How to use blockchain for identity management?

Shakespeare once said, “What’s in a name.” This quote came true when the internet was launched, and people got a chance to hide behind usernames which didn’t reveal their real-world identities (names). Post internet launch for a decade or two, it seemed perfectly alright too. However, when the internet reached masses and businesses went online, the issue of ‘who you are’ became immensely important.

From banks to e-commerce to government, everyone wants to know the real face behind an internet name. Why? Fraudsters have been able to either hack or impersonate identities, and this has resulted in massive losses for many businesses, especially for the ones who handle financial data. A report released by the Juniper Research suggests that in the year 2024, around $50 billion can be lost because of online payment fraud.

It is one of the reasons, the two-factor authentication (2FA) was introduced in the PSD2 regulation. The 2FA system controls fraudsters from exploiting the system as it requires an additional security step from the user to establish their identity. No doubt, 2FA is securing the system, but then for companies like e-commerce, it might be burdening. E-commerce businesses want the customer to reach the cart as soon as possible; an additional step is cumbersome and deters the customers from buying product/s.

Blockchain’s solution for the identity management crisis

One of the reasons that there have been massive identity frauds in the last couple of years is the conventional identification and verification process. The identity management process has not changed, not only in the payment industry but also in others. Weak passwords and centralized repositories are equal culprits in the growing issue of identity frauds.

Blockchain offers various methods to manage identity. One of the most promising ways is Self-Sovereign Identity. In this method, the digital identity is directly managed by the credential owner, and the verification records are stored on the blockchain instead of on Cloud or Central Repositories.

Understand the Self-Sovereign Identity management with an example

Let’s say that Danny wants to apply for a home loan with ABC Bank. Now, the first and foremost thing that a bank does is, it performs a KYC (Know Your Customer) check on Danny to know if he actually is, who he says he is. Then, the bank will undertake multiple next steps, including an Anti-Money Laundering check before Danny finally gets a loan.

However, in the Self-Sovereign Identity world, the process can be easy and quick. If Danny’s employer is a provider of verifiable claims in any of the blockchain-based identity network, then the employer can simply attest that Danny works for them and his salary is x.

This information is validated by four other banks (identity providers on the blockchain network) with whom Danny’s employer is in business. Since four banks are validating the information submitted by Danny’s employer, ABC bank immediately releases the loan to Danny.

Also, with the self-sovereign method, not all personal data needs to be shared, e.g. Danny’s pay package. Instead, the network can simply validate that Danny’s salary is above a specific threshold. Here, the bank issues the loan to Danny with minimal information, all shared with the bank as per his explicit consent.

Hyperledger Indy — A project on Self-Sovereign Identity management

With Indy, Hyperledger has introduced a powerful tool that overcomes the issue of identity crisis. With Distributed Ledger Technology aka blockchain, the company enables people present in the network to have a single source for verifying data.

Hyperledger Indy process says that the person attesting the identity doesn’t need to check the validity of the data offered as proof. Instead, the verifier will go on blockchain to check the validity of the attestation as well as the attesting party. As a result, the validation of proof is based on verifier’s judgement on the reliability of the attesting party.

Hyperledger also believes that trust is only one of the issues, we face in identity management. Most of the identity credentials issued are limited to one particular institution. So far, there is no standard on these schemas. Now with Indy and standards like Verifiable Credentials, interoperability of data between different institutions and identity managers might be achieved.
Once identities are validated on the blockchain, it might be easier for developing countries to help the “invisible people” gain access to financial inclusions.