Credential cyberattacks often begin with counterfeit documentation. Hackers constantly improve at penetrating cyber defenses to steal valuable documents, but the ease of obtaining false docs on the net doesn’t help in the battle against identity theft.
You can use a driver’s license to prove your identity for all sorts of reasons, including financial ones, but someone else might also use your license and details for their own gain.
According to the Identity Theft Resource Center (ITRC), driver’s licenses were one of the top 10 most breached data attributes in 2021. It’s almost impossible to tell a genuine from a fake license just by looking at it, no matter how many times you turn it over.
However, it’s good to know that defensive technology is working just as hard, if not harder, in the fight to protect our identities and to eliminate theft. I had the opportunity to chat with Robert MacDonald, VP of Product Marketing at 1Kosmos, and he told me all about BlockID and the future of identity protection, starting with the AAMVA and their integration of BlockID to protect our driver license IDs.
Proving Who we Really Are
We assume someone is who they say they are. But that’s just a claim. What’s it really worth? Can they prove it? Bring on news of the integration of BlockID with AAMVA enabling organizations to confirm whether the data captured on the driver’s license is authentic via a nationwide registry of motor vehicles (RMV) lookup.
This capability automates identity verification and gives anyone else an additional layer of confidence that users really are who they claim to be, enabling trust building from the onset.
How does it work? BlockID can match a live image and image from the ID document, while also having the ability to check and detect a falsified driver’s license. This is performed simply by verifying the information against AAMVA records.
A user’s identity information is independently verified by trusted third parties, then encrypted and stored on the public blockchain as well as in a secure, digital wallet on a user’s mobile device. The data is then encrypted using a public key where only the holder of the corresponding private key can decrypt it – and therefore only the holder of the private key can be the credential’s true owner.
Immutable Data
Because the encrypted identity data on the public blockchain is immutable, it’s guaranteed to be correct and authentic, and no single entity, government or business, can control it.
Robert points out that there are important distinctions to consider with passwordless identification. Compliance with standards and certification guidelines are needed from standard bodies such as NIST, to ensure privacy at every single step of the process. Organizations must always consider the storage of personal identifiable information (PII). He notes, “This makes it important that any such solutions used for biometric enrollment and/or authentication not only comply with standards, but undergo rigorous certification testing to ensure compliance to standards.”
No Entry for Hackers
How is blockchain storage hacker-proof? Blockchain – one type of distributed ledger – is decentralized. Simply put, a hacker with access to admin credentials cannot access PII that simply isn’t there. This is especially important in today’s new normal of remote working and zero-trust.
User Privacy is Preserved and Secure Access is Facilitated
Is this the future of secure and trusted identification? Robert says, “We have architected a Web 3.0 solution to suit the security needs of organizations today and well into the future.”
In the end, we are all tired of passwords and one-time-user codes to access our information when we work remotely. We all know biometrics are way more convenient to use, and we have all used bad passwords in the past, and may have regretted doing so. For organizations, this move to facial recognition could be a panacea, considering the sheer amount of remote workers since the start of the pandemic and the implications of identity theft. In fact, COVID-19 and its fallout is currently the main reason companies are forced to find a trusted digital identity solution.
UX and ID Decisioning Bias
Robert emphasizes the importance of preserving user privacy and facilitating secure access. Those fundamental two things led him to user experience and identity decisioning bias. “These final two elements will move a facial recognition implementation from an add-on and nice-to-have, to a trusted secure access environment providing high identity assurance that users want to use.”