Self-Sovereign and eKYC.
What is KYC & eKYC?
Know Your Customer or KYC is a procedure to identify and verify a customer’s identity. The process consists of a series of checks implemented in the first stage of the relationship with the client to verify that he is who he says he is, taking into account his identity documents and his personification.
This process is affected by a series of regulations in relation to, for example, anti-money laundering (AML), terrorist financing or electronic identification standards and trust services (eIDAS). KYC practices can be developed both offline (in person) and online (remotely).
eKYC is the expression used to describe the digitalization and electronic and online conception of KYC processes. eKYC (Electronic Know Your Customer) is the remote, paperless process that minimizes the costs and traditional bureaucracy necessary in KYC processes.
Falsification of identity, signatures and phishing is very common. Specialist businesses dedicated to technological compliance solutions have developed completely secure eKYC processes with zero margins for the commission of these counterfeiting offences and related crimes.
What is identity verification?
Identity verification is the process of verifying that a person is who they claim to be, by extracting data from a government issued identity document and running some checks that validate the integrity of the document and data, while matching the document photo to the document holder live photo.
What is digital identity?
A digital identity is a set of validated digital attributes and credentials for the digital world, similar to a person's identity for the real world. A digital ID can be authenticated unambiguously through a digital channel, unlocking access to banking, government benefits, education, and many other critical services.
Usually issued or regulated by a national ID scheme, a digital identity serves to uniquely identify a person online or offline.
It can include attributes such as a unique identity number, social security number, name, place, and date of birth, citizenship, biometrics, and more, as defined by national law.
With specific credentials (a unique ID number like in India, a mobile ID like in Finland or Estonia, or an eID card like in Spain or Portugal), it can be used to authenticate its owner. These credentials may also include a digital identity certificate to sign electronically (give consent), obtain a seal (protect integrity), and a stamp (set time).
An analysis carried over seven countries (Brazil, China, Ethiopia, India, Nigeria, the United Kingdom, and the United States) found that, extending full digital ID coverage could unlock economic value equivalent to 3 to 13 percent of GDP in 2030, with just over half of the potential economic value potentially accruing to individuals. Realising this value is by no means certain or automatic—it necessitates multiple high-value use cases and high levels of usage—and not all of these potential sources of economic value may translate into GDP. Yet, with careful system design and policies to promote uptake and mitigate risks, digital ID could be a powerful key to inclusive growth, offering quantifiable economic value to individuals, beyond significant noneconomic benefits.
What is self-sovereign identity (SSI)?
Self-sovereign identity (SSI) places data control with the individual. Identity information (credentials) are issued by a trusted party (e.g., Government department) and stored on an individual’s device (typically a “wallet” app). When an individual accesses a service that requires proof of eligibility, he or she consents to share the credential proof needed for that transaction.
Why is self-sovereign identity important?
Everyone has personal data on the internet. As more people use more online services, more personal data is stored in directories and databases. This personal data is of value and attractive to hackers and there have been many high-profile cases of identity data attacks and breaches.
Self-sovereign identity helps address this by placing the responsibility for personal data management with the individual. He or she keeps their data in a personal data store (a wallet) and grants access to this data to a consuming service for a limited and specific purpose. If the individual takes steps to protect his or her personal data store – as they should for sensitive online services, e.g., online banking – the user reduces the risk of his or her data being used for fraudulent purposes.
How does self-sovereign identity work?
Self-sovereign identity works by storing credentials in an individual’s personal data store (wallet). The individual then chooses to share this data in support of a specific transaction. One example is where an individual needs to prove he or she is over 18 years of age where buying an age-restricted product – e.g., buying alcohol online. In this case, the individual saves the credentials required (e.g., information from a Government-issued identity document, such as a passport or driving licence) to their identity wallet. In the transaction, the online retailer challenges the individual to prove he or she is over 18 from and sends a notification to the individual’s wallet app. The individual chooses to share proof of age from the trusted issuer (Government department) and can complete the transaction.