Customers left fuming over personal information exposure

Written By Paul Timms
Person in an online meeting

The proliferation of online services, coupled with the growth in requirements to collect and verify customers, has resulted in an array of differing identity management services, all of which are service provider-centric. In 2023, the exposure of Bank of America customer data, following on from Latitude Finance, Optus and Medibank breaches is a further reminder to users that this data may not be secure and further, they have no control over it.

The use cases for identity proof and management has resulted in a vast array of verification agents who serve the need of the service provider and their commercial model. This current ‘spaghetti junction’ of service provider requests, means customers are creating an increasing number of accounts. Each time sharing the same personal private information (for example driving licence, Medicare card, passport details) with each service provider. The user is left with no control, repetitive tasks that expose the same personal information repeatedly, and no awareness or record of what or where this data is.

Self-Sovereign Identity (SSI) is a widely used term that ushers in a brave new world of identity where the user (customer) and only the customer, is to have full control of their identity data. It puts an end to the large array of identity requests and passing and storing of the supporting documentation/data that is commonplace in today's market.

Customer Controlled Compliance leverages SSI concepts in its approach to digital identity, it delivers to individuals control over the information they use to prove who they are to service providers.

Customer Controlled Compliance allows the customer to prove their identity and access the services they require without having to share the underlying data. It addresses the issue of trust in the proof of identity by ensuring the rules of the service provider for compliance meet the level of verification as recorded for the customer, this resulting contract is then stored on a decentralised network.

This article is not seeking to say that there is a way to stop cyber-attacks however what it is proposing is to rethink the process and put the customer back in control and lessen the opportunity for information that supports identity to be exposed.

Paul Timms

Paul Timms
Previous

Revolutionising Identity Verification: Paving the Way for Re-Usable, Portable Digital Identities
Next

What is digital ID and why should you jump onboard?