The Rise of Consumer Data Control
The statistics are staggering.
The Federal Trade Commission’s (FTC) 2019 Consumer Sentinel Network Data Book reports a sum total of 3.2 million queries relating to identity theft, imposter scams and telephone and mobile services. Of the 1.7 million fraud reports, 23% of those people incurred some type of loss. These losses totaled $1.9 billion just that year, with a median loss of $320. Payments Journal and The Nilson Report both forecast that merchants, card issuers and merchant acquirers across the world will face fraud-related staggering losses of around $34.67 billion by 2022. Around $12.1 billion of those losses are expected to occur in the U.S. alone. It behooves consumers and institutions to proactively protect data in order to stem these losses and make resources available for other purposes.
The need for consumers to secure and protect their data has existed for quite some time and over the past few years, has been made brought to the forefront by regulations like Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). These regulations along with the support of other countries like Canada and Australia to name just two, along with the aftermath of recent data breaches, have led to new tool and services now available to consumers to become active participants in the protection of their data. Even with this emergence, consumers remain highly dependent on entities such as credit card companies and banks to manage their data for them. According to Payments Journal (2018), when there is a loss due to credit card fraud, the merchant, issuer and payment processors absorb the loss – with issuers typically absorbing 62%, and merchants bearing 38% of those losses.
Consumers, for the most part, have been conditioned to trust the companies with which they do business to protect their data. Consumers do, however, have mixed sentiments when it comes to security and sharing their personal information. A 2020 McKinsey study found that, while consumers are becoming more intentional about what types of data they share and with whom, they will forego privacy concerns if they feel the service is important to them. With the changing regulations, new technologies like blockchain and cryptography which increase the ability and security allowing consumers to handle large volumes of sensitive information together more readily, securely and safely with the development of new tools and services aimed at identity and data management, the time has come for consumers to exert power over their data/digital identities and protect themselves and their assets. Ownership of identity is a basic human right, and individuals should be the primary beneficiary of any use and/or value generated from their identity.
Consumers can control who does what, when, where and how with one’s personal data. This data includes access controls (like usernames and passwords), banking records, health records, credit card transactional information, government-issued documents (such as driver’s licenses, passports and educational records), education credentials and more. There are several new technology tools that can aid consumers in protecting their valuable information, including digital or data wallets, digital credentials, verifiable identity and access credentials, and identity controls. These tools help the user control the sharing of their data with the benefit of controlling third party access, while increasing the value of access to the individual for marketing purposes.
There are several types of platforms and solutions that can help the individual exercise control with varying degrees of authority. An edge wallet stores credit card numbers, debit card numbers, loyalty card numbers or even digital currencies on your laptop, tablet, phone, still making it potentially susceptible to loss or theft if your device is damaged, lost or compromised. Cloud based wallets potentially add additional safety, privacy, and security as they generally require separate authentication from the device (like biometric facial recognition) and are stored off a user’s device, making them independent of any device.
While many digital wallets offer peer-to-peer payment services through which users can pay “friends” and family. Mobile devices (such as those offered by Apple or Samsung) offer native, edge-type “wallet” apps, and several internet service providers and telecom service providers also offer wallets, such as the Dynamics Card, to their consumers. These are currency wallets and not identity, data or credentials wallets and are not considered self-sovereign (owned, managed and fully controlled by the user), because they don’t grant the user full power over what data can be stored or released. If a service provider can exercise control over what data goes into their systems, is it really secure for the user – and what true self-governance does it provide to the individual? To meet this concern, emerging services companies are introducing biometrically enabled identity, data and credentials wallets, where the user has absolute control over what information goes in and out, making them self-sovereign.
For example, with verifiable identity credentials, individuals (or “holders”) use a self-sovereign digital wallet that will be able to support a wide range of verifiable identity and other digital credentials, with many of these based on the Trust over IP open-source governance and technology stacks. With verifiable credentials, users will be able to securely store, manage and control the use of their most valuable information in that self-sovereign wallet, including online access, proof of educational degree(s), certificate completion, membership cards, government credentials (such as passports and driver’s licenses) and healthcare credentials (such as COVID-19 vaccination records). Verifiers (i.e., employers, schools and airlines) who want to ensure that individuals have the necessary credentials and are who they say they are will be able to request that a user present those verifiable credentials to potentially determine acceptance or entry.
As the number of digital wallets s grows, consumers will increasingly find themselves needing a way to keep everything organized. Retailers, organizations, and venues may require the use of different credentials, in the same way that businesses are currently able to establish if they accept different forms of payments, like credit cards, debit cards and cash. According to research from Nordpass, the average person has 100 passwords, a 25 percent increase over its 2019 findings, which in part is due to the increase in the use of online services as a result of the global pandemic. What happens when that average rises to 100,000+ touchpoints as more of our lives are spent online? Perhaps even more troubling is that the consumer will have to pay for a plethora of credentials. Are you planning a trip in the near future? Think of all of the credentials you may need to reach your destination. Travel agents may require one pass to book the trip, while another pass will be needed to clear TSA security, another to board the plane and another to gain entry to the resort. How do you manage that? The answer: through verifiable credentials like the Good Health Pass that will empower the way users present and verify themselves to travel authorities. The winning digital platforms will have management, control, issuance, and verification functionalities that enable the end-user to maintain independent sovereignty at each step of the process.
With self-sovereignty, your data (and any access to it) will no longer be controlled by third parties. Once you are a known individual in the digital ecosystem, you will be more valuable as a consumer. Vendors and marketers, knowing that your real and not a fake account or bot, will pay dearly to market to you and will pay for the privilege to reach you as they will not be wastefully spending money reaching an audience that may not exist. You will, ultimately, only receive marketing messages for things of interest to you. It will be a win/win for both parties, and most of all, for the security of the transaction.