Banks and Credit Unions Must Take Digital IDs Seriously Now

The coronavirus pandemic forced many Americans to use digital banking channels. With this shift likely to be permanent, if not accelerated, the banking industry must put more emphasis on programs and methodologies that will ensure that mobile and online users really are who they say they are.

Who are you? How can you prove it? And what makes you you?

These questions aren’t the ponderings of an existential philosopher. Increasingly they are issues that financial institution executives should be weighing. As countless studies have found by now, consumers of all demographic descriptions have been coming to digital channels in place of live banking interactions since the COVID-19 pandemic began. Signs are clear that many will not move back to their old banking habits.

There was a New Yorker cartoon many years ago in which two dogs were talking in front of a computer screen. “On the Internet, no one knows you’re a dog,” one dog says to the other. A more-recent meme making the rounds says that “On the Internet of Things, nobody knows you’re a fridge.”

Funny enough, but spot-on in terms of the challenge of the digital world we all live in. Many of us are capable of running our work lives, personal lives and financial lives from a keyboard or a smartphone’s screen, but our confidence in doing so — both consumers and financial institutions — is only screen-deep without means of ensuring that digital identities are genuine and verifiable.

The means could include a significant role for financial institutions, but sometimes where that has been tried it hasn’t worked out so well.

Digital Identity Is Part of a Bigger ID Challenge

A few years back, the World Bank stated that 1.1 billion people in the world cannot prove who they are, either because their region lacks sufficient administrative structure to capture them from birth or because they somehow fell into some system’s cracks. The lack of clear, or any, identification can cause financial exclusion, according the organization. The magnitude of the challenge is underscored by the World Bank’s goal of addressing it by 2030.

“What if devices go away? What if technology evolves to the point where humans have identity chips embedded into them at birth?”
— Ron Shevlin, Cornerstone Advisors

One of the most ambitious efforts to remedy this situation has been underway in India for over a decade. There the Aadhaar electronic ID system is being used to assign a unique 12-digit identification number to every person, based on biometric and demographic data. Most adults have been pulled into Aadhaar.

Usage of biometrics is in part intended to reduce fraud in the Indian system — its website urges parents to bring in their registered children for biometric updates at ages 5 and 15. By contrast, Social Security Numbers, widely used as a proxy for national identification in the U.S., have been frequently abused and lack a physical connection.

Indeed, calls to curtail the ID role for the Social Security Numbers continue. A staff memorandum for a 2019 House Financial Services Committee hearing states that, “… as data breaches of financial institutions and entities that hold SSNs become more common, the clandestine nature of SSNs is lost.” The report goes on to point out that some say the opposite of a centralized SSN database — an identification use case for blockchain technology, which is decentralized, would work. But even that advanced technology is open to hacking, and has been. When such events occur blockchains “fork,” that is take a fork in the road, so to speak. But this may not suffice for identification purposes.

The more personal data that leaks out through crime, the less reliable are the classic trio of identification factors, used in some combination at every endpoint for banking. These are:

  • Something you know — like a PIN number or a zip code for your home.
  • Something you have — like a driver’s license, a credit card or, increasingly, your smartphone.
  • Something you are, such as matching a photograph or various types of biometric data.

And while even some of the homeless own smartphones, already there are those who look beyond the Age of the Device. Ron Shevlin, Director of Research at Cornerstone Advisors, asks in a Temenos white paper, “What if devices go away? What if technology evolves to the point where humans have identity chips embedded into them at birth? Sounds farfetched, but few people envisioned the rapid development and adoption of the smartphone.”

Read More:

Time’s Running Out to Get Reliable Approaches in Place

The identity challenge increasingly affects the digital sphere. “Our current systems for managing identity and data security are clearly deficient due to the fact that they are still largely based on the physical world, states a report by BBVA, “Digital Identity: The Current State of Affairs.” “In the financial services field, for example, most banks are still asking clients to show, at a branch, a physical ID card or a birth certificate to open a bank account.”

BBVA’s paper stresses that financial institutions must lead the way in changing things. “It is necessary for banks to create strong and trustworthy digital identity schemes that can support their current expertise at verifying identities in the physical world.”

One wrinkle: Complicating things is that there are multiple definitions of what “digital identity” means. One, presented by the International Organisation for Standardisation, bolsters the significance of the earlier joke about refrigerators, because it suggests that even devices can have a digital identity.

A McKinsey Global Institute paper, “Digital Identification: A Key to Inclusive Growth,” suggests that digital ID include all of the four following attributes:

  • Be verified and authenticated to a high degree of assurance.
  • Be unique.
  • Be established with individual consent.
  • Be capable of protecting user privacy and ensuring control over personal data.

Read More:

Trust in Banking Will Be Critical Digital ID Asset

Ideally, digital ID would wind up covering both the physical and digital worlds, in everything from gaining access to education and governmental services, opening financial accounts and obtaining employment, according to the McKinsey report. The report notes that digital ID can be a double-edged sword, something that could help people — especially women in countries where lack of ID blocks them from the banking system — potentially reduce fraud; and remove friction from commerce, but that governments could abuse it for political purposes.

This brings up the issue of trust. In a white paper, “Digital Identity 2020: The Future of Banking,” Mitek makes a strong case that when it comes to digital identity, Americans surveyed reported the strongest degree of trust in banking institutions. Asked which organizations they were most comfortable giving digital IDs to, they responded:

  • Banking institution, 60%
  • Government, 51%
  • Tech companies (like Google, Apple, Amazon and Microsoft), 43%
  • Streaming services (like Netflix), 43%
  • Social media platforms, 33%

This is not a theoretical ranking, notes Mitek. “With consumers relying on online and mobile banking applications to manage their banking accounts, get approved for loans or a new account, share funds and pay bills,” the study says, “digital identity is becoming an intrinsic part of the banking industry.” The study further indicates that 86% of consumers say they use their digital identities for opening accounts and other digital banking needs.

Here’s how consumers rank various entities based on how much they trust them to protect their data:

  • Banking, 65%
  • Government, 48%
  • Tech companies, 40%
  • Streaming services, 42%
  • Social media, 24%

The role of trust can’t be overstated, because, in spite of our growing reliance on machines, software and artificial intelligence, inherently trust is a human thing.

In his book Before Babylon, Beyond Bitcoin, analyst David Birch wrote that “Identity is changing profoundly, and money is changing equally profoundly because of the same technological change. What will link changing identities with changing money? Trust. In a world based on trust, it will be reputation rather than regulation that will animate trust in economic exchange.”

Political Stalemate Holds Back U.S. Digital ID Progress

What complicates the current state of affairs further is that there is little agreement internationally on how to set up and maintain digital identity programs, despite the fact that so much ecommerce is global. In the BBVA white paper, it’s stated that “identity providers with a high level of assurance, like public authorities or financial institutions, will be the leaders of the future ID market.”

But even within single countries there is conflict, or inertia and inaction. Cornerstone Advisors’ Ron Shevlin noted a couple of years ago that the U.S. lags progress made in some other countries due to political conflict. In its 50-50 partisan atmosphere, he wrote at the time, a digital national ID push is seen as an attack on immigration on one extreme and as a nonsequitor by the other extreme. Since then, the distance between political extremes has only increased. And as COVID has demonstrated, in the U.S. we have not only a central government with strong views, but 50 states with divergent opinions on how to handle everything. (That said, the Commerce Department has a pilot ongoing to expand on the idea of digital driver’s license technology.)

Shevlin also pointed out that the private sector’s enthusiasms for strengthening digital ID can be muted when incentives are small: “The flaw in the ‘banks as identity provider’ argument is that there is no rationale for multiple banks to compete to be the primary identity provider. When someone switches banks, does that mean that his or her identity credentialing will have to shift from one provider to another? It’s enough of a hassle to switch banks, can you imagine the hassle of having to switch identity providers when you change banks?”

Blended Support May Help, But Won’t Always Work

Mastercard, in a 2019 white paper launching its own experiments in digital identification, urged broad cooperation in attempting to establish such programs, even as it has begun to try out concepts: “There is no single government, technology company, financial institution, or even industry sector that can effectively deliver a digital identity service by itself. Co-dependence, collaboration, partnership, and orchestration are all required.”

Beyond ecommerce and the growing reliance on digital channels in general, experts indicate that the trend towards adoption of open banking works best when strong digital identification systems are in place. However, it can’t come at the expense of customer experience.

“Users will only use products and services that meet their standards for customer experience, while providers will integrate digital ID only if it fits the customer journey they want to offer,” McKinsey states.

Systems have been tried around the world to implement digital identity systems that incorporate a role for financial institutions. Here are two that have close parallels to the U.S. situation.

• One example is SecureKey Concierge, launched in 2012 and run by seven Canadian financial institutions to enable access to that country’s governmental services. In digital ID parlance, this is called a “federated system” — that is, one in which multiple organizations with their own systems operate ID in a commonly agreed format. (By contrast, the Indian Aadhaar system is a centralized ID approach, operated by government entities.)

SecureKey’s recent expansion to its Verified.Me service, characterized as a followup to Concierge, uses blockchain technology. Specifically, this is “permissioned” blockchain, which can only be accessed by members of a group with appropriate access credentials.

• Another example is in the U.K., where in 2016 the UK Verify program launched, relying on the private sector, including financial institutions. The effort started in the digital authentication area for government programs and included private-sector participation.

The history of UK Verify has been rocky, according to U.K. technology media articles. Barclays and some other private-sector organizations decided to stop processing new identities and a switchover from government support to wholly private support was postponed.

The PublicTechnology.net website notes that the program “has never suffered from an excess of popularity” but also noted that usage increased significantly during the pandemic.

With digital identity, success hinges on numbers. A World Bank white paper indicates that low participation produces programs of limited value, in part because parallel systems will be required to cover consumers who decline to take part in the centralized digital effort.

In addition, there is increasing recognition that digital identity will work best when it spans multiple industries and purposes. To the degree it can be seamless, while ensuring maximum privacy and data security, serving as a friction-reducer in financial services, government services, ecommerce and more, it will save effort, time and money for institutions and consumers alike.

This article was originally published on . All content © 2020 by The Financial Brand and may not be reproduced by any means without permission.