Let’s conquer our fear of Digital ID and unlock the opportunity

The UK is at the forefront of financial innovation. We created a blueprint for Open Banking. Our data regime is one of the most progressive in the world. Yet we are still missing one crucial part of the puzzle: a universally accepted method of digital identification. 

Our lack of a digital ID is bad news for consumers and businesses alike. In financial services, identification solutions enable us to remove friction from customer journeys, reduce errors, save costs (and pass them on to customers) and improve audit trails. By making our customers’ data truly portable, we can unlock better, faster and more personalised services. 

Digital IDs are also an enabler of financial inclusion and, in the words of the Bill and Melinda Gates Foundation, can be “an effective tool against poverty”. 

However, the government has failed to win the argument on the benefits of identification programmes and many people are suspicious of anything which resembles national identity cards. Which is a clear opportunity for the financial services sector. 

The technology behind Open Banking is already being used to identify banking customers during transactions. This is a new form of digital ID delivered by banks, not Big Brother, and based on a set of validated data attributes and credentials for the digital world. It will drive greater demand for security and trust, with Open Banking ensuring that all data is shared securely and with consent.

Once consumers understand the benefits of a bank-based ID, the convenience will quickly overshadow their privacy concerns. I strongly believe it’s time for everyone in the industry to lace up their trainers and get to work on delivering decentralised digital ID solutions which build upon the Open Banking framework - and I’m not alone. 

Identity in the UK:

The fact we do not have a universally accepted digital ID in the UK makes us an outlier on the world stage. In India, the Aadhaar ID system - the world’s largest - has now processed more than 100 billion authentications. It is used by almost 95% of the population - well over one billion people. Last year, a senior official said it has saved India 2.22 trillion rupees (roughly $29 billion dollars) through a reduction in fraud and the elimination of duplicate entries in the records used to distribute benefits.

The EU recently reached a provisional political agreement on the core elements of a framework for a European digital identity (eID) - which is expected to be used by 80% of Europeans by 2030. The United States, Canada and Australia are among the many countries moving quickly on a digital ID. Norway, Sweden and Finland already accept bank-issued eIDs (also known as BankID) for identification by government authorities. Somalia recently joined a range of other lower-income countries including Afghanistan, and Bangladesh by introducing an official, universal digital ID. Why has Britain not done the same?

What’s the history of national ID in the UK? 

We’re more than a little squeamish about national identity schemes here in the UK - and have been for a very long time. The last time the government successfully introduced and enforced an identity programme was in 1939, at the beginning of World War II. Winston Churchill scrapped ID cards in 1952 after campaigning for election under the slogan: “Set the people free.” 

Since then, Westminster has tried and failed to solve the UK’s lingering identity issues. At the beginning of the 21st century, a Labour government made a serious attempt to introduce ID cards, a doomed project which came to nothing and was scrapped by the Conservative and Liberal Democracy coalition in 2010. 

Today, there is some cognitive dissonance at play in our attitude to identification. Consumers are happy to hand over key pieces of information such as our home address to online businesses. Yet many are still uncomfortable with digital ID. 

To address this, we must be sure to communicate the truth of the matter. A digital ID is not the tool of an oppressive state. Or, at least, it doesn’t have to be. It is little more than a way of securely transmitting data which proves the identity of a person or business - after they expressly agree for that information to be shared. Choice and consent are critical. 

Regulation is also important. If we get the rules right, innovative companies will be able to offer a range of regulated, decentralised digital ID solutions which enable fast, secure and accurate data-sharing - creating a market in the process. 

The rise of bank-based identity solutions

At our most recent Campfire, Open Banking Excellence (OBE) gathered pioneers and industry leaders to discuss whether the UK would ever introduce a universal digital ID. The clear takeaway was that banks have a vital role to play in this space, with Open Banking enabling the secure, consent-driven sharing of data needed to power identification propositions. 

NatWest, a true Open Finance pioneer, has already partnered with the identity service provider OneID to deliver an embedded digital ID solution which can be used across a wide range of use cases, including e-document signing and digital onboarding.

Powered by NatWest’s Bank of APIs, the “Customer Attribute Sharing” functionality makes it easy, safe and secure for customers to share their bank data with businesses. After giving consent to enable access to this data, customers can digitally verify their details when buying age-restricted services like hiring a car or buying a bottle of wine. 

Attribute-sharing APIs reduce the need for customers to fill in lengthy online forms or scan and upload documents, helping them save time and reducing the risk of manual error. They speed up and streamline online experiences, reducing the risk of fraud by making it easier to verify that customers are who they claim to be. One e-signature provider has used the service to reduce its document signing process from five minutes to 45 seconds. 

In the months ahead, NatWest Group will be collaborating with many more businesses to bring its Customer Attribute Sharing service to an even wider range of use cases - for example, by embedding the service in e-commerce journeys to improve the online payments experience.

Stacey Wilkinson, API Growth Manager, said a “bank-based identity approach” enables banking apps to serve as digital identity wallets. She discussed a use case-focused model in which bank-based ID is used in contexts in which customers expert to be able to prove their identity, before being rolled out across more services to increase adoption.

“We have the infrastructure in place,” Stacey said. “It's really up to the banks to start actively playing and collaborating in this space to really drive adoption and use cases forward. I am optimistic and hope that we'll see this market greatly increasing in the next six to 12 months.”

Sweden’s Bank ID shows us how a modern identity solution works. It has a usage rate of 94% among smartphone users and is administered by Finansiell ID-Teknik BID AB, an organisation owned by several Swedish and Scandinavian banks.

Paula Sussex, CEO of OneID, said:  “With six billion transactions each year, bank-verified ID has become a normal part of life and is used for everything from government transactions to e-commerce.”

Addressing security fears:

One of the long-standing arguments against digital ID is that storing vast amounts of personally identifiable data will give hackers a huge target to aim for. When India’s Aadhaar was breached in 2018, for instance, more than 1.1 billion people’s data was compromised. 

Philip James, Partner at Eversheds Sutherland, said: “With a universal ID, we need to make sure there the checks and measures are in place. However, we must keep these to an absolute minimum, because 100% security just doesn't exist. It’s all about mitigating the risk while driving innovation.”

Ross Prendergast, Managing Information Security Consultant at NCC Group, argued that Digital ID could actually “raise the bar” for security and will be a “net benefit”, even though it creates new risk. 

“We have a great opportunity to increase security,” he said. “There are huge benefits around fraud prevention, inclusion and improvements to user journeys and interactions with services. 

When we implement these new technologies, we need to be very careful because we're dealing with people's personal and sensitive information.”

Addressing the cybersecurity challenges of Digital ID will go some way towards reassuring the public. Then, once we demonstrate the benefits of potential use cases, the UK will not only be able to deliver a universally accepted form of identification - but create a new market around identity solutions. We led the world with Open Banking. I think we have the chance to do the same with digital identity. We have identified the opportunity - now is the moment to seize it.