7DIG: Identity Trust Matrix

Filed under: Innovation,Risk,Security — lenand @ 2:49 pm
Tags: ,

Here is a suggestion for a visual chart that will help people to understand risk they are taking in electronic transaction between a customers and suppliers of goods or services.  How much should a supplier trust a potential customer? – and vice versa?

Trust Matrix

 Identity Trust Matrix

Suppliers look at the vertical axis and decide how much value is at risk if the customer avoids paying for what is delivered – whether by deliberate fraud or by accident.  In other words, what level of trust can be placed in customers’ electronic credentials?

Customers look the horizontal axis to gauge whether the Trust Level of a credential is sufficient to meet the value of potential purchases.

Each transaction is given a Trust Index with a calculated value from 0 to 100.  These are split into three ranges of high, medium and low risk – from a supplier’s perspective.

  • RAG         Risk                 Trust Index  Proceed?
  • Red          High Risk           10-100       Unwise to proceed
  • Amber      Medium Risk      2.5-10        Proceed with caution
  • Green       Low Risk              <2.5         Sufficient eID to proceed

The amber area of the matrix is where the reputation of each party should be considered in addition to the trust level.  What is the trading history of both customer and supplier? Ebay traders understand this principle.

Clearly, the matrix depends on the agreement of Trust Levels of credentials.  Quarkside has not developed a firm proposal, but here are some starting suggestions for four ranges (with maximum low risk value):

  • 1         (£10)         Username and password.
  • 2,3      (£100)       Additional personal secrets;
  • 4-6      (£1000)     Documentary evidence of identity, such as banks’ “Know Your Customer” requirements.  Inclusion of credit agency data.  Face to face interviews by the enrolment agency may be needed. Sufficient to obtain a passport;
  • 7-10     (£10,000)  Biometrics necessary to complete transactions.  The highest levels would have government security vetting and very strong protection against counterfeit credentials.

If this sparks any interest, suggestions to help definition of trust levels will be considered.  The background to the need for an Identity Trust Matrix will be the subject of future posts, following the 7DIG framework.



  1. […] sector agencies will need to dispense £billions with on-line transactions.  Something akin to an Identity Trust Matrix may be necessary, tailored to the specific needs of service providers such as schools and the NHS. […]

    Pingback by Cabinet Office eID follows Quarkside? « Quarkside — 14/06/2012 @ 12:40 pm | Reply

  2. […] suggestion for a process that sets financial trust levels based on the transaction values may not be all that crazy.  Could it have a significant impact on […]

    Pingback by LAs frozen out of IdAP « Quarkside — 21/11/2012 @ 12:04 am | Reply

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: