An ID-eal position: Banks and trusted digital identity
Jukka Yliuntinen, Vice President at Giesecke+Devrient Mobile Security and Co-Chair of Mobey Forum’s Digital ID Expert Group
The rapid pace of digital transformation has left many industries scrambling to find secure, convenient ways of establishing identity for digital services. The identity ecosystem has become fragmented and complex, with too many stop-gap solutions creating and propagating vulnerabilities and friction.
Yet the incentives to get digital identity right are staggering. In the UK, an effective digital identity solution could contribute 2.5% to GDP.[i] Consequently, there are many players looking to capitalise on the digital identity opportunity, spanning government, technology giants, social media platforms, and specialist start-ups.
It is banks, however, that are in the ideal position to evolve into trusted providers of digital identity.
You gotta have faith
Effective digital identity is built on trust. The more trust you have in an identity, the more it can be used for. Consumers trust banks to secure their data and privacy. Why? Because protecting assets is what banks do. Whether it be money, or identity.
A 2018 survey found that in Germany, over 60% of consumers would prefer banks to provide their digital identity, compared to the 5% who would prefer a social media platform.
Importantly, this survey was conducted prior to the various privacy scandals that have rocked big tech over the past year.[ii] It is fair to assume that the position of banks has only strengthened.
Regulation breeds innovation?
Regulation plays an important role in cementing this trust. Banking is a highly-regulated industry with rigorous compliance procedures. This promotes consumer confidence. It also means banks are well-equipped to address complex regulatory requirements. In comparison, the big tech giants have always operated with relative freedom. But this is changing. The €50 million fine recently imposed on Google by French authorities for breaching GDPR shows that, even with vast legal and compliance resources available, it still takes time to adapt to tighter constraints.[iii]
Regulation also creates consumer frustration. Rigorous anti-money laundering (AML) and know-your-customer (KYC) procedures, for example, can create difficult to use and complex bank applications. 40% of consumers have abandoned an application, with the amount of information required and the time taken the main causes of drop-outs.[iv]
Forward-looking banks, therefore, are effectively using digital ID to improve the consumer experience by streamlining previously arduous processes. This, in combination with regulation such as PSD2, is a potential catalyst for innovation. If banks can already provide strong identities to their consumers for their own services, why can’t they do it for others? By leveraging the trusted identity to enable access to other services, through a network of third-party providers, banks can deliver effective identity solutions across an array of use-cases. For banks, this is a significant strategic revenue opportunity, as well as an important element to stay relevant with consumers. For third-party providers, the vexing and expensive challenge of establishing identity is solved. Win-win.
Collaboration. Collaboration. Collaboration
Yet, a single bank working alone does little to solve the challenges of the broader identity ecosystem. Namely, lots of different solutions with limited applicability.
Indeed, the Emerging Payments Association has recently called on the financial services industry to ‘work collaboratively […] to create a world-leading digital identity solution.’[v] We are already seeing such collaborative efforts. BankID in Norway and Sweden, Verified.Me in Canada, TUPAS in Finland and NemID in Denmark, to name just a few, are all schemes that see multiple banks band together. Also, initiatives like itsme in Belgium demonstrate cross-industry collaboration, bringing banks into partnership with mobile network operators.
But there is more work to be done. Developing strategies to deliver seamless, interoperable digital identity solutions across borders is the billion-dollar question for the global financial industry. The eIDAS regulation, which makes the identity checks carried out in one EU country valid in another, came into force in late 2018 and could set the wheels in motion for frictionless digital identification. Are we moving towards a universal model for digital identity? Only time will tell.
What we do know, is that banks have the consumer buy-in, data, regulatory know-how and established expertise to establish a dominant position within the digital identity ecosystem. It is apparent, however, that collaboration will be essential to quickly expand their service offering to new sectors. By exchanging ideas, mapping the technologies and exploring the potential business models, banks can both address the challenges and seize the opportunities.
[i] Open Identity Exchange, ‘Digital Identity in the UK: The cost of doing nothing’, https://oixuk.org/wp-content/uploads/2018/04/Cost-of-Doing-Nothing-FINAL3v3b.pdf
[ii]Signicat, ‘The Battle to On-board II’, https://www.signicat.com/wp-content/whitepapers/signicat-battle-to-onboard-II-v6.pdf
[iii]ZDNet, ‘GDPR: Google hit with €50 million fine by French data protection watchdog’, https://www.zdnet.com/article/gdpr-google-hit-with-eur50-million-fine-by-french-data-protection-watchdog/
[iv]Signicat, ‘The Battle to On-board II’, https://www.signicat.com/wp-content/whitepapers/signicat-battle-to-onboard-II-v6.pdf
[v]Emerging Payments Association, ‘Facing up to Financial Crime’, https://www.emergingpayments.org/assets/uploads/2019/01/EPA-Facing-Up-to-Financial-Crime-Whitepaper-Full-Version-v2.0-1.pdf