When it comes to online identity verification, our compliance borders on psychosis. We put up with needless prodding and submit our sensitive personal identifiable information (PII) each and every time we are prompted. Maybe because it’s a matter of keystrokes and convenience we choose to believe that it’s a harmless act. However, every time you submit your information, you take on a new partner in your identity. When you enter your date of birth on a website, it doesn’t disappear; it is stored away. Even with the best intentions, these companies are still a repository of information that hackers can and do access daily. Breaches are commonplace enough that many have opted to bury their heads in the sand, hoping that they aren’t one of the thousands in this breach or one of the tens of thousands in the next. What this boils down to is a misunderstanding that has grown piecemeal into a behemoth that costs companies billions of dollars each year for the privilege of becoming targets for hackers and lawsuits
Organizations have an obligation to ensure that online users are who they say they are. But the methods for doing this are woefully out of touch with the realities of our present system. Companies are willing to become shepherds of PII like SSNs and DOBs just to have users verify their identities. Now, instead of its core purpose, that business has branched out into the world of cyber security. Because hacks are common, they expand their legal departments and pay for liability insurance that can cost them millions. This is all seen as the price of doing business but it all comes back to that fundamental misunderstanding — there is a missing piece to this puzzle that can topple this Frankenstein’s monster we have created and shift the burden
Let’s say you wanted to take a road trip across America today. If the country were run in the same manner as businesses treat identity verification, you would stop at each state’s border, take a test, and hope to get a local license. Your Maryland license would be meaningless in Colorado. Each state would place the burden of trust on itself. Would you submit your SSN to a foreign government at their border? Hopefully, you would not but I know that many of you would. Consider how your passport is a respected form of identification at any international airport. In essence, the world at large understands that we must place our trust in certain institutions to verify identities, but every company believes that they require you to prove yourself to them individually. While this is certainly a burden for users, it is disproportionately harmful to businesses propping up this flawed system.
Everyone knows the problem. No CEO is grateful to pay for more insurance or to fight lawsuits. They may be happy for the protection but these are band aids for a deeper malady. In order to conquer hackers, in order to get back to the business they started and not the one they were saddled with, leaders need to establish a new baseline for identity verification. The reason we don’t need different licenses for each state is that states do not want that burden. It would be a tremendous lift to build up DMVs, pull over every car suspected of having a different license, prosecute offending drivers, and deal with the infrastructure that this shift would necessitate. This is where businesses are today. In order to move forward, my company has created a simple solution.
With a Trua ID, individuals will still provide their PII but they will do it only once. Trua will become the DMV distributing a license for people to provide to businesses. Your company will not deal with background checks or storing sensitive information anymore. A new user will show you their Trua ID and you will know that they had to earn it. Trua IDs cut out needless fat within organizations while providing peace of mind that hackers have less to find in their servers — shrinking expenses as well as the target on your back. If it sounds like too big of an ask, consider again our passports or Social Security Cards. These are pieces of paper that we treat as a gold standard of in-person identification. We accept them because it is understood that they are difficult to come by. With Trua ID, users must essentially submit everything they would need in order to get a passport. If you want a background check, Trua would handle that as well. The difference is that you are no longer on the hook for collecting, storing, and guarding of this data. PII is precious and a hot potato; why not leave it to the professionals and get back to work?