The biggest identity market is the one you’ve never heard of
'Organisation Identity' will unlock a massive digital economy shift that few can see right now... but one that will change everything
Hi everyone, thanks for coming back to Customer Futures.
Each week I unpack the fundamental shifts around Empowerment Tech. Personal AI, digital wallets, digital ID and customer relationships.
If you’re reading this and haven’t yet signed up, why not join the growing number of executives, entrepreneurs, designers, regulators and other digital leaders by clicking below.
To the regular subscribers, thank you.
Hi folks,
This week it’s another Deep Dive for you.
Perhaps you’ll mark today as the day you became aware of the huge new identity market that’s about to change everything.
But one that no one is talking about yet.
‘OI’.
We’re going to dig into one of the most compelling - and disruptive - shifts coming to the digital economy.
And as a Deep Dive, this post is longer than usual. Because we have quite a few things to unpack:
A quiet crisis
A new, 3rd identity market
Fixing the mess of the financial crash
OI is going to be enormous
A repeat of 2016
Getting ready for primetime
But let’s begin with a short story.
It’s late one evening, and you are tired after a long day. The phone rings. It’s a withheld number, but your gut tells you to answer.
“Hi there. I’m calling from your Bank’s Fraud Team.
“We have seen some suspicious transaction activity on your account. In order to resolve this I need you to confirm some account details. We can then help you get this sorted right away.”
They ask you to hand over some basic banking information, like your full name and account number.
“Before we can go any further we need you to pass security”. They ask for your mother’s maiden name, date of birth, and the first line of your address.
At this point you pause. It feels strange. They’re not asking for a PIN or password (you’ve been warned about sharing that). But you ask yourself: is this really the bank calling?
So you turn it around. You ask them to prove that it’s really the Bank Fraud Team. They don’t give a convincing answer. When you press them, they flounder. Eventually, they hang up.
Of course, it wasn’t the bank calling.
It was yet another fraudster trying to get you to give up some personal information. Hoping to use it elsewhere to impersonate you, and to piece together a profile to later commit fraud.
It’s called social engineering. And sadly happens to thousands of people every day.
It happens so easily because it feels real. It sounds real. It’s not like they are digging in your bins for a bank statement. These fraudsters use convincing details and phone numbers, and do it all in plain sight.
Because they call you.
But this week’s identity story isn’t the one you think. It’s not about you. And it’s not about the fraudster.
It’s another identity problem altogether.
One doing even more damage to our economy. Causing vast amounts of fraud, and as you’ll see later, resulting in huge levels of corporate waste.
We often say that we don’t know who we’re dealing with online. We’re back again to that 25-year-old New Yorker cartoon of the dog sitting at a computer.
But it’s now time to be more precise.
We don’t really know if it’s the right organisation we’re dealing with.
A quiet crisis
It’s a wicked hard problem to solve. Because verifying a company relies on a universe of different identifiers.
Web addresses. Phone numbers. Office locations. Company registrations. BIC and SWIFT and IBAN codes. Dunn and Bradstreet identifiers. Moody’s ratings. And many more obscure ways to point to a business, a corporation or other organisation.
It’s a mess.
And that’s before you get to employee identity.
How on earth do you know that the person calling you - even if they have all the right organisation info - really works at the company?
Now we’re really down the rabbit hole.
Human identity - like those bits of information above that the fraudsters asked for - and organisation identity are separate things. And both are completely broken.
But let’s pour some salt on the wound and call it like it is.
Our lack of organisation identity is one of the most painful, festering root causes behind today’s exploding cases of fraud, unacceptable levels of money laundering and increasingly devastating phishing attacks.
But it’s worse than that.
Because it’s also causing billions of dollars of waste inside our businesses too.
Just think about all the admin that’s required before two companies can do business together. The supply chain checks. The company signatures on all the contracts. The 3rd parties getting in the way because we need layers of people, proofs and paperwork to trust a transaction.
And then there’s the mountain of admin around employee verification. Where company employees, representatives and agents move between and across organisations… everyday… everywhere.
It’s mind-blowing. And that’s before you try to do anything cross-border.
OK, enough already. You get it.
But I’ll make one last point. Consider how much risk our businesses, and of course individuals, carry, precisely because they can’t easily check out the company they are dealing with.
Holy moly it’s a big problem.
In fact, it’s not a problem. It’s a fraud and waste crisis. One of the most expensive issues across today’s economy.
But it’s a quiet crisis. Where checking organisation ID has just become a cost of doing business. An overhead. A cost centre.
So why do we put up with it?
Because it’s too hard to solve.
A new, 3rd identity market
The first and original market for digital identity was ‘Identity and Access Management’, or IAM.
It’s what large organisations do to manage their employees within the business. Controlling who gets to access which technical systems and physical places. Who gets to login where, how and why. And much more.
It also has a first cousin, Customer Identity and Access Management (‘CIAM’). The systems like ‘social login’ that businesses use to interact with their customers, consumers and dare I say it, ‘users’.
(Side note: the only industries that call people ‘users’ are tech companies and drug dealers.)
And boy, IAM is huge. It’s a $15BN market today, and expected to grow to over $30BN in less than five years. Talk about growth.
Then about nine years ago, a new, second identity market was born.
‘Self Sovereign Identity’, or SSI.
More recently it’s been reframed as ‘Decentralised Identity’ (DID). Which, if nothing else, has meant that businesses can talk about SSI without getting their knickers in a twist about ‘sovereignty’.
SSI and DID have to do with digital identity wallets and verifiable credentials. Creating new ecosystems of ‘issuers’, ‘holders’, and ‘verifiers’. Where individuals can instantly share verifiable data about themselves.
And as a new ‘market’, DID is set to be absolutely massive.
I co-wrote a report back in 2016 that predicted that the “Personal Information Economy” - including consumer digital wallets, personal data stores and all the rest - would be worth $20BN in the UK alone.
But we’re not done. Because we’re now on the cusp of a third, new identity market. And it’s an even larger one.
Organisational Identity.
Just think about the value that can be created - and the fraud and costs that can be reduced, both outside and within businesses - if we can identify organisations and their employees properly.
Organisation Identity, or OI, is going to trigger the next wave of digital transformation.
Yes, we are in the middle of completely restructuring the economy with AI. And yes, we are in the middle of completely reorganising digital value exchange as we shift from Web2 to Web3, and soon to ‘Post Web’.
But OI is different. And no one is talking about it.
Yet.
Fixing the mess of the financial crash
After the great market crash of 2008, our global leaders agreed they needed a new way to know which organisation was which. Who is trading with who.
The banking crisis became an opportunity. To find new ways to restore company transparency and trust. So they set out to explore new frameworks and technologies that could make this possible.
There were three important outcomes from this work:
They created a new, globally unique reference number for each organisation. The ‘Legal Entity Identifier’ (LEI).
They set up a new global body to oversee this ecosystem of new identifiers. The Global LEI Foundation. Given the catchy title ‘GLEIF’.
They started looking at ways for any person or organisation to verify a LEI - anywhere, at any time. And so the ‘verifiable LEI’, or vLEI was born.
It’s early days. But GLEIF is now well down the road to define how OI can work, what the new vLEI will do, and how it can interact with the same digital wallet and verifiable credential tech as the Decentralised Identity movement.
Exciting times.
But that’s not all. While the EU is busy rolling out a new Digital ID Wallet for 400M citizens, some clever people have also realised that EU organisations deserve the same digital identity treatment.
So there are now well-advanced plans to give a digital ID wallet to all legal entities. Not just people, but businesses too.
While everyone whinges about how far behind the EU is on AI, it’s worth looking at how far ahead they are on digital identity.
And how that’s going to include businesses and organisations.
It’s nearly 17 years since the great crash of ‘08. And organisation identity, or ‘OI’, is emerging from the rubble. A new way to identify any organisation - and the people that work for it - instantly, seamlessly, and portably.
It’s only the start of the OI journey. But it certainly feels like it might be the end of the beginning.
OI is going to be enormous
I’m actually most excited about a few of the smaller details about OI.
Because it’s going to give birth to a whole new family of identifiers and verifiable credentials related to the business. Organisation Credentials.
These will include everything from department identifiers and company roles like CEO or CFO, to approved business partners and their agents.
I think that within 4 or 5 years, we should assume that most AI systems interacting with customers or 3rd parties will be required to assert their organisation credentials.
To prove they are verifiably related to the business. Where ‘vLEIs’ will be one of the few, trusted and scalable ways people will be able to know they are really interacting with the right organisation.
But that’s not the mind-blowing part.
Consider this: the OI market has the potential to be many times larger than CIAM and SSI. Because the problems it will solve are:
100x more expensive. Individual fraud might cost millions, but company fraud and internal waste cost billions.
100x more frequent. Yes, customer interactions happen all the time, but just think about how much employee effort, company time and money is wasted dealing with untrusted organisations, processes and systems.
100x more required. Much of the consumer waste and fraud is from optional transactions like account registration, payments and so on. But employees and businesses are required to run checks by The Company Compliance Team. It’s why compliance is considered a business overhead - literally a ‘cost centre’ - to meet regulations and manage company risk.
You can already see that OI is going to flow into every product, every business process and every department. And it will impact every customer touchpoint and transaction.
Just look at
Every company payment (out or in)
Every supply chain transaction
Every 3rd party employee verification
Every digital signature and contract
Every asset transfer
Every audit
Every treasury and tax transaction
When you multiply this across every employee, every department and every company, you’ll see this market has the potential to dwarf IAM, CIAM and SSI put together.
Back to the future
In 2016 I had the privilege of helping the Evernym team launch the world’s first Decentralised Identity network, the ‘Sovrin Network’. Wallets, credentials, portability, the lot.
And so I was there in the early days of telling the ‘SSI story’. Of new identifiers. Of portable verifiable data. Why it was different. How it could work.
And while much of the technology was still being worked out, there was excitement. Like those describing the early internet, the arrival of the PC or the first smartphones.
Breakthrough technologies. New ways to empower individuals. Limitless possibilities.
We spoke to Healthcare providers. Pharmaceutical companies. Banks. Governments. NGOs. Travel providers. Startups of every stripe and colour, in every region.
They could all see the potential for portable, verifiable data that worked across organisational boundaries. To streamline experiences and customer interactions. To massively reduce consumer fraud.
And for the next nine years, the world has watched an explosion of start-ups, entrepreneurs, governments and big businesses make headway into the ‘human identity problem’ using digital wallets and verifiable credentials.
OI today feels like where SSI was back in 2016. On the cusp of a similar breakthrough.
Because the vision for business wallets and organisation credentials is as grand as SSI. Of ‘Protocols not platforms’.
And because the core challenge is the same.
Why should there be a company or platform in the middle of the market determining who is who… and which organisation is which?
With OI we can unravel the mess of business identifiers all over the world. We can navigate the confusopoly of company accounts, credit ratings and digital reputations.
Primetime
It’s why OI might just be the third, and next great, identity market.
Now getting ready for prime time.
And just like ID for employees and ID for people, ID for organisations is ripe for digital disruption. Because it will no longer just be digital. It will be verifiable instantly. Anywhere. By anyone.
I love Timothy Ruff’s thinking about OI. It’s worth going back to some of his early posts about it, including here, here and here.
He puts it so well:
“Organizations don’t act… people and things do (and that includes AI and bots). Organisations don’t enter into agreements, send messages, make filings… people and things do, as authorized representatives for an organization.
“People derive authority from an organization’s founding documents, then they delegate and use that authority. With OI they’ll be able to instantly prove that authority anywhere, no matter how many levels deep in the organization they may be.
“Of course the first aspect of organizational identity (OI) is literally the identity of the organization, but that’s just the beginning. The thing that justifies OI as an important new category of digital identity is that it’s now possible to instantly verify the authority of an organization’s representatives outside the boundaries of the organization.”
So is today the day you became aware of the biggest identity market that you’ve never heard of? Maybe.
But the next time you get a phone call from your bank, perhaps it won’t take you so long to ask: is it really them?
And that’s a wrap. Stay tuned for more Customer Futures soon, both here and over at LinkedIn.
And if you’re not yet signed up, why not subscribe: