We may be reaching the point where fraud and fakes are becoming so prevalent that the costs and pain are overwhelming enough that we’re ready to take the effort to try new solutions. Blockchain technology might finally have a mass market use here. But we’re not quite there. Except for crypto most of the work has been in infrastructure. Consumer use cases are few. This might be a natural evolution. The progression from infrastructure to platforms to applications is a movie we’ve seen before. And consumers likely don’t see safety and security issues as the most fun to deal with. At a certain point though, the answer to “where do you want to take the pain” turns into “ok, we have to deal with this now.”
The challenge remains getting adoption when there’s serious effort. After all, isn’t it annoying enough to have to identify how many traffic lights are in a picture just to get to your own account somewhere? Well, dealing with today’s crop of blockchain identity solutions is a bit more of a hurdle. At least for now. You may be thinking, “But don’t we already have all manner of fraud solutions, from credit checks to heuristic rules and now even AI trust scores?” Yes we do. And how is all that working for us?
Not very well. But enough so that businesses and consumers are willing to eat costs rather than take the pain of adopting real solutions. For example, today we do have some digital identification products available, but neither online nor real-world merchants or content providers use these solutions. We seem to have gotten used to our current level of loss and numb to it.
That we accept this tacitly with some minor attempts at intervention is interesting given that U.S. fraud losses were over $10B in 2023, per the FTC. And Juniper Research said in 2022 Online Payment Fraud Losses to Exceed $343 Billion Globally Over the Next 5 Years. Maybe we just think that’s not that much given 2023 U.S. GDP was $27 Trillion with U.S. Retail Sales at 7.24 Trillion. (Statista.)
AI: For Better and for Worse
Artificial Intelligence tools are force multipliers. These tools are increasingly used to fantastic effect across industries; including identifying and combatting fraud. That’s the good news.
Unfortunately, similarly to any medicine, that which has the power to heal may also potentially hurt if used improperly. Sometimes AI isn’t enabling a new type of fraud so much as enhancing the speed, scale, and sophistication of fraudulent activities; such as phishing and social engineering schemes. AI enables easier creation of “deepfakes” which are highly realistic fake images, videos, audio and so on. These methods enhance efficiency and realism of fraud, making detection and prevention challenging. And then there’s social issues from fake news to privacy, family security, and so on.
Can Blockchain Help?
Blockchain tech can help identify and verify creators/owners of objects via digital signatures. As well, their provenance through marketplaces. (See the 2022 paper, Blockchain: Novel Provenance Applications from the Congressional Research Service.)
Large speed bumps remain. Insofar as blockchain enters consumer thought at all, it’s likely in terms of crypto. While cryptocurrencies, tokens, etc. are their own body of knowledge, we’re more concerned about identity from two perspectives: people, and things. For financial transactions, we have Know Your Customer (KYC) rules requiring customers to verifiably identify themselves to institutions with which they’re transacting. Similarly, there are ways to create identities with blockchains that verify transaction originators and object owners. We have overcome security issues like this before. Once upon a time, web browsers didn’t have Secure Socket Layer (SSL) and TLS (Transport Layer Security) security. We do now, but we don’t even think about it because it’s embedded in web browsers.
We are far from that level of ease of use for the issue at hand. The question remains: “If we have apparent solutions, why haven’t they been fast-tracked for adoption, even if there’s some pain in doing so?” Great question. Let’s consider it.
We have a cold start problem for these solutions. Stakeholders are not incentivized enough to take the investment hits in learning, time, and deployment risk. (See Andrew Chen’s book The Cold Start Problem: How to Start and Scale Network Effects to get a sense of some overall challenges.)
Why is this so hard? There’s at least three reasons:
- Usability: Existing user side solutions are complicated. (My opinion.) Maybe crypto finance apps aren’t overly challenging for early adopters. But pure identity solutions – distinct from crypto wallets – don’t provide enough value vs. complexity of onboarding.
- Fraud is a Negative Externality: Fraud doesn’t usually feel like it impacts us unless we’re the victim. A negative externality is a cost imposed on third parties or society due to an economic activity, like pollution from a factory that affects public health without the responsible parties directly bearing those costs. Fraud is similar. We all pay, but apparently not so much that we’ll take significant effort to fix the problem.
- Normalcy Bias: With Normalcy bias people underestimate the likelihood or impact of bad effects because they become desensitized or accustomed to the status quo. They downplay risks or fail to take action, believing things will continue as they have. (Similar ideas include Habituation Bias, Status Quo Bias, or Complacency Bias.)
- Uneven Deployment: I said 3 reasons, so this is a bonus. Even when/if this does start rolling out, it will be so uneven as to be of questionable value for some time. For shopping, SSL/TLS is a default. Mostly, we don’t have to be overly careful shopping. With this new tech, we’ll have to think about the “trust on / trust off” indicator again. And “trust off” won’t necessarily mean something’s not really trustworthy; just that the producer hasn’t come up to speed on using the tech yet.
It might be Government that helps industry get past the cold start. For all the growth in the identity verification industry, it’s government that has some of the greatest interests in issuance and usage of identity. While some trust solutions rely on reputation of pseudonymous entities, most of today’s identity verification have a government validated identity as their ground truth root of trust starting place. The most obvious place to begin, (on the people side as distinct from organizations or objects), are with basic identity credentials, such as driver’s licenses. While the U.S. has begun some projects, we’re moving slowly, and this seems to be moving forward faster elsewhere. Regardless, digital ID platforms are not necessarily blockchain based. So achieving interoperability for various solutions may become more challenging than they otherwise might be. The end result might be these generally laudable efforts don’t take advantage of what could be a better common infrastructure and platform. We’ll see.
Where Have we Been?
Leaving aside confidence schemes and social engineering, let’s look at challenges over time of some physical fraud to make a point. Once upon a time, to counterfeit dollars, you needed an engraver, special ink and paper, (actually linen), and more. Then it got easier with advanced printing, followed by an arms race with holograms, ultraviolet strips, etc. While counterfeiting is still a problem, according to the U.S. Department of the Treasury, efforts combating counterfeiting are working.
This is just one example of how we’ve mitigated threats before. Unfortunately, criminals are smart enough to move on to new more seemingly ripe venues.
Where are We Now?
Fraud remains rampant and growing. The chart above is selected consumer fraud. Some gets managed. Specifically, the sort that hurts merchants directly; credit card fraud, bad orders, etc. What doesn’t get caught of this multi-billion-dollar problem gets absorbed by industry and consumers.
I’ve heard that: “People generally change for one of two main reasons; they’ve learned enough that they want to or they’ve been hurt badly enough that they have to” Perhaps we just haven’t been hurt badly enough that we’re willing to do what it takes to fix these issues. Maybe the cost of fixing seems harder than just absorbing the losses.
What’s Changing?
AI-based fraud is rapidly increasing with the rise of generative AI technologies. According to Onfido, in 2023, deepfake fraud attempts surged by 3,000%, driven by availability of inexpensive and easy generative AI tools. These create fake videos, voices, and documents, often for identity fraud or to trick individuals and organizations into unauthorized transactions. Deepfakes in the financial technology sector grew by 700% in 2023 according to Deloitte. (See: Generative AI is expected to magnify the risk of deepfakes and other fraud in banking.) AI fraud loss in the U.S. could reach $40 billion by 2027, up from $12.3 billion in 2023
Will it Finally Be Blockchain Identity to the Rescue?
Maybe. We’ll need at the very least: Source Identification, Asset Identification, Source and Asset Verification, and Production Tools that are actually adopted.
Wait… What is blockchain based identity again?
For people, you would get a digital id, (usually part of a digital wallet, even if that’s a bit of a misnomer), that is absolutely yours and you’d use it to log in to places and do transactions, including signing things. You wouldn’t need other login credentials because you would just be you. No need to have made up ids just to get access to things. Objects, (graphics, news stories, whatever), would get assigned their IDs by their owners; individuals, governments or organizations, which would also need veifiable digital IDs. (This leads to “root of trust” issues beyond scope here. Suffice it to say, people, organizations and objects would need trusted IDs.)
The wider scope: Blockchain-based tools can create secure, decentralized identity systems. These solutions aim to provide individuals and organizations with control over personal data, reduce identity fraud, and improve security and privacy of digital interactions. And for objects, allow known entities to sign them and others to verify those signatures. As you might expect, there are systems, platforms and players that want to provide software and services. Some, like MetaMask, have early adopter market penetration thanks to their use as crypto wallets. There’s dozens or more wallets available. Some, like Verida, or the Cardano wallet, are full of tech and identity focused, but there’s not much you can do with them. We have burgeoning infrastructure and platforms, but minimal applications. Per Capital One, 53% of Americans used a digital wallet in 2023, but (depending on who’s research you believe), use of crypto is limited to 7% of Americans. So people seem perfectly happy to use digital wallets. (PayPal, Apple Wallet, etc. per Forbes.) But these are fairly easy to deal with vs. crypto, given these are – to a large degree – just extensions of existing financial accounts. And there’s also a difference in onboarding and usage of ‘plain’ crypto vs. going through a full identification process and then subsequently how you use such wallets for transactions or access applications.
Besides person and personhood-like entities, (people, companies or organizations), we have objects like photos, videos, and all manner of other things. (Let’s recall that personhood type entities have some form of social and legal recognition, whereas the others entities have different types of status as inanimate objects, be they digital or real world assets represented in digital form.) Much research has been done here. And some work; such as the News Provenance Project, and the Deep Trust Alliance work on pushing solutions. Even the World Economic Forum was talking about this issue back in 2017! And yet here we are with no real solutions. Here’s a paper from OriginTrail called Verifiable Internet for Artificial Intelligence: The Convergence of Crypto, Internet and AI. It’s an interesting provenance concept for content. Next, we have a list of potential defense mechanisms for various deepfake surface areas, at Making Sense of Blockchain for AI Deepfakes Technology. What they all have in common is they’re still mostly academic. Maybe one large publisher, Fox Corporation, is actually trying something using Polygon’s Power Verify protocol. This may help with provenance going down an AI ingestion type chain. At least it’s a real step forward.
Great. There’s Options. When Will This Be All Fixed?
So much research. So many startups chasing these ideas. So few deployments.
Is blockchain ID ready?
No. It’s still a mess. Even where solutions may work, the marketplace doesn’t understand them. Few have identity wallets; though this is growing in spite of their not being much to do with them. Though there are some government deployments of digital IDs, mostly for digital driver’s licenses, and some efforts to move this forward, there seems to be an even greater push elsewhere. But not many merchants or content producers use such things yet.
Will any of these solutions come soon?
Depends what you call “soon.” I’m going to stick my neck out a bit into the prediction space and say we won’t start to see mass consumer adoption for perhaps 2 – 5 more years. One exception might be acceleration if something tragically bad occurs; whatever that may be. Alternatively, this predication – along with a good part of the industry – gets blown out of the water if non-blockchain based digital IDs take hold and offer other types of secure verification. There is a real and growing marketplace problem. And we do have a tech race. Anyone recall the Blu-ray vs. High Def disc format war? (Possibly the last physical format for data debate we’ll ever see.)
Why so long?
Short Answer: There’s apparently no real imperatIve. The identity crowd of blockchain fandom has been pushing solutions for years. However, outside decentralized finance and narrow use cases in logistics and healthcare, much of blockchain technology seems to be solutions waiting for problems. It’ll probably take more pain before solutions seem less costly than absorbing fraud. The energy in tech went quickly from AR/VR to Metaverse to Blockchain and then to AI, while blockchain has been left to simmer in the pot. Overcoming obstacles to next steps is part technical, but as much or more behavioral, with the latter being the more problematic. There’s value to be had, just not enough to overcome the status quo.
There is movement on the corporate side. We have seen “Identity” as a problem space ecosystem take off over the past handful of years driven by increasing demand for secure, efficient, and compliant digital interactions. Per Grand View Research, the global identity verification market was valued at $9.87 billion in 2022, growing at 16.7% from 2023 to 2030, reaching nearly $33.93 billion by 2030. Financial services and retail sectors are leading, motivated by needs to enhance security and prevent fraud. The rise of online and mobile banking, digital payments, and e-commerce may accelerate deployment of digital identity solutions to protect customer data and simplify authentication processes.
But you don’t necessarily need blockchain digital identity solutions for many of these use cases. For example, we have things like id.me, claiming over 130 million members, primarily used for government benefit access and discounts for verified populations such as fire, EMS, military, and so on. (I’ve used this for years, no blockchain required.) There’s minor effort to sign up for such services, no complicated ID wallets required. New solutions to cover more problem areas have to do more than just work. They have to be this easy to understand, get onboard, and use.
Again… Identity Isn’t Just About People
Things have identity as well. Some things might be digital art. (You may have heard of Non-Fungible Tokens, (NFTs), which really aren’t art, and NFTs can be used for other things, but… that’s another story.) Places have identity. Pharmaceutical packages we don’t want counterfeited have identity. Basically, any noun can have an identity that we want to be secure. Even back in 2018, per IoT Analytics, there were 7B devices connected to the internet. And now we’re closer to 18.8B in 2024. (See State of IoT 2024.)
An Inconvenient Use Case
While blockchain tech may be interesting in and of itself, a lot of the promise for it has been as much philosophical as it’s been a belief in practical product ideas. “Own your identity,” “decentralized and permissionless is better,” “financial inclusion,” and more. None of these high-minded ideals have ignited markets. It could be the forcing function to trigger a behavior change in blockchain adoption will be something much more prosaic. Like simple fraud.
If you’re in the blockchain identity space, your attitude is likely a combination of “all this fraud is terrible” for your public face. While you turn and smile because “I have some solutions to sell you” is the other side. An increase in AI fraud might be the thing that pushes blockchain identity to finally achieve marketplace adoption in multiple areas; government, commercial and consumer. It may be sad that the reason for it likely won’t be because people have learned enough that they want to. It will more likely be because we’ve been hurt badly enough – or at high enough risk, that we have to.
My suggestion, for all of us, is to re-visit blockchain solutions to see if any can be applied to what we’re doing if we have fraud risk exposure. It might be challenging to go first for all manner of reasons. I suppose we’ll see just how much more pain we’re willing to collectively take before taking real action.