Much has been made of how the pandemic shifted people’s movement toward digital banking into overdrive. Less attention goes toward the dark side of that massive change: the rise in online and mobile fraud due to inadequate means of assuring digital identification.
Digital ID became an issue the first time a consumer transacted on an early banking website, but the pandemic boom and the corresponding reliance on mobile devices has injected huge urgency into solving this challenge. Much more than banking is involved, as nearly every human activity that doesn’t require physical proximity seems to have moved to the internet.
“Online is the new face-to-face,” observes a study by IDology. The firm found that one out of three Americans signed up for digital delivery of services formerly provided in person. That’s 83 million people — or potential fraud victims if you are cynical.
A factor becoming increasingly evident is that as schemes for more secure and more reliable digital identification move forward, an inevitable choice will confront banking. It can lead the process, as an industry. It can share the process with other public or private entities. Or it can submit to a process devised by government or by another industry, such as Big Tech.
One school of thought developing among those studying this issue is that digital identification, run by the banking industry, could become a source of competitive relevance and potential profit. Something that the industry has that the likes of Amazon, Google and other big tech firms don’t is a long history of safeguarding people’s money and identification — including decades of know-your-customer compliance.
“Large technology firms provide a simple experience that has led to broad adoption and global scale,” states a paper from the Global Assured Identity Network. “Their current capabilities, however, do not extend to contexts requiring a high degree of certainty about an individual’s identity. Financial institutions, by virtue of their investments in KYC and authentication, offer a high degree of trust.”
The network — GAIN for short — is an international group that is developing a cross-border approach to digital identity that it plans to launch for potential use in late 2022.
“The financial industry faces a choice: Will customers ultimately log in to their bank with a social media ID or will they use their bank to gain access across the internet? … The time for cross-border, cross-sector collaboration is here.”
— Global Assured Identity Network white paper
“Digital identities” is a collective term describing various combinations of user identifiers, passwords, multifactor authentication routines, unique identifiers, biometrics, phone numbers, email addresses, and other data points that in combination can verify that someone operating digitally is who they claim to be. In India, for example, the Aadhaar electronic ID system, which will be discussed later, is being used to assign a unique 12-digit identification number to every person, based on biometric and demographic data.
Increasing Digital Fraud Rattles Consumers
In a Forbes blog, David Birch, an international expert on payments technology who is part of the GAIN project, diagnosed the state of the challenge, after describing a long and unsuccessful attempt to log in to pay a credit card bill.
“We still waste billions of man hours navigating ridiculous identity roadblocks while the criminals skip over the sleeping policeman to loot with impunity,” Birch wrote. He added, citing figures from Aite-Novarica, that almost half of all Americans were victims of ID theft in 2020.
A digital ID study by IDology found that 23% of American consumers said that unauthorized accounts had been opened in their names in 2021. That figure represents an increase of 21% over the findings of a 2020 edition of the same survey. Consumers reported new account fraud not only in banking accounts, credit cards and shopping accounts — the top three categories — but also in government benefits and healthcare services.
IDology also noted the growing exposure to fraud involving mobile devices specifically. Nearly one out of four Americans suffered mobile fraud of some kind in 2021, including actual theft of the phone and malware attacks. People have grown sufficiently aware of the risk of the latter that the study found that 55% are extremely or very concerned that malware will steal personal information and passwords from their mobiles.
More specifically, consumers surveyed by IDology gave these as the top five losses due to identity theft:
- Credit and debit card theft: 30%
- Bank account infiltration and theft: 29%
- Mobile phone number stolen and cloned: 24%
- A new loan taken out in their name: 21%
- A new credit or bank account opened in their name: 20%
ID theft's damage goes beyond consumer harm and the costs of cleanup. Financial institutions face the risk of increased consumer abandonment of online and mobile enrollment.
Why Digital Identification and Marketing Go Hand in Hand
Abandonment of an online banking session is a major concern for financial institutions. Even just in the context of digital identification it has several facets. For example, IDology found that while 53% of Americans say they trust a company that asks for additional proofs of identity, 25% say this makes them less trusting. This could be out of fear of providing more information that could be stolen or even suspicion that they have logged into a bogus site that is harvesting data.
The result is that 48% of those consumers who have less trust when asked for more data simply abandon their signup. In addition, that distrust spreads further — 28% say that they would be less likely to sign up for emails and other communications from the company. Likewise, they’d be less likely to open communications they receive from that company.
The same study found that in every category of online business, consumer faith in the companies’ ability to protect their data fell from 2020 to 2021.
Abandonment happens even more frequently in mobile than on computers. 72% of consumers told IDology that they would abandon enrollment on their phone, while 42% said they would do so on a desktop or laptop and 29% on tablets.
The IDology findings suggest that improving digital identification means not only finding new technology approaches to further safeguard people and their accounts, but communicating better the hows and whys of what the financial institution is doing. The possibility of having so many connections ending in abandonment should keep marketers up at night.
But Those Amazing Neobanks and Fintechs Have Licked This, Right?
In many ways, the model that has driven banks and credit unions to digitize was the example set by digital-only neobanks and other fintechs. Those players enjoy a reputation for easy interfaces that avoid the friction of stodgy old banks.
Except that the upstarts haven’t been immune to the digital fraud issue. One recent example:
In February 2022, PayPal revealed major account-opening fraud that resulted in many closures. A review of active accounts following a wave of marketing identified 4.5 million accounts that PayPal believes were illegitimately created. Analysts commenting on the revelation in a Forbes article blamed the problem on bots opening accounts with stolen personal data in order to snag cash incentives for opening accounts.
Even as the challenges remain in the internet we all know, there are already articles and discussions regarding ID fraud risks in the fledgling metaverse.
Big Tech ID setups are also a factor in consumer interest in digital identification. While the IDology study makes it clear that people see a problem, a digital ID report by Forrester, “The Global State of Digital Identity, 2021,” raises the question whether many consumers “get it” when they are often given the option to sign into websites and services using IDs issued by Facebook, Google, LinkedIn and others.
Building Better Digital Identification Approaches
One of the ironies of the digital identification challenge is that it isn’t wholly digital as currently practiced.
In spite of the boom in digital banking and ecommerce, “identity frameworks around the world are still largely analog and paper-based. We can speak with a doctor on the other side of the world or send money instantly with the tap of a button but proving our identities typically requires uploading a picture of a paper document, often issued years ago,” states a Oliver Wyman/International Banking Federation digital ID paper, “Digital Trust: How Banks Can Secure Our Digital Identity.”
Various countries have already implemented digital identification programs that are led by government agencies, the private sector or a combination. Generally those not involving governments rely on banking
“The involvement of banks in developing such a national scheme — given their day-to-day role in managing personal data, extensive, strongly verified customer base, and their history of collaboration and participation in delivering secure networks — can help ensure that the new ecosystem is able to deliver the trust consumers require,” the Digital Trust paper suggests.
The report says most national digital ID programs — there aren’t that many — fall into one of these categories:
- Using scanned physical government ID documents.
- “E-ID” digital credentials, issued to citizens by governments.
- Creation of a single digital ID used for all digital purposes, public and private.
The report reviews the status of digital ID in a cross-section of countries. The oldest bank-led program is BankID, used in both Norway and Sweden since the early 2000s. In both, banks serve as the verifier of identification.
Canada’s Verified.Me is a hybrid government-private sector model, representing a partnership of the country’s major banks. The Canadian model includes elements of blockchain technology.
The Indian government’s Aadhar program was first used for distributing benefits. Now it can be used for open bank and telco accounts and for sending payments via Google Tez platform.
Between the Lines:
National digital ID programs are subject to stumbles and hiccups. The U.K.'s approach went through a reboot since 2019, after many potential users didn't tap the system in its early days.
The report makes the point that impediments to adoption of digital ID in the U.S. is the sheer size of the banking system and the nation’s governance and structure. Identification in the U.S. is a blend of state level forms, such as driver’s licenses, and federal factors, such as the longstanding use of Social Security numbers.
The report points out that the private sector in the U.S. wants to deliver and run its own approaches, but wants the federal government to put some money into any eventual program.
One federal effort worth watching is LOGIN.GOV. Right now this is a program run by the General Services Administration that provides a single login account number and password for users of participating federal agencies. Currently that is a very small group, but there have been efforts — and a $187 million allocation — to develop it further to produce a digital identification program.
“In markets like the U.S., where there are thousands of banks, collaboration on a single bank-led scheme would clearly be challenging,” the Digital Trust report states. “In these circumstances, parallel schemes are likely to emerge prior to network efficiencies driving consolidation or interoperability.” This prediction is reminiscent of the way ATM networks evolved in the U.S.
The Forrester report notes that a number of U.S. states are adopting digital driver’s licenses that can be stored on a mobile device. This could facilitate digital identification for those license holders in other contexts besides driving. (Some states have their own programs while others are working with Apple. Google is reported to be developing a program that would incorporate digital driver’s licenses.)
But the Forrester report also notes that many people around the world have low trust in government agencies and that any government role in a country’s digital identity program would be a negative for getting it off the ground.
“Even in countries where ID cards have been mandated for decades, there is — sometimes widespread — resistance to any form of electronic ID or health care card because citizens fear that this would enable the state to intrude ever more deeply into their personal lives,” states Forrester.
And Further Down the Road, Making National Systems Work Together
Increasingly, especially as the internet effectively eliminates national physical borders for some purposes, the evolving national level digital identification programs will have to be able to synch with each other in some way. In the field, this is called “interoperability.”
“Interoperability of basic digital identity will become critical as digital identity develops,” states the Digital Trust paper. For this to happen, the paper says, there will have to be agreement on a common set of standards and frameworks. Achieving that will mean bridging differences among nations in what makes acceptable proof of identification.