What's a Better Unique Identifier?

When people banked, shopped, and communicated in person, identifying someone was pretty simple. Do they look like the picture on their driver’s license? It’s probably them. Not so much today.

In today’s digital economy, if people can avoid being physically present, they will. Yet they’re doing the same identity-dependent transactions they were before the advent of the Internet. Identity verification online has become absolutely necessary to facilitate all sorts of online activities but In order to know someone is who they say they are online, you need a unique identifier—preferably, one that cannot be easily stolen or copied.

In the U.S., the social security number (SSN) is considered the “gold standard” of identification. SSNs have the benefit of being close to universal in the U.S. Unfortunately, people have been duping SSN-dependent ID systems since long before the advent of computers, and it continues today–perhaps made easier by regular data breaches that expose personal information. Just a couple of months ago, hackers stole personal data including up to 80 million SSNs from the nation’s second-largest health insurer.

One of the most common identity verification methods in use today is the email address and password. Unlike the SSN, there are two authentication factors, adding a small measure of additional security. However, pretending to be someone else via email could not be easier. All you need is a domain name and an email server or one of the thousands of services allowing email addresses to be created for free with little or no identity verification. Moreover, to gain access to someone’s email account, you just need their password.

Social media services have also tried to become the online identity provider of choice. However, despite their best efforts, fake profiles continue to proliferate, social media sites suffer from the same shortcomings as email (lax identify verification and reliance on a password), and it’s unlikely that your bank will let you log in with your Twitter account any time soon.

Yet there is another option, the mobile phone number – an already very well-established and more secure approach to unified identity verification.

According to a study by the International Telecommunication Union (the United Nations agency for information and communication technologies), the number of mobile-cellular subscriptions is getting close to the number of human beings on planet Earth, reaching 7 billion by the end of 2014.

Individuals must pay for mobile phone service and devices, meaning they must verify their identity for their monthly bill. It’s much more expensive and difficult to fake a mobile carrier account than an email address. Even prepaid phones must at least be paid for, unlike email addresses or social media accounts.

A mobile phone number is also tied to a live phone, which provides living verification that an identity hasn’t been stolen. As long as your phone rings, you know that your identity is intact. It’s a form of identity you don’t have to hide, because it’s physically connected to you.

The connection between the mobile number and the mobile device means phones provide an easy way of implementing multi-factor authentication. As individuals increasingly use mobile devices and apps for managing their digital lives, the mobile number can become a single sign-on verification method as with Twitter’s Digits service, which verifies the holder of the phone using SMS and then lets the user access apps without signing in again as long as their SIM card does not change.

The mobile phone number isn’t a perfect solution. Phones can be stolen and mobile numbers can be spoofed to fool caller ID systems. Hackers and fraudsters will always find ways around any barrier. However, mobile numbers raise that barrier higher than other identity verification methods currently in use. The fact that the mobile number is tied to a physical device and a recurring, paid service—combined with near-universal global adoption of cellular phones—points the way toward a future in which the mobile number is the digital identity proxy of choice. It’s the best of physical and digital identity combined.

A condensed version of this article appeared as “Whose line is it, anyway?” on MediaPost last week.