why digital ID is so great again?
From closed-loop to open-loop identity
OK, so you get the point.
Organisation-centric. Fragmented and exclusive. Missing the value. Useless across contexts. Privacy-eroding. Narrow by design.
When you put all these design choices together you get ‘closed-loop’ identity.
It’s why these identity systems will never - can never - reach their full potential or scale.
But what if instead of today’s ‘closed-loop’ solutions, we had ‘open-loop’ digital identity infrastructure?
Digital tools for customers that could bring all the advantages of paper credentials… but that work digitally?
That’s the promise of digital wallets. Of Personal AI. And of new decentralised data infrastructure.
We’ll dig into those in the next and final post.
But for now, we need to recognise that a new approach to digital ID is needed. A new approach for customer engagement.
It just makes business sense. The opportunity to unlock whole new levels of value for individuals, organisations and our digital economy.
The business of digital identity needs to be about people.
Not just business.
Thanks for reading this week’s edition. If you’ve enjoyed it, and want to learn more about the future of digital identity and customer engagement, then why not subscribe: