Customer Futures Perspective: The biggest identity market is the one you’ve never heard of
Organisation Identity will unlock a massive digital economy shift that few can see right now... but one that will change everything.
Hi everyone, thanks for coming back to Customer Futures. Each week I unpack the fundamental shifts around Personal AI, digital customer relationships and customer engagement.
This is the PERSPECTIVE edition, a regular take on the future of digital customer relationships.
If you’re reading this and haven’t yet signed up, why not join the growing number of executives, entrepreneurs, designers, regulators and other digital leaders by clicking below. To the regular subscribers, thank you.
PERSPECTIVE: The biggest identity market is the one you’ve never heard of
Perhaps you’ll mark today as the day you became aware of the huge new identity market that no one is talking about yet: ‘OI’.
In this edition we’ll dig into one of the most compelling - and disruptive - shifts coming to the digital economy. It’s a longer post than usual as there are a few things to unpack
The quiet identity crisis - and today’s cost of doing business
The next, 3rd identity market - fixing the mess with a new type of identifier
100 times larger than Self Sovereign Identity - and a repeat of 2016?
A market ripe for disruption
But let’s begin with a short story.
It’s late one evening, and you are tired after a long day. The phone rings. It’s a withheld number, but your gut tells you to answer.
“Hi there. I’m calling from Your Bank’s Fraud Team. We have seen some suspicious transaction activity on your account. In order to resolve this I need you to confirm some account details. We can then help you get this sorted right away.”
They ask you to hand over some basic banking information, like your full name and account number.
“Before we can go any further we need you to pass security”. They ask for your mother’s maiden name, date of birth, and the first line of your address.
At this point you pause. It feels strange. They’re not asking for a PIN or password (you’ve been warned about sharing that). But you ask yourself: is this really the bank calling?
So you turn it around: you ask them to prove that it’s really the Bank Fraud Team. They don’t give a convincing answer. When you press them, they flounder. Eventually, they hang up.
Of course, it wasn’t the bank calling.
It was yet another fraudster trying to get you to give up some personal information. Hoping to use it elsewhere to impersonate you, and piece together a profile to later commit fraud.
It’s called social engineering, and sadly happens to thousands of people every day. It happens so easily because it feels real. It sounds real. It’s not like they are digging in your bins for a bank statement. The fraudsters use convincing details and phone numbers, and do it all in plain sight: they call you.
But this identity story isn’t the one you think.
It’s not about you. And it’s not about the fraudster. It’s another identity problem altogether.
One doing even more damage to our economy. Causing vast amounts of fraud, and as you’ll see later, resulting in huge levels of corporate waste.
We often say that we don’t know who we’re dealing with online. We’re back again to that 25-year-old New Yorker cartoon of the dog sitting at a computer. But it’s now time to be more precise: we don’t really know if it’s the right organisation we’re dealing with.
A quiet crisis
It’s a wicked hard problem to solve.
Verifying a company relies on a universe of different identifiers. Web addresses. Phone numbers. Office locations. Company registrations. BIC and SWIFT and IBAN codes. Dunn and Bradstreet identifiers, Moody’s ratings and many more obscure ways to point to an organisation.
It’s a mess.
And that’s before you get to employee identity. How on earth do you know that the person calling you - even if they have all the right organisation info - really works at the company?
Now we’re really down the rabbit hole.
Both human identity - like those bits of information above that the fraudsters asked for - and organisation identity are separate things. And both are completely broken.
But let’s pour some salt on the wound and call it like it is.
Our lack of organisation identity is a festering root cause behind the exploding cases of fraud, unacceptable levels of money laundering and increasing phishing attacks.
Worse, it’s causing us to waste billions of dollars inside businesses too.
Just think about all the admin that’s required before two companies can do business together: the supply chain checks, the company signatures on all the contracts, the 3rd parties getting in the way because we need layers of people, proofs and paperwork in order to trust a transaction.
And then there’s the mountain of employee verification to deal with. Situations where company employees, representatives and agents move between and across organisations… everyday… everywhere.
It’s mind-blowing. And that’s before you try to do anything cross-border.
OK, enough already. You get it.
But I’ll make one last point: consider how much risk our businesses, and of course individuals, carry… precisely because they can’t easily check the company they are dealing with.
Holy wow it’s a problem. I’d say it’s a fraud and waste crisis. One of the most expensive issues across the economy.
But it’s a quiet crisis. Where checking organisation ID has just become a cost of doing business. An overhead. A cost centre.
So why do we put up with it?
Because it’s too hard to solve.
A new market?
The first and original market for digital identity was ‘IAM’: Identity and Access Management. It’s what large organisations do to manage their own employees within the business. Accessing technical systems, physical places, and dealing with login and so on.
IAM is huge. It’s a $15BN market today and is expected to grow to over $30BN in less than five years. Talk about growth.
Then around seven years ago, a new, second identity market was born: Self Sovereign Identity (so-called ‘SSI’ or ‘Decentralised Identity’). That’s the market for digital wallets and related technologies, where individuals can instantly share verifiable data about themselves.
It also has a first cousin, Customer Identity and Access Management (‘CIAM’). Related to the systems that businesses use to interact with customers.
Both SSI and CIAM are about citizens, individuals and customers. Together as a market, they will be absolutely massive. I co-wrote a report back in 2016 that predicted that the “Personal Information Economy” - including consumer digital wallets, personal data stores and all the rest - would be worth $20BN in the UK alone.
But we’re not done. We’re now on the cusp of a third, new identity market. And it’s a much larger one: Organisational Identity.
Just think about the value that can be created - and the fraud and costs that can be reduced, both outside and within businesses - if we can identify organisations and their employees properly.
Organisation Identity, or OI, is going to trigger the next wave of digital transformation.
Yes, there’s AI. Yes, there’s Web 2 and 3 (and 5). And there’s the Meta-thingy-verse (whatever it is).
But OI is different. And no one is talking about it.
Yet.
Fixing the mess
After the market crash of 2008, the global authorities agreed they needed a new way to know which organisation was which. Who is trading with who.
The banking crisis was an opportunity to find new ways to restore company transparency. So they set out to explore the frameworks and technologies that could make this possible.
There were three important outcomes from this work:
They decided to create a globally unique reference number for each organisation. It became the ‘Legal Entity Identifier’ (LEI).
They needed to set up a global body to oversee this ecosystem of new identifiers. So they founded the Global LEI Foundation. Given the catchy title ‘GLEIF’.
They realised they also needed a way for others to verify LEIs - anywhere, at any time. What if, GLEIF thought, businesses could use the same credential cryptography and digital wallets as SSI…? And so the ‘verifiable LEI’, or vLEI was born.
It’s 15 years since the great crash of ‘08, and organisation identity, or ‘OI’, is nearly here. Finally, a way to identify any organisation - and the people that work for it - instantly, seamlessly, and portably.
It’s only the start of the OI journey. But perhaps it’s the end of the beginning.
Here are some things to know:
Standing on the shoulders of SSI
OI builds on the same foundations as the Self Sovereign Identity (SSI) movement. Applying the same technologies, protocols and principles of portable, verifiable credentials, digital wallets and decentralised identifiers.
A new class of credentials
OI will give birth to a new family of identifiers and verifiable credentials related to the business: Organisation Credentials.
These will include everything from department identifiers and company roles like CEO or CFO, to approved business partners and their agents.
I predict that within 5 years, most AI systems interacting with customers will be required to assert their organisation credentials. To prove they are verifiably related to the business. vLEIs will be one of the few, trusted and scalable ways people will be able to know they are really interacting with the right organisation.
OI is going to be enormous
The OI market will be much larger than SSI, perhaps 100 times larger. Because the problems it will solve are
100x more expensive. Individual fraud might cost millions, but company fraud and internal waste cost billions.
100x more frequent. Yes, customer interactions happen all the time, but just think about how much employee effort, company time and money is wasted dealing with untrusted organisations, processes and systems.
100x more required. Much of the consumer waste and fraud is from optional transactions like account registration, payments and so on. But employees and businesses are required to run checks by The Company Compliance Team. It’s why compliance is considered a business overhead - literally a ‘cost centre’ - to meet regulations and manage company risk.
OI will be everywhere
OI is going to flow into every business process and department, every customer touchpoint and transaction. Can you think of an example of a company interaction where you don’t need to trust who an employee or a business is?
Every digital customer interaction
Every company payment (out or in)
Every supply chain transaction
Every external employee verification
Every digital signature or contract
Every asset transfer
Every treasury and tax event
When you multiply this across every employee, every department and every company, you’ll see this market has the potential to dwarf IAM, SSI and CIAM.
Back to the future
In 2016 I had the privilege of helping Timothy Ruff and the Evernym team launch the Sovrin Network, one of the foundational networks behind the SSI movement.
I was there in the early days of telling the SSI story. Of new identifiers. Of portable verifiable data. Why it was different. How it could work.
And while much of the technology was still being worked out, there was excitement. Like those describing the early internet, the arrival of the PC or the first smartphones. All breakthrough technologies, and new ways to empower individuals. Of limitless possibilities.
We spoke to Healthcare providers. Pharmaceutical companies. Banks. Governments. NGOs. Travel providers. Startups of every stripe and colour, in every region. They could all see the potential for portable, verifiable data that worked across organisational boundaries. To streamline experiences and customer interactions. To massively reduce consumer fraud.
For the next seven years, the world watched an explosion of start-ups, entrepreneurs, governments and other large organisations make headway into the human identity problem using digital wallets and verifiable credentials.
OI today feels like where SSI was back in 2016. On the cusp of a similar breakthrough.
Because the vision for business wallets and organisation credentials is as grand as SSI. Of ‘Protocols not platforms’.
And because the core challenge is the same: Why should there be a company or platform in the middle of the market determining who is who… and which organisation is which?
With OI we can unravel the mess of business identifiers all over the world. We can navigate the confusopoly of company accounts, credit ratings and digital reputations.
Primetime
Business identity - and critically company reputation - is about to change forever. Because it will no longer just be digital. It will be verifiable instantly. Anywhere. By anyone.
As ever, Timothy Ruff is ahead of the market, and leading the charge. He’s written some landmark posts about OI in depth: worth reading this, this and this.
Here’s a taster:
“Organizations don’t act… people and things do (and that includes AI and bots). Organisations don’t enter into agreements, send messages, make filings… people and things do, as authorized representatives for an organization.
“People derive authority from an organization’s founding documents, then they delegate and use that authority. With OI they’ll be able to instantly prove that authority anywhere, no matter how many levels deep in the organization they may be.
“Of course the first aspect of organizational identity (OI) is literally the identity of the organization, but that’s just the beginning; the thing that justifies OI as an important new category of digital identity is that it’s now possible to instantly verify the authority of an organization’s representatives outside the boundaries of the organization.
“Again, that is the only way an organization can act outside its boundaries: through its authorized representatives.”
OI is the next, and third identity market. Getting ready for prime time.
And just like ID for employees and ID for people, ID for organisations is a huge thorn in the side of the digital economy. It’s why it’s ripe for digital disruption.
Is today the day you became aware of the biggest identity market that you’ve never heard of? Maybe.
But the next time you get a phone call from your bank, perhaps it won’t take you so long to ask: is it really them?
Thanks for reading this week’s edition. If you’ve enjoyed it, and want to learn more about the future of Personal AI, digital customer relationships and customer engagement, then why not subscribe: