Take Control Of Your Identity.
One ID For Every Situation
Why YourID Is Needed
After many years being active in the identity industry and having witnessed the continuous and countless discussions about how to eliminate usernames and passwords and find a centralized, adequate solution for remote ID verification, it has become clear that this problem still exists everywhere. Proof of this is shown for example by the high number of account takeovers and ever-increasing levels of ID theft and fraud.
Passwords credentials are still present in our online lives in nearly all cases where we want to access a website or platform. While all other markets have evolved and adapted new technologies, it seems impossible for the online world to leave this Achilles heel of IT behind. Why can’t we overcome this weak part in the identification process?
YourID’s journey started with the wish to answer this very question. A journey with just one goal: to eliminate the need for usernames and passwords and to search for a safe way to interact online and to find the right technology solution for remote identity verification. YourID was created with the desire to develop a solution that accomplishes this goal, while staying independent from any organization, and not being driven by a commercial agenda.
Over the last few years YourID has made a profound analysis of the market and arranged many meetings worldwide with leading platforms and websites in social media, e-commerce, entertainment, financial services and many other verticals. The goal of these meetings was to unravel the reasons why a universal identity platform that functions across all industries does not exist yet. And to understand the industry’s needs and to create a solution that reflects these needs and is attractive for all parties involved, including globally leading online platforms and websites.
In addition to the many meetings with leading online platforms and websites, there have been many meetings with other industry stakeholders, alliances and consortiums (like the EEMA, ID2020, DIACC and Find Biometrics), and governmental organizations (like the European Commission’s Digital Single Market and eIDAS teams and DHS/Department of Homeland Security USA), that provided additional input regarding the wishes from the identity industry and the perspective from policy makers.
Furthermore, nearly all seminars and webinars that have been organized over the past few years in the digital identity space have been attended. This has provided further in-depth understanding of the problems and needs of the identity industry from various angles.
During this journey, YourID realized that the search for a technology solution is not the biggest challenge, since many great technologies to solve the problem already exist. The main challenge is to find a method that would be attractive for the end-user and for online platforms and websites, to ensure that all participants in the entire online world can have access to it and adopt it. Not just a solution for the big and powerful, but also accessible for smaller online players and following a user-centered design.
During YourID’s journey, all aspects of the online identity market and its challenges have been investigated and analyzed. Various big challenges have been found, that all result from the way we use and access the Internet nowadays.
For online users, these can be summarized as follows:
1. Lack of Privacy & Control
Online users nowadays don’t have control anymore over their identity. They don’t have one single overview of all places where they have shared their information previously, since it is impossible for users to keep track of all these places and to remember with who they shared what private information. In addition, in most cases users are not able to see which personal information is required from them and which is optional to share with a service provider. And neither do users have a simple method to revoke consent to access their information or ask a service provider to delete their shared information. Furthermore, many systems track user activity, profile users and have access to users’ sensitive personal information, not respecting the user’s privacy.
2. Inconvenient Online Access
You can buy products from any store using a single payment card, and you can travel the world with a single passport. But when it comes to accessing accounts and services online, there’s a whole maze of processes and requirements to navigate. A bank might send you a one-time password via text message for example, while a mobile wallet may require a face scan to authorize a transaction.
But none of these solutions are universal. With each app or site requiring its own access method, users end up juggling dozens of different passwords, PINs, and other access methods – and often just give up out of frustration. It’s not uncommon for someone to have an entire booklet of passwords for various logins.
Users still need to remember complex passwords and use a variety of technologies and access systems to sign in to their online accounts. We are getting more and more online and the growing variety of localised solutions and apps cause an undesired, ever-increasing amount of access credentials that users need to manage.
3. Increased Risk for ID fraud
The use of passwords is the weakest link in the security chain. It’s more often the case that an individual will simply reuse the same password over and over again, which is an extremely risky approach to online security. In addition, users need to leave ID information at many different places since they nowadays need to use a different app for each online access situation.
This has resulted in a growing number of data breaches, the most serious consequence of which is that users’ sensitive information like usernames, passwords, payment details or social security numbers are leaked, which results in increased risk of ID fraud.
Security has become a priority for the market with the number of fraud cases increasing. According to LexisNexis Risk Solutions’ 2019 report True Cost of Fraud, in the retail sector alone, fraud attempts have tripled since 2017. Meanwhile, last year’s TransUnion study found that almost half of all consumers were worried about being victims of fraud. For 2020, Industry professionals expect a record increase in cases and costs related to ID theft and fraud.
For businesses, the challenges can be summarized as follows:
1. Significant costs for IAM. A lot of money is wasted on multiple solution providers or on building and/or maintaining your own IAM solution, resulting in high costs.
2. Losses to fraud and high IT costs. Businesses incur significant costs due to password reset requests and customer service costs because of complaints stemming from identity fraud.
3. Sub-optimal conversion rates. Caused by the fact that customers cannot easily create and access online accounts and verify their payment information. This results among others in abandoned shopping carts.
4. Incomplete user data. Not having the right data about your clients results in inefficient marketing efforts on users that have a low probability of being interested in your offers.
5. Compliance difficulties. Especially with KYC and AML regulations such as PSD2, CCPA, GDPR.
6. Sub-optimal customer satisfaction. Caused by unreliable authentication processes that create friction and are not user-friendly.
The challenges regarding access with passwords and usernames, privacy issues, identity fraud and data breaches have resulted in a growing resistance and inconvenience in the way that we access and use the Internet, inefficient business processes and a bad user experience.
These challenges can only be addressed by a cross-industry collaboration that encompasses all sectors and should not be built around a single access-situation but be built around the user, and enable access to any online location worldwide with just one single solution. It should be based on a collaboration in which parties in all online industries and technology sectors collaborate on a global basis to offer a single solution for users to securely and conveniently manage their online identity and access any online location worldwide.
Further encouraged by recent and upcoming legislation (GDPR, KYC, PSD2, CCPA, etc.), this has resulted in the need for a globally operating identity platform, suitable for all markets, not being managed by a commercial or governmental entity and neither be controlled by a minority group of (online) stakeholders.
Instead, it should be managed by an independent non-profit entity, be fully controlled by the end-user, be supervised by an independent authority and respect all guidelines of user privacy. Only under these conditions will it offer an acceptable solution for end-users worldwide and the online industry alike.
YourID’s DNA & Purpose
Considering the needs of the participants in the online world, YourID’s purpose has been drafted. It can be summarized as follows:
Protecting user privacy, personal data and digital identity in a transparent and independent way, promoting the control that users have over their personal data and digital identity (including with who they want to share [part of] their information) and over the use of their data and digital profiles.
YourID will be built around the user and give the power to the user over their data and the possibility to conveniently withdraw previously shared data and it will respect the user’s right to be forgotten (according to GDPR in Europe). Also, the user has the choice of sharing additional data, for which they receive additional benefits (“data enrichment by user consent”, this is possible since the user is in control).
All of this is done in a flexible, technology-agnostic way, with a wide variety of best-of-breed (technology) partners, to guarantee the highest level of security and user privacy on a global basis.
YourID brings together worldwide trust receivers (like websites and online platforms), trust providers (like identity verification suppliers, government entities, telco’s and banks), technology suppliers and other relevant stakeholders, including consumer representing organizations. This way, YourID offers and coordinates an identity solution for three main parties:
1. Users, who can securely identify themselves online, whilst their privacy is fully protected and having full control over their identity, while enjoying the best possible user experience.
2. Technology companies, uniting their efforts in one solution that is the best in the market and flexible, universal and global in scope, tackling one of the biggest hurdles in the industry, delivering a global solution and solving the adoption problem.
3. Online platforms and websites (including governmental institutions), who receive an access-solution for the lowest possible cost, with the highest form of security and flexibility. Enabling companies that work on different continents/countries to use a single solution instead of many different ones.
Core Values & Guiding Principles
To support YourID’s purpose, the following core values and guidelines have been established.
✓ Provide a solution that is developed around the user, guided by respect for user’s privacy and giving the user full ownership of, insight in and control over the user’s identity information. Put the user in control of what user data can be viewed and/or used by the parties that collaborate with YourID.
✓ Enable users to authenticate themselves through their biometric characteristic(s), and to conveniently access online platforms and websites on an international scale, through a secure and re-usable online identity, without passwords and usernames, and enable users to manage their different forms of identity in one single app and platform.
✓ Create a globally available, technology-agnostic, flexible and future-proof app and platform by joining carefully selected, proven technologies from best-of-breed global suppliers. If necessary, YourID can oversee the development of technology parts that do not exist yet.
✓ Provide users with multiple features and functions related to (online) identity management that can vary from biometric identification to trusted third-party verifications. Features and functions are based (as much as reasonably possible) on consumer market research and the requirements and wishes from the websites, platforms and other stakeholders that participate in YourID.
✓ Create the app and platform in such a way that it is technically virtually impossible for anybody except users to view user information or data regarding use.
✓ Promote interoperability between all kinds of companies, governments, institutions and industry sectors. Enable websites, CMS systems and online platforms to easily integrate YourID’s technology with their own technology and provide them with an attractive method to validate user identities, verify user information and make their validation processes more secure and efficient.
✓ Establish collaborations with a large variety of trusted participants, where online platforms, websites, technology providers and other stakeholders are invited to join, guided by the objective to create a global industry-wide collaboration for password-less and user-centric online access, that is supported by as many parties as possible.
✓ Not interfere in the business where users access through YourID, and not interfere in transactions and/or interactions between YourID users and collaborating partners. In addition, YourID will not track & trace user behavior within its services.
✓ Refrain from having any (commercial) benefit or interest in user identity information or other user information.
✓ Provide transparency to all main parties collaborating with YourID regarding how the user’s data is processed and secured.
✓ Provide transparency to all main parties collaborating with YourID regarding the structure of YourID’s foundation, its board-members, collaborators and stakeholders.
✓ Enable regular, independent audits based on YourID’s Core Values & Guiding Principles to guarantee that the YourID foundation fulfils its promises. Audits will be done by an internationally recognized body and the reports will be shared with the members of the main board, advisory board and supervisory board of the foundation, as well as with any consumer representing organization that requests it.
✓ Promote YourID’s independence regarding the way it is managed and supervised and create a (legal) structure in which no single party or small minority can have substantial control over any aspect of YourID that can be considered fundamental. Implement a structure that makes it impossible for a single party or small minority to control and/or change any relevant aspect of YourID’s platform, technology, governance structure and/or any of the elements described in YourID’s Core Values & Guiding Principles.
YourID Fundament & Differentiators
The many meetings held over the last few years and the in-depth analysis of the identity market have resulted in the creation of the fundament for YourID’s Foundation, consisting of the four unique elements as depicted below. This fundament follows from the need to protect users’ privacy, empower them with control over their identity information and deliver them a unique user experience on one side, and to offer a secure client relation plus identified users for the industry participants on the other side.
Based on this fundament, YourID has received the confirmation from a wide variety of different stakeholders in the identity industry that YourID’s solution is highly attractive and acceptable to be used as an additional method for users to log in and/or identify themselves. This includes the confirmation from many globally leading online players that a platform with these characteristics would fit their needs, and that they are therefore interested to participate in YourID.
The goal of the YourID foundation is to facilitate, support and orchestrate the delivery of such a platform and to strengthen the battle against ID theft and fraud.
The future operational cost of YourID will be shared by all participating platforms and websites that have a commercial purpose. This means that non-commercial websites and platforms that participate in YourID don’t share in the costs, but just pay an annual fee. In addition, YourID will be free for the end user.
Furthermore, the cost of YourID will always be calculated in an open and transparent way, so all participants will have full insight and confidence in its functioning. The cost for the participant depends on 2 factors: the level of security required by the participating website/platform and the number of online locations where the user deploys it.
How this works
Let’s assume that a user deploys YourID at 10 different online places, just to log in without usernames and passwords. The same user also deploys YourID at 5 other online places to log in with a verified identity. We assume that YourID’s annual cost per user for password-less login is EUR 3 and that the additional cost per user for the verified identity service is EUR 2.
This works out as follows: 15 online places together share the cost of the basic service to have users log in without passwords and usernames. Since this is EUR 3, the result is that the price per participant is EUR 0,20. The participants that required the verified identity service on top, pay the additional cost of EUR 2 shared by the 5 of them, resulting in an extra cost of EUR 0,40 for the participants that requested the verified identity service. Therefore, those 5 participants each pay a total of EUR 0,60.
Costs are not depending on the number of times an individual uses YourID every year, which results in enormous cost savings for the participants. However, equally important is that YourID makes the technology also available for smaller websites and e-commerce platforms, thereby delivering significant support in the battle against ID theft and fraud.
User Control & Governance
YourID will be managed by a foundation to guarantee the highest level of user privacy. The foundation will have a general board, an advisory board and a management team. It is monitored by official supervisory bodies.
The general board, which has the ultimate power over the foundation, will consist of YourID users. This ensures that users have maximum control over their identity information. An advisory board will provide professional advice to the foundation and will consist – among others – of representatives of websites, online platforms and technology companies.
The management board will be responsible for the day-to-day activities and – at least initially – consist of the 4 initiators of YourID. It also falls under the control of the general board. Finally, the YourID Foundation will be supervised by official supervisory bodies corresponding to the region where it operates (YourID will have regional sub-foundations that are created in accordance with regional legislation).
In addition, regular, independent audits based on YourID’s principles will be performed, to guarantee that the YourID foundation fulfils its objectives. Audits will be done by an internationally recognized body and the reports will be shared with all bodies of the foundation and consumer organizations.
All decisions regarding YourID’s strategy, management, technology, organisation and any other relevant aspect, will be bound by the rules as established in the foundation’s Articles Of Association. All voting for decisions related to important aspects of YourID are based on Blockchain governance (1 user, 1 vote).
YourID’s governance model results in a platform that is not controlled by a single technology company that manages your online front door. Together with the Shared Cost principle, this makes YourID a highly attractive solution for any website or platform. Furthermore, by giving the control of YourID to the end-user instead of a few big stakeholders, YourID is equally attractive for the end user.
YourID is not a Vendor or commercial organisation. Instead, as an independent foundation, YourID can collaborate with any technology provider on a global scale. This means that YourID can easily adjust its technology and include functionalities according to the wishes of the participating websites and online platforms. It also enables YourID to adapt to regional (legal) requirements.
YourID’s technology agnostic model enables the accessibility required for large scale uptake and market inclusion. By working with the best-of-breed, already proven technology to support identity verification and authentication, YourID will unite the various components to create a trusted identity platform and will only develop necessary non-existing parts itself, guaranteeing quality and accountability.
YourID’s emphasis on collaboration is key to its technology proposition. Working with trusted identity providers including governments, insurance firms, and Telcos to verify user identity, YourID can begin every customer on-boarding with the utmost level of trust, and carry it forward with an unbroken chain of strong authentication.
Technology agnosticism also enables YourID’s platform to evolve over time as digital innovations continue to transform our online lives. As new mobile form factors launch and new biometric security technologies emerge, and as culture changes with new business models and communication methods, YourID will be able to incorporate the best available technology at any given time, rather than being stuck with legacy technologies as they become redundant. No matter how our world changes, identity will remain a critical component of every online transaction or interaction. YourID is a future-proof platform.
YourID’s technological infrastructure is based on the concept of de-centralized or distributed identity, giving the user the power to control and protect their own personal information, which is one of the key elements of YourID’s philosophy.
Data Enrichment Through Consent
YourID makes it possible to enrich data based on consent given by the user. By asking users whether they want to share certain data in return for a benefit, it enables data enrichment through a direct relationship between companies and users. This feature avoids the problems caused by the many rules, regulations and law enforcement policies that try to protect users through GDPR, CCPA and similar regulations, data management and the right to be forgotten.
With YourID, users have the choice to upload all kinds of information in their profile, like medical and financial information, hobbies and consumption preferences. With this optional feature, users can benefit from sharing their data with certain companies by receiving discounts or other rewards from these companies, thereby creating their own loyalty program.
In YourID’s app, users choose what parts of their profile information they wish to share with companies and they can also adjust these settings and revoke consent conveniently in the same app.
This data enrichment with user consent also provides benefits to companies. It allows them to focus on users that have a high probability of being interested in their offers, resulting in a better User Experience. Furthermore, this accurate client targeting also leads to increased efficiency in marketing communications and sales efforts.
YourID’s suggested solution incorporates the following distinguishing characteristics in its platform, app and infrastructure:
✓ Users are in control of their data. With an easy and intuitive interface, users know who has what kind of information from them and they can conveniently revoke access to their information at any time.
✓ Ultimate security, fulfilling or even superseding all international security standards and the highest level of certifications. This applies to YourID’s software, infrastructure and organization.
✓ Highly secure storage of personal data, due to the meticulous design of the system, and the rigorous safety tests and protocols, based on ISO/IEC 27001:2013.
✓ Easy integration (OpenID & SAML), encouraging collaboration with many parties that can easily integrate their existing system, website or identity server with YourID’s app.
✓ Identity Verification Service, provided by external parties. With YourID users can have all their verified identity documents – like their ID card, passport, driver license, social security documents and much more – in a single place (based on distributed identity).
✓ Fast enrolment. With just their name, email address and phone number, users can start their account. In addition, YourID allows to enrol by logging in through a user’s existing account of Google, Facebook, Amazon or LinkedIn.
✓ Importing user data from other platforms. Users can easily manage all online data that they own. In a single place, they have access to all information that they generated on social networks and other platforms.
✓ Importing existing KYC. YourID can be integrated with trusted banks and institutions, from where users will be able to import their existing verifications and history, and use it with other companies.
✓ Fast response, by using the biometric authentication feature inside the user’s device. This differentiates YourID from other systems that are based on one to manymatching and need to search an entire database.
✓ Many different uses in a single solution for all kinds of online and physical access.
✓ Available to everyone, it can be used by consumers, companies and governments.
✓ Highly scalable. YourID’s service can scale to hundreds of millions of users.
In addition to the unique characteristics that the app can enjoy by being part of YourID’s platform, the app that YourID suggests could provide several other specific advantages, when compared to other apps that offer online and physical access control:
✓ Password-less authentication, which is very convenient since it eliminates the need for usernames, passwords, tokens, SMS codes, etc.
✓ Frictionless authorization, allowing users to access any online place or physical premise without tedious process.
✓ Very versatile, since it can be used for many different access situations.
✓ High security level, as shown by its design that enables certification according to the U.S. Government Approved Protection Profile for mobile apps, and EAL1+.
YourID’s suggested solution includes an API to be integrated into existing apps, allowing to use YourID’s platform right away.
Furthermore, the app can offer the following identification functions:
✓ The biometric sensors of the user’s device will be used to unlock user certificates to identify for YourID’s platform. The different types of sensors include fingerprint (Touch ID or Android), face recognition (Face ID), retina sensor and voice recognition among others (a secure encryption environment to store keys is required).
✓ Biometric multifactor ID, enrolling different types of biometrics (Fingerprints, Face, Voice and Signature) by using the device’s camera and sensors. YourID will allow for a reliable and highly secure way to identify the user, and provide maximum privacy, as this biometric information will be stored securely inside the user’s device.
✓ The app can show the details of a transaction performed by the user, who chooses whether to provide authorization by accepting and signing it.
✓ By using the app together with a PC, the user’s mobile phone can act as an identification and authorization device. The app can connect with any website using QR codes and the phone’s camera.
✓ The enrolment procedure can include an identity scan and verification, performed by an external Identity Verification Service Provider. The identity can be verified against various databases of information.
✓ The app can identify users through a selfie, that will be compared with the ID that has been provided.
✓ The app allows users to digitally sign transactions, by using advanced signatures through digital certificates.
✓ The app can detect and connect with a nearby certified hardware receiver and can transmit a user’s identification to provide access. If the mobile phone supports NFC, it is also possible to connect with NFC.
YourID’s suggested solution is based on a technology infrastructure as depicted below.