Innovation in Banking: 7 ways Self-Sovereign Identity will disrupt banking

The number one innovation in banking you should be paying attention to – whether you work in tech, innovation management, policy making or digital transformation within your financial institution – is private and secure digital identity. This blog will tell you why.

Our expertise in this space has led us to recently being funded with a seven digit figure and to winning awards by The Chivas Venture, the Blockchain Innovation Conference, The Spindle Innovation and more.

We have covered extensively on this guide about blockchain and identity management how a modern digital identity management system can maintain the security and privacy of its users by decentralising the data storage and by minimising the quantity of personal data stored.

By implementing the innovative technology of Self-Sovereign Identity, users own their personal data and are able to access services from an organisation, proving who they are and ensuring trust without the need to disclose any personal details. This greatly reduces the amount of data an organisation stores and thus reduces the possibility of Personal Data Regulations infringement.

Let’s dive in on the 7 reasons why Self-Sovereign Identity is a major innovation in banking:

Innovation in Banking: Quicker and more efficient processes

Mastercard and Microsoft believe a Digital Identity can play a pivotal innovation role in the banking industry.

They think it would be a major innovation in banking as it would improve the speed and efficiency of onboarding and identification processes of:

– opening bank accounts
– requesting a loan
– establishing a payment services account
– Create a more personalized and efficient shopping experience online and in stores
– simplify “interactions with government agencies and services
– such as filing taxes, applying for passports or securing support payments (e.g., Social Security)”.

All this done through “a single, reusable digital identity [that] can help people interact with a merchant, bank, government agency and countless other digital service providers with greater integrity, lower cost and with less friction”. (Source)

Of course this Digital Identity would need to be private and secure. That’s where Self-Sovereign Identity comes into play. A centralised storage of digital identity would just become a honeypot for hackers wanting to misuse people’s financial and personal details.

Innovation in Banking: No more usernames and passwords?

Barclays and Evernym are exploring how a decentralized, private and secure digital identity could benefit banking.

One thing this innovation in banking would allow is to abolish usernames and passwords. “Everyone has multiple usernames and passwords – and some people use the same password for everything. Hackers love that. And it’s not just your email account they can take – once they’ve got your passwords, they can steal your whole identity,” says Jamie Smith, Strategic Engagement Director at Evernym

According to Barclays, “By 2022 it’s predicted that 40% of interactions between businesses and their customers will be affected by a form of digital ID known as self-sovereign identity (SSI).”

With Verifiable Credentials, everyone can prove claims about themselves without the need for login details such as usernames and passwords that jeopardize their data’s security and privacy.

Through the use of blockchain and cryptography (Zero-Knowledge Proofs) customers could prove claims about themselves without the actual need to disclose the personal information contained in the credentials.

Innovation in Banking: KYC – Know Your Customer

Since 2016, Rabobank, one of The Netherlands’ biggest banks has been researching into Self-Sovereign Identities.

Rabobank believes that with their extensive “Know Your Customer” KYC and due diligence processes, they could provide “directly verifiable data” that the customer could provide to third parties or use verifiable credentials in order to onboard new customers.

We interviewed one of Rabobank‘s Blockchain Specialists, David Lamers, about the work they have been developing regarding Self-Sovereign Identity.

Innovation in Banking: Mortgage Application

Another use case that Rabobank believes can bring added value to customers is in regards to Mortgages.

Mortgage flows require a lot of time and documents from several different sources. Most of those documents are not verifiable. Self-Sovereign Identity would allow for the direct verification of that data and the source.

Innovation in Banking: HR and Employees

Rabobank also wants their employees to be in control of their own data.

Reusing “certificates or assessments they achieved or did at Rabobank everywhere else. Therefore we do projects in order to save certificates, diplomas, trainings and employment credentials”. They believe this innovative technology would “drastically improve employee onboarding times”.

Innovation in Banking: Identity and Access Management

Identity and Access Management Softwares (IAM) are used by companies to authenticate, authorize, manage and create a central repository of their users/employees.

Whenever a new employee is onboarded into a company, a whole new set of accounts has to be created. A lot of different accounts. From a simple email account to databases, servers, AWS or even Slack. 

Once this employee leaves, all these accounts have to be revoked as they were created: manually one by one. One instance of a not properly revoked credential can open the door for vulnerability. As a malicious former employee can access the company’s network and steal data.

Through the use of Self-Sovereign Identity the user would be onboarded on all the different services using his own credential or one created by the company. One that the employee would store on his identity wallet. On the moment of revocation, only one credential would have to be revoked to cut access to all of the accounts.

Self-Sovereign Identity could also be an innovative technology for the Identity and Access Management space by improving the audit trail. For compliance reasons, these enterprise softwares register a log of user access for fraud prevention. Though the method through which that log is created – sometimes a text file – is of concern as privileged users could modify or delete logs for nefarious reasons. Blockchain, due to its immutable nature, could be a prime use case for access log security.

Innovation in Banking: GDPR Compliance and Data Portability

A private and secure digital identity reduces the level of bureaucracy and increases the speed of processes within organisations by allowing for a greater interoperability between departments and other institutions.

But if this digital identity is stored on a centralised server, it becomes a honeypot for hackers. Looking to breach it and leak it in order to misuse the personal details there contained. A centralised storage of identity is then a liability to the organisation.

A personal data breach – such as the CAPITAL ONE case – may result in huge fines due to privacy regulation infringement or simply due to customer trust loss and consequential damage to the organisation’s brand.

Also, GDPR implemented the right to data portability. Previously, companies could “lock-in” customers by shutting their access to their personal data. Now, each user has the right to get a copy of the data each company possesses of him.

Self-Sovereign Identities would facilitate this transfer of data and its consequent sharing with other parties. An innovative technology that gives the user the freedom to share what he wants with whomever he wants.

More Resources:

– Our Digital Identity Management System that brings privacy and security to personal data.
– Our Definitive Guide on Identity Management with Blockchain (Updated for 2019)
– Our interview with David Lamers, one of Rabobank’s Blockchain Specialists, about their work regarding Self-Sovereign Identity.