Heads up! In their next move toward assuming global control of digital financial systems, debt merchant Mastercard and monopolistic software vendor Microsoft have announced they are teaming up to help us all manage all our bank account logins and other online passwords by adding an extra service to their product lines: identity verification.
In a press release dated December 3, 2018, the two corporate giants revealed their “strategic collaboration to improve how people manage and use their digital identity.”
This sounds innocent enough on the surface, but already we know these two money-hungry companies are taking a long view of their opinion as to how the rest of us handle our online accounts.
Today, if you want to check your bank account balance from your computer or mobile device, you navigate to the login screen and enter your user id and password to gain entry to the protected site.
The site is password-protected because it stores enough of your personal information – name, address, phone numbers, email address, date of birth, social security number, and perhaps even family members – to create a fake you. That’s why creating a password that is complex (a mix of upper- and lowercase letters, numbers, and symbols) and hard to guess is so important.
Identify theft is rampant these days, according to LifeLock. In 2017, 16.7 million people felt the sting of identity theft. A total of $16.8 BILLION (with a ‘B’) was stolen.
To make sure that the person logging into a secured internet site is the real owner of a very sensitive account, such as when requesting a free annual credit report, the login process may require that additional identification questions be answered correctly on the first try. These questions can be surprisingly difficult: the company who holds your mortgage or the date you paid off an auto loan.
Some restricted websites display the strength of the password entered by the user. The weakest password of all time, in all the world, is – are you ready? – Password. True story. Don’t even think about using it.
Savvy online account holders set up unique passwords for each and every different login screen. While this is a Best Practice for computer users, keeping track of all those passwords can become challenging. After all, the #1 Worst Practice for computers users is writing down passwords and sticking them to a monitor or storing them in plain sight in an unlocked top drawer.
Enter Mastercard and Microsoft who are proposing that they act as an independent identity verification service for every account in the world. Businesses use identity verification services “to ensure that users or customers provide information that is associated with the identity of a real person.”
This next-level security service was spawned after the post-9/11 2001 Patriot Act clamped down on national money matters and international financial transactions. Insourcing or outsourcing client identity verification was designed to help companies comply with the new Anti-Money Laundering (AML) and Know Your Customer (KYC) rules.
AML and KYC laws train bank tellers to regard every depositor as a possible terrorist. It’s easy to tell when the staff at your local bank has just attended their required Patriot Act training: your photo ID will be severely scrutinized – is it really you?? – and so will you. The teller will be reluctant to hand over your money. (“Is it really you??”)
The fact that two international business leaders want to take charge of your passport number, your proof of address, driver’s license, user credentials, or other means to self-identify bodes ill.
Mastercard and Microsoft’s press release explains that they understand and want to ease our dependence on physical or digital proof that is currently being supplied to a “central party.” That would be your bank or its outsourced identity verification service. In their words:
“This dependence places a huge burden on individuals, who have to successfully remember hundreds of passwords for various identities and are increasingly being subjected to more complexity in proving their identity and managing their data.”
Their proposed solution is to “give people a secure, instant way to verify their digital identity with whomever they want, whenever they want.”
Ajay Bhalla is the President of Cyber and Intelligence Solutions at Mastercard. His justification for creating a single-key lock sounds reasonable enough at first glance:
“Today’s digital identity landscape is patchy, inconsistent and what works in one country often won’t work in another. We have an opportunity to establish a system that puts people first, giving them control of their identity data and where it is used. Working with Microsoft brings us one step closer to making a globally interoperable digital identity service a reality, and we look forward to sharing more very soon.”
These two global merchants want to have their hands in all the pies: financial services, commerce, government services, and digital services. Joy Chik is the Corporate Vice President of Identity at Microsoft. According to her:
“Digital identity is a cornerstone of how people live, work and play every day. We believe people should be in control of their digital identity and data, and we’re thrilled to first work with Mastercard to bring new decentralized identity innovations to life.”
In addition to “improving” identity verification and fraud prevention, the new online identity system could provide “identify inclusion” – which sounds a lot like “new customers.” Here’s the official explanation:
“More than 1 billion people, a majority of them women, children and refugees, are not officially recognized; a digital identity can improve their access to health, financial and social services.”
Critics of Microsoft and Mastercard’s master plan to master all our login transactions from one source – theirs – are comparing this scheme to China’s social credit score system.
Roberto Colauto, Managing Director DeepBlue Pharma, posted this warning on LinkedIn:
“China is currently implementing their Social Credit Score system similar to this which would combine all a citizen’s actions in order to rate them. In this case it is a company regulating the data but governments are used to forcing tech companies to hand over data.”
Another outspoken opponent to the new identification verification collaboration is Cale Guthrie Weissman who raised alarm bells after this tweet was published on December 3, 2018, by Mastercard News:
“Voting, driving, applying for a job, renting a home, getting married and boarding a plane: what do these all have in common? You need to prove your identity. In partnership with Microsoft, we are working to create universally-recognized digital identity.”
Weissman noted that the message “described every action an adult human takes that is both highly intimate and requires sharing personal and confidential details.” In other words, Mastercard and Microsoft propose to provide the services now provided by courthouses and other local, state, and federal organizations where we conduct the business of everyday life.
A counter-tweet on December 4 by a user identified only as Kilian summed up the conclusion shared by many observers who take a dim view of this Orwellian take-total-control power play:
“Euphemism for: Universal tracking of users.”
The fact that, when probed, Microsoft declined to comment further and Mastercard repeated the gist of their joint press release smacks of a white-wash job. This assurance came from Mastercard:
“The service will allow the data to sit with its rightful owner–the individual–and wouldn’t involve amassing personal data in honeypots vulnerable to attack. In no situation would Mastercard collect users’ identity data, share it or monitor their interactions. Instead, the data would reside with the trusted party, and our service would merely validate the information already provided, once an individual has decided to do so. This is about giving the individual control over who sees their information and how it’s used.”
Phrases like “in no situation” and “this is about giving the individual control” sound a lot like doublespeak. There will be “situations” – data breaches – and this isn’t about you or me. This is about control. Their control over us.