Roadmap to Self-Sovereign Identity for Financial Institutions


With the digitization of services used by both consumers and businesses on a daily basis, there is an increasing reliance on the use of identity to access and make use of apps, devices, and networks. 

Our identity not only allows us to access an app but can also determine which features or services we are permitted to use within that app. 

In fact, consulting firm McKinsey predicts that the use of online identities could unlock the equivalent economic value of 6% of GDP in emerging countries and 3% of GDP in developed countries in 2030. On the other hand, there is a growing concern about privacy issues in the use of identity information, not just by companies but also by governments. 

Balancing ease of use with privacy and protection of digital identity has become a global risk management concern. The key issue is with consumers wanting to own and manage how their identity is used across hundreds of endpoints and apps.

What Is Self-Sovereign Identity?

To address these problems, the concept of self-sovereign identity, also referred to as decentralized identity, has emerged. Self-sovereign identity is a new paradigm for identity management. Instead of having a username/password that references an account record in a service provider database, individuals retain and manage their own identity records. They are in full control, deciding when and with whom their credentials are presented and exactly which aspects of their identities are exposed.

The public keys of the user and the third-party organization for verifying the digital signature are recorded in a distributed ledger, and the user of the identity information verifies the provided information using them. In this way, users can control their own identity information without relying on a specific central administrator owned and operated by a private company or even by a government entity. Service providers are not able to correlate the use of identity across different services without explicit permission from the individual and the individual is empowered to exercise their right to be forgotten.

History of Self-Sovereign Identity

Password confusion and challenges to productivity aren’t the only reasons driving the need for decentralized identity. A continuous cycle of data breaches and the exposure of both individual and corporate identity information has led several organizations to call for a solution that benefits everyone, without giving too much control to any single entity.

​​Several years ago, a company called Sovrin developed and introduced an idea, using the metaphor of dots, describing a future whereby individuals would be able to take back control of their identity and participate on a peer-to-peer level with their online and offline relationships, according to IBM. Today, several communities — network, code, and standards — work to achieve this identity ownership vision.

The Goal of Decentralized Identity

The goal of decentralized or self-sovereign identity is that users will have complete control over how their personal information is kept and used. Without the need to rely upon a central repository of data, individuals with self-sovereign identities can store their data on their personal devices and applications, and provide it for verification and transactions on an as-needed basis.

How Does Self-Sovereign Identity Work?

Self-sovereign identity systems use blockchains — distributed ledgers — so that decentralized identifiers can be looked up without involving a central directory owned by a private company or government. 

Identifiers in a self-sovereign identity system are persistent — that is, they are long-lived, non-reusable and owned by the person who creates them. It’s not only individuals who need self-sovereign identities; organizations and even connected devices, such as IoT devices, also need them, and can use the same infrastructure as individuals.

Further, Identifiers and associated credentials must be portable and self-sovereign identity systems must be interoperable to protect choice and control.

Decentralized Identifiers and Verifiable Credentials

Standards for decentralized identifiers and verifiable credentials are being developed to provide interoperability. One of the key concepts of self-sovereign identity is that everyone can use the blockchain to lookup decentralized identifiers and retrieve any associated public keys.

Single-Sign On

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials — for example, a name and password — to access multiple applications in the same session. Created to ease the burden of needing to enter different usernames and passwords for multiple apps simultaneously, SSO can be used by enterprises, smaller organizations and individuals for a facilitated identity and access management experience. However, it is important to note that SSO is not self-sovereign, as identities are not stored in a distributed blockchain ledger.

Revocation Registry

In IT security, revocation refers to deleting or updating a credential. The revocation registry is a complex concept that mandates that credentials must be revocable by their issuer, which is usually a third-party company.

4 Benefits of Self-Sovereign Identity

There are tremendous benefits to self-sovereign or decentralized identity including:

  1. Privacy and Convenience

    Decentralization means that these identity systems allow users to have complete control over how their identity is shared. For online banking, decentralization simplifies digital customer onboarding and also gives more confidence to financial institutions because the blockchain on which the identity is stored cannot be hacked. The ledger confirms the identity, removing any concerns of fraud

  2. Improved Security and Fraud Reduction

    Decentralized identity use does not rely on usernames and passwords that can be hacked. Instead, the user’s identity is verified and authenticated on the blockchain using both public and private keys, just as Bitcoin and other digital currencies are verified. 
  3. Cost Savings and Efficiencies

    Decentralization identity also means that companies do not need to invest the time and resources building, collecting, storing and maintaining identity data. This can dramatically reduce digital customer onboarding costs, in addition to providing a frictionless experience that will delight new customers.

  4. Facilitates Compliance


    The cost of compliance with KYC and AML regulations is significant. On average, compliance programs cost $5.47 million annually for a financial services firm. Constant updates mean more costs, and a shifting regulatory landscape also means that users must be given access to their data, such as the EU mandate on GDPR. Decentralized identity protocols remove this burden from firms, streamlining compliance operations. 

Challenges of Self-Sovereign Identity

While the use of self-sovereign identity is gaining traction, there are still various issues that are challenging this model. 

One of the challenges is interoperability. Self-sovereign identity will likely not replace existing all identity management systems, such as SSO cited above.

Key management is also an issue. In self-sovereign identity, identity information may be contained in a wallet held by the user, which makes key management critical to the success of the model. Therefore, a user-friendly solution is required so that users can properly manage their private keys. Just as passwords can be forgotten or lost, users are expected to lose their private keys as well. As such, key recovery mechanisms will also be essential for success. 

The Future of Self-Sovereign Identity: Insights and Trends

While self-sovereign identity is a promising technology to allow individuals to control their own data, it is essential to establish a governance framework for its operation. Because one company does not own or administer the identities, governance or protocols are an issue.

Fear of one’s identity being publicly accessible on the blockchain can also be an issue, as the blockchain is most closely associated with Bitcoin and other digital currencies that have been subject to theft and compromise. While the blockchain cannot be hacked, third-party platforms connected to the blockchain can be. Self-sovereign identity will grow in popularity as comfort with the blockchain grows.

What Is Instnt Accept™?

Instnt Accept™ is the industry leader in customer onboarding technology that can help you onboard good customers and reject bad customers without costly technology upgrades. Our fully managed solution saves you time, money, and other resources to focus on your core operations: signing up customers, selling products, and boosting revenue. Our innovative approach stands out for several reasons:

Pay-for-Performance - Only pay for the users we accept — nothing more.

Improved User Experience - The look, feel, speed and intuitive nature of the mobile app or web-based online experience can make or break a customer’s decision to continue.

Fully Managed - The Instnt Accept™ solution is ready out of the box, on-demand, with minimal strain on IT and other internal resources. 

Fast Integration - The no-code solution means that customer onboarding and fraud detection can be launched in days.

Loss Liability Indemnification - Banks and credit unions receive loss liability indemnification of up to $100M annually so that they can increase their profitability.

Final Thoughts

Banks should consider a single-solution provider with years of experience helping hundreds of banks onboard thousands of customers. Whether traditional with brick-and-mortar locations, or neobanks with completely online operations, banks need to present the most compelling digital experiences that also serve as a way to fight fraud and build top-line revenue.

For more information on Instnt Accept™, start a free demo today.

About the Author

Instnt's fraud loss insurance platform offers comprehensive protection for businesses for the entire customer lifecycle, from account initiation, and onboarding to subsequent logins, transaction processing, and the broadened accessibility of additional products and services.