Covid-19 is accelerating digital lives at a speed that could not have been (or certainly was not) predicted even a few months back and confirming ‘who’ we are in the digital world has become critically important. Digital identity has been discussed for many years as the missing infrastructure as the internet and the businesses built on it and around it grew. Progress, however, on creating reliable, safe, trusted and user-friendly digital identities has been variable and fraught with difficulty in many parts of the world.
Those of us who are able are now working from home. Many of us are carrying out day-to-day activities in lockdown, and are finding ourselves doing ever more online. When restrictions are lifted, a return to face to face activities will be welcomed. But many of the changes in how we work, conduct day-to-day transactions and even educate our children will not return to the status quo.
Bad actors thrive in most contexts but can be supercharged in a digital world. There may be fewer opportunities for old-school, armed heists in an increasing digital world, but criminals have evolved quickly with the times. Most of our valuable assets live online and, like the rest of us, that is exactly where many criminals are devoting their time and energy. From stories of unwelcome Zoom call drop-ins to people preying on individuals fears of Covid-19 – the more we do the in the virtual world, the more criminals will follow and pivot their focus.
In fact, criminals have been faster to adapt than the infrastructure required for an effective identity framework in a digital economy that is increasingly borderless. How to create a system that allows individuals and entities to identify themselves and interact/transact with confidence is a persistent problem and discussion and debate continues as to how best to achieve that goal. It is not technology that is the barrier but requires the creation of governance structures, consideration of user journeys and, of course, a rigorous framework to protect privacy.
It could be argued that the identity space is not working effectively, and regulation is not delivering the desired results. The fight against money laundering illustrates this point. Only 1% of those transactions are identified (that is a 99% failure rate). The status quo is simply not delivering results.
Current AML/KYC rules are neither effectively preventing nor capturing crime. Instead they risk making financial institutions so overly cautious that they only serve to exacerbate the problem of the un- or under-banked and create barriers for honest customers. Entire countries are essentially being blacklisted from the provision of effective financial services whist dodgy transactions continue apace.
There is a mismatch between the reality of modern financial services and the need for an effective identity infrastructure. Who then is best placed to provide the solutions? Does it lie with innovative FinTech companies, who have the tech knowledge but may lack the widespread trust of consumers and ability to scale sufficiently? Is it to be left to governments who are regarded with deep suspicion in many parts of the world and often lack the ability to create an effective business case that leads to widespread adoption?
As Sarah Rutherford, Director, Portfolio Marketing, FICO, pointed out, “a recent (FEB 2020) survey by FICO indicates that this trust is unlikely to lie with government, across all 10 countries surveyed when asked if they were prepared to provide a biometric for security purposes, people were much more likely to say they were happy to give this to their bank rather than a government agency. In the USA 65% would give a biometric to their bank but just 22% would provide one to a government agency In Germany 34% more people were prepared to give a biometric to their bank than to their government, while in Brazil only 21% would handover a biometric to a government agency but 86% would give one to their bank.”
The case of the bank-based Nordic identity system is illustrative for countries with well-established banking systems and the trust (if not love) of consumers. This is one area where banks have the regulatory frameworks and ability to leverage both their knowledge of and trust of their customers. Yet, outside of the Nordic countries where the bank based ID system is very effective and has expanded its reach over time – used an average four times a week for broad range of activities including paying taxes, accessing healthcare, retail transactions and even in the tanning salons of Norway – the results elsewhere are patchy at best.
Is this a missed opportunity for banks? After all, they know a lot about the individuals and entities and benefit from high level of interaction (data history) with their customers. Given the rates of failure, they haven’t built an effective infrastructure in many counties but clearly are well-placed to lead on that development. This seems to be yet another clear case for bank/fintech collaboration.
Bundled in with concerns about privacy and use of personal data, the identity space is becoming more complex over time. How do we encourage individuals to take responsibility for their identity and control of personal data and is that even something that they want to take charge of? Would they prefer to be able to give management to and, when needed, find recourse through, another entity? As noted above this challenge is not simply about technology but requires broad thinking.
Progress across the identity space is variable and will, of course, depend on the institutional arrangements and context in a particular country. It may be other institutions (rather than banks) are better placed to provide an effective identity infrastructure.
Many experts recommend a mosaic approach to authentication, using a variety of data points and evidence from a variety of sources to come to a decision on identity. One company doing this is Numbering Intelligence company, TMT Analysis who provide a range of information on mobile numbers worldwide.
“For us a mobile number gives our clients a rich source of information. We realise that most people keep their mobile numbers for a long time and is the nearest you are going to get to a national identity number in most countries” explained Fergal Parkinson, Director and co-founder.
As noted by Mark Matthews, VP, UK & Ireland at Daon, “as a consequence of COVID-19, there is significant new demand for remote digital services, particularly as organisations seek to quickly register and authenticate their physical customers in the digital space. We’ve seen organisations have the most success when both security and convenience are prioritised, through the use of best-in-class biometrics and biometric liveness and by connecting all stages and all channels in which the customer interacts.”
Solutions may develop like islands, over time, like the isolated email systems before them. However, as was the case with email, the long-term goal must be that they will become interoperable. Spurred on by the crisis created by a virus, the cost of crime and the demands of digital lives will lead us towards a range of solutions that one day will at least be fit for purpose for a digital world.
We will be developing a FTT Virtual Focus: Identity event in the coming weeks.