From eID wallets to soulbound tokens: future-proofing digital identity
The virtues of digitisation can be felt across industries – from financial services to retail, education, entertainment, health and everything around us.
This global transformation has also necessitated consumer identities to move from physical to digital – unique identifiers represented electronically during online interactions that can prove your real identity.
This of course created more opportunities for cybercriminals as digital identity theft and fraudulent impersonations have been on the rise, causing a lot of harm to consumers including huge financial losses.
The industry is therefore keenly looking at ways to build trusted digital identities that are more secure and fraud-proof as the world moves towards increasing digitisation with Web3.
Digital IDs (eIDs) are the new currency
“On the internet, nobody knows you are a dog,” quoted in a famous cartoon by Peter Steiner in 1993, continues to be relevant even now as Web3 and the metaverse emerge as the future of our online world. Our digital identity, or eID, is our most valuable asset as it permits us to access every service, execute every transaction and prove ownership of our assets in today’s digital ecosystem. The immense value of our eID is precisely the reason that digital ID thefts have been steadily rising, causing colossal damage to consumers financially and socially.
Building trusted eID services through government-backed initiatives is now a high priority for several countries. Take Aadhaar in India or BankID in Sweden, for example.
Aadhaar, meaning ‘foundation’, is a biometric and demographic-based unique 12-digit ID provided by the government of India. With more than 1.3 billion Indian residents now holding this ID since its initiation in 2009, Aadhaar is the world’s largest biometric-based digital ID system that simplifies access to banking and financial services, the internet, telephone services, higher education, government benefits and lots more. Aadhaar has in fact been the backbone of the phenomenal payments digitisation in India resulting in remarkable financial inclusion.
Sweden’s BankID is another example of a robust digital ID issued by banks in Sweden, adhering to the regulatory frameworks of the Swedish Digital Administration Authority. Linked to Sweden’s government-issued 10-digit personal identification number, BankID works through a verified mobile app or smart card issued by banks. This eID authenticates access to financial services, taxation, healthcare, education, rental contracts, insurance and every service where consumers need to prove their identity through electronic signatures.
eID wallets and soulbound tokens: enhancing trust and security
As trust in eID solutions is growing, the threat of eID theft and fraud is also on the rise. Understandably, security and data privacy have now emerged as critical attributes for any robust eID solution to protect from fraud, cybercrime risks and data thefts.
The government of India addressed these issues by launching its eID wallet initiative, DigiLocker, in 2015. A cloud-based secure wallet linked to a users’ eID or Aadhaar, DigiLocker holds documents, IDs, certificates and records issued directly by the respective authorities. This ensures authenticity and fraud-proofing as no upload by the wallet holder is possible.
eID wallets are also being considered by the European Commission, as proposed in the eIDAS regulation in 2021. European digital ID wallets (EDIW) will provide secure eID services to individuals and businesses across EU member states. This will improve eID security, reduce online fraud and cybercrime, ensure data privacy and enable seamless cross-border interactions within EU countries, thereby reducing operational costs.
eID security has been gaining prominence in the crypto and emerging metaverse worlds as well. With both utilising blockchain technology – where anonymity is key – the risks of fraud, impersonation, money laundering and digital asset theft are drawing the focus of a number of big industry players on user identification and verification. A possible solution under discussion, being championed by Ethereum founder Vitalik Buterin, are so-called ‘soulbound tokens’ (SBTs), which are non-transferable, unique tokens on the blockchain tied to a specific entity (also called a ‘soul’). The tokens will be issued directly by authorities (e.g., governments or universities) into the entities’ crypto wallets and can be used for identification.
Binance, a leading crypto exchange, has announced its own Binance Account Bound (BAB) tokens that are eID credentials for users who have completed their KYC verification on Binance. Buterin’s upcoming metaverse project, Astral Pioneers, will have SBT-enabled digital identification that will allow users to transact and even obtain “citizenship” in his metaverse.
Decentralised and interoperable digital IDs: a future vision
Digitisation is witnessing overwhelming adoption across all services and industries as the transition from physical to online continues to push on unabated. However, the levels of trust, security, privacy and interoperability of eIDs remain key challenges which cybercriminals have been exploiting to commit fraud and other crimes.
The next-gen digital ID must address these issues to empower the future of Web3-based transformation. We must think about decentralised, globally unique eIDs, with interoperability across countries and services. A self-sovereign ID approach can be leveraged for data privacy, as eID data is held and controlled by the user. Data privacy can also be enabled through zero-knowledge proof protocols (e.g., proving one’s age without sharing a date of birth or proving to be an account holder without sharing account details).
The next five to seven years will usher in a completely new era of digital IDs and alter the way we interact online. I’m looking forward to witnessing that vision unfold into a reality as the eID revolution has only just begun.
About the author
Sujata Dasgupta is global head – financial crime compliance advisory at Tata Consultancy Services, based in Stockholm, Sweden.
She has over 20 years of experience, having worked extensively in the areas of KYC, sanctions, AML, and fraud across banking, IT services, and consulting.
She has worked with premier banks in several major financial hubs in seven countries across the US, UK, EU, and Asia.
She can be contacted on LinkedIn.