Blog

Digital Identity: a nut that remains to be cracked

COVID-19 has accelerated digital lives at a speed that could not have been (or certainly was not) predicted. Confirming ‘who’ we are in the digital world has become critically important. Digital identity has been discussed for many years as the missing infrastructure, as the internet and the businesses built around it, has grown rapidly. Progress, however, on creating reliable, safe, trusted and user-friendly digital identities has been variable and fraught with difficulty in many parts of the world.

Many of us who are able to, are now working from home. We are carrying out day-to-day activities in various levels of lockdown, and finding ourselves doing more online. When restrictions are lifted, a return to face-to-face activities will be very welcomed. But many of the changes in how we work, conduct day-to-day transactions and even educate our children will not return to the status quo.

Bad actors thrive in most contexts but can be supercharged in a digital world. There may be fewer opportunities for old-school, armed heists, but criminals have evolved quickly with the times. Most of our valuable assets live online and, like the rest of us, that is exactly where many criminals are devoting their time and energy. From stories of unwelcome Zoom call drop-ins to people preying on individuals fears of COVID-19 – the more we do the in the virtual world, the more criminals will follow and pivot their focus.

In fact, criminals have been faster to adapt than the infrastructure required for an effective identity framework. How to make a system that lets individuals identify themselves and interact with confidence is a persistent problem. Discussion and debate continues on how to best achieve this goal. It is not technology that is the barrier –  but the creation of governance structures, consideration of user journeys and, of course, a rigorous framework to protect privacy.

It could be argued that the identity space is not working effectively, and regulation is not delivering results. The fight against money laundering illustrates this point. Only 1% of those transactions are identified (that is a 99% failure rate). The status quo is simply not delivering results.

Current AML/KYC rules are neither effectively preventing nor capturing crime. Instead they risk making financial institutions so overly cautious that they exacerbate the problem of the un- or under-banked, creating barriers for honest customers. Entire countries are essentially being blacklisted from the provision of effective financial services whilst dodgy transactions continue.

There is a mismatch between the reality of modern financial services and the need for an effective identity infrastructure. Who then is best placed to provide the solutions? Does it lie with innovative FinTech companies, who have the tech knowledge but may lack the widespread trust of consumers and ability to scale sufficiently? Is it to be left to governments who are regarded with deep suspicion in many parts of the world, often lacking the ability to create an effective business case for widespread adoption?

As Sarah Rutherford, Director, Portfolio Marketing, FICO, pointed out, “a recent (FEB 2020) survey by FICO indicates that this trust is unlikely to lie with government, across all 10 countries surveyed when asked if they were prepared to provide a biometric for security purposes, people were much more likely to say they were happy to give this to their bank rather than a government agency. In the USA 65% would give a biometric to their bank but just 22% would provide one to a government agency. In Germany 34% more people were prepared to give a biometric to their bank than to their government, while in Brazil only 21% would handover a biometric to a government agency but 86% would give one to their bank.”

The bank-based Nordic identity system is illustrative for countries with well-established banking systems and the trust (if not love) of consumers. Here banks have the frameworks and ways to leverage both their knowledge and trust of their customers. Yet, outside of the Nordic countries where the bank based ID system is very effective and has expanded its reach over time – used an average four times a week for activities including paying taxes, healthcare, retail transactions and even in the tanning salons of Norway – the results elsewhere are patchy at best.

Is this a missed opportunity for banks? After all, they know a lot about the individuals and entities and benefit from high level of interaction (data history) with their customers. Given the rates of failure, they haven’t built an effective infrastructure in many counties even though they are well-placed to lead on that development. This seems to be another clear case for bank/FinTech collaboration.

Bundled in with concerns about privacy and use of personal data, the identity space is becoming more complex over time. How do we encourage individuals to take responsibility for their identity and control of personal data? Is that even something that they want to take charge of? Would they prefer to be able to give management to and, when needed, find recourse through, another entity? As noted above this challenge is not simply about technology but requires broad thinking.

Progress across the identity space is variable and will, of course, depend on the institutional arrangements and context in a particular country. It may be that other institutions (rather than banks) are better placed to provide an effective identity infrastructure.

Many experts recommend a mosaic approach to authentication, using a variety of data points and evidence from a variety of sources to come to a decision on identity. One company doing this is Numbering Intelligence company, TMT Analysis who provide a range of information on mobile numbers worldwide.

“For us a mobile number gives our clients a rich source of information. We realise that most people keep their mobile numbers for a long time and is the nearest you are going to get to a national identity number in most countries” explained Fergal Parkinson, Director and co-founder.

As noted by Mark Matthews, VP, UK & Ireland at Daon, “as a consequence of COVID-19, there is significant new demand for remote digital services, particularly as organisations seek to quickly register and authenticate their physical customers in the digital space. We’ve seen organisations have the most success when both security and convenience are prioritised, through the use of best-in-class biometrics and biometric liveness and by connecting all stages and all channels in which the customer interacts.”

Solutions may develop like islands, over time, like the isolated email systems before them. However, as was the case with email, the long-term goal must be that they will become interoperable. Spurred on by the crisis created by a virus, the cost of crime and the demands of  digital lives will lead us towards a range of solutions that one day will at least be fit for purpose for a digital world.

Identity remains an important area of focus and we are delighted to announce that FTT Virtual Identity will be running on the 10th February 2021. Register for your free ticket now!