The YourID
Foundation
Take Control Of Your Identity
One ID For Every Situation
The YourID Foundation
Take Control Of Your Identity
One ID For Every Situation
Why YourID Is Needed
Click image to increase size
After many years being active in the identity industry and having witnessed the continuous and countless discussions about how to eliminate usernames and passwords and find a centralized, adequate solution for remote ID verification, it has become clear that this problem still exists everywhere. Proof of this is shown for example by the high number of account takeovers and ever-increasing levels of ID theft and fraud.
Passwords credentials are still present in our online lives in nearly all cases where we want to access a website or platform. While all other markets have evolved and adapted new technologies, it seems impossible for the online world to leave this Achilles heel of IT behind. Why can’t we overcome this weak part in the identification process?
YourID’s journey started with the wish to answer this very question. A journey with just one goal: to eliminate the need for usernames and passwords and to search for a safe way to interact online and to find the right technology solution for remote identity verification. YourID was created with the desire to develop a solution that accomplishes this goal, while staying independent from any organization, and not being driven by a commercial agenda.
Over the last few years we have made a profound analysis of the market and arranged many meetings worldwide with leading platforms and websites in social media, e-commerce, entertainment, financial services and many other verticals. The goal of these meetings was to unravel the reasons why a universal identity platform that functions across all industries does not exist yet. And to understand the industry’s needs and to create a solution that reflects these needs and is attractive for all parties involved, including globally leading online platforms and websites.
In addition to the many meetings with leading online platforms and websites, there have been many meetings with other industry stakeholders, alliances and consortiums (like the EEMA, ID2020, DIACC and Find Biometrics), and governmental organizations (like the European Commission’s Digital Single Market and eIDAS teams and DHS/Department of Homeland Security USA), that provided additional input regarding the wishes from the identity industry and the perspective from policy makers.
Furthermore, nearly all seminars and webinars that have been organized over the past few years in the digital identity space have been attended. This has provided further in-depth understanding of the problems and needs of the identity industry from various angles.
During our journey, we realized that the search for a technology solution is not the biggest challenge, since many great technologies to solve the problem already exist. The main challenge is to find a method that would be accepted across all industries and by all types of online stakeholders, and affordable enough to ensure that the entire online world could have access to it and adopt it. Not just a solution for the big and powerful, but fit and accessible for the entire industry and on a global level.
The Challenges
During our journey we have investigated, analyzed and taken stock of all aspects of the online identity market and its challenges. We found various big challenges that result from the way we use and access the Internet nowadays.
For online users, these can be summarized as follows:
• Lack of Privacy & Control
Online users nowadays don’t have control anymore over their identity. They don’t have one single overview of all places where they have shared their information previously, since it is impossible for users to keep track of all these places and to remember with who they shared what private information. In addition, in most cases users are not able to see which personal information is required from them and which is optional to share with a service provider. And neither do users have a simple method to revoke consent to access their information or ask a service provider to delete their shared information. Furthermore, many systems track user activity, profile users and have access to users’ sensitive personal information, not respecting the user’s privacy.
• Inconvenient Online Access
You can buy products from any store using a single payment card, and you can travel the world with a single passport. But when it comes to accessing accounts and services online, there’s a whole maze of processes and requirements to navigate. A bank might send you a one-time password via text message for example, while a mobile wallet may require a face scan to authorize a transaction.
But none of these solutions are universal. With each app or site requiring its own access method, users end up juggling dozens of different passwords, PINs, and other access methods – and often just give up out of frustration. It’s not uncommon for someone to have an entire booklet of passwords for various logins.
Users still need to remember complex passwords and use a variety of technologies and access systems to sign in to their online accounts. We are getting more and more online and this online development with a growing variety of localised solutions and apps cause an undesired, ever-increasing amount of access credentials that users need to manage.
• Increased Risk for ID fraud
The use of passwords is the weakest link in the security chain. It’s more often the case that an individual will simply reuse the same password over and over again, which is an extremely risky approach to online security. In addition, users need to leave ID information at many different places since they nowadays need to use a different app for each online access situation. This has resulted in a growing number of data breaches, the most serious consequence of which is that users’ sensitive information like usernames, passwords, payment details or social security numbers are leaked, which results in increased risk of ID fraud.
Security has become a priority for the market with the number of fraud cases increasing. According to LexisNexis Risk Solutions’ 2019 report True Cost of Fraud, in the retail sector alone, fraud attempts have tripled since 2017. Meanwhile, last year’s TransUnion study found that almost half of all consumers were worried about being victims of fraud. For 2020, Industry professionals expect a record increase in cases and costs related to ID theft and fraud. People don’t want to put themselves at risk, but they lack a simple and effective solution for online security.
For businesses, the challenges can be summarized as follows:
• Significant costs for IAM. A lot of money is wasted on multiple solution providers or on building and/or maintaining your own IAM solution, resulting in high costs.
• Losses to fraud and high IT costs. Businesses incur significant costs due to password reset requests and customer service costs because of complaints stemming from identity fraud.
• Sub-optimal conversion rates. Caused by the fact that customers cannot easily create and access online accounts and verify their payment information. This results among others in abandoned shopping carts.
• Incomplete user data. Not having the right data about your clients results in inefficient marketing efforts on users that have a low probability of being interested in your offers.
• Compliance difficulties. Especially with KYC and AML regulations such as PSD2, CCPA, GDPR.
• Sub-optimal customer satisfaction. Caused by unreliable authentication processes that create friction and are not user-friendly.
The challenges regarding access with passwords and usernames, privacy issues, identity fraud and data breaches have resulted in a growing resistance and inconvenience in the way that we access and use the Internet, inefficient business processes and a bad user experience.
These challenges can only be addressed by a cross-industry collaboration that encompasses all sectors and should not be built around a single access-situation but be built around the user, and enable access to any online location worldwide with just one single solution. It should be based on a collaboration in which parties in all online industries and technology sectors collaborate on a global basis to offer a single solution for users to securely and conveniently manage their online identity and access any online location worldwide.
Further encouraged by recent and upcoming legislation (GDPR, KYC, PSD2, CCPA, etc.), this has resulted in the need for a globally operating identity platform, suitable for all markets and not being managed by a commercial entity and neither be controlled by a minority group of stakeholders.
Instead, it should be managed by an independent non-profit entity, be fully controlled by a wide variety of leaders from all online verticals, be supervised by an independent authority and fully respect all guidelines of user privacy. Only under these conditions can it ensure collaborations with all participants in the entire online industry worldwide.
YourID’s DNA & Purpose
With these conditions in mind, YourID’s purpose has been drafted. It can be summarized as follows:
Protecting user privacy, personal data and digital identity in a transparent and independent way, promoting the control that users have over their personal data and digital identity (including with who they want to share [part of] their information) and over the use of their data and digital profiles.
YourID will be built around the user and give the power to the user over their data and the possibility to conveniently withdraw previously shared data and it will respect the user’s right to be forgotten (according to GDPR in Europe). Also, the user has the choice of sharing additional data, for which they receive additional benefits (“data enrichment by user consent”, this is possible since the user is in control).
All of this is done in a flexible, technology-agnostic way, with a wide variety of best-of-breed (technology) partners, to guarantee the highest level of security and user privacy on a global basis.
YourID brings together worldwide trust receivers (like websites and online platforms), trust providers (like identity verification suppliers, government entities, telco’s and banks), technology suppliers and other relevant stakeholders, including consumer representing organizations. This way, YourID offers and coordinates an identity solution for three main parties:
1. Users, who can securely identify themselves online, whilst their privacy is fully protected and having full control over their identity, while enjoying the best possible user experience.
2. Technology companies, uniting their efforts in one solution that is the best in the market and flexible, universal and global in scope, tackling one of the biggest hurdles in the industry, delivering a global solution and solving the adoption problem.
3. Online platforms and websites (including governmental institutions), who receive an access-solution for the lowest possible cost, with the highest form of security and flexibility. Enabling companies that work on different continents/countries to use a single solution instead of many different ones.
Core Values & Guiding Principles
To support YourID’s purpose, the following rules and guidelines have been established.
• Provide a solution that is developed around the user, guided by respect for user’s privacy and giving the user full ownership of, insight in and control over the user’s identity information. Put the user in control of what user data can be viewed and/or used by the parties that collaborate with YourID.
• Enable users to authenticate themselves through their biometric characteristic(s), and to conveniently access online platforms and websites on an international scale, through a secure and re-usable online identity, without passwords and usernames, and enable users to manage their different forms of identity in one single app and platform.
• Create a globally available, technology-agnostic, flexible and future-proof app and platform by joining carefully selected, proven technologies from best-of-breed global suppliers. If necessary, YourID can oversee the development of technology parts that do not exist yet.
• Provide users with multiple features and functions related to (online) identity management that can vary from biometric identification to trusted third-party verifications. Features and functions are based (as much as reasonably possible) on consumer market research and the requirements and wishes from the websites, platforms and other stakeholders that participate in YourID.
• Create the app and platform in such a way that it is technically virtually impossible for anybody except users to view user information or data regarding use.
• Promote interoperability between all kinds of companies, governments, institutions and industry sectors. Enable websites, CMS systems and online platforms to easily integrate YourID’s technology with their own technology and provide them with an attractive method to validate user identities, verify user information and make their validation processes more secure and efficient.
• Establish collaborations with a large variety of trusted participants, where online platforms, websites, technology providers and other stakeholders are invited to join, guided by the objective to create a global industry-wide collaboration for password-less and user-centric online access, that is supported by as many parties as possible.
• Not interfere in the business where users access through YourID, and not interfere in transactions and/or interactions between YourID users and collaborating partners. In addition, YourID will not track & trace user behavior within its services.
• Refrain from having any (commercial) benefit or interest in user identity information or other user information.
• Provide transparency to all main parties collaborating with YourID regarding how the user’s data is processed and secured.
• Provide transparency to all main parties collaborating with YourID regarding the structure of YourID’s foundation, its board-members, collaborators and stakeholders.
• Enable regular, independent audits based on YourID’s Core Values & Guiding Principles to guarantee that the YourID foundation fulfils its promises. Audits will be done by an internationally recognized body and the reports will be shared with the members of the main board, advisory board and supervisory board of the foundation, as well as with any consumer representing organization that requests it.
• Promote YourID’s independence regarding the way it is managed and supervised and create a (legal) structure in which no single party or small minority can have substantial control over any aspect of YourID that can be considered fundamental. Implement a structure that makes it impossible for a single party or small minority to control and/or change any relevant aspect of YourID’s platform, technology, governance structure and/or any of the elements described in YourID’s Core Values & Guiding Principles.
YourID’s Fundament & Differentiators
The many meetings held over the last few years and the in-depth analysis of the identity market have resulted in the creation of the fundament for YourID’s Foundation, consisting of the four unique elements as depicted below. This fundament follows from the need to protect users’ privacy, empower them with control over their identity information and deliver them a unique user experience on one side, and to offer a secure client relation plus identified users for the industry participants on the other side.
Based on this fundament, YourID has received the confirmation from a wide variety of different stakeholders in the identity industry that YourID’s solution is highly attractive and acceptable to be used as an additional method for users to log in and/or identity themselves. This includes the confirmation from many globally leading online players that a platform with these characteristics would fit their needs, and that they are therefore interested to participate in YourID.
The goal of the YourID foundation is to facilitate, support and orchestrate the delivery of such a platform and to strengthen the battle against ID theft and fraud.
Shared Cost YourID
The future operational cost of YourID will be shared by all participating platforms and websites that have a commercial purpose. This means that non-commercial websites and platforms that participate in YourID don’t share in the costs, but participate with just an annual fee. In addition, YourID shall be free for the end user. Furthermore, the cost of YourID will always be calculated in an open and transparent way, so all participants will have full insight and confidence in its functioning.
Shared cost: The cost for the participant depends on 2 factors: the level of security required by the participating website/platform and the number of online locations where the user deploys it.
How this works
Let’s assume that a user deploys YourID at 10 different online places, just to log in without usernames and passwords. The same user also deploys YourID at 5 other online places to log in with a verified identity. We assume that YourID’s annual cost per user for password-less login is EUR 3 and that the additional cost per user for the verified identity service is EUR 2.
This works out as follows: 15 online places together share the cost of the basic service to have users log in without passwords and usernames. Since this is EUR 3, the result is that the price per participant is EUR 0,20. The participants that required the verified identity service on top, pay the additional cost of EUR 2 shared by the 5 of them, resulting in an extra cost of EUR 0,40 for the participants that requested the verified identity service. Therefore, those 5 participants each pay a total of EUR 0,60.
Costs are not depending on the number of times an individual uses YourID every year, which results in enormous cost savings for the participants. However, more important is that YourID makes the technology also available for smaller websites and e-commerce platforms, thereby delivering significant support in the battle against ID theft and fraud.
YourID’s Structure
YourID will be managed by a foundation to guarantee the highest level of user privacy. The foundation will have a management team, a general board and a supervisory board. It might be extended with an advisory board.
The general board will consist of 20-30 leading online websites and platforms that together have full control over YourID. It will be supervised by governmental institutions protecting the rights of consumers, and by consumer representing non-governmental organizations.
The technology will be provided by a wide range of best-of-breed, proven suppliers worldwide, managed and orchestrated by the YourID foundation. The Governance through the foundation makes YourID an independent and transparent cross-industry initiative, that is fully controlled by a wide variety of industry leading companies.
Donations & Memberships
The planning of the YourID foundation depends on member support and donations. As a non-profit organization, YourID completely relies on community support. None of our future activities and efforts will be possible without this support.
To make the service consumer deployment ready, funding is required. The initial funds will be used primarily for the technological development to make the platform consumer-ready and to prepare it for market launch.
YourID is currently looking for members and supporters that are interested in donating in kind or by giving grants. The various possibilities are depicted in the overview below.
The board positions for the Strategic Members will be registered and the board becomes active as soon as 5 Strategic Members have been confirmed. Annual donations will be disbursed to YourID in quarterly tranches. An established Dutch Accountancy firm will perform quarterly audits that will be shared with YourID’s members and supporters.