The following was published as Chapter 5 of our series, The Seven Deadly Sins of Digital Customer Relationships. This chapter can be read by itself as a great introduction to the many privacy and data minimization benefits of zero-knowledge proofs (ZKPs). However, if you’d like to start from the beginning, you can find the entire series here.
Another day, another online form to fill out. Yes, browsers are getting better at remembering what customers write in them, but today’s forms are getting increasingly repetitive, manual, and hungry for more and more data. They are ruining the customer experience – especially on mobile – and more often than not capturing missing or wrong details, flooding businesses with low quality and dirty data that then costs businesses real time and money to clean up.
Do businesses really need all these fields to be completed? Or are they simply asking for too much information – not because they actually need it, but because it’s possible to ask for it. And yet it happens over and over again. It’s just plain old greediness. Greed means “an inordinate desire to acquire or possess more than one needs.” Right.
Put simply, most organizations are unthinkingly collecting more data from customers, without understanding the true impact: the real costs to themselves, and to customers.
Diminishing returns on collecting data
The irony is that once the data is inside the business, it’s just the start of the cost and waste.First, there’s a huge amount of work involved in trying to make sense of the data. Often to create a ‘single view of the customer.’ Vast data-gobbling systems across various departments, like little data stomachs all over the place spending millions to combine datasets into a single massive data gut. Most of the time these data optimizing machines still fail to build a genuine view of the customer – one that understands and creates value, rather than one that pushes out loyalty offers and hoping some will stick.
Then there’s all the costs of handling the data in these various systems; the cleaning, the insuring, the storing and securing. The updating, the synthesising, the analyzing. And of course, unless the data is constantly updated, validated, preened and polished, it simply decays. In fact, CRM systems are where data goes to die.
And then finally, on top of all that you can account for the second-order impacts like how much customer trust is lost when businesses ask for too much data, and the brand/PR impacts when (not if) they get hacked.
What a mess.
A window into the true customer relationship
Customers usually experience form filling when registering for a new product or service, or at the time of checkout. That moment, that experience, is often an excellent reflection of how the customer will be treated from that point on. Is that first digital interaction a pleasant, value-based, and respectful one? Or is it transactional, greedy, and full of friction?
Yes, the GDPR has gone some way to making sure companies reflect on what customer data they actually need, and on whether customer data is more of a liability than an asset. But the data collection habit is hard to break, and many companies are stuck asking customers for more data because it’s in the company’s DNA.
It’s funny, and actually a bit sad, that so many brands are spending millions of dollars – millions! – optimizing the customer experience around forms and collecting data. You see, they are trying to improve the wrong thing… fixing the wrong problem. Instead they should be asking if they really need the data at all.
A better way: Zero-knowledge proofs (ZKPs)It’s widely accepted that many businesses don’t really need to know the customer’s date of birth. Not even their age. All they really need to know is that the customer was born before or after a specific date, i.e. to ask: are you over 18? For a long time this idea has only been possible in the research lab – to minimize the data being shared by customers – who would answer only ‘Yes’ or ‘No’ without revealing the underlying attributes (e.g. their date of birth or age).
But now the technology behind ‘Zero-Knowledge Proofs’ (ZKPs) is being baked into new digital identity protocols and standards, meaning that it becomes trivial to prove something about a piece of data without having to see the data itself.
ZKPs have the potential to prove (pun intended) transformational for consumers, for business, and for regulators. For example, rather than asking for data, organizations can instead choose to ask questions of the data:
- Is the customer’s salary over $30,000? Yes or No
- Is their address within a certain district or region? Yes or No
- Do they have a valid Driver License, together with the appropriate insurance policy for this car? Yes or No
- Is their work visa valid for more than 180 days? Yes or No
- Has this particular credential been revoked? Yes or No
The implications of zero-knowledge proofs are profound, especially because they’ll unlock entirely new levels of privacy by design at scale.
Shifting from an abundance of data to scarcity
The obvious main benefit is that the organization can vastly reduce the amount of data it stores – capturing only a ‘yes’ or ’no’ when conducting Know-Your-Customer (KYC) checks. It means the back-office data stores will become way more compliant, more efficient, and less attractive to hack.
But the knock-on impacts on digital customer relationships are equally as important. Better and faster customer experiences, especially when onboarding new users. More trusted, streamlined interactions. More compliant, secure data collection and sharing, meaning fewer data protection issues impacting customer trust.
We can move from an abundance of customer data, where it’s treated cheaply and therefore wasted… to one of scarcity, where it is treasured, looked after and valued.
Throw in the fact that customers can now share these data-minimized, selectively-disclosed data points over a private, secure, and personalized channel – unique to the customer and the business – and we can begin to imagine just how SSI has the potential to completely transform not only the customer relationship, but all digital connections and data sharing full stop.
So next time you’re filling out another form, and the organization asks for your age or address, just think: do they really need the data? When it comes to identity data, less really should mean more. More privacy. More security. More trust. And if that’s not the basis for a long-term sustainable digital customer relationship, I don’t know what is.