Gartner predicts that, by 2026, at least 500 million smartphone users will be regularly making verifiable claims using a digital identity wallet (DIW).
Identity verification (IDV) in the form of a user taking a picture of their identity document and a selfie is commonly used today. It establishes confidence in the identity of a person during a digital interaction when curated credentials do not exist, are not available or do not provide sufficient assurance. However, due to challenges with the traditional IDV model, solutions based on portable digital identity (PDI) have emerged.
“The market is entering a transition period as PDI solutions are starting to mature, which, in the next five years, will reduce the demand for standalone IDV,” said Akif Khan, vice president analyst at Gartner, speaking at the Gartner Security & Risk Management Summit in London this week.
Challenges with identity verification
The current IDV model of a user being asked to do the ID-plus-selfie process repeatedly is not ideal. “The processes in place today are focused and limited to core identity data (name, date of birth, address etc). As more and more processes move online, there is a need to tie many other attributes to a user’s identity such as educational or workplace qualifications, proof of employment, not to mention healthcare data,” said Khan.
Portable digital identity solutions start to replace repeated identity verification
A PDI is best defined as a digital identity that contains all the necessary attributes for identifying someone in the digital world. PDI also means that the user maintains some level of control over security and privacy.
The principle of PDI is that the user formerly proves their identity with a trusted entity and, once authenticated, it is recorded as an identity assertion. That identity assertation is either stored with the party that verified their identity (centralised model) or saved in a DIW on their smartphone (decentralised model). Decentralised models also offer the benefit of using verifiable credentials, which allow users to make assertions without revealing more data than they need to – for example, proving that you are over 18 years of age without sharing your date of birth.
Governments are already taking action. The European Commission (via eIDAS Regulation) will require all EU member states to make a DIW available to citizens by 2026. However, many vendor products are available today that enable organisations to benefit from PDI for targeted use cases.
“Chief information security officers (CISOs) do not need to wait for a government to provide all citizens with a PDI solution,” said Khan. “For example, in the workforce, CISOs can use a readily available decentralised identity wallet product and issue it to their employees. The wallet could then be integrated into their employee onboarding, account recovery and IT help desk workflows. This is ultimately improving security by introducing strong authentication and improving user experience (UX) by removing the need for repeated IDV.”