Dock CEO Nick Lambert had a fascinating discussion with Sarah Clark, Mastercard’s Senior Vice President of Digital Identity, on Dock’s Identi3 podcast. Sarah's team is building and leading the development of Mastercard’s new digital identity network which will not be directly related to Mastercard’s payment network at all. The company plans for its digital IDs to be reusable for in-person interactions, online, through the phone, and other channels. The ID network is currently active in Brazil, Australia, and the UK.
This article highlights the key topics they discussed:
- Her career and experience in digital identity
- Mastercard’s new privacy-preserving global, interoperable digital ID network
- The importance of a reusable digital ID
- Key components to enable digital ID technology
- Digital identity being a business differentiator
- Mastercard’s digital identity use cases
Sarah’s Experience in Digital Identity
Sarah has been working in the identity space for about 10 years and has a consistent track record for leading and growing innovative companies. Before joining Mastercard, she held senior positions in the industry, including working as the Senior Vice President and GM Digital Identity at Idemia and General Manager Identity Business Unit and SVP Product at Mitek Systems. She has spoken at many events around the world including Finovate, Money2020 US and EU, and LATAM.
Before working in identity, she worked as a software developer for a few years which gave her great insight into how different technology works. But she always found herself enjoying talking about the vision side of things and intentionally got involved with roles that involved product. Her personal passion is taking things that are really complex and making them really simple.
At Mitek Systems, a software company that specializes in digital identity verification and mobile image processing, she built the company from the ground up and now the company is global. From there, she opened up her own consultancy where she got to work with companies including big banks to see how they were thinking about identity.
As she was moving on from Idemia, which is powering many government initiatives, she got a call from Mastercard and they were looking for someone to lead their reusable globally interoperable digital ID network initiative. This was a perfect fit for what she wanted to do.
“I do believe reusable digital ID, Verifiable Credentials, and all the stuff that's been forming for many years is becoming real in the market,” said Sarah.
Mastercard’s Globally Interoperable, Privacy-Preserving ID Network
Many large enterprises have historically not been focused on preserving user privacy because they can largely benefit from the information, it’s reassuring to see that a large company like Mastercard is making user privacy a priority.
Since Sarah joined the company, she was reassured that as a company, Mastercard is very strict about data privacy. She acknowledged that from the outside, you’re never really sure if an organization really cares about privacy or not. But she said she was glad that the company truly values user privacy and the culture as a whole is centered around this. Collecting data and attaching it to people is not part of what the company does at all and they’ve established a privacy group.
Global Paradigm Shift on Identity
The vision and execution on identity is shifting around the world as there is a growing focus on the principle that individuals will own their own digital identity and will only share what’s needed. Mastercard holds that principle and executes according to what’s happening globally, particularly as privacy laws continue to escalate. “This concept of a privacy-preserving reusable digital ID, that is where the market is going in my view,” Sarah said.
Why Do We Need a Reusable Digital ID?
A reusable digital ID is simply a digital identity that can be used across multiple platforms and services rather than having to create a new identity for each one.
Sarah explained, “When you own your digital ID, you carry your credentials in a digital identity wallet and share those credentials as needed to conduct your business. The reusable concept is about the fact that you are carrying a digital ID that is known to be valid in some way and you can reuse it wherever needed and it should be easy for you.”
There are many reasons why we would need a digital identity including:
Security: This is a benefit that Sarah’s team is very focused on. A reusable digital ID can help improve security by reducing the number of passwords that users need to remember. A single digital identity can make it harder for hackers to access user accounts, which can help protect users from fraud and other forms of cybercrime.
Better user experience: With a reusable digital ID, users can avoid the hassle of creating multiple accounts and remembering multiple passwords. They can use a single identity to access multiple services, which saves time and reduces the risk of account lockouts and other issues. This can result in a smoother and more streamlined user experience.
Privacy: A reusable digital ID can help protect user privacy by giving users more control over their personal information. Instead of having to provide their personal information to each service individually, users can choose to share only the information necessary to access the service. This reduces the amount of personal information that is stored and shared, which can help reduce the risk of data breaches and identity theft.
Key Components to Enable the Digital ID Technology
Some of the key tools needed to build the privacy-preserving network is an identity wallet and Verifiable Credentials.
Sarah thinks that Verifiable Credentials are a key component in the digital identity system because the Verifiable Credentials standard has been established by the World Wide Web Consortium (W3C), an international organization that develops standards and guidelines for the World Wide Web and works to make sure the web is accessible, interoperable, and secure for everyone who uses it. The Verifiable Credentials standard outlines the details of how to offer a secure interaction between the issuer, individual, and verifier.
In order to build a very secure reusable ID infrastructure, Mastercard is looking at a “stack of technologies to ensure that every interaction is secure to the highest level.” Some of the technologies they use include the application of:
- Behavioral biometrics when you’re onboarding into your reusable ID to look for bots and device reputation.
- Active biometrics which is a type of biometric authentication that requires someone to actively participate in the authentication process such as by providing a fingerprint or facial scan when they’re unlocking their reusable ID and choosing to share one of the credentials in it.
- A variety of signals and risk-based approach standards within KYC.
Biometrics combined with liveness could be a very good way to get rid of a lot of the fraud that comes with passwords and other less secure authentication methods. “Liveliness” is a term that refers to the ability to detect whether a biometric sample, such as a facial image or a fingerprint, is coming from a real, live person or from a fake or artificial source, such as a photograph or a prosthetic finger. Biometrics are very easy to use and people are unlocking mobile devices with them more and more often.
People’s Privacy Concerns With Biometrics Being Stored With a Provider
Sarah addressed this concern and said that they are valid. She also noted that there's been a lot of maturity in technology and the way information is stored so that a biometric can’t be used in the wrong hands. It’s important that industry players use these technologies as responsibly as possible.
“All of us as leaders in the space really need to keep a close eye on the ball to make sure we’re developing platforms that have the best interests of individuals,” Sarah said.
Digital Identity Being a Business Differentiator for Mastercard
Offering privacy-preserving digital identity as a service and being faster to the market than their competitors has been a large differentiator for Mastercard. The globally interoperable, privacy-preserving digital ID network that Sarah’s team is building is a new network for Mastercard. Customers will be able to get a reusable digital ID and use it wherever they see the digital ID trustmark.
A company trustmark is a symbol or logo that indicates that a company has met certain standards or requirements related to trust, security, and privacy. Trustmarks are often displayed on a company's website or in marketing materials as a way of reassuring customers that their personal information is safe and that the company is trustworthy.
A Big Focus on Identity at Mastercard
Identity in general is a big focus at Mastercard, not just the reusable digital ID network.
Sarah said that there are various identity risk signals that can be injected into checkout flows, payment flows, and onboarding to secure these processes, which is another huge differentiator for the company. These protections help keep the network secure while protecting individuals doing payments.
While there’s a lot of interest in what Sarah’s team is doing with eKYC, her team is also working on a variety of use cases that are completely different from the traditional Mastercard business. “Helping universities is something we’re focused on that really doesn’t overlap that much with the main focus of Mastercard’s core business,” said Sarah.
Mastercard’s Identity Use Cases
There are many relevant use cases around the world that require age verification to access certain types of content and purchases. Sarah’s team are working on some of these kinds of higher-frequency use cases including collaborating with online liquor retailers.
It’s not a good user experience to scan a driver’s license for every site you go to. People are oversharing when all the provider needs to know is if the customer is of legal age. A reusable digital ID can make the verification process much easier while preserving data privacy.
Once the age verification process is proven to be more efficient and beneficial to several stakeholders, it makes lower-frequency use cases such as opening a bank account much easier. The way Sarah described this approach to growing adoption is “Rising tides lift all boats and that’s the way I see the market at large.”
More Efficient and Secure Identity Verification
Identity verification processes are used in different ways by different companies and there's often a lot of fragmentation. This fragmentation creates opportunities for identity fraud which is a problem globally and continues to rise.
For example, there is a gap from the time a user begins to sign up and the ongoing authentication. It’s important for the process to be seamless and a reusable ID can address many of these issues.
Using Digital IDs in Universities
Sarah said, “Having a digital identity in order to conduct your life at a university is something we’ve been working on in Brazil.” Some examples of how digital ID is used include onboarding, logging into the student portal, checking in at class, and verifying medical school students that need to be present for hands-on tests. Fraud still happens with hands-on exams for high-stakes jobs like surgeons and it’s crucial to have effective verification tools like reusable digital IDs to ensure the right people are taking these tests.
Another great thing about reusable digital IDs is that they can be used for digital and in-person interactions and transactions, such as checking out technology, equipment, or books.
There are emerging businesses using NFTs for a variety of purposes, including musicians getting royalties. Identity can be used for part of those interactions.
Web3 digital ID progress is happening globally, “it’s reenvisioning the way the internet works and in my view.”
Where Sarah Personally Sees the State of Digital Identity in the Future
“I want to see more industries coming together to implement. I believe we need to move away from centralized authorities back to individuals.” While developments in AI and other technologies are accelerating the pace of innovation, there are important problems that need to be addressed.
For example, social media has been a good equalizer for people to get their story out but it has the potential to create a lot of damage to society due to unverified people spreading misinformation and content. It would be worthwhile to explore the concept of injecting digital ID into social media, Web3, and how we interact with AI.
Apple has been experimenting in the identity space and more governments are investing in digital ID initiatives, which each look different depending where you are in the world. You can see things like more mobile driver’s licenses and digital licenses, which is a huge driver for reusable ID.
- Dock Certs: Web app to issue and manage digital identity and Verifiable Credentials
- Certs API: Easy integration with your system to make your data fraud-proof and instantly verifiable
- Dock Wallet: Easily store and manage their digital credentials and identity (individuals) and verify credentials instantly (organizations)
Partner Use Cases