Last Thursday, we hosted a virtual fireside chat (watch the recording) with three leading industry experts in digital identity: CULedger’s Julie Esser, Mastercard’s Bryn Robinson-Morgan, and Evernym’s Daniel Hardman.
The topic of the panel was ‘safe credentials,’ or more simply, a look at how we can architect digital portable credentials to maximize privacy, security, and usefulness. It’s a topic near and dear to us all at Evernym, and something we’ve written about a lot lately, through proposing five tests for determining whether or not a credential is safe and tackling two common, yet dangerous credential assumptions.
And sure enough, we’re not the only ones thinking about the importance of safe credentials. Last week’s panel discussion was, by far, our most popular webinar to date, attracting over 300 registrations from all over the world for a jam-packed Q&A session on what it means for a credential to be ‘safe.’
Here are three themes that emerged from the discussion:
1. Safe credentials are bigger than any one organization
Julie discussed several of the benefits that CULedger is actively driving for their credit union customers, including secure authentication in a call center environment (which she referred to as the ‘weakest link’ for security) and a path to smarter compliance with GDPR, CCPA, and Know-Your-Customer and Anti-Money-Laundering (KYC/AML) regulations. In addition to powering better, frictionless member experiences, these solutions have already created drastic cost savings for credit unions by dramatically reducing the time it takes to authenticate a member in the call center.
She then went on to mention how these credentials can be used outside of the relationships members have with their credit unions. A credential, especially one like CULedger’s MemberPass that will have gone through rigorous “KYC hoops,” is a digital asset that can be given to members to enable them to securely, privately, and effortlessly prove their identity not just to their credit union, but to any organization, individual, or device they interact with. For this to work, Julie added, we need open, interorganizational collaboration and true portability and interoperability (which is one of the five tests for safe credentials).
Julie acknowledged the strong sense of collaboration that already exists within the credit union industry, adding:
Bryn echoed this call for open collaboration, commenting on how portable credentials can be used for the benefit of everyone within the Mastercard payments ecosystem, including consumers, merchants, and banks. Unlike the “walled gardens” that have dominated information security up until now, he argued that the usage of digital credentials shouldn’t be subject to any “artificial barriers” across organization boundaries, sector boundaries, or even national boundaries. When consumers can navigate the online world as securely and seamlessly as they do the physical one, all parties will benefit.
2. Safe credentials show the need for both technical and human governance
Another common sentiment addressed by both Bryn and Julie was the dual need for human and algorithmic governance.
Bryn explained how it’s not enough to design technology around trust and safeness; there’s also a need for human governance, such as legal contracts, liability and redress, privacy, user experience, and the independence and reliability around a credential. This level of human trust is critical to KYC and AML processes within financial services, he added.
When asked how verifiers can determine whether or not to trust a credential issuer, Bryn responded:
The level of trust Bryn describes boils down not to the technology keeping our data secure from hackers, but to our own confidence in, and knowledge of, the institution issuing the credential. It’s the same reason why an employer is likely to trust a diploma credential issued by Harvard University but not one issued by Joe Shmoe.
When asked the same question, Julie discussed how CULedger is ensuring the integrity of its MemberPass solution through the creation of its recently launched Digital Trust Registry.
This combined approach of human and technical is a core component of the Trust over IP Foundation, of which Evernym, CULedger, and Mastercard are all founding members.
3. Safe credentials are about building the future we want to live in
Last but not least, all three of our panelists looked beyond the bottom line and beyond user experiences in expressing their belief that safe credentials are the right thing to do.
In his introduction, Bryn kicked off the discussion with Mastercard’s vision for identity:
He later pointed to digital credentials as a “natural extension of the Mastercard DNA,” and commented on Mastercard’s recent joining of the ID2020 Alliance:
Daniel Hardman (Evernym) seconded this notion of portable identity as a human right and added the need for digital trust solutions that work both ways. He discussed the importance of mutual trust (which is our fifth safeness test) in the timely context of COVID-19 credentials:
As an industry, we talk a lot about the need for organizations to be able to identify and know their customers, but we don’t spend nearly enough time talking about how individuals should be able to conduct similar due diligence every time they’re asked to type in a credit card number or present a credential. There’s a need to “verify the verifier.”
Safe credentials aren’t just about KYC, improving organizational processes, or enhancing security, nor are they just about making it easier for individuals to prove and port their identity. They’re about making our digital journeys more trustworthy and secure, so that we can all go about our lives with greater confidence and personal safety.
Give your customers the gift of safe credentials
While we acknowledge that no solutions provider yet passes all of the five tests we’ve outlined, Evernym is committed to getting there first and designing tools that maximize privacy, portability, interoperability, and personal security.
This means we never take shortcuts, and we never make compromises when it comes to safety.
If you share in this vision, we’d love to work with you and introduce you to our platform.
[You can find the full panel discussion on safe credentials, as well as all past and future webinars, at www.evernym.com/webinars/.]