The situation

Envisioning a strategy to become an industry-leading, next generation utility company is a complicated challenge.

What kind of strategy will take you to being a next-generation utility company? For AEP Ohio, a large electric utility company based in Columbus, this challenge began with a comprehensive review of their entire ecosystem and which identified their key pain points for innovation.

One of these key pain points is third-party fraud caused by unscrupulous third-party vendors. Their interaction with the AEP ecosystem frustrates customers, exposes data, and tarnishes AEP’s corporate reputation.

Because regulations require utility providers to allow access to power lines for third-party resellers, a flood of bad actors emerged in Ohio to game the system in their favor, by attracting customers with low teaser rates that soon skyrocket. At the same time, a portion of the consumer electricity bills still go to AEP as owners of the utility infrastructure. Customers receive big bills with AEP’s name on them even though they weren’t responsible for the price jumps. This contributes to increased call center volumes from frustrated customers.

Additionally, most utility customers don’t know they are giving away permission to access their consumption data when they sign up to a pitch from a third party reseller. If this access were made explicit, consumers would be more privacy aware, and the customer would have better understanding and control over how their data is used. Privacy protection would also reduce AEP’s data liability, reduce fraud, protect customers from fraud, and reduce call center volumes due to fewer complaints. If preferred and vetted third-party vendors had an identification method that customers could verify, the amount of overall fraud would decline.

“The answer to these problems is adding Zero Trust verifiable credentials to the ecosystem.”
—— Karl Kneis, IdRamp COO

A solution

To address the problem, AEP’s innovation team contacted IdRamp. A Zero Trust password-less ecosystem powered by verifiable credentials was proposed and approved for a pilot. The approach had many strengths. It was easy to implement and integrate with existing systems. No platform upgrades or business disruption was required. The solution was based on established industry standards to provide extensibility for future use cases. A small team of four had the private identity network, integrated credentials, and audit fabric up and running within a week. In early 2020, IdRamp ran a paid pilot with AEP employees to test the proposal.

Individual iPads were set up at AEP’s offices to represent credentials held by:

• A rogue vendor
• An AEP customer
• A vendor in good standing
• An AEP employee; and
• A utility regulator

After implementation of the Zero Trust ecosystem, consumers have the ability to verify trusted vendors and provide explicit consent over third party data requests. Verified vendors can then download approved utility data requests to aid their sales process.

This approach increases customer control, reduces AEP data liability, and prevents third-party vendors from collecting unnecessary personally identifying information. As a result, AEP customers are better educated consumers with more control over the ramifications of switching power providers. Due to the power of Oracle blockchain, AEP administrators now have the ability to conduct deep, granular auditing to better support regulatory compliance.

AEP staff were impressed by the low-friction user experience and the broad applicability to many of their manual operations for vendor verification. No more paper processes, no passwords, and a significant improvement in data liability
That’s not to say there weren’t challenges. At the most basic level IdRamp had to create a common understanding of the project and get past the many initial “What do you mean, blockchain?” reactions. The use of blockchain was material to the best technical solution, but the engagement team focused AEP on business problems and solutions to avoid any misunderstanding about the value of blockchain.

Integration with Oracle fabric was a new challenge that was resolved through secure APIs from Oracle and IdRamp. The real key to success was focusing on business pain points and not on the kind of technical details consumers would find hard to understand.

The future

Ultimately, the Zero Trust verifiable credential ecosystem approach is broadly applicable to a myriad business processes and systems, “It’s the art of the possible,” says IdRamp COO Karl Kneis. “You can add this technology at all levels of infrastructure. You can find new ways to digitize analog business processes and remove slow and costly paper-based procedures. This method accelerates technology to operate at the speed of business.”
Other applications well-suited to a Zero Trust verifiable credential approach are employee badges, conference room access, password-less federation and physical security. By unifying physical security with digital security, these systems become faster and easier to manage.

“The world is changing and looking for better ways to manage data and trust. Zero Trust credentials offer a significant improvement, says Kneis. “They are an elegant way to achieve better results with better security.” AEP are still working on their larger vision for next generation utilities but Zero Trust verifiable credentials will be an important asset to their strategic goals.

For more information about IdRamp products and services: