Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 09 April, 2013, 14:08 0 likes

At the risk of a double alliteration, reuse is one of those perpetually promising concepts that have forever failed to deliver. Several reasons have been proferred to explain this, the Rule of Three being my favorite: "It takes three times as much effort to make something reusable as to make it usable". While reusable systems might save money in the long term, their higher frontend costs make them impractical in many situations. In my personal experience, reuse is no more common in the private sector than the government, if that's any consolation. That said, those who do bite the cost bullet to build reusable systems upfront do reap a rich harvest at the end.

Bo Harald - Transmeri, Demos, Real Time Economy Program,MyData - Helsinki Region 09 April, 2013, 18:42 0 likes

In this form of reuse there is no need to build anything - just use it. And we know from experience that it works and is the by far most economical way of getting strong ID done.

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 09 April, 2013, 19:17 0 likes

It is not obvious that a bank would be willing to permit use of its credential system by others. I remember reading a report recently which clearly stated that banks are not comfortable authenticating users for services over which they have no control. 

Bo Harald - Transmeri, Demos, Real Time Economy Program,MyData - Helsinki Region 09 April, 2013, 19:36 0 likes

Of course it is obvious that progressive banks want to exand the customer value the deliver by enabling use of e-banking id also in other services - primarily of course the public sector. Of course it should be made clear that the banks are only providing the id-channel and have no other responsibility. And banks naturally have the right to not provide the service to non-ethical players - porn, gambling etc.

The focus should be on saving tax payer's money - big time - by providing the service to the public sector.

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 10 April, 2013, 09:01 0 likes

Maybe saving taxpayer's money is a good item on a private sector bank's CSR agenda but, personally, I believe that such social causes are best driven by - warts and all - the government. UIDAI / Aadhar stands testament to this. This government agency is in the midst of issuing a biometric ID for all citizens of India. It has a long way to go before it can hang its boots but, even after successfully rolling it out to 200M citizens - 20% of its mandate - it has earned the distinction of becoming the world's largest national ID program. At this point, an Aadhar # is sufficient for opening a bank a/c in any bank in India and for enabling direct cash transfers from the government to beneficiaries. Going forward, it could qualify as the common credential system for all public services. It could be questioned why, when there are so many banks that have already built credential system, a separate program is required for this. However, with so many banks involved and the difficulties involved in demarcating roles and responsibilities between banks and the public agencies, it has proven impractical for this task to be carried out by any one bank, even in India where many banks are state owned.

Bo Harald - Transmeri, Demos, Real Time Economy Program,MyData - Helsinki Region 10 April, 2013, 10:14 0 likes

There will be a lot of warts if public-private partnership is not aligned. Like - huge spending of tax payer's money - and total flop as seldom used credentials will not be used. I call this stupidity. There should be enough warning examples already.

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 10 April, 2013, 12:02 0 likes

Agreed but, in the perpetual conflict between the quest for efficiency versus effectiveness, I tend to side with the latter even if the ways to achieve it might appear stupid and wasteful at times. Certain countries have enjoyed a basic level of public-private partnership for a long enough time for loftier goals like greater alignment of the partnership make sense. However, in other countries where the expression is almost an oxymoron, public services are better run by the government - in any case, there's no commercial incentive for banks to do so. While citizen ID projects undertaken by the government might have failed in other countries, its success in India proves that there's nothing fundamentally wrong with the model, just that its implementation must be gotten right.

Bo Harald - Transmeri, Demos, Real Time Economy Program,MyData - Helsinki Region 10 April, 2013, 12:12 0 likes

How would there not be a business case for banks? And a huge business case for society at large! We should obviously look forward and change old habits - this is a typical case where clinging to the past is really harmful.

Bo Harald - Transmeri, Demos, Real Time Economy Program,MyData - Helsinki Region 10 April, 2013, 12:13 0 likes

When has clinging to the past been a good strategy?

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 10 April, 2013, 13:04 0 likes

When I last checked, doing what has proven to be effective - whether it's old or new - was a good business strategy. I personally doubt if saving taxpayer money provides any direct benefit for any bank but I could be wrong. As long as banks see a strong business case in doing so, most banks I know would jump at it.

Bo Harald - Transmeri, Demos, Real Time Economy Program,MyData - Helsinki Region 10 April, 2013, 20:12 0 likes

Any enterprise that can contribute significantly to saving tax payers money and furthering progress in the e-society - especially when it can be done without additional investments of any significance and a decent business case (if not huge income) - should do so these days. This is widely understood already. Is it necessary to say that this applies especially to banks - these days? 

Bo Harald - Transmeri, Demos, Real Time Economy Program,MyData - Helsinki Region 10 April, 2013, 20:15 0 likes

In other words - nobody can afford narrowminded self indulgance these days. We all need to see the big picture and work together to make the progress happen.

A Finextra member 11 April, 2013, 09:10 0 likes

Totally agree with Bo but also see mobile operators bringing mobile id to the same market. 

Just counted how many times I have contacted to govermental organizations online this year. Number is 1. If I would have been using only govermental ID card, cost of transaction would have been huge. But when using either bank id or mobile id cost is minimal for tax payers.

Last year I used every month 3-4 times banking IDs/ Mobile ID to do non-banking transactions like confirm online orders, authentication of identity for new services, logging in to other systems like Postal office online PO Box and signing agreements.

Also reuse of old is good for companies. One online university is using banking/ mobile id to accept their new students with strong authentication/ online signature. In the old days, university was sending paper documents to new students. It took over 2 weeks for papers to return. Now their administration signs student with mobile id and student signs his acceptance with bank ID/ mobile ID. Signature is valid and end user can use same method as he is used to do any other action over internet.

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 11 April, 2013, 10:53 0 likes

So, there, there are many nonbanking services who reuse banking credentials. Therefore, I'm not sure if the basic premise of this blog post is valid any longer. Now that there's at least one bank that finds a compelling reason to lend its credentials infrastructure to third party services, others should find a strong enough business case to follow suit. Time will tell how many customers will feel comfortable about (i) sharing their banking credentials with nonbanks (ii) being forcibly logged out of third party services after a few minutes of inactivity just because banking regulators often impose short expiry period of banking credentials on banking websites.

A Finextra member 11 April, 2013, 11:40 0 likes

Using banking/ mobile ID is safe for customers and merchants. No banking data is told to merchant.

Current system Bo is talking about uses banks/mobile operators only to verify that person is same as behind his credentials. After identification customer is returning back to orginal website but his full name and date of birth is carried to merchant. No banking data, no telephone data is carried to merchant. No banking session is behind actions.

Just to illustrate this process. This morning while I was responding to Bos writing, I was talking with one bank in Finland over phone while I am in Brussels. We agreed to add one new service from bank. They wrote a contract and used online signature service, where I got email/sms message to sign contract. Inside this service I saw document, agreed and signed with my mobile phone ID system in my iPad while eating lunch at my neighborhood bar (sandwiches and good ol Leffe). After signature document was stored to online signature system, one copy of document was sent to me, one to bank as email attachment and one part of document went same time to their CRM system. No paper was printed, all documents are in electronic form and to me best thing is, I could sign document 3500 kilometers away in a real time without going to bank branch or wait faxes/ paper documents to arrive. This signed document was also redirected to our book keeping company to implement.

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 11 April, 2013, 12:17 0 likes

Thanks but I'm fairly familiar with such services and their process flow, especially SVP payments authorized via banking credentials. It's technically true that the merchant does not receive nor store my banking credentials but it's not easy to convince an average customer of that. I've highlighted the anxiety faced by a typical user with services like that in this Finextra post about MyBank. Two years later, despite the provider of this service being a trusted bank-consortium, MyBank's adoption has been lukewarm, suggesting that the anxiety hasn't gone away. 

Besides, in the example quoted to illustrate the process flow, the transaction is happening between a bank and a customer using a mobile banking ID, there's no third-party merchant, nor third-party credential. Unless mobile ID refers to an ID issued by the MNO, in which case the question is, why not use the banking credential for such a straightforward transaction between a bank and a customer, especially when we're talking about using banking credentials even for nonbanking transactions. 

A Finextra member 11 April, 2013, 12:47 0 likes

As I tried in example to illustrate the easiness of process to use online banking/mobile credtentials. In this case it was bank.

Same time in my own business, consulting, one customer merchent just send me email that contract I proposed is fine and now it is time to sign. So I uploaded agreed document to third party online signature system and system send invitation to him by email/sms and while I am writning this, he is signing his part of document with his banking/mobile credentials and I will sign with my credentials. At time this text is written, document is signed.

I know that in each country trust for the bank varies, but in all Nordic/Baltic countries customers know that no extra data is leaked to merchant. When using mobile ID system even asks do I accept that my name and date of birth is send to merchant. If I don't accept, then process is stopped.

But as Bo is trying to illustrate, why to innovate new identification systems but reuse already trusted systems, if one country has it. In Nordics it could be online banking credentials (see Bo's background) but it could be mobile ID (Turkey) or some other most common and trusted identification method which can be reused in many situations.

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 11 April, 2013, 13:44 0 likes

It's all fine for third-parties to ask such questions. I myself have a long list of them, with my personal - nothing to do with my background :) - favorite being "Osama bin Laden is a terrorist everywhere, so why should each bank in each country have a separate sanctions screening system to block payments to ObL?" However, in actual practice, virtually each large bank does. That's because, in all these things, the questions that really matter are the ones that face the key stakeholders of the transaction viz. "What's in it for me? What're the risks? How do I mitigate them?" for the Bank; "Why should I risk exposing my sensitive banking credentials for everday nonbanking transactions?" for the User; and, "How much will it cost me to reuse banking credentials? Which bank's credentials? In the event a customer files a claim of fraud, will the bank take responsibility? After all, it's claiming that its authentication system is more robust than mine, is tested for AML, blah blah blah" for the Merchant. If and when these questions are answered to the satisfaction of all primary parties, I'm sure banking credentials will find reuse for third-party services.

But, at this point, I'd place my bet on social signon - the reuse of social media logon credentials. It already has a solid headstart in this space; it's free and convenient for everyone; the merchant won't face the equivalent of the "which bank?" question because between Facebook, Twitter and LinkedIn,  social signon covers more people than all banks combined; and, because almost no one is sure how exactly the info collected will be used and shared, nearly everyone assumes that all's well until they discover otherwise.

With the digerati threatening that tech giants and nonbanking startups are going to disintermediate banks soon, I won't blame banks if they're too busy pondering over basic existential questions rather than finding answers to philosphical ones! 

A Finextra member 11 April, 2013, 14:09 0 likes

Using social media credentials would be nice, same as in the US where they have online signature services where anybody can claim who ever they like to be. As a paper it looks nice, but do I trust social media credentials or US online signature services, No - not at all. Just recently send a document to me friend saying that he had signed a loan with me. I was using one of the no-identification online signature services and his name. Of course it was a joke, but how much you could do under someones name, when identification is not checked.

In the Nordics, countries decided that why to create one govermental based online identification service where as they can reuse excisting systems provided trusted third party companies like banks and mobile operators. And made a law that these methods are valid for online identification. 

For consumers, there has been tradiotionally really strong faith for these institutions. They have been accepted as corner stone for society. But when stepping out of safe Nordic Box, life is different, that I have to say. Living several years here in heart of EU has changed my view to whom to trust.

Usually the cost of identification is only question which arise in the Nordics. Traditionally usage of credentials was free of charge for consumers and tab has been paid by the merchant who wants identify his customer.

Still my vision is to similar as Bo says, but I would extend methods outside original bank credentials for mobile operators verified SIM card methods or third party. It can be also govermental organizations, if and now read carefully if they make a deal with all the other companies, including banks that similar method can be reused to log in to bank and price which banks pay is similar what they pay with their current system. Of course it has to be as safe as current system.