Co-authored by Eduardo Hotta and Elina Yumasheva
While self-sovereign identity (SSI) sounds like an unfamiliar concept for some, others are actively leveraging the technology to address industry-specific challenges — take the KYC trial of the Financial Conduct Authority or the IATA Travel Pass.
But before we go any further, let’s define what SSI is.
What is self-sovereign identity (SSI)?
Self-sovereign identity (SSI) is an emerging concept for exchanging authentic and trusted data related to people, companies, and things in a much more secure and privacy-preserving way. Essentially, it gives the individual a verified master-copy of their own data, affording control over what information they share and removing the need to store personal data entirely in central databases. Watch SSI explained in 25 seconds here.
It could be key to unlocking access to banking, government benefits or other services, and as McKinsey Global Institute research suggests, it could boost economic growth by 3% in the UK in 2030.
Do we have a problem with digital identity?
Current identity solutions largely incentivise issuing/verifying organisations (the data controller) over the individual/company (data subject). The data subject (i.e. an individual or a company) at best has to directly pay (sometimes prohibitive) fees to acquire documents, and at worst, often have no control over their own data (as often in targeted advertising).
The bottom line is that the current identity model is fundamentally broken as it’s all built and controlled by third-party providers rather than individuals. The result of such a set-up from a user experience is that, on average, an individual has 130 to 200 different accounts tied to the same email address. This makes it in many ways a paradise for threat actors, as they can target organisations’ data silos and can use phishing and social engineering techniques to try and trick individuals into giving away their passwords to a multitude of accounts. Over time, data subjects have lost track of what data is being stored and by who.
Know Your Customers and Finance
When it comes to use cases, SSI has a variety of applications, and, arguably one of the most known within the Banking sector is Know Your Customer (KYC). Most processes that touch finance usually request user identity verification, such as transactions that require payment. SSI enables a reusable KYC concept that offers a much more seamless way of ID verification. When an ID verification is needed more often due to compliance or regulatory pressure, SSI can significantly reduce the friction for users improving a customer experience while providing a compliant service.
In short, current KYC is ‘single-use” while” KYC’ed SSI makes KYC’ recyclable’.
However, friction reduction goes beyond the Business to Consumer (B2C) space and applies to the Business to Business (B2B) use cases. SSI also provides traceable and auditable personally identifiable information (PII). Finally, as it’s also applicable across-industry, SSI ultimately speeds up the onboarding process for new customers and improves security by removing the unnecessary paper trail. This makes it a rather useful solution to enable mobile banking. One of the notable examples is the UK government, which launched a trial for their Financial Conduct Authority (FCA) using an SSI-powered solution for onboarding users.
SSI in Decentralised Finance and Crypto
Moving beyond traditional banking, the Centralised Decentralised Finance (CeDeFi) also sees a robust application for SSI. Since identity verification is equally required in both centralised and decentralised finance, with neither satisfied with the existing KYC and identity approaches, SSI can provide that identity layer that meets both worlds. It creates a bridge between traditional data-heavy interactions and an anonymous DeFi approach, while CeDeFI will provide the financial infrastructure for SSI adoption in a key market.
cheqd’s ultimate vision is to establish the payment rails for identity, initially self-sovereign identity without anyone needing to worry about the underlying technology. This perfectly aligns with the CeDeFi vision of providing a spectrum of financial services without the need to worry about whether they are centralised, decentralised or what technology they are built on. The blending of CeFi and DeFi also prevents the need for multiple, siloed identities, which is the problem SSI is built to solve.
Within the Crypto and DeFi space, SSI enables peer-to-peer (P2P) transactions. One can share a small piece of identity information, i.e. a Telegram handle, to prove who they are without disclosing their identity publicly. This means no more test payments to check wallets. Another option is doing KYC’ed loan pools without storing the data — instead, only keeping ‘yes’ or ‘no’ answers.
Travel and SSI
The travel industry probably shows one of the most relatable SSI applications enforced by the pandemic developments. International and domestic travel has always required identity to be shared in the form of passports, visas and other documents. In the age of COVID-19, this has been made even more complex as another layer of health certification has been added. Take the ‘track and trace’ system, for instance; one of the biggest downsides is that a lot of personal information is shared with a vast number of third parties. One of the projects in this space is the Covid Credentials Initiative, which aims to develop ‘privacy-preserving verifiable credentials’ to spread the virus through the use of SSI.
Airlines are actively testing global credentials to verify health passports using SSI and digital identity with the International Air Transport Association (IATA) developing IATA Travel Pass. It stores encrypted data, such as verified test and/or vaccination results on the traveller’s mobile device, meaning it’s fully decentralised as there is no central repository for this information.
NFTs and SSI
In a nutshell, self-sovereign identity helps to prove who created, owned and/ or currently owns Non-fungible Tokens (NFT) across their lifecycle as well as providing ownership of fractions. SSI can solve the provenance issue regardless of the ledger NFTs are hosted on. SSI can enable a fully decentralised content consumption with payment and identity — in other words, consumption of media/content directly from the creator without a distribution channel. This can help creators to receive fair payments for their work and interact with their audiences directly. cheq out our thoughts on how NFT and SSI combined unlock a new gaming experience here.
Another issue that self-sovereign identity can address is identity tied to payments. There is currently no way to verify the identity of the payment receivers in Crypto/ DeFi transfers beyond the wallet address. It’s a problem even for low-volume transfers, but increasingly more so on high-value transfers. While there is always a need for anonymous payments in Crypto, there are occasions when it’s useful to verify who is receiving funds.
Other SSI use cases
While the list can go on, especially as various industries join the bandwagon and pick up the technology, there are a few notable examples. Decentralised storage is getting more traction as SSI can be implemented to manage participants’ data and store distributed files with decentralised access control. Decentralised identity and the technical standards involved (Verifiable Credentials and Decentralised Identifiers) can also be used for:
• E-commerce: Besides increasing transactional security and preventing potential e-commerce fraud, it reduces onboarding and payment friction. A few examples of existing projects include Barclaycard and OpenBazaar.
• Corporate or organisational identity: Making it easier to trust companies one is interacting with, especially over the internet. For instance, Bosch is participating in The IDunion network’s project that develops an internationally deployable SSI application for corporate identity and master data management.
• Product or package identity: Enabling more efficient and effective track and trace for real-world supply chains. The global blockchain supply chain market size is projected to reach circa $9,852 million by 2025, with a growth of more than 80% from 2018 to 2025.
And of course, the most exciting one is the metaverse. As metaverse is a very decentralised concept and is about privacy, control, openness and interoperability, its requirement for identity verification and trusted data elements should also be fully decentralised. The metaverse needs to be designed on open standards – with SSI and verifiable credentials hopefully playing a pivotal role here. Explore the symbiosis of metaverse and self-sovereign identity and how they fit within Web 3.0.
The beauty of this technology is that it addresses issues that are universal and applicable across industries. With more and more companies leveraging SSI, the list of use cases will grow fast, making SSI a reality soon. Take a look at the most comprehensive list of self-sovereign identity use cases here.