By Howard Berg, MD, Gemalto UK
When the first internet protocol was invented in the 1960s, it was primarily developed for science and industrial purposes, therefore only enabled machines to talk to each other. It had well thought mechanisms that could identify the machines, but it was not designed to enable the secure identification of the person using them.
This was not a problem for the first generation of internet users, as they would trust the website they were on. But the increasing number of organisations – such as eGovernment providers, banks, and telco operators – offering services online meant that users were required to provide proof of identification. In the absence of a properly designed, ubiquitous identification framework, the identification processes used for these services have evolved independently, leading to fragmented and inconsistent solutions with variable levels of security and visibility.
This inconsistency in online ID verification has become a target of new regulations such as GDPR and PSD2. PSD2 and the arrival of Open Banking is forcing banks to radically revisit their approach to payment authentication and the identification technologies that sit behind this. According to Statista, in 2017 84 percent of British consumers indicated that they believed online banks authentication methods are secure, while a YouGov survey suggested that 55 percent actively trusted their banks. Therefore, regulations and consumer trust mean that banks have a real opportunity to provide the digital identity system the internet needs.
Digital Identity offers the opportunity to remove inefficient and time-consuming manual processes and achieve reduction in fraud. Banks can take advantage of the opportunities digital ID schemes bring by taking this three-stage process:
Firstly, banks need to prove they can solve a compelling problem. To be able to deliver a digital ID infrastructure for everyone, banks first need to identify an area within its own business which digital ID would be able to address and deliver positive return on investment. Pain points that could be addressed by digital identity in the first instance include anti-money laundering (AML) and Know Your Customer (KYC) procedures, account enrolment, payment authorisations, online shopping and banking, account logon and others.
Making sure that customers use the new digital ID tech. Once a bank has taken its identity vision and applied it to solve a problem such as fraud or money laundering, it now needs to look at what is required to increase customer usage. It’s key that the solution is easy to use, so that customers will embrace the experience more quickly and will confidently transfer that user behaviour to other services. When more and more customers embrace a digital identity scheme, this should build transaction volumes within the market, which in turn will make identity frameworks more attractive to third party service providers.
Realising there is significant value in offering cost effective ID solutions to third parties. Once an identity scheme has a critical mass of active users, it becomes a very attractive proposition for third parties. By re-using the infrastructure which already supports their own services, banks can offer cost-effective identity solutions to organisations with similar needs. But going beyond traditional banking services requires identity frameworks to be able to address a third-party provider’s entire customer base, so close collaboration is essential to maximise the value digital identity can bring. A good example of a digital identity scheme driven by the banking sector that is achieving great success is Belgium’s itsme® scheme, which I’ll touch on in the examples below.
Successful digital identity schemes driven by the banking sector
There are already some good examples of digital identity schemes driving adoption in third party services such as government, healthcare and payments. In the Nordics for example, bank operated solutions are dominating the region, providing access to millions of users. The schemes were introduced to provide a common, secure approach to accessing online banking services. A number of schemes have introduced mobile offerings to increase the ease of use, which in turn has helped to build scale further. A mobile application from BankID Norway is already being used an average of 3.5 times a week – a significant increase on the twice a week average when it wasn’t available on mobile platforms. This shows that having the right mobile solution can make a real difference to adoption.
Meanwhile, the itsme® scheme in Belgium has been one of the most successful Federated ID initiatives. It has been backed up by four leading Belgium banks and three of the country’s biggest telecoms operators, which has helped itsme® become immediately available to the majority of the Belgium population. Due to the ease of use of the application,itsme® has attracted more than 350,000 users in its first year of operation. The scheme uses strong authentication measures to ensure high levels of security across different handsets, banks and mobile operators.
Both BankID and itsme® have already expanded from usage across banking and government services to be used more widely. Through the support of third-party providers, itsme® is now being used for authentication in the healthcare and insurance domains and it’s been endorsed by Belgium’s government for tax return services, while BankID has been successfully implemented in vehicle rental, property leasing and postal deliveries.
The wider adoption of digital identity schemes could present a drastic, positive change in the way in which customers interact with online services and gives banks and financial institutions the opportunity to be a driving force for this change. Fundamentally, the core business of financial institutions has been focused on enabling secure transactions with users who can verify their identity, which makes them the perfect providers of multi-purpose digital identity frameworks. And with several banks around the world already showing what’s possible, it’s time for the rest to catch up.