Fake university certificates have become a huge menace in India as job seekers opt for the easy path to employment. Online searches for the term 'fake certificates' throw up hundreds of results with 'diplomas' being offered for ₹12,000 to ₹30,000. The number of “mills” which create and sell forged certificates is growing day by day. This malpractice leads to real risks in everyday life and business transactions - leading to loss of reputation, loss of opportunities and sometimes even loss of life as quacks with forged medical degrees end up treating patients. Paper based records or even digital records which cannot be easily verified enable this malpractice and make it hard for regulators to control such misuse.
India is a pioneer in creating Digital Public Infrastructure (DPI) for identity and payments. Can we take the DPI approach and build systems that enable trusted data exchange between parties? Whether it is students sharing their transcripts and certificates in order to seek a seat for higher education, or a customer for a bank loan who adds documents like payslips, work experience and such, we present and verify documents hundreds of times a year. These examples highlight the need to enable a data exchange system which relies on verifiable datasets which are managed by the individuals.
This sense of convenience, data portability and security is offered by the Verifiable Credentials (VC) specification from the World Wide Web Consortium (W3C). The VCs allow for selective sharing of information while ensuring that a bridge of digital trust is created between the holder and seeker of data. This model also helps incubate a higher quality in the digital data economy by enabling reusability or repurposable data. Since VCs represent discrete sets of information, transaction flows such as responding to a form etc will no longer need typing information - a well known cause of erroneous data.
There are four key aspects to a secure data exchange model involving Verifiable Credentials. The issuer of the VC (in most, an organization); the intended recipient or holder of the VC; the verifier of the VC and a trust registry. The trust registry is a store of transactions which enables on demand verification and provenance of the data. Distributed Ledger Technologies (DLTs) and blockchains are well suited to be this trust registry which requires an immutable data store.
A well-designed model using VCs addresses three key needs of data governance - reducing the surface area for attack vectors focused on data breaches; ensuring better data modeling to reduce the need to package and transmit Personally Identifiable Information (PII) and selective disclosure of information leading to better control on data flow.
In the case of universities, the VC model can be adopted to issue “unfakeable certificates”. These can be verified by scanning using camera apps on mobile devices. The verifier of such documents can receive details about them while this entire flow is built around a notice and consent receipt flow involving the holder of the record.In the case of universities, VCs can be used to issue “unfakeable” certificates that can be easily verified by employers through an online mechanism, with the candidate’s consent.
With India launching new decentralized ecosystems like Digital Ecosystem for Skilling and Livelihood (DESH) and Open Network for Digital Commerce (ONDC), the need for VCs is expected to go up exponentially. In centralized e-commerce and skilling platforms, the platform provider creates systems that enable sellers and service providers to be rated. However, the reputations built by the users cannot be transferred from one platform to another. VCs are built for a decentralized world, and enable users to manage their data, certificates and credentials and share it with whomever they choose. In doing so, VCs provide an unprecedented level of convenience, privacy and control to users.
In an increasingly digital world, VCs will enable high quality authenticated data, thus reducing the cost of doing business and the liabilities associated with data processing workflows. Over the next few years fake certificates and fake documents could become harder to produce due to Verified Credentials.
Sankarshan Mukhopadhyay researches on Digital Public Goods and Services. He works at Dhiway on Community Engagement and Standards.