Unlocking a secure future with verifiable credentials

Digital identity has become a hot topic across the nation. Our federal government recently announced a roadmap towards a national digital identity, which means that Australians will soon have one access point for key elements of their private data. Instead of using a physical ID card, individuals will be able to hold personal information, such as a mobile phone number, date of birth, driver’s licence, Medicare and more, in one place that they control — a digital wallet.

The idea behind this national digital identity system is to better protect an individual’s online identity, reduce the risk of data theft and greatly streamline the process of applying for services such as student loans, new financial accounts, utilities and more.

When individuals have direct control over the storage and sharing of their personal information, it is called decentralised identity. This approach avoids reliance on a centralised authority such as the government or a corporation to hold personal data. Individuals can collect trustworthy information about themselves from the government and businesses, store it securely, and decide how much or how little of it to share with digital services from the safety of their mobile phones. The data is packaged into what’s known as verifiable credentials, and this verifiability is an important consideration for services that are battling online fraud or are required to perform identity verification.

Protecting users by shifting identity data management

Wallet-based credentials bring broader considerations that reshape our approach to security. If the high-profile breaches of the past years have demonstrated anything, it’s that businesses are struggling to keep users’ data safe in a changing digital world.

Indicative of this, the Australian Cyber Security Centre’s Annual Cyber Threat Report saw a rise of 13% in cybercrime reporting in 2022, with attacks happening every 7 minutes. Many of these attacks culminated in the spread of personal information from healthcare and financial services, the two industries most affected by breaches.

Government agencies and organisations that collect and store massive amounts of personal data in centralised repositories pose a greater security risk. Bad actors just need to target one single point of failure to infiltrate an organisation, which can impact masses of people and cost organisations millions. It also means, ironically, that individuals face a fragmented landscape of storage of data about themselves, and they struggle to gain full control over where it is and how it’s being used.

By putting the individual at the centre of this ecosystem, the decentralised model for identity promises to change how we view and use data, treating it the same way we are beginning to treat credit and loyalty cards in digital payment wallets.

Paving the way for a next-generation identity landscape

The reality is that decentralised identity solutions and digital identity wallets are still in the early stages of adoption. Enterprises that are willing to take up decentralised identity face the challenge of simplifying the system for a changing user experience. It also requires a rethink of an organisation’s relationship with personal data and the ability to mine that data.

Despite these challenges, it’s important for organisations to contemplate these new models now as they work to build a more trustworthy digital future. If it is implemented correctly, we will see a great reduction in the spread of people’s personal data, and remove touchpoints for bad actors to enter.

Despite few examples of large-scale adoption, the wallet-based credentials model is already happening in a very real way. Internationally, the EU Commission is creating a European Digital Identity to enable all EU citizens to access a personal digital wallet. And looking at Australia, NSW already enables users to have their ID, Medicare cards and specific credentials stored on phones, albeit in a traditional app.

While it’s promising to see decentralised identity plans take shape, we need users, organisations and leaders to continue to vouch for individual data rights, and bring data control into the modern digital era.

Image credit: iStock.com/BlackSalmon