No, quite the opposite. EasyID helps to protect you from identity fraud in two ways.
- How we share information
Think about a time when you've used your driving licence to prove your identity. Perhaps someone just wanted to confirm your age. But instead of showing just that information, you actually show them all the information on your driving license, including your name, address, signature and driving licence number.
We believe in abiding by data minimisation principles, which means we encourage businesses to only ask you for the data they actually need, and nothing else. That's why we allow you to choose whether to share the information a third party is requesting, and why we allow websites and stores to, for example, just request the fact that you’re over a certain age.
- Data storage
Traditionally, companies would collect lots of customer information and put it in one place (often not encrypted). This made it vulnerable to cyber criminals – if they ‘hacked’ the database then they were able to access every customer’s data
EasyID has been carefully designed so it doesn’t work like that. As well as global encryption across the entire database, each item of an individual’s data is encrypted with its own unique encryption key, part of which is stored on that individual’s phone.
Think of it like a bank vault, with deposit boxes inside. Each shareable item of your data is locked in its own individual deposit box (each randomly placed around the vault, and can’t be located or opened without your key). In EasyID’s system, even if hackers broke into the vault, they still wouldn’t be able to open all the individual deposit boxes – they would need the keys from every user’s phone.
Carrying the analogy further, it’s worth pointing out that even we at Post Office and Yoti don’t have the keys to any of the individual deposit boxes inside our vault, nor do we know the random locations of each user’s boxes: only you can find and unlock your own boxes, with the key on your own phone.