In the battle for your digital identity, the banks do have some advantages. But they need a strategy, because the technology, business and social roadmaps are not as stable as they seemed.
This article asks if there is a specifically British problem with identity fraud, what with identity fraud being something like half of all fraud in the UK. Actually, I don’t think there is, but read on…
A recent victim had a fraudulent bank account opened in her name using details obtained from a photo of herself holding her driving licence – originally posted (doubtless in celebratory spirit) on Instagram.[From Invasion of the scammers: why is Britain so vulnerable? | News | The Week UK]
Sounds like the rigorous KYC, AML and ATF (customer due diligence, or CDD) procedures being enforced by banks are really working, doesn’t it? No wonder AML costs for UK banks were up by more than a half last year. But it isn’t a UK problem. It’s global, there’s no doubt about it.
Police say the male thief and his accomplices went right across the parking lot to Chase Bank, where they got a $10,000 cash advance using Martha’s credit card and license. The next day, they got a moving violation on the freeway and showed police Martha’s license. When they failed to show up in court, the DMV suspended Martha’s license.[From Revealed: Tricks Thieves Use to Steal From You in Supermarket | NBC Southern California]
So the gazillions spent on CDD can’t stop a male thief from getting cash from a bank using a female victim’s driving licence and credit card. Amazing. You would think that there was a point to banks demanding to see your driving licence (not only banks – I was asked for photo ID when buying a coffee in Starbucks), but there really isn’t, because they have no way of verifying it. They just photocopy it and put it on file so they can tick the box and prove they have complied with CDD. They haven’t really ID’d you.
In fact, the issue of ID, and which ID you might have to show in order to effect any particular transactions is particularly fascinating to me. I anticipate a balkanisation, a move away from a universal ID to ID’s that are specific to communities, to transaction types and to services. Speaking at the Tomorrow’s Transactions Forum a couple of years ago, “Long Finance” author Gill Ringland said that she thought that in the era of the C50 there would be a new asset class around demographics, because the ability to live in particular cities would be very valuable: my Woking ID might be more valuable than my British Passport. In fact it already is in one respect: a British passport doesn’t count as ID at Woking library because it doesn’t show that you live in Woking so I had to come home to get other ID to go back and get a library card.
But back to identities. In countries without identity cards, such as the UK and the US, I suppose it is reasonable to expect that people can open back accounts using photographs taken from random strangers’ Instagram streams. But in countries with an identity card, surely it is very different. Oh, wait…
Fake cards are commonly used to hide ill-gotten property and gains from banks, purchase multiple sets of property in cities were owning more than one home is illegal and let citizens enjoy increased health care and social benefits at school and work[From Shanxi police chief has 8 false identities, 7 fake names | ChinaHush]
Just the people of South Korea have discovered, having a centralised state-mandated universal identity doesn’t fix the problem. Identity is broken, people. Broken.
So. Where next?
Who might provide the useful, practical, workable, secure, trusted, specific identities that are specific to communities, transactions and services? Well, one obvious candidate class is banks. The Euro Banking Association’s Working Group on Electronic Alternative Payments published an opinion paper on Digital Identity back in May. It was called “From check-out to check-in” and it is rather good. It specifically calls for:
- The unbundling of the banks’ valuable authentication services from payments. (This is what we used to call NPA, or “non-payment authentication” when we were doing studies on it for our clients about a decade ago.)
- Enabling controlled (by customers) availability of valuable information, somewhat along the lines of the SWIFT “Digital Asset Grid” (DAG).
- Setting up and positioning digital identity services towards the market, which is where there is a focus of interest amongst some of our clients right now.
Now, as anyone with even the most casual acquaintance with Consult Hyperion’s thought leadership activities in the field for the last decade will attest, this is hardly a new idea. We have been consistently advising our clients in this direction for some considerable time.
Adrian’s comment about banks getting into the digital identity business hits the nail on the head from my perspective. Dave Birch talks about this all the time and he is right.[From The Financial Services Club’s Blog: Why can’t banks behave more like IT companies?]
So it’s interesting to ask: why now? Why are banks suddenly interested in the world of digital identity again? Not only at the European level. In the UK, for example, Barclays’ decision to join OIX (a not-for-profit trade association in this space) alongside Google, Experian, the Cabinet Office and others served to flag up the potential for banks to be big, big players in the future environment.
Forget current accounts and savings bonds. Britain’s high street banks believe their future role will be as repositories of more than just money: they want to be the safe place where customers store their digital identities.[From Banks want to keep your digital ID in their vaults – FT.com]
I agree with this vision, as it happens. I think the idea of some sort of “Financial Services Passport” is a good one, and a good place to start (in fact in my role as Chair of the techUK Payments Group I’ve been chairing some discussions about precisely this idea) but I would expect this to be only one of the range of identities that banks could offer.
Trying to develop a roadmap in this area is, however, not straightforward. A couple of years ago, I guess we would all have agreed that “top down” identity — whether from banks or government — was the inevitable way forward. But now we have social networks, mobile phones and Bitcoin. Yes, Bitcoin. The impact of Bitcoin will not be a digital gold standard. It might not even be payments. In his much-linked talk at Le Web, the well-known venture capitalist Fred Wilson said that “we have allowed Google and Facebook to become our de facto identity services” and he predicted that a “Bitcoin-like” identity protocol will arise in the future. Interesting. In other words, for Bitcoin as for everything else, identity is the new money. There’s so much happening it’s hard to know where to begin to formulate business strategy.
These are just the sort of issues that will be discussed at the Tomorrow’s Transactions Digital Identity Unconference, jointly organised by Consult Hyperion and Barclays, to be held on 25th November 2014 at the Barclays Accelerator, 69-89 Mile End Road, London E1 4TT.
I’m sure readers are familiar with the concept of our Tomorrow’s Transactions unconferences: instead of a succession of pre-determined Powerpoint presentations, it mixes stimulating thought pieces from relevant industry observers with discussion sessions selected by the delegates themselves on the day. The goal of the event will be to help professionals in the finance, payments and related industries to explore the future of the identity space while engaging with the startups in the Barclays Accelerator to stimulate new ideas and encourage cross-fertilisation and inventiveness around identity.
I don’t know what the delegates will choose to discuss and debate on the day, but I would expect topics to include the UK Identity Assurance Programme, Barclays joining OIX, ApplePay and secure online transactions, FIDO and new authentication technologies, biometrics, personal data stores, online anonymity and pseudonymity, data protection and population-scale identity solutions. There will be a range of delegates from different backgrounds — including a number of startups from the Accelerator — and we hope the mixture will be something special, hence the experiment.
Taking part in the discussions will be (amongst many others)
- Douwe Lycklama from our friends at Innopay. Douwe will give a short introductory talk about the EBA paper followed by an onstage Q&A to help get delegates thinking.
- Members of the techUK working group looking at the intersection of payments and identity
- David Rennie and other members of the Cabinet Office IDA team;
- Barclays folk from a number of different departments, and
- A variety of other interesting people with wide and well-informed views.
The day will begin with that kick-off talk and on-stage interview to set the scene. Following on, the delegates will note down the topics that they would like to discuss and these will be organised into sets of parallel sessions. Delegates are then free to join in any, all or none of the discussions. The points raised in the discussions will be captured and reported.
As always, the unconference will be limited to 100 people to ensure that everyone gets the chance to contribute, to question and to learn. The cost is a nominal £10 and all ticket proceeds from the event will be going to Crossroads Care Surrey, a charity that provide respite for carers. See http://www.crossroadscaresurrey.org.uk to learn more about their great work.
The logistics are being handled by Gloria Benson of Consult Hyperion. The programme is being handled by me and Simon Taylor of Barclays, so if you have any ideas for sessions, topics, games or a place for a beer afterwards, please don’t hesitate to get in touch.
P.S. If you want to register like the cool kids, you can send me the £10 by Bitcoin instead of by PayPal. Just use this code…
See you on the 25th!