Tuesday, January 24, 2012

BUSINESSES ARE EXPOSED TO IDENTITY PSEUDONYMS THIS SEASON

The festive season is with us. Most of us will transact in a shop, a supermarket, a school or even online. To do this we shall use our credit cards, ATMs, M-Pesa PIN numbers, certificates, badges and other identifiers. These identifiers will allow us to prove we are who we claim to be. This aspect of proving who we are is becoming increasingly tricky for businesses.

Most of us have different identifiers. You might have a credit card, two ATM cards, a debit card, an M-Pesa account, a national ID and a supermarket smart card. These are all pseudonymous which means your identifiers are different personas to different organizations.

It is assumed that the person in a credit card is the same person in the Smart Card. But the bank cannot prove that the John Mutiso who holds the credit card is the same John Mutiso who has the Uchumi Smart Card.

This is because customer data is not shared between the bank and Uchumi supermarket. This means you are the only person who can prove who you are. Businesses are therefore vulnerable due to this pseudonymity and they need to take steps to protect themselves.

Businesses therefore require identity management so as to guard against this high risk of pseudonymity. The purpose of this management would be to establish the eligibility of John Mutiso to conduct a transaction and to assign the limitation of liability in the event of a failure.

Biometrics is an identity management solution that is proposed in the absence of data sharing and data matching. Biometrics are however not 100 per cent accurate especially in real environments where reliability thresholds are marginally lower.

To effectively protect businesses a highly distributed citizen database is required. This database can be accessed by businesses to determine who John Mutiso is, whether he is in the system and whether he is unique. In other words is this person who he claims to be?

This distributed citizen database would not necessarily be wholly housed by government. Elements can exist in credit reference bureaus, NGOs, county offices and local government systems.

This pool of citizen data would create an environment where government, commerce and citizens not only trust identity services but businesses would be able to use this database to reduce identity pseudonymity.

The technological infrastructure is now in place. What we need is the political will to implement this solution.

No comments: