Trust is necessary for all commerce and exchange of personal information on the Internet. Trust is based on Identity. The Identity Tax is the cost, both in time and money, incurred by provider and consumer to establish the trust necessary to complete their transactions.

Every organization spends money on receiving, storing and safeguarding the identities of their customers. For smaller enterprises, this could be relatively inexpensive. On the other hand, the financial industry has a much larger burden, the total cost of technology and audit, is millions of dollars for each organization per year.

If you consider all aspects of the internet: social media, retail, healthcare, government, etc., the aggregate cost across all industries is hundreds of millions, if not billions, of dollars per year.

Make no mistake, we are all paying this tax.

Identity Used to be Simple

If you go back 5 to 10 years ago, virtually all identity was established from a username and password. At that time, the Internet was a smaller and safer place with limited goods and services.

As goods and services on the Internet grew, the amount of sensitive information available also increased. Some organizations recognized that username and password were no longer sufficient and began to require more sophisticated ways to verify identity, e.g., sending One Time Passwords (OTPs) to your phone.

Each organization had to manage their customers identities and they resolved it within their means. The increased expense of Identity Management was considered a necessary cost of conducting business on the Internet.

Where did it Go Wrong?

Fast-forward to today. Identity is a necessity for many aspects of modern life: checking email, social media, banking, travel and any personal information you may want to retrieve. For each one of these services, there organization providing this service must have its own Identity Management.

Over time organizations have developed large customer identity databases, which have become very valuable targets for hackers. Instead of trying to just crack passwords, they are much more sophisticated, penetrating networks and walking away with the personal and financial information of millions of people.

As a result, each one of these organizations is required to increase their Identity Management budget to stop hackers. Hackers continue to get more sophisticated, which requires every organization to spend even more money. The cost to maintain and secure Identity Management, i.e., the Identity Tax, is increasing with no end in sight!

Furthermore, your identity is kept by several organizations, each with its own unique set of technology and policies. in spite of major identity breaches, there are no rules, regulations or widely accepted standards for storing and maintaining customer identity.

Each organization which stores your Identity is exposing you to some level of risk. Your total exposure is based upon the aggregate risk across all the organizations with your personal information.

Path to Removing the Identity Tax

Both the provider and consumer pay the Identity Tax – there are no winners on either side of the transaction! This means that if we can lower the Identity Tax, both sides of the transaction can benefit.

Organization have to increase their overhead costs in order to manage customer identities. This cost and risk is a distraction from their primary mission: the goods or services they are trying to provide.

Customers lose on two fronts: First, there is the hassle of having multiple identities, each with a different identity and validation, for each organization they conduct business. Secondly, their personal and financial information is at risk, depending on how well each organization has protected their information.

As I noted in my previous article, Multiple Internet Identities having a few Trusted Identity Providers whose sole purpose is to provide identity services to both consumer and provider will decrease risk and cost for both parties. Consumers could choose a Trusted Identity Provider which would provide better protection and provide records of every access. Organizations would no longer carry the customer’s identity and therefore become a less valuable target for hackers.

Organizations could pay the Trusted Identity Providers a service fee to validate customer identity. Furthermore, since the Trusted Identity Services are licensed to many organizations, the Trusted Identity Providers can scale and become very efficient. The net result is the organization will realize savings when compared to their current Identity Management budget.

This model of organizations outsourcing technology services has already been proven by cloud providers. Instead of organizations building their own costly datacenters, they have outsourced compute and storage to cloud providers who can provide better service at lower cost. This has provided organizations the ability to stay current, scale and improve service with lower cost!

The hard part is getting started: building a Trusted Identity Provider, which has the trust of both provider and consumer, needs to exist to before we can lower the Identity Tax.

Conclusion

Identity Management has ballooned in complexity causing cost creating the Identity Tax, that is paid by consumers and organizations. In a prior article, Multiple Internet Identities I discuss why a Trusted Identity Provider should exist and why it’s better for consumers. 

This article focuses more on the economics of the current situation and explains why a set of Trusted Identity Providers is financially viable. Lowering the Identity Tax provides gains for both providers and consumers. The biggest hurdle in creating a Trusted Identity Service is not cost, its forming an organization which is transparent and trusted by both consumers and organizations.