It’s more important than ever to have an interoperable and reusable verified digital identity that preserves privacy and provides security.
Online shopping has been sky-rocketing these past few years, with more people opting for this fast and effective way of obtaining goods. As a result, the need for secure transactions grew simultaneously with the need to protect our identity and personal information when making purchases online.
To find out more about the concept of identity theft and its dangers, we’ve interviewed a trusted transactions company’s Nuggets COO and Co-Founder, Seema Khinda Johnson.
Tell us about your story. How did Nuggets evolve from an idea to what it is today?
In 2015, someone used my husband Alastair’s credit card and data fraudulently. That kicked off a hugely frustrating process and showed us that no one really owns or controls their data. This was against the backdrop of data breaches, constant advice to change passwords, and a lack of any comprehensive solution to protecting data. Every day, customers’ data was being compromised.
Alastair and I decided this was a challenge for us. We set out to solve it and set up Nuggets in late 2016. Our mission is to help businesses protect their customer data and to give people control back over their data. We believe personal information should be owned and controlled by the person.
Can you tell us a little bit about your self-sovereign identity platform? What are the main issues it helps solve?
Right now, the world has a trust problem.
Trust in the system that supports our digital lives has been massively eroded. Whenever customers sign up, transact or access services online, they become vulnerable to fraud, security, and privacy issues. And businesses are just as exposed.
This is a huge problem – and it’s only getting bigger. Trust, privacy, and security are now the number one priority for consumers and businesses alike.
Even so, and despite hundreds of millions spent on cybersecurity, fraud detection, and prevention, the statistics on data breaches and fraud get worse every year.
And it’s only going to get more complicated.
Right now, our privacy and security rely on what we can remember (passwords) and what we have in our hands (devices). Not on the thing we can prove: our identity.
The biggest issue is that no one knows who’s actually behind the password or device. It might be you – or someone completely unknown. So they can’t truly be trusted. This is a huge risk for businesses.
What you need is a verified identity that’s reusable, portable, and transparent. An identity that allows you to prove who you are, enable access, and serve as a non-custodial cache for your digital assets.
Looking ahead, there will only be more transactions, more fraud, and more friction. So we need a new privacy paradigm. One that’s built for today and tomorrow. One that can easily transition from the meatspace to the metaverse.
The good news is, we’ve already built it. It’s Nuggets.
Nuggets is an interoperable trust solution that offers:
- Self-sovereign verified digital identity that is reusable, interoperable with a reputation that travels with you, for Web 2.0, 3, and the Metaverse.
- Trusted Payments - payments are tied to a verified identity.
- Personal Cloud Vault - each identity includes a personal digital cloud vault with verified credentials.
- Auditable Nuggets - thanks to our self-sovereign auditable nuggets, businesses no longer have to store PII data. You’re just granted access to data for regulatory and auditing purposes.
Which methods do you use to ensure strong identity verification without compromising the user experience?
The process for creating a verified SSI with Nuggets is simple. Once you’ve downloaded Nuggets, you do a one-time e-KYC process. You take a photo of a government-issued ID (like a passport or a driving license,) perform a moving likeness check, and you’re done.
Then all you have to do to use your Nuggets identity is choose the Nuggets option in a payment or verification process. It pings your mobile, and you verify your identity with biometrics. No more passwords!
In your opinion, what were the most serious cybersecurity challenges that emerged during the pandemic?
There are many new statistics around the pandemic’s impact on cybersecurity. That impact has been driven by various factors, new and old.
Having almost everyone working from home has exacerbated already serious vulnerabilities. These are the result of years of complacency around cybersecurity – like the ongoing use of usernames and passwords.
Working from home has also exposed more people to phishing scams. 47% of individuals fall for these scams while working at home.
There are some startling statistics from the pandemic period:
- Username and password breaches were up 450% in 2020, with 1.48 billion records breached.
- Unauthorized access was the most common type of breach for the third consecutive year in 2021 – accounting for 43% of all breaches.
- 34% of breaches targeted healthcare in 2021 – the most targeted sector of all, which also recorded the highest average cost per compromised record: $474.
- The tech sector paid the aggregate cost of recovery – a staggering $288 billion, with over 1.6 billion records stolen.
- The average cost of a breach in the US was $8.64 million. This was the highest in the world – up 5% from $8.19 million the year before.
- The number of time people spent online more than doubled, at more than seven hours per person per day.
You can read more about all these statistics in this recent Deloitte report.
As cybercrime rates are growing, which security measures should be implemented by every Internet user?
The onus shouldn't be on the individual to protect themselves. We should build products and services that make it impossible for an individual to leave themselves vulnerable.
Until then, everyone should:
- Run antivirus protection
- Keep up with cybersecurity awareness and briefing on best practices and procedures around private email addresses and/or cloud storage
- Be vigilant about phishing when receiving emails: check the authenticity of the sender’s address
- Ensure security of the home network: use a VPN at home and use other Wi-Fi-networks
What technologies will arise shortly as digital identity becomes an inseparable part of our lives?
Key Event Receipt Infrastructure (KERI) will definitely contribute to the technology behind digital identities. This enables self-certifying routes of trust, along with key pair rotation. It can also reduce the weight of traffic needed on blockchains. The key protection technique is even post-quantum proof.
You state that trust is key to growth in the digital age. Would you like to tell us more about your approach?
In the emerging world of global digital customers, it’s more important than ever to have an interoperable and reusable verified digital identity that preserves privacy and provides security.
Trusted transactions, where you know for sure who each party is, depend on verified digital identities at both ends. That’s what Nuggets delivers. And it doesn’t just offer proof of who you are and what you can access. It also serves as a non-custodial cache for all your virtual assets. So you can take them into any of the rapidly multiplying numbers of virtual realms.
Talking about the future, what achievements and challenges do you expect to see in the Web3 landscape in the upcoming years?
There’s a huge opportunity right now, and we don't want to keep repeating the same mistakes in cybersecurity.
The big target should be for individuals to truly own and control their data and assets. For the first time, this is actually achievable. And it will change everything from here on in.
The challenges to that goal come from organizations that have long made enormous amounts of money from using and abusing our personal data. The danger is, we allow them to corral us into an environment that supposedly protects us from those abuses but actually just lines us up to serve their economic ends.
Share with us, what’s next for Nuggets?
It’s as important as it is simple: we want to enable as many businesses as possible to fix fraud whilst safeguarding customer data. That changes everything.