Take Control Of Your Identity.
One ID For Every Situation
The YourID Foundation
Take Control Of Your Identity
One ID For Every Situation
Why YourID Is Needed
After many years being active in the identity industry and having witnessed the continuous and countless discussions about how to eliminate usernames and passwords and find a centralized, adequate solution for remote ID verification, it has become clear that this problem still exists everywhere. Proof of this is shown for example by the high number of account takeovers and ever-increasing levels of ID theft and fraud.
Passwords credentials are still present in our online lives in nearly all cases where we want to access a website or platform. While all other markets have evolved and adapted new technologies, it seems impossible for the online world to leave this Achilles heel of IT behind. Why can’t we overcome this weak part in the identification process?
YourID’s journey started with the wish to answer this very question. A journey with just one goal: to eliminate the need for usernames and passwords and to search for a safe way to interact online and to find the right technology solution for remote identity verification. YourID was created with the desire to develop a solution that accomplishes this goal, while staying independent from any organization, and not being driven by a commercial agenda.
Over the last few years YourID has made a profound analysis of the market and arranged many meetings worldwide with leading platforms and websites in social media, e-commerce, entertainment, financial services and many other verticals. The goal of these meetings was to unravel the reasons why a universal identity platform that functions across all industries does not exist yet. And to understand the industry’s needs and to create a solution that reflects these needs and is attractive for all parties involved, including globally leading online platforms and websites.
In addition to the many meetings with leading online platforms and websites, there have been many meetings with other industry stakeholders, alliances and consortiums (like the EEMA, ID2020, DIACC and Find Biometrics), and governmental organizations (like the European Commission’s Digital Single Market and eIDAS teams and DHS/Department of Homeland Security USA), that provided additional input regarding the wishes from the identity industry and the perspective from policy makers.
Furthermore, nearly all seminars and webinars that have been organized over the past few years in the digital identity space have been attended. This has provided further in-depth understanding of the problems and needs of the identity industry from various angles.
During this journey, YourID realized that the search for a technology solution is not the biggest challenge, since many great technologies to solve the problem already exist. The main challenge is to find a method that would be accepted across all industries and by all types of online stakeholders, and affordable enough to ensure that the entire online world could have access to it and adopt it. Not just a solution for the big and powerful, but fit and accessible for the entire industry and on a global level.
During YourID’s journey, all aspects of the online identity market and its challenges have been investigated and analyzed. Various big challenges have been found, that all result from the way we use and access the Internet nowadays.
For online users, these can be summarized as follows:
1. Lack of Privacy & Control
Online users nowadays don’t have control anymore over their identity. They don’t have one single overview of all places where they have shared their information previously, since it is impossible for users to keep track of all these places and to remember with who they shared what private information. In addition, in most cases users are not able to see which personal information is required from them and which is optional to share with a service provider. And neither do users have a simple method to revoke consent to access their information or ask a service provider to delete their shared information. Furthermore, many systems track user activity, profile users and have access to users’ sensitive personal information, not respecting the user’s privacy.
2. Inconvenient Online Access
You can buy products from any store using a single payment card, and you can travel the world with a single passport. But when it comes to accessing accounts and services online, there’s a whole maze of processes and requirements to navigate. A bank might send you a one-time password via text message for example, while a mobile wallet may require a face scan to authorize a transaction.
But none of these solutions are universal. With each app or site requiring its own access method, users end up juggling dozens of different passwords, PINs, and other access methods – and often just give up out of frustration. It’s not uncommon for someone to have an entire booklet of passwords for various logins.
Users still need to remember complex passwords and use a variety of technologies and access systems to sign in to their online accounts. We are getting more and more online and the growing variety of localised solutions and apps cause an undesired, ever-increasing amount of access credentials that users need to manage.
3. Increased Risk for ID fraud
The use of passwords is the weakest link in the security chain. It’s more often the case that an individual will simply reuse the same password over and over again, which is an extremely risky approach to online security. In addition, users need to leave ID information at many different places since they nowadays need to use a different app for each online access situation.
This has resulted in a growing number of data breaches, the most serious consequence of which is that users’ sensitive information like usernames, passwords, payment details or social security numbers are leaked, which results in increased risk of ID fraud.
Security has become a priority for the market with the number of fraud cases increasing. According to LexisNexis Risk Solutions’ 2019 report True Cost of Fraud, in the retail sector alone, fraud attempts have tripled since 2017. Meanwhile, last year’s TransUnion study found that almost half of all consumers were worried about being victims of fraud. For 2020, Industry professionals expect a record increase in cases and costs related to ID theft and fraud.
For businesses, the challenges can be summarized as follows:
1. Significant costs for IAM. A lot of money is wasted on multiple solution providers or on building and/or maintaining your own IAM solution, resulting in high costs.
2. Losses to fraud and high IT costs. Businesses incur significant costs due to password reset requests and customer service costs because of complaints stemming from identity fraud.
3. Sub-optimal conversion rates. Caused by the fact that customers cannot easily create and access online accounts and verify their payment information. This results among others in abandoned shopping carts.
4. Incomplete user data. Not having the right data about your clients results in inefficient marketing efforts on users that have a low probability of being interested in your offers.
5. Compliance difficulties. Especially with KYC and AML regulations such as PSD2, CCPA, GDPR.
6. Sub-optimal customer satisfaction. Caused by unreliable authentication processes that create friction and are not user-friendly.
The challenges regarding access with passwords and usernames, privacy issues, identity fraud and data breaches have resulted in a growing resistance and inconvenience in the way that we access and use the Internet, inefficient business processes and a bad user experience.
These challenges can only be addressed by a cross-industry collaboration that encompasses all sectors and should not be built around a single access-situation but be built around the user, and enable access to any online location worldwide with just one single solution. It should be based on a collaboration in which parties in all online industries and technology sectors collaborate on a global basis to offer a single solution for users to securely and conveniently manage their online identity and access any online location worldwide.
Further encouraged by recent and upcoming legislation (GDPR, KYC, PSD2, CCPA, etc.), this has resulted in the need for a globally operating identity platform, suitable for all markets and not being managed by a commercial entity and neither be controlled by a minority group of stakeholders.
Instead, it should be managed by an independent non-profit entity, be fully controlled by a wide variety of leaders from all online verticals, be supervised by an independent authority and fully respect all guidelines of user privacy. Only under these conditions can it ensure collaborations with all participants in the entire online industry worldwide.
YourID’s DNA & Purpose
Considering the needs of the participants in the online world, YourID’s purpose has been drafted. It can be summarized as follows:
Protecting user privacy, personal data and digital identity in a transparent and independent way, promoting the control that users have over their personal data and digital identity (including with who they want to share [part of] their information) and over the use of their data and digital profiles.
YourID will be built around the user and give the power to the user over their data and the possibility to conveniently withdraw previously shared data and it will respect the user’s right to be forgotten (according to GDPR in Europe). Also, the user has the choice of sharing additional data, for which they receive additional benefits (“data enrichment by user consent”, this is possible since the user is in control).
All of this is done in a flexible, technology-agnostic way, with a wide variety of best-of-breed (technology) partners, to guarantee the highest level of security and user privacy on a global basis.
YourID brings together worldwide trust receivers (like websites and online platforms), trust providers (like identity verification suppliers, government entities, telco’s and banks), technology suppliers and other relevant stakeholders, including consumer representing organizations. This way, YourID offers and coordinates an identity solution for three main parties:
1. Users, who can securely identify themselves online, whilst their privacy is fully protected and having full control over their identity, while enjoying the best possible user experience.
2. Technology companies, uniting their efforts in one solution that is the best in the market and flexible, universal and global in scope, tackling one of the biggest hurdles in the industry, delivering a global solution and solving the adoption problem.
3. Online platforms and websites (including governmental institutions), who receive an access-solution for the lowest possible cost, with the highest form of security and flexibility. Enabling companies that work on different continents/countries to use a single solution instead of many different ones.
Core Values & Guiding Principles
To support YourID’s purpose, the following core values and guidelines have been established.
✓ Provide a solution that is developed around the user, guided by respect for user’s privacy and giving the user full ownership of, insight in and control over the user’s identity information. Put the user in control of what user data can be viewed and/or used by the parties that collaborate with YourID.
✓ Enable users to authenticate themselves through their biometric characteristic(s), and to conveniently access online platforms and websites on an international scale, through a secure and re-usable online identity, without passwords and usernames, and enable users to manage their different forms of identity in one single app and platform.
✓ Create a globally available, technology-agnostic, flexible and future-proof app and platform by joining carefully selected, proven technologies from best-of-breed global suppliers. If necessary, YourID can oversee the development of technology parts that do not exist yet.
✓ Provide users with multiple features and functions related to (online) identity management that can vary from biometric identification to trusted third-party verifications. Features and functions are based (as much as reasonably possible) on consumer market research and the requirements and wishes from the websites, platforms and other stakeholders that participate in YourID.
✓ Create the app and platform in such a way that it is technically virtually impossible for anybody except users to view user information or data regarding use.
✓ Promote interoperability between all kinds of companies, governments, institutions and industry sectors. Enable websites, CMS systems and online platforms to easily integrate YourID’s technology with their own technology and provide them with an attractive method to validate user identities, verify user information and make their validation processes more secure and efficient.
✓ Establish collaborations with a large variety of trusted participants, where online platforms, websites, technology providers and other stakeholders are invited to join, guided by the objective to create a global industry-wide collaboration for password-less and user-centric online access, that is supported by as many parties as possible.
✓ Not interfere in the business where users access through YourID, and not interfere in transactions and/or interactions between YourID users and collaborating partners. In addition, YourID will not track & trace user behavior within its services.
✓ Refrain from having any (commercial) benefit or interest in user identity information or other user information.
✓ Provide transparency to all main parties collaborating with YourID regarding how the user’s data is processed and secured.
✓ Provide transparency to all main parties collaborating with YourID regarding the structure of YourID’s foundation, its board-members, collaborators and stakeholders.
✓ Enable regular, independent audits based on YourID’s Core Values & Guiding Principles to guarantee that the YourID foundation fulfils its promises. Audits will be done by an internationally recognized body and the reports will be shared with the members of the main board, advisory board and supervisory board of the foundation, as well as with any consumer representing organization that requests it.
✓ Promote YourID’s independence regarding the way it is managed and supervised and create a (legal) structure in which no single party or small minority can have substantial control over any aspect of YourID that can be considered fundamental. Implement a structure that makes it impossible for a single party or small minority to control and/or change any relevant aspect of YourID’s platform, technology, governance structure and/or any of the elements described in YourID’s Core Values & Guiding Principles.
YourID Fundament & Differentiators
The many meetings held over the last few years and the in-depth analysis of the identity market have resulted in the creation of the fundament for YourID’s Foundation, consisting of the four unique elements as depicted below. This fundament follows from the need to protect users’ privacy, empower them with control over their identity information and deliver them a unique user experience on one side, and to offer a secure client relation plus identified users for the industry participants on the other side.
Based on this fundament, YourID has received the confirmation from a wide variety of different stakeholders in the identity industry that YourID’s solution is highly attractive and acceptable to be used as an additional method for users to log in and/or identify themselves. This includes the confirmation from many globally leading online players that a platform with these characteristics would fit their needs, and that they are therefore interested to participate in YourID.
The goal of the YourID foundation is to facilitate, support and orchestrate the delivery of such a platform and to strengthen the battle against ID theft and fraud.
The future operational cost of YourID will be shared by all participating platforms and websites that have a commercial purpose. This means that non-commercial websites and platforms that participate in YourID don’t share in the costs, but just pay an annual fee. In addition, YourID will be free for the end user.
Furthermore, the cost of YourID will always be calculated in an open and transparent way, so all participants will have full insight and confidence in its functioning. The cost for the participant depends on 2 factors: the level of security required by the participating website/platform and the number of online locations where the user deploys it.
How this works
Let’s assume that a user deploys YourID at 10 different online places, just to log in without usernames and passwords. The same user also deploys YourID at 5 other online places to log in with a verified identity. We assume that YourID’s annual cost per user for password-less login is EUR 3 and that the additional cost per user for the verified identity service is EUR 2.
This works out as follows: 15 online places together share the cost of the basic service to have users log in without passwords and usernames. Since this is EUR 3, the result is that the price per participant is EUR 0,20. The participants that required the verified identity service on top, pay the additional cost of EUR 2 shared by the 5 of them, resulting in an extra cost of EUR 0,40 for the participants that requested the verified identity service. Therefore, those 5 participants each pay a total of EUR 0,60.
Costs are not depending on the number of times an individual uses YourID every year, which results in enormous cost savings for the participants. However, equally important is that YourID makes the technology also available for smaller websites and e-commerce platforms, thereby delivering significant support in the battle against ID theft and fraud.
YourID will be managed by a foundation to guarantee the highest level of user privacy. The foundation will have a management team, a general board and a supervisory board. It might be extended with an advisory board.
The general board will consist of 20-30 leading online websites and platforms that together have full control over YourID. It will be supervised by governmental institutions protecting the rights of consumers, and by consumer representing non-governmental organizations.
The technology will be provided by a wide range of best-of-breed, proven suppliers worldwide, managed and orchestrated by the YourID foundation.
The Governance through the foundation makes YourID an independent and transparent cross-industry initiative, that is fully controlled by a wide variety of industry leading companies.
YourID’s suggested solution incorporates the following distinguishing characteristics in its platform, app and infrastructure:
✓ Users are in control of their data. With an easy and intuitive interface, users know who has what kind of information from them and they can conveniently revoke access to their information at any time.
✓ Ultimate security, fulfilling or even superseding all international security standards and the highest level of certifications. This applies to YourID’s software, infrastructure and organization.
✓ Highly secure storage of personal data, due to the meticulous design of the system, and the rigorous safety tests and protocols, based on ISO/IEC 27001:2013.
✓ Easy integration (OpenID & SAML), encouraging collaboration with many parties that can easily integrate their existing system, website or identity server with YourID’s app.
✓ Identity Verification Service, provided by external parties. With YourID users can have all their verified identity documents – like their ID card, passport, driver license, social security documents and much more – in a single place (based on distributed identity).
✓ Fast enrolment. With just their name, email address and phone number, users can start their account. In addition, YourID allows to enrol by logging in through a user’s existing account of Google, Facebook, Amazon or LinkedIn.
✓ Importing user data from other platforms. Users can easily manage all online data that they own. In a single place, they have access to all information that they generated on social networks and other platforms.
✓ Importing existing KYC. YourID can be integrated with trusted banks and institutions, from where users will be able to import their existing verifications and history, and use it with other companies.
✓ Fast response, by using the biometric authentication feature inside the user’s device. This differentiates YourID from other systems that are based on one to manymatching and need to search an entire database.
✓ Many different uses in a single solution for all kinds of online and physical access.
✓ Available to everyone, it can be used by consumers, companies and governments.
✓ Highly scalable. YourID’s service can scale to hundreds of millions of users.
In addition to the unique characteristics that the app can enjoy by being part of YourID’s platform, the app that YourID suggests could provide several other specific advantages, when compared to other apps that offer online and physical access control:
✓ Password-less authentication, which is very convenient since it eliminates the need for usernames, passwords, tokens, SMS codes, etc.
✓ Frictionless authorization, allowing users to access any online place or physical premise without tedious process.
✓ Very versatile, since it can be used for many different access situations.
✓ High security level, as shown by its design that enables certification according to the U.S. Government Approved Protection Profile for mobile apps, and EAL1+.
YourID’s suggested solution includes an API to be integrated into existing apps, allowing to use YourID’s platform right away.
Furthermore, the app can offer the following identification functions:
✓ The biometric sensors of the user’s device will be used to unlock user certificates to identify for YourID’s platform. The different types of sensors include fingerprint (Touch ID or Android), face recognition (Face ID), retina sensor and voice recognition among others (a secure encryption environment to store keys is required).
✓ Biometric multifactor ID, enrolling different types of biometrics (Fingerprints, Face, Voice and Signature) by using the device’s camera and sensors. YourID will allow for a reliable and highly secure way to identify the user, and provide maximum privacy, as this biometric information will be stored securely inside the user’s device.
✓ The app can show the details of a transaction performed by the user, who chooses whether to provide authorization by accepting and signing it.
✓ By using the app together with a PC, the user’s mobile phone can act as an identification and authorization device. The app can connect with any website using QR codes and the phone’s camera.
✓ The enrolment procedure can include an identity scan and verification, performed by an external Identity Verification Service Provider. The identity can be verified against various databases of information.
✓ The app can identify users through a selfie, that will be compared with the ID that has been provided.
✓ The app allows users to digitally sign transactions, by using advanced signatures through digital certificates.
✓ The app can detect and connect with a nearby certified hardware receiver and can transmit a user’s identification to provide access. If the mobile phone supports NFC, it is also possible to connect with NFC.
YourID’s suggested solution is based on a technology infrastructure as depicted below.
Donations & Memberships
The YourID foundation depends on member support and donations. As a non-profit organization, YourID completely relies on this community support, none of our future activities and efforts will be possible without it.
To make the service consumer deployment ready, funding is required. The initial funds will be used primarily for the technological development to make the platform consumer-ready and to prepare it for market launch.
YourID is currently looking for members and supporters that are interested in donating by giving grants or in any other way. The various possibilities are depicted in the overview below.
The board positions for the Strategic Members will be registered and the board becomes active as soon as 5 Strategic Members have been confirmed. Annual donations will be disbursed to YourID in quarterly tranches. An established Dutch Accountancy firm will perform quarterly audits that will be shared with YourID’s members and supporters.