Innovation in Banking: Identity

The number one innovation in banking you should be paying attention to – whether you work in tech, innovation management, policy making or digital transformation within your financial institution – is private and secure digital identity. This blog will tell you why.

Our expertise in digital identity technologies has led us to develop pilots with a major international NGO and the Turkish Ministry of Foreign Affairs and placing top 5 in the global Chivas Venture award among a thousand startups. We are now about to launch Ana, a digital identity management platform that allows organisations to issue tamper-proof digital credentials which are verifiable anywhere, at any time.

We have covered extensively on this guide about blockchain and identity management how a modern digital identity management system can maintain the security and privacy of its users by decentralising the data storage and by minimising the quantity of personal data stored.

By implementing the innovative technology of Self-Sovereign Identity, users own their personal data and are able to access services from an organisation, proving who they are and ensuring trust without the need to disclose any personal details. This greatly reduces the amount of data an organisation stores and thus reduces the possibility of Personal Data Regulations infringement.

Let’s dive in on the 7 reasons why Self-Sovereign Identity is a major innovation in banking:

Banking: Identification and Onboarding

Mastercard and Microsoft believe a Digital Identity can play a pivotal innovation role in the banking industry.

They think it would be a major innovation in banking as it would improve the speed and efficiency of onboarding and identification processes of:

– opening bank accounts
– requesting a loan
– establishing a payment services account
– Create a more personalized and efficient shopping experience online and in stores
– simplify “interactions with government agencies and services
– such as filing taxes, applying for passports or securing support payments (e.g., Social Security)”.

All this done through “a single, reusable digital identity [that] can help people interact with a merchant, bank, government agency and countless other digital service providers with greater integrity, lower cost and with less friction”. (Source)

Of course this Digital Identity would need to be private and secure. That’s where Self-Sovereign Identity comes into play. A centralised storage of digital identity would just become a honeypot for hackers wanting to misuse people’s financial and personal details.

Innovation in Banking: No more usernames and passwords?

Barclays and Evernym are exploring how a decentralized, private and secure digital identity could benefit banking.

One thing this innovation in banking would allow is to abolish usernames and passwords. “Everyone has multiple usernames and passwords – and some people use the same password for everything. Hackers love that. And it’s not just your email account they can take – once they’ve got your passwords, they can steal your whole identity,” says Jamie Smith, Strategic Engagement Director at Evernym

According to Barclays, “By 2022 it’s predicted that 40% of interactions between businesses and their customers will be affected by a form of digital ID known as self-sovereign identity (SSI).”

With Verifiable Credentials, everyone can prove claims about themselves without the need for login details such as usernames and passwords that jeopardize their data’s security and privacy.

Through the use of blockchain and cryptography (Zero-Knowledge Proofs) customers could prove claims about themselves without the actual need to disclose the personal information contained in the credentials.

Banking: KYC Innovation

Since 2016, Rabobank, one of The Netherlands’ biggest banks has been researching into Self-Sovereign Identities.

Rabobank believes that with their extensive “Know Your Customer” KYC and due diligence processes, they could provide “directly verifiable data” that the customer could provide to third parties or use verifiable credentials in order to onboard new customers.

We interviewed one of Rabobank‘s Blockchain Specialists, David Lamers, about the work they have been developing regarding Self-Sovereign Identity.

Innovation in Banking: Mortgage Application

Another use case that Rabobank believes can bring added value to customers is in regards to Mortgages.

Mortgage flows require a lot of time and documents from several different sources. Most of those documents are not verifiable. Self-Sovereign Identity would allow for the direct verification of that data and the source.

Digital Identity for HR in Banking

Rabobank also wants their employees to be in control of their own data.

Reusing “certificates or assessments they achieved or did at Rabobank everywhere else. Therefore we do projects in order to save certificates, diplomas, trainings and employment credentials”. They believe this innovative technology would “drastically improve employee onboarding times”.

Access Management in Banking

Identity and Access Management Softwares (IAM) are used by companies to authenticate, authorize, manage and create a central repository of their users/employees.

Whenever a new employee is onboarded into a company, a whole new set of accounts has to be created. A lot of different accounts. From a simple email account to databases, servers, AWS or even Slack. 

Once this employee leaves, all these accounts have to be revoked as they were created: manually one by one. One instance of a not properly revoked credential can open the door for vulnerability. As a malicious former employee can access the company’s network and steal data.

Through the use of Self-Sovereign Identity the user would be onboarded on all the different services using his own credential or one created by the company. One that the employee would store on his identity wallet. On the moment of revocation, only one credential would have to be revoked to cut access to all of the accounts.

Self-Sovereign Identity could also be an innovative technology for the Identity and Access Management space by improving the audit trail. For compliance reasons, these enterprise softwares register a log of user access for fraud prevention. Though the method through which that log is created – sometimes a text file – is of concern as privileged users could modify or delete logs for nefarious reasons. Blockchain, due to its immutable nature, could be a prime use case for access log security.

Innovation in Banking: GDPR Compliance and Data Portability

A private and secure digital identity reduces the level of bureaucracy and increases the speed of processes within organisations by allowing for a greater interoperability between departments and other institutions.

But if this digital identity is stored on a centralised server, it becomes a honeypot for hackers. Looking to breach it and leak it in order to misuse the personal details there contained. A centralised storage of identity is then a liability to the organisation.

A personal data breach – such as the CAPITAL ONE case – may result in huge fines due to privacy regulation infringement or simply due to customer trust loss and consequential damage to the organisation’s brand.

Also, GDPR implemented the right to data portability. Previously, companies could “lock-in” customers by shutting their access to their personal data. Now, each user has the right to get a copy of the data each company possesses of him.

Self-Sovereign Identities would facilitate this transfer of data and its consequent sharing with other parties. An innovative technology that gives the user the freedom to share what he wants with whomever he wants.