Mydex

People rightly get steamed up about welfare benefit fraud which wastes money, is an injustice and a crime. The temptation is strong, for people like Lancs CC leader Geoff Driver to announce more snooping and surveillance on individuals, and to use coercive language like “stamp it out”.

The better alternative is to help people become more trustworthy and to prove that trustworthiness. Individuals who manage their data efficiently, can prove its accuracy where necessary, and can control how it is shared are able to enjoy healthier, more mutually productive relationships with organisations.

That’s the nub of Mydex’ response to government enquiries into this difficult topic. See condensed version below.

The conventional approach to fraud reduction draws on ever greater data gathering and data sharing by and between external organisations about the individual. Despite this the fraud problem remains serious. DWP and councils are under pressure to do better but essentially by doing more of the same.

But profiling by external parties and data sharing without consent are controversial. Unless it can be proved to be proportionate and based in law, or based on explicit and informed consent, data gathering and data sharing is of questionable legality under Europe’s human rights and data protection laws. Furthermore, there are practical limits to the effectiveness of a solely organisation-centric model of sharing personal data, which may already have been reached.

What is the role of trust as government rethinks and redesigns the benefits system?

If govenment wants people to change attitudes and behaviours it may be counterproductive to start by announcing it will engage private-sector bounty-hunters to do more ‘snooping’ on them. Setting a higher hurdle for how people prove their circumstance, on the other hand, might be acceptable if the reasoning is explained.

Mydex can support the latter approach. Mydex allows individuals (in this case, the claimants) to manage their personal data more effectively and to acquire and demonstrate trust, with independent validation of their claims. This places the wholesale flow of personal data on an entirely more rational, logical footing.

Benefits include convenience for the client, lower costs and less time spent making and proving claims, and the cost savings from better, cleaner customer data.

Customer relationships – including the increasingly important online relationships – can once again be based on a proper foundation of trust.

The obvious “must try harder” path forward for DWP is to add more intrusive external surveillance to check people’s claims and status. This path may yield further results, but pursuing it hard brings risks of further alienation and is likely to aggravate the sorts of concerns which have already been publicly raised by the Information Commissioner.

A powerful supplement or alternative would be to add to the public service’s data sources an ecosystem of «volunteered personal information» (VPI). This means DWP or the council receiving flows of personal data, in some cases backed by independently verified claims, submitted by the user.

We believe Mydex will be the world’s first platform to make this generally available.

A suitable personal data store such as Mydex brings new options for strengthening key areas of weakness in the current modus operandi. For example, change of address is a key and well known point of weakness, where the verification options don’t work well. Credit bureaux are the last in the chain to know at present, yet are asked to play a vital role in fraud reduction services. Likewise, no current option handles the realities of relationships, dependencies and power of attorney well; they are too far removed from the source data to do so.
Mydex can invoke verification points/ data not in the current mix, eg for change of address the estate agent, the solicitor, the council/ electoral roll, the bank, «my neighbours», «where my phone says I am at night» etc.

The cumulative effect of many individual PDSs and a rich market of authentications services can be described as an individual-centric “trust framework”. This would re-invent how identity assurance works. It’s likely to entail a reinvention of the organisation-centric “zero to three” identity assurance levels as an educational/enabling tool for the individual. But the greater the uptake, the greater the impact. This means it would be entirely rational for governments and organisations to incentivise non-PDS users to start using them (like online billing now, but with
bigger incentives).

We believe the main impact of Mydex is make trusted relationships easier online.

But what about the deliberate fraudster? This needs more detailed and expert work and analysis. But a network of suitably capable personal data stores (PDS) will provide stronger end-user online identification than anything available today. They will set the bar much higher than today’s way of doing things, ultimately making deliberate fraud a less attractive option than at present.

Practical deployment of a fast-growing range of authentication proofs by the individual will be convenient and cost-effective, and will rapidly surpass offline identification in effectiveness. It’s a great deal easier to fake several paper documents than to forge a whole set of electronic credentials combined with a history of relationships.

A network of personal data services such as Mydex offers relying parties such as welfare service providers a new source of reputational meta-data. Because it is controlled by the individual, flexible and extensible it is likely to become a better source of information than many others. . The individual is likely to know about a change of address months in advance. Once it has happened they may inform the council, and the electoral roll is
updated. Organisations that have not taken the trouble to develop a direct relationship with the customer will find they’re be at the back of the queue.

For reasons of service quality as well as fraud detection welfare providers need to be at the front. They must pick this sort of information up as early as possible. It is already hard (but not impossible) convincingly to spoof a detailed presence on a platform such as Facebook today. Although Facebook is totally open and unverified, and one can open a fake account, creating a credible history would require inventing an entire life story and an entire extended network of “friends”.

It will be far harder still to spoof a legitimate PDS which combines access to a host of strong authentication services with the peer-to-peer qualities of a social networks. (The social-network aspect of a PDS ecosystem can be thought of as an imminent and transformative series of totally-permissioned Facebooks or messaging services, without the need for a Facebook in the middle.)

The Mydex personal data store is highly capable as a filter/router of intelligent notification of potentially fraudulent transactions. This addresses the “false positives” problem created by existing systems (which cry wolf too often, or – to mix metaphors – create ever more and ever larger haystacks).

Players such as the US Merchant Risk Council strongly support the suggestion that the combination of user-centric and privacy-protecting identity credentials (in particular Information Cards), an appropriate trust framework, and a personal data store network could deliver a huge breakthrough in online fraud reduction.

Mydex and other PDS providers would provide a robust and verifiable platform that lets customers or claimants
• manage their data
• share it in a controlled way (selective disclosure)
• invite the interoperation of authentication services and relying parties
• accumulate trust.

An individual might present proof of uniqueness, of residence, of marriage, of employment or termination of employment, of disability.

Organisations have decades of investment in customer systems. But the online world desperately lacks real interoperability and trust.

Personal data stores such as Mydex are built on the belief that the only logical and feasible place to redress this is around the user. This can be argued technically (in terms of user-centric identity) legally (in terms of human rights and data protection law) and in terms of logistics (for more on this see Mydex White Paper).

Person-centric and organisation-centric approaches to personal data flows are not an either-or. Calling for a person-centric model is not a call for anarchy. Rather, it is the formal construction of the other half of the bridge we need for information to flow in an orderly, structured and scalable way between the individual and an organisation offering welfare. It’s the somewhat overdue and entirely necessary construction of tools on the side of the individual to complement those that organisations already have, to allow trusted transactions which underpin healthy relationships.

In some respects the current modus operandi is like deploying an electronic data inerchange (EDI) system but only kitting out one of the interface participants.

How much money would this save? To calculate this will require an equation or model to include:
• Average volume of data fields held
• Number of departments / functions / agencies holding data
• Cost per person for maintaining data
• Estimate of the sparsity of data held
• Estimate of accuracy of data held
• Frequency of update required
• “Cost per missing/inaccurate field” for certain types of field
• Total estimate of volume of incidents of fraud
• Estimate of % of population likely to be able to prove themselves broadly trustworthy
• Average cost to public purse for incidents of fraud
• Cost of investigating fraud
• Current costs of fraud prevention services

Just how well this approach works will depend on the type of fraud and nature of false assertions (e.g. deception about circumstances of varying sorts, or about identity itself). This approach will be very effective when people invite their welfare provider into their lives, or in seeing how people relate to others. But it does not support covert intrusion into people’s lives. For example, it could be powerful in spotting inconsistencies in what people say about
relationships. But only the individuals involved know the reality inside the relationship.

Redesign of the benefits system and related processes takes precedence. The role of an ecosystem of trust based around individuals falls inside the question of whether the welfare system can be designed in a way that eliminates fraud far more effectively, removing counterproductive incentives etc.

These are wider, more fundamental issues in which Mydex or other PDS/VRM players would not yet claims any special expertise. That said, any system and process re-design for the 21st century must recognise that the individual will be a much better equipped participant than they are at p
resent.

Accrual of the benefits to government depend on a “network effect” of which the public-sector welfare provider is just one part.

A personal data store like Mydex is an essential part of the initial conditions to make this new eco-system possible.

Mydex is one butterfly whose flapping wings might prevent the tornado. There are other of course other butterflies.

This entry was posted on Thursday, September 23rd, 2010 at 4:00 am and is filed under Examples, PublicSector. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.