Centralized vs. Decentralized Identity Management: Giving Users Control Over Their Data


As a business, you know your customer demographic best, but do you know the best way to manage identities in customer onboarding? Know Your Customer (KYC) is a standard due diligence process used by financial institutions and financial services companies to assess and monitor customer risk as well as to verify a customer’s identity. This is an integral part of accepting new customers, but that doesn’t mean you need to be satisfied with how you’ve always done it, or with what many other businesses do in the identity management space. 

What Is Identity Management?

Identity management is a set of policies, processes and technologies used for managing system access and safeguarding digital information. Identity and access management are a top priority for many organizations as they attempt to secure their networks, systems, and data from an increasing number of threats and attacks while they manage employee, customer and third-party identities and access. In fact, in 93% of cases, an external attacker can breach an organization's network perimeter and gain access to local network resources. Identity management is the initial step to onboarding new customers, and it is crucial that it is handled with care and that policies and monitoring are maintained during the life of the relationship. Through identification and verification, a new customer’s identity is confirmed. Knowing your customer’s anticipated activity and verifying their identity prior to every account action mitigates risk for your organization and your customer. 

Centralized vs. Decentralized Identity Management

Just as their names imply, these are two different identity management processes on opposite ends of the spectrum. Let’s look at how each work (or in one case fails).

Centralized Identity Management

Centralized identity management is a model where there is a unique trusted identity provider responsible for collecting and providing users with identity information. Usually located in a secure domain, this model enables Single Sign On (SSO), a feature many are accustomed to in large organizations.

Under the centralized model, users have to sign up each time to different platforms causing added friction. Additionally, the centralized aspect of this model does not make it suitable for a large number of users or service providers (SPs) like banks and credit unions.

There are many flaws with centralized data governance:

  • The old centralized system provides an identifier for one platform, not an identity across all applications. For example, if you sign up on one platform, you get credentials for that platform only. When you go to another platform, you have to get new credentials.
  • Even when SSO is enabled, it’s only productive until it’s compromised because it creates a single point of failure. This creates disadvantages for the organization and the user.
  • Businesses are liable for fraud relating to compromised credentials, costing them time and money.
  • Users have little to no control over how and where their data is being used.

Decentralized Identity Management

A decentralized model, on the other hand, consists of a situation where the identity provider’s functions are distributed among several identity providers and in different security domains. This decentralized model is also known as a self-sovereign identity — it is a new paradigm for identity management and paramount to giving users control over their data.

With the decentralized approach, instead of having a username/password that references an account record, individuals retain and manage their own identity records. They are in full control, deciding when and with whom their credentials are presented and exactly which aspects of their identities are exposed.

With decentralized identity, credentials are issued to users and bound cryptographically to their identity using private keys that only they possess in an identity wallet. In the same way, the issuer digitally signs the credential to prove its place or origin, writing a public key to a blockchain or distributed ledger so the credential can be easily verified by third parties. Once the credential is issued, users can present only the information needed upon request from the bank or credit union. The institutions can then use the public signing keys written to a distributed ledger (like blockchain) to verify the integrity of the credential that’s binding to the holder. 

In this way, users can control their own identity information without relying on a specific central administrator owned and operated by a private company, or even by a government entity. Identifiers in a self-sovereign identity system are long-lived, non-reusable and owned by their creator. Not only do individuals need self-sovereign identities, but organizations and even connected devices also need them. With plenty of need, let’s dive into why Instnt uses self-sovereign identity.

Decentralized Dominates

There are many benefits of decentralized identity management. With the new decentralized identity management, users sign up one time and go through KYC, anti-money laundering (AML) questions and other identity verification checks once. They then receive a “fingerprint” or stamp that the user can take with them to the next application. This gives users control over their data, less friction and an all-around better experience. Because users are in control, there is less risk for businesses and thus less liability for fraud losses. This is a huge benefit since synthetic identity fraud losses have grown from $6 billion in 2016 to $20 billion in 2020. Data shows that fraudulent documents submitted via an online channel have increased from 5% in 2021 to 10% in 2022. Plus, users can feel secure knowing that they control their own data and privacy.

Banks and credit unions are not able to correlate the use of identity across different services without explicit permission from the individual. That is incredibly compelling and to be able to provide this benefit to customers is what will elevate your business to the top. Empower trustworthy customers, and they will trust you with increased business.

As an organization, you can think of empowered customers taking their KYC information with them as “portable KYC.” Let that sink in for a moment. With the flexibility to reuse KYC data, the benefits are huge: better services, less friction, lower operating costs and – let’s hear it one more time – the increased ability of individuals to control their data.

The Future of Decentralized Identity

Data breaches have unfortunately become so commonplace that it takes one of significant size to really make people stop and think. The Shanghai data breach that included details of hundreds of millions of people is likely the largest data loss in the world and underscores the requirement for organizations that hold personal data to protect that data with sophisticated defenses. Individuals’ information isn’t the only vulnerability either. Business identity theft has become an issue as well. As of August 2021, the Small Business Administration (SBA) reported it had received 1.2 million complaints of loan identity theft for Economic Injury Disaster Loans. That means over a million business owners believe their business identities have been used to apply for COVID-19 relief loans administered by the SBA. It’s a startling stat that during tough times, businesses can be vulnerable in many aspects if the right precautions aren’t taken. 

New technology creates new opportunities, and Instnt is ahead of emerging market trends with our revolutionized concepts backed by cutting-edge technologies. Instnt Access™ is a decentralized identity verification and KYC solution using the hyperledger blockchain that enables customers to sign up once and never again. Your customers can easily access your products and services with one click. Businesses no longer need to trade off customer experience with your security, risk and compliance requirements.

Accept More Good Customers and Drive Top-Line Revenue Growth

Incorporate Instnt into your business, and you grow revenue, cut costs, reduce false positives and abandonment rates and eliminate fraud losses. The first fully managed customer onboarding service uses decentralized identity management resulting in more efficient businesses and better client experiences. Book a personalized demo today!


About the Author

Instnt's fraud loss insurance platform offers comprehensive protection for businesses for the entire customer lifecycle, from account initiation, and onboarding to subsequent logins, transaction processing, and the broadened accessibility of additional products and services.