Digital certification platform MyID.is is taking a crack at offering a way for people to claim their real identity online, in order to be able to prevent ID theft and to verify content they publish on their blogs, social networking accounts, photo & video sharing sites, and so on.
Additionally, the site offers (yet another) way to manage your online identity and doubles as a certified OpenID provider. The site has been in alpha testing for the past 8 months and as of yesterday entered into public beta.
This is how it works: you register for a MyID.is Certified account on the website, and enter your personal details, which are later verified by the team (I’ll get to the issues with this later). They do this by cross-checking the name you submitted with the one on your credit card – they’ll charge a fee between $2 and $5 to verify that it is yours, similar to how Google checks your credit card details for an AdSense account – and by sending a 6-digit code to your postal address which you have to enter to verify your identity on their platform. Other than the small setup fee, the service is free of charge.
You get a dedicated MyID.is URL, which looks like this: http://myid.is/charles.nouyrit.id (this is the one of founder and CEO Charles Nouÿrit) and you get some badges which you can place on your blog or social networking profile to show that your identity has been verified by the company (example). The platform also features a number of custom widgets, offering ‘endless possibilities’ to spread your online ID.
It’s an ambitious project, and it’s always nice to see such an initiative coming from Europe.
But the elephant in the room is of course the fact that MyID.is facing the humongous issue of having to convince people to effectively trust them with their private data, credit card details and physical address included (which they explicitly promise never to sell, evidently). I’m sure there are security measures in place, and Nouÿrit says they don’t keep the confidential information and never even gain access to it as it passes through to a sophisticated banking system, but that is really besides the point.
People are still going to need to feel confident about signing up for the service, and I’m not sure how a tiny company based in London is going to be able to reach that level of trust worldwide. Nouÿrit counters by pointing to the fact PayPal needed a couple of years to be widely accepted too, which is a good point but not exactly a wildcard for MyID.is.
There doesn’t seem to be a lot of competition for verifying your online identity across the globe, and the solutions we could dig up were fairly expensive. In the U.S., there’s Trufina and BeenVerified.com, and in Finland there’s something like NorthID.com (also see BankID in Sweden).
How do you feel about the concept behind MyID.is Certified?
Like a social security number for the web?
Better than that.
It’s as if we met in real life with your ID card and we validate that’s a real one and it matches with you.
There is too many social security number theft to be a trustable solution.
But I think it would take time…OpenID is still the most preferred way for online Identity check.
http://www.smartbloggerz.com
I just read quickly, but why would i enter my Creditcard number on this website?
Well, I think as the web is now in it’s twenty’s and we all remember how bad our teenage years were, let alone getting to our twenty’s!
We will start to see this channel mature. To say that this is the solution (Myid.Is) I am not sure but I like the idea.
And, I am pretty sure as the web evolves further that this type of verification will become almost like a drivers license for the web.
I know there will always be issues about trust and criminals but this has in society always been managed to a tolerable limit and in business you normally manage to the 99% of customers that don’t want to break you or bust your balls.
I guess the issue here is the technology platform of the web itself is so ‘threadbare’.
With the evolution of yet another Internet 2.0 and the managing of consumer versus business vs military data we may have to have this type of capability just to get into the access point… in William Gibson kind of way the meshing of humans and tech… so bit random but hey my 5 cents.
Cheers guys (by the way I am not an IT guy – duh huh!)
Congrats to Charles for having been able to carry on this project from idea to reality against all odds. I think it is good timing also, as the identity issue becomes mainstream with the fight between the FB Connect silo and the Open Stack. Let’s see how the service gains acceptance.
I wonder if there’s plans for an API? Getting sites like Twitter to tie in with such a service through their APIs (granted a big ask and would require a lot of traction first) could provide application developers with the ability to identify genuine/unique users. Pretty powerful when it comes to things like reducing spam or running polls.
I don’t know if MyID.is will be the company that does it but I firmly believe someone will ultimately be responsible for validating and holding personal information online. It will probably take a little time for people to get comfortable with turning over all of that info, but ultimately, I think it will happen.
Any bets as to when the first security breach for this company breaks in the news? I like the concept, but this is a red blanket waving in the face of security hackers.
I don’t need this service at day one/minute one. I’ll wait for the bugs to shake out. But at this price point, I’ll be along… eventually.
The basic idea is good. But trust and security will be a major issue. On the other hand I can see this company being picked up by a larger company with the services integrated into some sort of larger id management system.
That is not a bad idea. But what are you going to do if your online identity is already taken/hi-jacked? I am not talking about authenticated names but rather a brand names and identity tokens. How do you know that it is used or not? Maybe you want to avoid identity confusion as a first step prior to myid certification.
There is a neat tool that allows you to check identity presence on popular web destination.
http://webidenter.com
Robin, you nail it!
Does anybody really expect me to give my credit card details to a company, that doesn’t even have a physical contact adress on its website?
You tell us that they are based in London, but can anyone else get this information from their site?
What kind of corporation is this at all? What national rights do they operate under? Why don’t they make this transparent before asking me for my data and my money?
Myid.is tries to keep totally anonymous – no names of persons who are responsible for business, technical or privacy issues. This makes them abolutely NOT trustworthy.
If today was the 1st of April already, I would think this is a bad joke. Please do your homework Myid.is or get out of business.
I really hope we won’t see bad news affecting the growing OpenID community from this kind of “making money”.
Agreed.
Resoundingly Agreed.
Agreed! I wasn’t born long ago, but it wasn’t yesterday! Why should I trust them with such important and sensitive information?
-Timothy
Banks and institutions in Sweden went together a couple of years ago to create something like this.
It’s called BankID and we use it for everything from accessing governmental docs to starting companies, borrowing money and paying tax. As of current BankID claims to have 1,5 million users.
More info on:
http://www.bank...What-is-BankID/
Interesting, adding it to the post. National initiative though (we have something similar in Belgium too called eID), MyID.is wants to be a global solution.
Because everyone trusts banks.
Not only I fully agree with Thomas, but for now I don’t feel neither the need for this service nor to pay for it.
Had this idea year’s ago, and trust and security were always going to be the big hurdles.
My idea at the time was to have it administered by banks and post offices. You would physically have to go into a bank branch/post office with your passport or birth certificate and other documents to be determined and have them validate you.
Sounds like that’s how they’re doing it in Sweden, and, sorry MyID.is, I think that’s how it should be done other places. Good name, though.
This is exactly how it works without the hassle to go to the post office and with the same trustability
WTF is a “certified OpenID provider?”
Anybody can have an OpenID under any name, at MyID.is Certified we provide you with an openID under your real name, that’s why we call it Certified OpenID
That someone thinks this will fly in the long run is ridiculous. This really should be administered by some sort of Government org like the social security branches etc. Or passport office related entities. Some people might feel fine doing the check with credit card etc….but overall, being stuck with a private entity and the sort of vendor lock-in that implies, dooms the concept from ever being really taken seriously from the get go.
It’s going to take quantum computing for an un-crackable online ID to be possible.
Anything else is a: FAIL
Just thinking out loud here.
So what happens when hackers keylog or phish someone’s MyID password (which certainly will happen), then claims all sorts of illegal or just obscene things in his name? Sounds like a nice “certified” way to cause someone a lot of grief, and the victim has even lost the plausible “it wasn’t me” deniability.
And to compare this company to PayPal is fairly fallacious. PayPal was useful before it was fully trusted (some would say we’re still not there yet). This thing has to be fully trusted before it becomes useful. Which it isn’t and may never be. And I don’t see any network effects going on here like what PayPal had.
Nouÿrit? WTF is ÿ?
Well, even if you try it, the ‘beta’ label still applies, and I’ve just paid the $5.49USD to prove it.
They charge a random amount to your card, then you have to enter it. Google and Paypal and others do this, but tend to have it be something under $1 – even two charges under $1 is OK. Up to 5 euros!? That’s a bit much, but I was feeling curious, so I tried it.
Charge is showing in my bank as $5.49. But I have to enter it in euros. I’ve no idea what they charged in euros, only what my bank decided was to charge me as an exchange rate. I did a search and found *a* current exchange rate pegs it as 4.05 euros, but entering that failed. You only get 3 attempts, and I’ve used one already.
This is really a bad failure on their part. For something that’s been in development for 8 months, I’d have thought someone would have anticipated dealing with the US market more than this.
Apparently they *do* know about it (from their getsatisfaction feedback page) from a month ago, but haven’t fixed or addressed it. Even something on the page saying “US residents please do XYZ” would be useful, but it’s not there. I wonder if the ‘physical address confirmation’ step will even be able to deal with non European addresses.
Hello Michael,
As it’s said on the website, we’re still in Beta that means some glitch may occur.
Unfortunatly some bank do not give to their customers the exact amount charge in a foreign currency.
But as of today we made deals with more than 700 banks worldwide to have our system working in 99% of the case.
A simple email to our support team will have solved your problem in a glitch
I’ll get them to contact you immediatly
Regards
Charles Nouÿrit
CEO at MyID.is
Good to see your response, Charles. But there are over 5000 banks and over 3000 credit unions in the U.S. alone. Even Quicken doesn’t have deals with all these, never mind the rest of the banks in the world. You will absolutely get killed on support costs this way if MyID ever takes off. What you need to do is not use a random charge amount, but embed the random value in the ID of the payee, like “MyID1234″ and have your users enter the random digits after “MyID”. You credit card processor should have support for this. And if you do that, you can also label the charge as a payment for the service, which it is.
Agree with you on that point Bob, unfortunatly this is not so simple, Paypal had to open a bank account in almost every country to do so.
But we will do so as soon as we have enougth funding to deploy that solution that we tryed to do in first place.
And of course we have deal with all the major banks worldwide.
Thank you. I got the number from someone at myid.is a few minutes ago. Having some text on that main dashboard would help others who may have the same problem, even if it’s only during your beta phase.
I have had the same difficulties with converting from dollars to euros. Sent a message via the contact us form a few days ago, but no response. Is there an email address I can write to?
That’s a pretty bad bug. And it’s only discovered a month ago? Currency conversion is not exactly a new thing. I have to wonder, if they haven’t thought this relatively obvious and simple issue through, what other oversights are lurking?
And the charge is high. If you only get three attempts to verify anyway, there’s no reason to have such a big range of charges. Like you said, most places charge small amounts and do it twice if they feel that’s necessary. Or they just authorize the charge without finalizing the transaction. I’m guessing MyID is doing it more for revenue reasons than for security. I don’t mind paying for something if it’s useful, but payments should be labeled as payments and not be buried inside a feature.
Thank You..
http://axees.ea....clickbank.net/
This system simply changes the trust from one place to another completely unknown place. There is absolutely NO way I will ever trust a system like this.
Designed by FAIL
As pointed out, why would I pay some strange company to prove who I am on the web for some nebulous purpose? And what happens when someone hacks my password to my MyID account? Tenuous usability in my mind, right now anyway.
Can anyone explain to me why a rather dumb image is making stuff “certified”?
Fail. not chance this will be accepted.
@bob: same question here. too easy to impersonate. horrible design.
The “strange company” complaint everybody seems to have is one of the biggest problems with this service. (The other one is finding sites that will actually use it.)
Paying $5 to verify one’s name/phone/address isn’t a horrible idea, though. It could be a useful (and maybe even money-making) add-on service for social networks. I’d pay Twitter five bucks (once, not as a subscription) to put a “Yes, we’re sure his name is Michael Bauser” label on my profile page, and I’m not even famous.
Hmm, it appears from their TOS that MyID.is is actually a brand name of “Todeka, Ltd” which means they a UK Limited Company and hence under “The Companies (Trading Disclosures) Regulations 2008″ they need to provide their
* company name
* the part of the United Kingdom in which the company is registered
* the company’s registered number
* the address of the company’s registered office
available on their website. Not doing so is a breach of the law [ http://www.opsi...i_20080495_en_1 ]… I hope they correct that soon!
@Facebook User. I think it’s only a breach when they start taking money.
They are taking money to verify your signup (horrible, but true). Already noticed a guy “breaking” the badge here: http://menno.b1...id-is-fail.html
The badge is not “broken” he just copy and past it…
Their is no link back to his myID profile nor the blog appears on the profile.
How secure is a badge if you can “just copy and past it” ? Why use the fancy codes in there, when all you need is a copy?
Well I guess that it could be very useful for someone suffering from amnesia. In this case 5 bucks is not too much!!!
Anyway I wish all my best to this new venture coming from Europe.
“You will also need a credit card with the same name that you are certifying. We will charge you only once a random certification fee between €2 and €5.”
Sums up everything. Random.
This is more of an ad for the company, not happy.
It’s random so you could only know what the amount is, part of the verification process by making sure it’s actually your credit card.
For the US market, you should also have mentioned Honesty Online (http://www.honestyonline.com/). We verify identity using KBA (knowledge-based authentication) and also can do criminal background checks and employment/education verification. You can put your identity credential on your Facebook profile or personal web page. We offer an API to websites (such as online dating, employment, or social networking sites) where there’s value in knowing that the other person is who s/he claims to be. Perhaps most important, our simple sign-up process doesn’t require you to jump through any out-of-band hoops to check your credit card statement, wait for international snail mail, etc.
Larry Cynkin
CTO, Honesty Online
THIS IS RACIST !!!!!!!!!!!!!!!!!
lol
i learned in “diversity training” that if and when you can think of nothing useful to say, alleging racism fills the void.
If only we ran out of reasons to bash this horrific fake security system…
The need for a “validated” identity has been of interest since the early days of Internet commerce. I still expect this to mature at SOME point in the future. The concept is good. Security is required. Convenience is essential and VALUE to the customer is the key to success.
This is not a technology issue. Problem lies with business relationships between the relying parties. How do you “certify” to another party something? Who is liable? How do you make money on this?
There are some potential interesting “bundles” of features that may be appealing to end users. I’ve worked on a few
Would love to see movement in this area. Very interesting, good luck! Let us know how “acceptance” materializes.
Louie
I look at this as a paid version of what http://claimid.com/ has been doing for years. It could be useful but only if the verification process actually carries enough weight with someone to make a difference.
For right now, I think I will stick with the free version.
Hi Charles,
First of all goodluck with this venture. The only problem I see it would be very very hard to get people to signup for your service, since they have to pay.
It will be nice if it is a free service ,other than that everthing about this service is nice which safeguards our identity online.
The internet is not a Country. Companies and governments need to stop trying to Police the Internet except when it comes to Pedophiles and Myspace Sex-Offenders. Where is the Civil Liberty & Freedom ?
On the internet, nobody knows you are a monkey.Let keep it that way.
Very well-written post!!! Please check out my site as well at http://macmaniapodcast.com
Once I saw that they use a .is TLD, they completely lost all credibility in my eyes. What is .is?
Hi JF ! Is that really you who wrote this comment ? Bad…
2/5€ and maybe a whooping 1000 person in the worl.I mean, online, willing to pay/really needing this.
Where’s the market ?…
How non-serious is that pricing ?…
with the rise of identity theft, there is a huge demand in new innovative services to make sure that your online identity is safe. the myID idea is good in theory, but ur right, why would you give away all your important information to some site that just came out of nowhere? how safe is my information with them? i could be setting myself up. but before anyone signs up for myID service, take a look at JustAskGemalto’s/A> tips/information on identity theft and internet security. its good to be aware of these issues before blindly signing up for a service like myID.