IRS Commissioner John Koskinen has confirmed that 2.7 million U.S. taxpayers had their identities stolen last year. Speaking before the Senate Finance Committee, Mr Koskinen had been responding to questions concerning the theft of over 104,000 tax forms by fraudsters who had managed to hack into the IRS website.
Large-scale data breaches of this kind are becoming increasingly common, and the trend is by no means confined to the United States alone. Research published in the United Kingdom last week reported a 31% rise in cases of identity theft between the first quarter of 2014 and the same period this year. The problem is global and, as criminals continue to develop more and more sophisticated methods of mining our personal data, it is one that is in growing need of a viable, long-term solution.
One company providing a solution for this is the online-identity firm miiCard, based in Edinburgh, Scotland. According to the company’s CEO, James Varga, “As we continue to do more and more online, as the value of what we do continues to increase, the need to be able to create trust, now more than ever, is paramount. This is especially the case in Fintech, whether retail banking or consumer finance where there is not only a need for trust from a risk and understanding point of view but also regulatory pressures around AML, KYC and ID&V.”
Founded in 2011 with the goal of creating a digital identity that offered a level of trust equivalent to a passport or driver’s license, miiCard (My Internet Identity) leverages the assurance of bank-verified data to allow users to purchase high-value products and services online without the need for document scans. In essence, miiCard takes the trust associated with a bank-verified identity and uses that trust as the basis for a multi-purpose electronic ID.
Crucially, the user also has control over the precise data that is shared with third parties: not an option with a passport, even in those instances when all you need to prove is your legal majority. For Varga, the idea behind miiCard was simply to develop a product that reduced friction for businesses and consumers, “creating an experience that takes seconds to replace what normally takes hours.” He stresses that “letting us control, manage, secure and share our data, from certified bank statements through to our personal details, makes doing more online faster, easier and stronger.”
More recently, the company launched DirectID: a B2B service that operates in much the same way as miiCard, allowing finance applications such as lending and payments quickly and accurately verify a customer’s identity through their existing bank-login credentials. It also provides access to real-time transaction data, removing the dependence on paper-based bank statements and credit reports, significantly limiting the opportunity for fraud to occur and increasing the accuracy of affordability decisions.
As we share our personal information with a growing number of third parties, from social-media websites to online retailers, the value of that information as a means of verifying our identity is inevitably diluted. By contrast, DirectID uses information known to only the customer: their bank-
To the extent that it offers an alternative to KBA (knowledge-based assessment) for electronic verification, DirectID has the potential to eliminate cases of fraud relating to identity theft. In spite of this, Varga says, the financial services industry has been relatively slow to embrace the new technology: “While we have always relied on banks for trust in transferring value, keeping and even managing our money, using this trust for other things online is relatively new. As the pains around trust, fraud, security and identity continue to build year on year, it is now that we are seeing a fundamental shift beyond technical solutions such as authentication and biometrics. In an industry that is traditionally risk averse and slow to do anything different than what they do today, it is taking a movement towards consumer-finance companies disrupting traditional financial services to create a catalyst for change. We empower this change.”
In an environment where each innovation designed to prevent identity theft is matched by one that is designed to facilitate it, miiCard and DirectID can change if not the game, then the rules by which the game is governed. Still in their infancy, the full potential of these products cannot yet be gauged, but they have the power to completely revolutionize the way businesses and consumers transact online.
The company is one to watch for the future.