The explosion of data breaches globally has led to digital ID evolving into a major priority for consumers and businesses, with banks seen as best placed to deliver effective, trusted solutions.
With data breaches now widespread and rising in line with the rapid pace of digital transformation globally, many industries are scrambling to find secure, convenient ways of establishing identity for digital services, with banks being increasingly seen as the best placed to address their needs.
So serious has the problem of data breaches become that digital ID or eID is now recognised as one of the most important issues facing organisations and consumers on a global scale. There is a growing recognition too that strong digital ID infrastructure can be a boon for economies. McKinsey Global Institute, for instance, reckons that countries implementing stronger use of digital identity could create economic value equivalent to 3-6% of GDP on average by 2030. The Open Identity Exchange estimates for the UK alone, an effective digital identity solution could contribute 2.5% to GDP.
Jukka Yliuntinen, Vice President at Giesecke+Devrient Mobile Security and Co-Chair of Mobey Forum’s Digital ID Expert Group, says the incentives associated with implementing effective digital identity infrastructure are “staggering”. As well as benefitting individuals, governments, businesses and promoting economic growth, it could also help increase political and social inclusion, support protection of rights and promote transparency.
But with so many players now looking to capitalise on the digital identity opportunity, spanning government, technology giants, social media platforms, and specialist start-ups, “the identity ecosystem has become fragmented and complex, with too many stop-gap solutions creating and propagating vulnerabilities and friction”.
Yliuntinen, however, believes it is the banks that are in the best position to evolve into trusted providers of digital identity. He says: “Effective digital identity is built on trust. The more trust you have in an identity, the more it can be used. Consumers trust banks to secure their data and privacy. Why? Because protecting assets is what banks do, whether it be money, or identity.”
He cites a February 2018 survey by Signicat, a provider of solutions for electronic identification and signatures, of 4,000 adults with bank accounts—1,000 in each of Germany, Sweden, the Netherlands, and the UK. It found that in Germany over 60% of consumers would prefer banks to provide their digital identity, compared to 14% who would prefer a government scheme. In the UK, 49% of respondents would prefer their bank to provide eID, rather than the government, which scores just 31%.
From its overall findings, the Signicat survey concludes that, “consumers want eID and they want banks to lead the effort in providing it.” It adds: “Banks need to both create eID where it doesn’t exist and educate their customers as to exactly what it is and how to use it. They need to create paperless, online and mobile-only processes that their potential customers will happily engage with. Smaller and challenger banks must do this too – through partnerships they can offer as compelling a suite of services as large banks, and eID will mean customers can get on board easily.”
Alternatives such as retailers and social media platforms did not fare well in the survey. While the likes of Google, Facebook and Twitter have been making their login credentials available to use on other sites, this hasn’t translated into trust in these platforms, with only 5% of respondents preferring social media for eID. Asked if social media could be trusted to speed up on-boarding, 52% said no.
Yliuntinen believes that a year on from the Signifcat, a period marked by various privacy scandals that rocked big techs and social media giants like Facebook, the position of banks with regards to eID has only strengthened.
Regulatory role
Regulation has a vital role to play in cementing the trust in banks when it comes to eID: “Banking is a highly-regulated industry with rigorous compliance procedures. This promotes consumer confidence. It also means banks are well-equipped to address complex regulatory requirements.”
In comparison, the big tech giants have always operated with relative freedom, although this is beginning to change. The €50m fine imposed on Google in January 2019 by French authorities for breaching GDPR shows that, even with vast legal and compliance resources available to the big techs, it still takes them time to adapt to tighter constraints, says Yliuntinen.
Regulation however can also create consumer frustration. Rigorous anti-money laundering (AML) and know-your-customer (KYC) procedures, for example, can generate difficult to use and complex bank applications. According to the Signicat study 40% of consumers surveyed abandoned an application, with the amount of information required and the time taken the main causes of drop-outs.
Yliuntinen says: “Forward-looking banks are effectively using digital ID to improve the consumer experience by streamlining previously arduous processes. This, in combination with regulation such as PSD2, is a potential catalyst for innovation. If banks can already provide strong identities to their consumers for their own services, why can’t they do it for others?
“By leveraging the trusted identity to enable access to other services, through a network of third-party providers, banks can deliver effective identity solutions across an array of use-cases. For banks, this is a significant strategic revenue opportunity, as well as an important element to stay relevant with consumers. For third-party providers, the vexing and expensive challenge of establishing identity is solved. It’s a win-win scenario.”
Collaboration is key
Still, Yliuntinen warns that banks working just on their own eID infrastructure do little to solve the challenges of the broader identity ecosystem. He’d like to see “lots more collaboration rather than lots of different solutions with limited applicability”. He points to the Emerging Payments Association calling recently on the financial services industry to ‘work collaboratively …to create a world-leading digital identity solution.’
“We are already seeing such collaborative efforts. BankID in Norway and Sweden, Verified.Me in Canada, TUPAS in Finland and NemID in Denmark, to name just a few, are all schemes that see multiple banks band together. Also, initiatives like ‘itsme’ in Belgium demonstrate cross-industry collaboration, bringing banks into partnership with mobile network operators. But there is more work to be done,” he says.
Developing strategies to deliver seamless, interoperable digital identity solutions across borders is the “billion-dollar question” for the global financial industry and Yliuntinen believes the eIDAS regulation, which makes the identity checks carried out in one EU country valid in another and came into force in late 2018, could set the wheels in motion for frictionless digital identification.
“Are we moving towards a universal model for digital identity? Only time will tell. What we do know, is that banks have the consumer buy-in, data, regulatory know-how and established expertise to establish a dominant position within the digital identity ecosystem.
“It is apparent, however, that collaboration will be essential to quickly expand their service offering to new sectors. By exchanging ideas, mapping the technologies and exploring the potential business models, banks can both address the challenges and seize the opportunities.
