Out-Law / Your Daily Need-To-Know

Money2020: progress needed on digital IDs

Out-Law Analysis | 06 Jun 2019 | 12:30 pm | 3 min. read

Financial institutions have an opportunity to build on the trust customers have in their handling of sensitive data to develop market-leading digital identity (ID) solutions that can be used to access other on- and off-line services.

Digital IDs serve as the means by which internet users gain access to online services. They are ubiquitous in today's increasingly digital world. Yet in most cases the solutions developed only work for a single service or provider.

The need to shift towards a decentralised system of digital IDs was debated on the final day of the Money20/20 Europe 2019 conference in Amsterdam on Wednesday. Artificial intelligence and reforms to payment security standards were among the topics of discussion over the opening two days of what is Europe's biggest fintech event.

... changing the public's perception of what 'secure' looks like is one of the biggest issues facing developers of digital ID solutions

Security and trust are the central components of a successful digital environment and changing the public's perception of what 'secure' looks like is one of the biggest issues facing developers of digital ID solutions.

Passwords are what many consumers associate with keeping their devices and data secure, but the conference heard how this 1970s technology offers only the illusion of security and is in urgent need of replacement. There is a major push towards biometrics. Technologies like facial, fingerprint, iris and voice recognition are seen as the longer term solution where a mix of those authenticators is relied upon for enabling access to digital services.

Convincing the public that a combination of those technologies are more secure, not less, than passwords will be challenge given what consumers have been taught to think about online security over decades. The lesson from India, where more than one billion people use the Aadhaar biometric ID card, is that secure biometric digital ID solutions can be developed and implemented on a massive scale.

The Aadhaar scheme, though, is not without critics who have raised concern about state surveillance and the impact on privacy. It is why digital ID solutions in Europe, where data protection standards are world leading, need to be decentralised. Money2020 delegates heard what this might look like in practice.

One vision of the future is the creation of a foundational digital ID for everyone, which would, once authentication has been achieved, reveal a basic set of data about a person to service providers and thus enable members of the public to gain access to basic services, such as certain online public services, more efficiently than currently. The idea is, though, be for the foundational digital ID to be supplemented by a functional digital ID which would be bespoke to individual services and, where necessary, reveal more information about a person to service providers.

Central to this idea is that individuals would retain control over which personal data they would share with service providers. The combined foundational and functional digital ID solution would be transferable in nature, meaning it would not be controlled by one entity, whether the state or a private company.

It is incumbent on the major financial institutions to engage with developments on digital ID

Some businesses are already exploring options in this area. There is an open source community, led by Evernym, which is working to unlock user IDs from silos and ensure they can be transferred across services. In one project, Evernym is working with Deloitte and Onfido through the Financial Conduct Authority's regulatory sandbox initiative on the development of a decentralised digital ID platform. It has also teamed up with Barclaycard and IBM on other projects.

It is incumbent on the major financial institutions to engage with developments on digital ID. As trusted custodians of data, banks in particular are well placed to build innovative solutions that will win public confidence.

There are reasons to act now. The first is that there is an opportunity to seize a leading role in the market, and facilitate a frictionless digital experience for new and existing customers across different services – whilst opening up potential new revenue streams through partnerships with other service providers. With more than one billion people globally without a legal ID, there is a huge market to tap into by getting this right.

The second reason is that we might expect regulatory or legislative intervention to compel new solutions on digital ID to meet growing consumer demand for a seamless, more joined-up digital journey – better to act first before the initiatives take a compliance focus and not one that will necessarily position institutions to make a commercial success of their innovative solutions.  Whilst regulation can be the fastest way to drive innovation, it can also create inadvertent blockers, as we have seen with PSD2 and the strong customer authentication regime.

Competition from technology companies is a further threat that demands action from financial institutions. Apple has recently announced that its customers will be able to use their login details to access third party services, highlighting that others will fill the void if financial institutions fail to take the lead.

Angus McFadyen and Luke Scanlon are experts in financial services and technology law at Pinsent Masons. Pinsent Masons is a sponsor of the Money20/20 Europe 2019 conference in Amsterdam, Europe's largest fintech event.