anyone can sign to ORCID, that is wonderful, but if considering usage of ORCID as a base for providing access to authenticate other services, it is crucial to verify the customer is who it claims to be.
the idea is, for all the users (despite their being a member of ORCID member/integrated organisation), ask them (can be offered as a feature), to "verify" their account. is done by sending a 0.1$ (some insignificant amount of money) to the special bank account of ORCID. After transfer received, the name of the payer becomes a customer name in ORCID profile. ORCID API could then later have marker stating that the person is "verified"...
Thank you for your suggestion to improve the ORCID Registry.
In 2016, we launched the ORCID Trust Program, which describes how we are working to improve our trustworthiness through four key concepts: Individual Control; Reliable Registry; Community Accountability; and Information Integrity. For more on this, see the https://orcid.org/about/trust/home