As we progress further into 2020, it is evident that the issues and opportunities surrounding the topic of identity within the financial services marketplace are undergoing fundamental change. Because of technological advance, digital verification is playing a larger part in banking.

Developments such as social media and mobile phones have provided many more people around the world with access to financial services. As a result, new ways of validating and verifying existing and potential customers have come to the fore but significant problems arise when these systems are compromised, raising new challenges for banks.

While the World Bank’s ‘Global ID4D Dataset’ estimates that there are currently one billion people who cannot prove who they are, the emergence of digital authentication has also provided many sectors of the population, especially those who struggled beforehand because of socioeconomic factors, with increased access to public and private services such as healthcare and education.

This digital new normal has led to an expansion of the identity industry. Governments, regulators, companies and banks across the globe are now attempting to manage both personal authentication and the associated data security and policy questions arising.

Despite this acceleration in available technologies, traditional banks continue to ask their customers for identification such as birth certificates and passports when opening a new account at a branch. They do so despite the economic advantages of moving to new identity services.

According to the Boston Consulting Group’s report ‘The Value of our Digital Identity’, the adoption of digital identity services could lead to a significant annual value growth of 22%, which would result in €330 billion by 2020 for the private and public institutions in Europe.

Reluctance

In the UK, at the start of 2019, governor of the Bank of England Mark Carney suggested that digital ID cards “would make it safer for people to access money online” and that improvements need to be made to the security and privacy of online financial services, not only to customer experience, as reported in The Telegraph.

Following the internet boom and the parallel decline of bank branches, this harmonisation of different systems of online identity verification is overdue. As cybersecurity increases as a major concern and digital criminals improve their capabilities to threaten both individuals and the wider financial system, the imperative only increases.

National culture and historical legacy have played a key role in approaches to identity issues around the world. In the UK the concept of an ID card has always been a controversial subject despite almost every other European nation using one. Back in 2010, the UK’s Coalition Government scrapped a plan inherited from its predecessor to introduce identification cards. The then home-secretary, Theresa May, said that the scheme would increase control over citizens. A year later, the Cabinet Office started work on the GOV. UK Verify system. It was declared live on 24th May 2016.

In March 2019, GOV.UK Verify was criticised in a National Audit Office (NAO) report after only 3.6 million users had signed up for the digital identification scheme – way off the 2020 goal of 25 million. The NAO report examined the Government Digital Service’s (GDS) expectation that the flagship identity verification platform would cost £212 million and generate £873 million between 2016 to 2020. The UK Government, however, claimed that drawbacks like this were normal when introducing new technology, despite the initiative’s intention of becoming the default identity verification process for online services such as benefits or income tax.

At the latter end of 2018, the minister responsible for implementation, Oliver Dowden CBE MP, made a House of Commons statement that highlighted that the UK’s GOV.UK Verify programme was ready to enter the next phase of development. GOV.UK Verify promotes itself as a secure way of proving who you are online and one way that a UK citizen can access government services such as taxes or their driving license. The UK Government has partnered with Barclays bank, identity provider Digidentity, credit reporting agency Experian, the Post Office and verification service SecureIdentity to offer this service. Consequently, all these private sector organisations are certified to verify identity on behalf of the UK government.

In his statement, Dowden said that now the Government Digital Service was mature, the “private sector will take responsibility for broadening the usage and application of digital identity in the UK.” While the Government will continue to provide assurance, the UK’s identity scheme operates under commercial organisations. Success in the marketplace will be determined this way, without direct funding and investment from the Government. The announcement also ensured “that GOV. UK Verify will continue to protect public sector digital services from cyber threats, including identity fraud, and other malicious activity.”

However, in conversation with Finextra Research, head of thematic research and chief analyst at GlobalData, Gary Barnett, says he believes that “while the Verify programme does purport to be useful beyond providing identity assurance for public sector services, there’s been next to no uptake. This is partly because organisations like banks or insurance companies already have established identity assurance and Know Your Customer (KYC) processes in place – many of which are not all that compatible with GOV.UK Verify.”

People deal with digital platforms that are not customer-efficient in three stages: irritation, dejection and then, acceptance. Consumers understand that problems arise and may take time to resolve. What we are seeing in the UK is that the Government would like the private sector to lead and refine how identity services are provided to the public.

On the other side

Agility is necessary in identity services and a simple way of providing this would be to establish just one process of authenticating citizens. In the US, the Department of Treasury released a report emphasising the importance of portable digital identity 5. The report pointed to the significance of establishing legal identity for new customer relationships at financial institutions without the need for the bank having to verify personally identifiable information (PII).

This proposed US plan has strong parallels to the UK’s groundbreaking Open Banking experiment and in the same way, stated that “trustworthy portable third-party digital identity services could potentially save relying parties time and resources in identifying, verifying, and managing customer identities, including for account opening and access.”

The US Treasury also put forward a request for financial regulators to collaborate with them so that unnecessary barriers which private and public organisations might face could be eliminated, and the adoption of digital identity services would be better facilitated within the financial services industry.

Speaking with Finextra Research, Alex Bolante, managing director, consumer identity management at Deloitte Risk and Financial Advisory, discussed the US situation. Bolante considers that US financial institutions were already aware of the need for and benefits of digital identity. However, as customer expectations rise, so do those of the regulators.

According to Bolante, “regulators are demanding increased transparency around transactions, meaning that financial institutions require greater granularity and accuracy in the identity information that they capture and are increasingly being held liable for inaccurate or missing identity information.”

He adds that “bad actors in financial systems are increasingly sophisticated in the technology and tools that they use to conduct illicit activity, increasing their ability to quickly cause financial and reputational damage by exploiting weak identity systems.”

Identity risk

Despite this risk, banks could stand to benefit from creating digital identity solutions. Money and identity are two closely intertwined concepts that have started to operate on a parallel basis. In conversation with Finextra Research, Kaelyn Lowmaster, head of research at One World Identity, highlights that “those two goals – financial institution success and personal identity protection – are not necessarily in conflict with one another. It’s in the best interest of a financial institution to make sure that consumer identity is protected to avoid theft, fraud and compliance violations.”

The contrast between banks and Big Tech – an alternative source of consumer identity services – is stark in this regard. Lowmaster continues: “reliable identity data is critical for accurate risk assessment, financial product underwriting, and marketing – but we find it’s helpful to think of personal data protection as a potential strategic differentiator for financial institutions.”

On data protection – a significant talking point in 2018 and not just in the financial services industry – digital bank Tandem’s chief technology officer Paul Clark reiterates to Finextra Research there will always be a new threat for banks, and therefore they have a responsibility to inform and educate their customers.

“The truth is that good service is built on a wealth of data and that benefits the customer and the bank. Part of data protection is keeping consumers aware. If you aren’t using customer attention to improve their security, you are doing something wrong,” Clark says.