Co-authored by Fraser Edwards and Teresa Chan
This is the start of a new series of blogs about self-sovereign identity or decentralised identity companies should start embracing a Fintech mindset. The explanation and arguments will be discussed in the subsequent blogs to validate that the core value of Credential-as-a-Service lies in the credentials and proofs, facilitating market creation and the onboarding of issuers, verifiers, and users.
In today’s digital age, our online interactions fuel a vast ecosystem of data, shaping the business landscape in unprecedented ways. The buzzwords of identity and data are at the heart of modern business models, impacting various industries and applications. From finance to marketing and beyond, our commercial world thrives on the effective use of data and identity. This blog dives into the prevailing commercial models centred around identity and data. We will examine how data is processed in the context of ad placement and telecommunications. Along the way, we will investigate the challenges that come with these models, emphasising the balance of power needed between identity/data subjects and issuing/verifying organisations.
Commercial Models on Identity or Data
Number of Parties Involved
- Uni-lateral
In a unilateral model, the exchange of information is a one-way flow, typically initiated by an authoritative entity. A prime example is the issuance of an International Certificate of Vaccination by a healthcare professional to a patient. The healthcare professional, acting as the issuer, generates and provides details based on the patient’s health records. The patient, as the data subject, receives the certificate without active participation in the information generation process. This model is straightforward, with a single party taking the lead in providing information to the data subject.
- Bi-lateral
The bi-lateral model introduces a two-way flow of information between the data subject and a verifying entity. Take the example of a Passport Office processing passport applications. The data subject, an applicant, provides personal information, and while some details may be pre-existing or known to the Passport Office, there is a need for the applicant to actively participate in the exchange. The Passport Office verifies the information provided, and details for the passport are generated. This model reflects a mutual interaction where both parties contribute to the flow of information, creating a dynamic and collaborative process in identity verification.
- Multi-lateral
In a multilateral model, the exchange involves multiple validating entities collaborating on identity-related processes. BankID in Sweden exemplifies this approach, where Know Your Customer (KYC), verification, and authentication are shared among various banks. In this scenario, the data subject engages with multiple validators (banks) during the identity verification process. The complexity increases as different entities mutually contribute to the verification and authentication procedures, creating a networked approach. This model is characterised by a shared responsibility among several parties, often facilitated by a centralised system, ensuring a robust and comprehensive verification process that goes beyond the capabilities of a single entity. Already, this model is extending beyond the banking sector, involving diverse industries in collaborative identity ecosystems.
Another Lens: B2C, B2B & B2B2C
LogTo, a third party identity management cheqd has adopted to hand user authentication and login for both cheqd Studio and Creds, wrote an excellent blog explaining business model’s identity systems, focusing on the nature of the parties involved beyond pure numbers. The following is an excerpt:
- B2C (A Simple Consumer App)
In a consumer-oriented app, such as a music streaming service, the identity model oversees numerous levels of user access and permissions according to their subscription plans.- Free Plan User:
- Access to a limited selection of free music.
- Pro Plan User:
- Access to the free music library.
- Ability to create and save personalised playlists.
- Advanced Plan User:
- Access to the complete music library, including HiFi quality tracks.
- Ability to create and save custom playlists.
- Free Plan User:
- B2B (Software as a Service)
In this setup, services are provided to many clients using a multi-tenant architecture, where each client maintains their own dedicated resources, yet identities are managed collectively through a single system. The key distinction between SaaS and consumer apps is the incorporation of an “organisation” layer with specific access control policies in SaaS apps. This layer represents a group of users who require a structured approach to resource access. - B2B2C (Multi Sided Business)
The multisided platform business model facilitates connections between distinct groups of users, serving as an intermediary. This approach spans both consumer (B2C) and business (B2B) markets. In the case of a ride-sharing taxi app, the platform connects passengers with available drivers, enabling convenient transportation options while providing drivers with a steady flow of customers. - Advanced Identity and User Management Models
- Agencies
If you are an agency managing user identity systems for different clients, each client’s app will have its own distinct identity system. In this scenario, establishing separate tenants for each client is the most effective approach. - Integrate with other partnered applications
You are developing a consumer app called App A, complemented by App B and App C to enhance its features. They should be made available to your end users as part of a bundled package. - Platform and marketplace product
You develop an app for third-party companies to create their own services using your app’s API. These apps are maintained by third parties rather than by you, except for the management of user identities. They will request specific permissions from users to operate their services.
- Agencies
Payment Dynamics in Identity Flows
While the number of parties engaged in an exchange is essential, commercial models for digital identity can be distinguished by the pricing structures applied between the parties involved in digital identity exchange.
Paid for by the individual/company (or the “identity subject”)
- Free
Within the digital identity landscape, the free model represents a scenario where certain credentials are bestowed upon individuals or companies without any monetary exchange. This implies that obtaining a specific identifier, such as a tax registration number or Social Security Number, does not incur any direct cost. Such fundamental identification elements are provided as a public service or a basic right, allowing individuals and businesses to access essential services without financial constraints. This model emphasises the foundational nature of certain identity components, positioning them as freely accessible tools for participation in various aspects of societal and economic structures.
Credentials of this type are often referred to as anchor credentials, as they are typically high-assurance and issued from a root of authority, i.e. a nation state government. - Freemium
Under the freemium model, the emphasis lies on a dual-tiered approach where a significant portion of interactions remains complimentary, but specific features or services incur a charge. To illustrate, consider the issuance of a university degree. The core degree, representing the culmination of an individual’s academic efforts, is typically provided at no additional cost beyond tuition fees. However, the freemium aspect comes into play when individuals seek extra copies of their degree, necessitating a separate payment. This model strikes a balance between providing essential services at no cost while allowing for monetisation of supplementary, non-essential components. - Transactional
The transactional model involves a direct financial transaction for each instance of issuance or verification. In the context of digital identity, this is exemplified in processes like passport applications. Here, the applicant incurs a one-time fee payable to the passport office to obtain the latest valid document. This model emphasises a straightforward economic exchange where the cost is directly tied to the specific identity-related transaction, creating a clear financial relationship between the individual and the issuing or verifying entity. - Data mining
The data mining model introduces a more nuanced approach to digital identity, focusing on the meticulous recording of interactions between individuals or companies and organisations. In this scenario, the metadata and behavioural data generated during these interactions are harnessed to construct identity profiles. While the initial interactions may appear free to the individual or company, the true monetisation occurs through the sale of inferred insights and data to other entities. Programmatic targeted advertising serves as a prominent example, where the individual becomes the product as their identity-related information is leveraged for targeted marketing. This model raises questions about the balance between individual privacy and the commercial value derived from data-driven identity profiling.
Paid by verifying organisation(s), free for individual/company
- Direct relationship with one organisation
In this model, an individual or company willingly provides identity attributes to an organisation requiring verification. The responsibility of the verification process lies with the organisation, which covers the associated costs or outsources the task to third-party verification providers. A classic example is the KYC process for opening a bank account. While the individual or company is not charged for identity verification checks, the bank, acting as the verifying organisation, may engage third-party identity verification providers like FinClusive, Onfido or Alloy, or corporate identity verification providers such as Dun & Bradstreet. These third-party providers often derive information from diverse sources, including government records. The pricing structure for this model can vary, including:
-
- Pay-as-you-go
- Description: Under the pay-as-you-go pricing model, the verifying organisation is charged for each individual interaction involved in the identity verification process. This could encompass manual verifications or API calls, depending on the chosen method.
- Example Scenario: A startup company offering a mobile-based financial service decides to integrate identity verification for user onboarding. Since the startup is in its early stages, the number of new user registrations varies each month. Instead of committing to a fixed subscription, the startup opts for a pay-as-you-go model with a third-party identity verification provider. In a month with a high influx of new users, the startup pays for the exact number of verifications performed. Conversely, during slower months, the costs decrease proportionally, ensuring the company only pays for the services it actively utilises. This flexibility is particularly advantageous for businesses experiencing fluctuating user acquisition patterns.
- Tiered subscriptions
- Description: The tiered subscriptions model involves verifying organisations paying fees in predefined blocks or tiers based on their anticipated or actual usage. This structure provides a graduated approach to pricing, with costs increasing as the volume of identity verification checks rises.
- Example Scenario: Consider a large financial institution that anticipates a substantial number of KYC checks each month. In a tiered subscription model, the institution would subscribe to a specific tier that aligns with its projected usage. The pricing would be structured in blocks, ensuring that the organisation pays a set fee for a defined level of verifications. This model is advantageous for organisations with varying levels of verification needs, offering a cost-effective solution compared to pay-as-you-go for high-volume users.
- Pay-as-you-go
-
- All-you-can-eat
- Description: In the all-you-can-eat pricing model, the verifying organisation pays a single, fixed fee regardless of the volume of identity verification checks conducted. This offers a straightforward and predictable cost structure, irrespective of usage.
- Example Scenario: Imagine a smaller business with a consistent but moderate need for identity verification services. Opting for an all-you-can-eat model, the organisation pays a single fee, providing unlimited access to the verification service. This is particularly beneficial for organisations with steady, predictable verification needs, as it ensures cost stability without the need to monitor usage closely.
- The choice between pay-as-you-go, tiered subscriptions, and all-you-can-eat models depends on the specific requirements, usage patterns, and budget considerations of the verifying organisation.
- All-you-can-eat
- Mutualised costs across multiple organisations The practice of dividing identity verification expenses among multiple organisations involves a fair allocation of costs, either evenly or based on proportional usage. This approach often extends from the direct relationship model. An illustrative example is observed in initiatives like the BankID consortium in Sweden. Here, the entity managing BankID is jointly owned by Swedish banks, showcasing a collaborative approach to running the system while distributing costs among the participating entities as each bank bears its own KYC costs independently. Outside of banking, thousands of organisations from the mobile payments, public, and private sectors use BankID. They all need to collectively share the costs as well. In essence, the mutualised cost-sharing model represents a cooperative and cost-effective strategy, ensuring that the expenses tied to identity verification are distributed among multiple organisations while providing a valuable service to the individual or company without imposing direct costs on them.
Case Studies on Personalisation-inclined Sectors
There is a notable surge in the prevalence of bilateral and data mining commercial models in the last decade. This trend is particularly pronounced in sectors such as ad placement and telecommunications, where the common thread lies in their inclination towards targeted and personalised services.
Programmatic Targeted Advertising
Advertisers leverage various aspects of an identity subject’s (individual’s or company’s) digital identity to deliver targeted and personalised advertisements. The largest advertising platforms are run by Google, Facebook, Amazon, and Apple. Here’s an overview of how the process typically works:
Data Collection
- Browsing Behaviour: Advertising platforms track users’ online behaviour, including the websites they visit, the products they view, and the searches they perform. This data helps create a comprehensive profile of the user’s interests and preferences.
- Demographic Information: Digital identity attributes such as age, gender, location, and device type are collected to build a more accurate user profile.
- Social Media Engagement: Information from users’ social media activities, including likes, shares, and comments, is often integrated to enhance the understanding of their preferences.
User Profiling
- Advertising platforms use sophisticated algorithms and machine learning models to analyse the collected data and create detailed user profiles. These profiles include insights into users’ interests, behaviours, and potential purchasing intent.
Targeting and Segmentation
- Based on the user profiles, advertising platforms segment the audience into specific groups. This segmentation allows for more precise targeting of ads to audiences with similar characteristics or behaviours.
- Advertising platforms may categorise users into segments like “young professionals interested in tech gadgets” or “parents looking for family vacation options.”
Real-Time Bidding and Auctions
- Ad space on websites and apps is often sold through real-time bidding auctions. Advertisers bid for the opportunity to display their ads to users in specific segments.
- The bidding process occurs in milliseconds as a user loads a webpage or app, allowing for nearly instantaneous ad placements.
Ad Delivery
- The winning bidder’s ad is dynamically delivered to the user’s device in real-time. This could be in the form of display ads, video ads, sponsored content, or other formats.
- The goal is to present users with ads that align with their interests and preferences, increasing the likelihood of engagement.
Performance Measurement
- Advertisers monitor the performance of their campaigns by analysing metrics such as click-through rates, conversion rates, and user interactions.
- These metrics provide insights into the effectiveness of the ad placements and help advertisers refine their targeting strategies.
Monetisation of User Data
- In some cases, user data itself becomes a commodity. Ad networks or data brokers may aggregate and anonymize user data, selling these insights to other businesses for various purposes, including market research and trend analysis.
- “You’re not the customer, you’re the product”.
Telecommunications
Telecommunication companies (Telcos) play a significant role in the digital identity landscape. Some engage in selling user attributes in the same way some advertising platforms do, whilst others utilise digital identity for various other purposes, including service provision, personalisation, and potentially, targeted offerings. Here’s an overview of how these companies incorporate digital identity within their commercial models:
User Registration and Account Creation
- When users subscribe to services offered by Telcos, they typically go through a registration process. During this process, users provide essential information that contributes to their digital identity, such as names, addresses, contact details, and account credentials.
Service Usage Data
- Telcos collect data related to users’ usage of their services. This includes call records, text message logs, internet usage patterns, and location data if users have opted into location-based services.
Customer Profiles
- The collected data contributes to the creation of customer profiles. These profiles include details about users’ communication preferences, device usage, network habits, and potentially even preferences related to content consumption.
Personalisation and Targeted Offers
- Leveraging the gathered data, they can personalise the user experience. This may involve recommending specific service plans, suggesting relevant add-ons or features, and tailoring promotions based on user behaviour.
- For example, if a user consistently uses a large amount of mobile data, the companies might offer personalised data plans or promotions related to high-speed internet services.
Cross-Selling and Partnerships
- The Telcos may collaborate with third-party partners for cross-selling opportunities. With user consent, certain attributes of the digital identity may be shared with partners to offer complimentary services or products.
- For instance, if a user subscribes to a broadband plan, there might be collaborations with streaming services or technology providers, and personalised offers related to these collaborations could be presented to the user.
Data Monetisation
- While they primarily use customer data for service improvement and personalisation, there may be instances where anonymised and aggregated data is used for broader market insights or collaborations with advertisers. This involves extracting trends and patterns from the data without directly selling individual attributes.
Challenges on Existing Business Models on Identity or Data
Despite the widespread adoption of the aforementioned business model of identity or data, they come with several challenges that warrant attention and thoughtful solutions, shaping the discourse surrounding privacy, security, fairness, and ethical data practices.
- Opaque Data Monetization Practices
The acquisition and selling of identity subjects’ data on digital platforms often lacks transparency. Users may be unaware of how their data is being monetised, and this lack of transparency means they often do not receive any tangible benefits from the process. - Imbalance in Incentives
Current identity solutions, especially in the last decade, prioritise the interests of issuing/verifying organisations over the identity subject, i.e. individual/company. The identity subject at best has to directly pay (sometimes prohibitive) fees to acquire documents; and at worst often have no real control over their own data (as often in targeted advertising.) - Data Misuse and Limited Autonomy
The collection and utilisation of identity subjects’ data for commercial purposes raise concerns about potential misuse. Unauthorised access or improper handling of sensitive information can lead to breaches of privacy. Additionally, individuals often have limited control over how their data is collected, used, and shared. - Vulnerability to Cybersecurity Threats
With the continuous evolution of cyber threats, safeguarding digital identities and sensitive data becomes increasingly challenging. Data breaches and cyber-attacks pose significant risks to both businesses and individuals. As more personal information is stored and shared online, the risk of identity theft and fraud grows, leading to financial losses and reputational damage. - Geographical Disparities in Identity Costs
The costs associated with acquiring and verifying identity vary significantly based on geographical and industry contexts. What may be deemed affordable in one country can be exorbitant in another. Even within a country, affordability and access to verified identity may be prohibitive for disadvantaged demographics. The unfortunate consequence is exclusion due to a lack of verified identity that impacts large parts of society.
What’s Next?
In wrapping up our exploration of today’s identity and data business models, it’s clear we need to improve the foundations on which the identity subjects’ data is owned, shared, and monetised. In essence, we shall put individuals and entities back in control of their digital identities. Here’s a ray of hope — enter Self-Sovereign Identity (SSI), a decentralised identity model that empowers identity subjects to decide who accesses their data, the extent of data access, and under what circumstances. By embracing SSI, we embark on a journey towards transparency, user-centric control, and heightened security.
Stay tuned to the next blog.