In a rapidly evolving digital world where blockchain technology is being adopted to redefine identity and access management, self-sovereign identity is no longer a distant dream to ensure privacy and consumer protection.

From banking and employment to shopping and social media accounts we’ve left pieces of our identities, like DNA, scattered across digital and analog systems to an extent that it is difficult to manage, to monitor, and to protect, leaving us vulnerable to identity theft and fraud, and giving bad actors a treasure trove of data to use for nefarious purposes. At the same time, financial institutions and other organizations that use our data pour a huge amount of operational and financial resources into risk management and regulatory compliance, the overhead for which results in inefficient transactions and long processing times.

Self-Sovereign Identity (SSI), managed by the individual and verifiable on decentralized ledger has been touted for some ten years as a viable solution to some of the biggest privacy and efficiency challenges related to digital identities. More providers enter the space every day, and according to Infopulse, Goode Intelligence Research indicates that 5% of all digital IDs were based on blockchain technology in 2020, and predicts an increase up to 20% in 2025.

What is Self-Sovereign Identity (SSI)?

In the context of digital identity systems, SSI for humans is, in theory, a persistent, portable, interoperable digital identity that belongs to the individual (rather than to a third party such as a bank, a government, or a social login service like Google), that can be used to interact with those third parties, and that is used only at the discretion of the individual. The digital identity consists of encrypted and digitally signed, verified credentials or decentralized identifiers (DIDs) that represent bits of identifying and personal information. The individual chooses which credentials to share and with whom. Commonly, the individual manages their digital identities through browser wallets and mobile apps which they then use to conduct transactions online or by touching their phone to an NFC sensor.

In his 2016 blog post, The Path to Self-Sovereign Identity, Christopher Allen, a blockchain technology speaker and advisor, identified ten principles of SSI to remain focused on as the technology grows and evolves:

  • Users must have an independent existence.
  • Users must control their identities.
  • Users must have access to their personal data.
  • Systems and algorithms must be transparent.
  • Identities must have persistence.
  • Identities must be portable and go with the user.
  • Digital identities should be interoperable and global.
  • Users must consent to the use of their identity data.
  • The amount of data shared should be minimized, meaning that no more information than is needed should be required.
  • The rights of users should be protected.

What is Blockchain?

Blockchain is a linear form of distributed ledger technology (DLT). It is characterized by cryptographic hashes assigned to each block in the chain, which serve as reference points for subsequent blocks in the chain. The most familiar use of blockchain is cryptocurrencies, but there are many other potential applications, including SSI.

How does Blockchain enable SSI?

As a distributed ledger technology (DLT), the decentralized nature of blockchain technology makes it one of the primary technologies enabling SSI today. In some implementations, smart contracts are used to execute agreement provisions such as fund transfers when a new block is added to the chain.

Whether in a public or private blockchain or a blockchain consortium, blockchain’s decentralization and cryptography serve as a strong defense against data tampering and hacking. Through a linear structure and a hashing system in which each block references the previous block in the chain, the validity of the chain is maintained such that a change made to a block impacts the block’s hash and invalidates the hash of all subsequent blocks in the chain. Like a series of auto-locking security gates, this framework acts as a security fail-safe for planned and unplanned modifications to the chain.

How does SSI solve today’s privacy issues?

SSI puts the individual in control of how much information to share, reducing over-sharing as suggested by the KAOS framework in the Identity Diet book and CIPA certification program. Because individuals share digital credentials with verifying institutions instead of their actual personal data, institutions don’t need to collect or store personal data, greatly reducing institutional liability for data privacy protections.

SSI’s distributed ledger keeps data in sync across a transparent, decentralized, peer-to-peer network, leaving no inconsistencies to exploit and making tampering evident.

However, as Sheila Warren and Sumedha Deshmukh of the World Economic Forum explain, standardization and regulation are needed to safeguard and promote privacy, inclusivity, interoperability, and portability, the essential principles of digital identity systems.

How does SSI benefit consumers and businesses?

Buoyed by supporting technology, consumer relationships become more trusted. The institutions that issue credentials, the credential holder (i.e., the individual), and the verifying institution can have confidence that the technology and the framework are inherently trustworthy, removing much of the friction from customer experiences.

Some of the benefits of SSI include:

  • Increased data security
  • Speedier transactions
  • Immutable audit trail
  • Reduced compliance cost for Customer Identification Program (CIP), Know Your Customer (KYC), anti-money laundering (AML) and other regulatory requirements
  • Increased business confidence in the customer’s identity/data
  • Effective Identity and Access Management (IAM)
  • Reduced friction in the customer experience and time it takes to process things like applications for mortgage loans
  • Faster employee onboarding

Where is SSI applicable?

There are seemingly innumerable possible applications for SSI in identity nd access management, due in part to the interoperability of SSI solutions. Some common applications for individuals include:

  • Address validation and age verification
  • Licenses
  • Qualifications and diplomas
  • Proof of employment
  • Credit reports
  • Account details
  • Account access
  • Asset ownership
  • Vaccination and testing records
  • Prescriptions
  • Boarding passes

Other applications for Self-Sovereign Identity involve the Identity of Things (IDoT), where supply chain management in areas such as the COVID-19 vaccines can benefit.

Self-Sovereign Identity and Blockchain

There are many blockchain solutions in the market which are capable of solving the pressing privacy issues. Below are some examples of blockchain solutions for self-sovereign identity:

Atala PRISM is an open-source, linear blockchain solution built on the Cardano system, an IOHK technology. It’s implementation includes a mobile app, a browser wallet, a management console, and SDKs and APIs. Atala’s use cases include education, health, government, enterprise, finance, travel and social.

IOTA’s non-linear, distributed ledger solution, The Tangle, is a blockchain alternative that allows for zero fee transactions (vs Bitcoin and Ethereum which require purchase of a cryptocurrency token). The IOTA Tangle is designed to function on low tech devices and in areas of low connectivity, making it an option for identity-less and bank-less people around the world.

Other Self-Sovereign Identity Technology Solutions

Amazon, Microsoft, Oracle and IBM offer blockchain-as-a-service (BaaS) by providing the infrastructure and management of the blockchain for companies who are then free to build their own apps and functions on the blockchain.

Some other SSI options available in early 2021 include:

  • Evernym’s Verity solution for issuing and verifying digital credentials, its Connect.Me digital wallet, and its mobile SDK
  • Indicio.tech’s IDRamp solutions
  • Sovrin’s SSI network and digital wallet

The future of Self-Sovereign Identity

The ways companies do business may change significantly as SSI is adopted, and among other things the legal implications will have to be sorted out. One of the questions before the U.S. legal community is whether digital smart contracts are enforceable legal agreements. A Harvard Law School Forum on Corporate Governance article, An Introduction to Smart Contracts and Their Potential and Inherent Limitations, explains that contract law is at the state level, meaning that treatment may vary by state, and points out that some states such as Arizona and Nevada have amended laws to account for blockchain and smart contracts.

As SSI technology evolves and use increases, so will the need for standardization and regulation. Likewise, digital literacy among citizens, consumers, and policy makers will be key to large-scale adoption.

In their 2021 report, New Directions for Government in the Second Era of the Digital Age, Blockchain Research Institute and the Chamber of Digital Commerce encourage the U.S. government to focus on five digital priorities:

  • Ensuring security, privacy, autonomy, and citizen-owned identities
  • Embracing cryptocurrencies and the digital dollar
  • Retooling services and service delivery to meet world-class digital standards
  • Building trust by engaging citizens and holding elected officials accountable
  • Rebooting American’s innovation economy to include a diversity of entrepreneurs

Around the world, many are looking to SSI technology to bring new opportunities to underserved populations. According to the World Bank there are one billion people in the world without an official proof of identity, and one in two women in low income countries lack an ID, which inhibits their ability to do things like obtain government services, enroll in school, and open bank accounts. In his blog, Bill Gates notes that giving everyone access to a legal identity is one of the targets of the UN’s Global Goals for 2030. Because SSI systems are decentralized and all participants are treated equally, SSI is thought to be a more democratic option than third-party systems that give some consumers preferential treatment. More and more countries are adopting digital identity systems. India has launched a biometric ID system, and in what is being called the world’s largest blockchain deployment, Ethiopia was reported in February 2021 to be launching a blockchain-based national identity system using the Atala PRISM decentralized identity platform.

Digital identities can also transform the supply chain by bringing transparency to track and trace initiatives, compliance including supplier due diligence and onboarding. In a recent Forbes article, Lora Cercere, CEO of Supply Chain Insights LLC, promotes the development of digital identities for manufacturing and distribution locations and for ocean freight, entities that don’t currently have their own Employer Identification Number (EIN). The possibilities for cost reduction in supply chains are enormous.

Also being explored is the concept of disposable self-sovereign identities (DSSID) which are valid for a limited time after which they expire. Such a solution could give individuals even greater control over their privacy by allowing them to revoke shared credentials when they are no longer needed by the verifying entity. A use case proposed by the Disposable ID citizen-community in the EU is COVID-19 test results which are only relevant for a time period of weeks or less, after which a new test is needed. In January 2021, international technology standards organization Object Management Group® (OMG®) issued a request for information for a Disposable Self-Sovereign Identity (DSSID) standard.

Conclusion

In conclusion, the opportunities for improving individuals’ privacy and data autonomy and reducing corporate operational costs are great, but an SSI revolution is no light undertaking. To become ubiquitous, SSI technologies will need to be standardized and affordable to the organizations that support and use them, data privacy and other regulations will need to be proposed and passed, and even more critically, consumers must be able to access, afford and trust the technology.

IAM courses are among the most popular courses in cybersecurity due to heightened awareness about the importance of identity and access management in enterprise security. Identity Management Institute offers the most comprehensive set of IAM courses in the industry which include a study guide, examination, and digital certificates of registered trademarks.

Identity and access management courses by IMI are designed to educate IAM training candidates about IAM risks and how to effectively manage user identities and their access to enterprise systems.

Benefits of IAM Courses

Managing user identity and access is extremely important when considering that most data breach incidents are caused by flawed IAM processes and systems or employee errors. Risk awareness, IAM controls, and professional certification are among the benefits of IAM courses by Identity Management Institute.

Which IAM Courses to Select

Identity and access management is vast field and IAM experts may be engaged in any of the technical or operational roles within their organizations. When selecting an IAM certification course, candidates must select a vertical within the IAM field and dive deep to become a specialized expert. For example, if your focus is onboarding and offboarding users, you must be aware of the organizational policies and be able to recommend improvements to ensure access is appropriate at all times. Or, if you are engaged with an authentication project, you must have knowledge of your business requirements, risk assessment process, authentication systems available in the market, and implementation protocols.

IAM Course Scope

From identity governance and digital identity transformation, to access management, program implementation, system deployment, fraud prevention, compliance, and data protection, IAM experts must specialize and take the appropriate IAM courses to meet their career needs.

Security and IAM professionals are often concerned with onboarding and offboarding users as well as access management when users change roles within their organizations. However, IAM experts who may be engaged in technical and non-technical roles are also concerned with IAM process reengineering, risk management, identity directory systems, as well as authentication including single-sign-on and multifactor authentication.

Conclusion

When selecting IAM courses, professionals must decide which IAM training will benefit them the most and help them become more aware of the pitfalls to avoid making mistakes, and, which IAM certification can improve their career growth and advancement. While IMI periodically updates its IAM certification courses to meet industry demands and standards, IAM experts must decide for themselves which identity and access management course with certification will benefit them the most.

Identity and access management certifications

The internet isn’t always a safe place as you will recognize the 10 popular email and phishing scams listed in this article. While antivirus and anti-malware programs can do quite a bit to keep consumers safe, nothing’s quite as effective as knowing when you’re being scammed. Though the sophistication of phishing scams has increased over the years, the truth is that most scams are fairly easy to identify once you know what you are looking for. The following ten scams have all caused quite a bit of damage but can be avoided by those who look out for them.

List of 10 Popular Email and Phishing Scams

Below, we identify the top 10 popular email and phishing scams and how you can protect yourself from becoming the next victim of one of them.

THE SURVEY SCAM

This is a tricky one because it does skirt right by the edge of legitimacy. Though there are some companies that will pay you to take surveys, there are also plenty of cyber-criminals who are more than happy to use such services to take your information. These scams are fairly easy to identify because they offer big prizes for filling out surveys, especially when you compare them to what the legitimate surveys offer. You’ll also notice that most of these scams ask for a great deal of personal information that wouldn’t be relevant to a real product survey.

THE MYSTERY SHOPPER SCAM

This is a scam so old that it predates the internet. The layout of this scam is fairly simple – you’ll get an email that asks you to sign up as a ‘mystery shopper’, usually for a major chain or an upscale restaurant. You’ll usually be asked to make purchases that will be reimbursed later as long as you’re willing to send the items back in order to get a refund. Another twist on this scam usually involves getting reimbursed for buying gift cards, a process that will always end up with a gift card in the mail and no money left in your pocket.

THE ‘MAKE MONEY FROM HOME’ SCAM

Again, this one tends to hit hard because it can often feel real. A big scam during any time of economic uncertainty, these scams tend to target stay-at-home moms, the elderly, and anyone who can’t get out of their homes to work. It’s one of the more predatory scams out there, and it really does prey on desperation.

Again, there are a few different versions of this scam. One of them requires you to click on a link that will either lead you to downloading malware or to a form that will ask you to give up your most sensitive personal information. The other version of this scam will have you work as a ‘processor’ of some sort for the scammer, buying items for which you are supposed to be reimbursed and then shipping them to the next link in the chain.

THE VIDEO CALL SCAM

This is a relatively recent scam, one that’s become popular during the COVID-19 pandemic. You’ll get an email or text message link to what looks like a video call – you’ll usually note that it claims to be from Zoom, for example. If you click on the link, though, you’ll be taken to a site that will hit your computer with any number of nasty surprises.

THE 419 SCAM

This is one of the true classics, dating back to the earliest days of the internet. It typically involves a person from a foreign country (usually Nigeria) who claims to need your help transferring money out of the country. If you are willing to front him or her a portion of that money, the scammer claims that he or she will reward you handsomely for your service. In truth, the other party is just trying to get your bank information so that he or she can drain your accounts.

THE HITMAN SCAM

This one is a frightening scam with a few variations. The key to all of them, though, is that you’re being emailed by someone claiming to be a hitman and that he or she will kill you if you don’t send money (or, more commonly transfer over Bitcoin). This is one of the few scams that preys on fear rather than greed or naivety.

THE FAMILY SCAM

This scam usually involves grandparents, but can come from a long-lost uncle or even your parents. In this case, you’ll get an email from someone who claims to need monetary help because he or she has been in a terrible accident or has even been put in jail. This one usually has a fairly significant time pressure behind it, as the scammer doesn’t want you to actually check up on your family member.

THE GOVERNMENT AGENCY SCAM

This scam comes from someone who claims to be a contact at a government entity – the World Bank or United Nations is typical during most of the year, but the IRS tends to be the big name during tax season. They’ll say that you need to provide them with your Social Security Number so they can give you important information, which is of course just a trick to get access to your identification data.

THE CONTEST SCAM

Congratulations, you’ve won a contest for which you’ve never signed up! The prizes are usually big and the language is usually congratulatory, but the real goal is to get you to send over some kind of ‘deposit’ so that you can get your prize. In other versions of this scam, you need to verify quite a bit of confidential personal information to get your winnings. In either case, you’ll never see a prize.

THE CEO SCAM

The CEO of your company needs important information and he or she needs it now. It doesn’t come from a company email address, of course, but the language is very formal and the screen name is just close enough to that of the CEO that someone could be fooled. The goals here range from getting you to send money to the scammer to revealing your business’ trade secrets.

How to Protect Yourself from Popular Email and Phishing Scams

Since there are so many scams, it does make sense to think about how you can protect yourself from all of them. Luckily, most of the steps you can take are fairly straight forward. These include:

  • Always double-check the information of the sender
  • Use an email lookup tool to get the sender’s real name
  • Delete any unsolicited emails from unknown addresses

LOOKING FOR WARNING POPULAR EMAIL AND PHISHING SCAM SIGNS

While the basic steps above will help to protect you from many scams, they won’t catch everything. If you’re not sure if an email is legitimate, you’ll want to look at some basic warning signs. Scam emails often:

  • Come from unknown senders
  • Ask for money
  • Want your personal information
  • Ask you to deposit money into your own account
  • Come from a generic email account
  • Are incredibly generic about the subject
  • Tend to ask you to verify account information
  • Make claims that seem outrageous or too good to be true

A QUICK NOTE ON WHAT NOT TO SHARE

Even if the email that you get seems to pass all the tests above, there are a few things that you should never share over email. If it’s necessary to share this information, doing so via official mail or in-person is usually for the best. As it stands, you should never share your:

  • Social security number
  • Full legal name
  • Date or place of birth
  • Bank account number
  • Account passwords
  • Physical address
  • Phone number

OTHER BASIC SAFETY PROTOCOLS FOR POPULAR EMAIL AND PHISHING SCAMS

Finally, try to make sure that you pay attention to some basic safety protocols while you are online. Never agree to send anyone money online, for example, and never assume that a stranger who sends you a message is actually telling the truth. If you don’t feel like the email is valid, trust your gut and try to find another way to get in contact with the person who sent you the message.

What if You Are a Victim of these Popular Email and Phishing Scams?

The most frightening thing about these popular email and phishing scams is that while you can practice fairly good internet safety and still get scammed. If that happens, there are a few steps to take.

First, contact your bank or credit card company to find out if there has been any unusual activity. If there are suspicious activities, you’ll need to get new account numbers and/or cards. Next, change any account passwords that might have been compromised and remove any unnecessary identifying information that might be in those accounts.

Next, you’ll start filing reports. If you used a company account, let your employer know. If not, contact the police, the FTC, and your state’s cybercrimes division. You’ll also want to do any kind of damage control involved with the data breach that may occur, so make sure that you follow any data security protocols required by your business if you think that company data may have been breached.

Remember, your response to these scams matters. While it’s always best to avoid them, you still have the ability to fight back. If you’re a victim of one of these 10 popular email and phishing scams, you have a responsibility to help ensure that the scammers can’t do more harm with the data that they have gathered from you.

Become a Certified Identity Protection Advisor (CIPA)

Identity Management Institute on LinkedIn

Follow us on LinkedIn to receive update notification