Leveraging the payment networks for immunity passports

COVID-19

As if lockdown were not bad enough, many of us are now faced with spending the next year with children unable to spend their Gap Year travelling the more exotic parts of the world. The traditional jobs within the entertainment and leisure sectors that could keep them busy, and paid for their travel, are no longer available. The opportunity to spend time with elderly relatives depends on the results of their last COVID-19 test.

I recognize that we are a lucky family to have such ‘problems’. However, they are representative of the issues we all face as we work hard to bring our families, companies and organizations out of lockdown. When can we open up our facilities to our employees, customers and visitors? What protection should we offer those employees that must or choose to work away from home? What is the impact of the CEO travelling abroad to meet new employees or customers, sign that large deal or deliver the keynote at that trade fair in Las Vegas?

It is no longer unusual for a company in the City to regularly test its employees before allowing them to work in their offices and support the additional costs of their commute avoiding public transport.

Billions are being invested in vaccine research and tests to confirm that we have the antibodies to protect us and those with whom we interact. But will that be sufficient? Will it allow you to visit your relatives in the care home, sit inside your favorite restaurant, work in close proximity to your colleagues and/or travel without the need to quarantine for 14 days when you arrive and/or return?

Experience would suggest that over the next year or so a variety of vaccinations and tests will be released, which will work to a greater or lesser extent. The question will be: ‘is the vaccination, or test, recognized by the venue (and their insurers), or country, which you are trying to enter?’

For some organizations, the fact that the COVID-19 tracing application on your phone turns green, will be sufficient. Others will only recognize specific vaccinations and tests and will want to check that the immunizations are still valid. Both will be concerned by the availability of fake immunity certificates. Thus, in parallel with the medical developments, we have to implement a robust and efficient method of sharing and remotely validating the immunity certificates or passports that they will deliver.

Those of us who regularly travel in North Africa and South America are used to handing over our yellow International Certificate of Vaccination or Prophylaxis (ICVP), with our passport, to prove that we had yellow fever vaccine. This program, which is governed by International Health Regulations, could provide the governance framework for the operation of the COVID-19 immunity passports.

Over the last few months, Consult Hyperion has proven that the contactless payment networks, which allow you to use your credit or debit card anywhere in the world, can also be used to share and remotely validate your COVID-19 immunity passport.

Our idea is that anywhere you can use your payment card you can also validate that you have the required immunity to enter the building or country. As with your payment transaction, an organization can choose whether or not to accept your immunity passport based on the:

  • Issuer of the immunity passport
  • Vaccinations and/or tests administered
  • Date when the vaccinations and/or tests were administered
  • Potential that the passport is a fake or you are not the genuine passport holder

If required, the organization can also revert to the issuer of the immunity passport to check there and then that your passport is still valid.

The consumer experience delivered by the immunity passport is similar to that of a contactless, Apple Pay or Google Pay transaction. The immunity passport is stored in a secure application in your smartphone or biometric smartcard. When asked to prove your Immunity Status you use your fingerprint to authenticate yourself to your phone/card and then touch your phone/card to a contactless reader. An application on the reader validates your immunity passport and passes only the required information to the restaurateur, owner of the care home or office or border control officer.

From the international community’s perspective, the payment infrastructure over which the immunity passports are shared and remotely validated is in place, proven and robust. It is supported by a raft of rules administered by PCI, which protect the security of personal information, at rest and in flight, within the system. There is an active marketplace for cheap, certified readers, operating secure protocols, which offer Contact Free validation of the immunity passport away from the classical point of sale locations. These include mPOS and SoftPOS solutions which allow a standard mobile phone to be used as a contactless payment terminal, and ruggedized terminals used to validate tickets in high traffic areas, such as the entrance to sports arenas and concert venues.

While the world waits to see if the science supports the ability to establish immunity to COVID-19, and society works through the implications of immune people being able to avoid restrictions which apply to others, we technologists need to prepare the infrastructure that will allow people to share and validate immunity passports.

One of the things I love about working at Consult Hyperion is that we regularly come up with, and deliver, ideas that significantly impact people’s lives – contact and contactless payment cards (worldwide), M-PESA (Kenya), Open Loop Transit Ticketing (London) and more recently SoftPOS (London), just to mention a few. Something tells me that immunity passports will be the next. If you are interested and would like to help deliver the network that will allow life to return to something close to ‘old normal’, please let me know.

Counterintuitive Cryptography

There was a post on Twitter in the midst of the coronavirus COV-19 pandemic news this week, that caught my eye. It quoted an emergency room doctor in Los Angeles asking for help from the technology community, saying “we need a platform for frontline doctors to share information quickly and anonymously”. It went on to state the obvious requirement that “I need a platform where doctors can join, have their credentials validated and then ask questions of other frontline doctors”.

This is an interesting requirement that tell us something about the kind of digital identity that we should be building for the modern world instead of trying to find ways to copy passport data around the web. The requirement, to know what someone is without knowing who they are, is fundamental to the operation of a digital identity infrastructure in the kind of open democracy that we (ie, the West) espouse. The information sharing platform needs to know that the person answering a question has relevant qualifications and experience. Who that person is, is not important.

Now, in the physical world this is an extremely difficult problem to solve. Suppose there was a meeting of frontline doctors to discuss different approaches and treatments but the doctors wanted to remain anonymous for whatever reason (for example, they may not want to compromise the identity of their patients). I suppose the doctors could all dress up as ghosts, cover themselves in bedsheet and enter the room by presenting their hospital identity cards (through a slit in the sheet) with their names covered up by black pen. But then how would you know that the identity card belongs to the “doctor” presenting it? After all the picture on every identity card will be the same (someone dressed as a ghost) and you have no way of knowing whether it was their ID cards or whether they were agents of foreign powers, infiltrators hellbent on spreading false information to ensure the maximum number of deaths. The real-world problem of demonstrating that you have some particular credential or that you are the “owner” of a reputation without disclosing personal information is a very difficult problem indeed.

(It also illustrates the difficulty of trying to create large-scale identity infrastructure by using identification methods rather than authenticating to a digital identity infrastructure. Consider the example of James Bond, one of my favourite case studies. James Bond is masquerading as a COV-19 treatment physician in order to obtain the very latest knowledge on the topic. He walks up to the door of the hospital where the meeting is being held and puts his finger on the fingerprint scanner at the door… at which point the door loudly says “hello Mr Bond welcome back to the infectious diseases unit”. Oooops.)

In the virtual world this is quite a straightforward problem to solve. Let’s imagine I go to the doctors information sharing platform and attempt to login. The system will demand to see some form of credential proving that I am a doctor. So I take my digital hospital identity card out from my digital wallet (this is a thought experiment remember, none of the things actually exist yet) and send the relevant credential to the platform.

The credential is an attribute (in this case, IS_A_DOCTOR) together with an identifier for the holder (in this case, a public key) together with the digital signature of someone who can attest to the credential (in thsi case, the hospital the employs the doctor). Now, the information sharing platform can easily check the digital signature of the credential, because they have the public keys of all of the hospital and can extract the relevant attribute.

But how do they know that this IS_A_DOCTOR attribute applies to me and that I haven’t copied it from somebody else’s mobile phone? That’s also easy to determine in the virtual world with the public key of the associated digital identity. The platform can simply encrypt some data (anything will do) using this public key and send it to me. Since the only person in the entire world who can decrypt this message is the person with the corresponding private key, which is in my mobile phone’s secure tamper resistant memory (eg, the SIM or the Secure Enclave or Secure Element), I must be the person associated with the attribute. The phone will not allow the private key to be used to decrypt this message without strong authentication (in this case, let’s say it’s a fingerprint or a facial biometric) so the whole process works smoothly and almost invisibly: the doctor runs the information sharing platform app, the app invisibly talks to the digital wallet app in order to get the credential, the digital wallet app asks for the fingerprint, the doctor puts his or her finger on the phone and away we go.

Now the platform knows that I am a doctor but does not have any personally identifiable information about me and has no idea who I am. It does however have the public key and since the hospital has signed a digital certificate that contains this public key, if I should subsequently turn out to be engaged in dangerous behaviour, giving out information that I know to be incorrect, or whatever else doctors can do to get themselves disbarred from being doctors, then a court order against the hospital will result in them disclosing who I am. I can’t do bad stuff.

This is a good example of how cryptography can deliver some amazing but counterintuitive solutions to serious real-world problems. I know from my personal experience, and the experiences of colleagues at Consult Hyperion, that it can sometimes be difficult to communicate just what can be done in the world of digital identity by using what you might call counterintuitive cryptography, but it’s what we will need to make a digital identity infrastructure that works for everybody in the future. And, crucially, all of the technology exists and is tried and tested so if you really want to solve problems like this one, we can help right away.

Strong Consumer Authentication with Gloria Hunniford, Gold Membership and Gary Munro

I was relaxing watching the marvellous BBC programme “Rip Off Britain” the other day. It was a live episode [online here] featuring the noted and venerable British television celebrity Gloria Hunniford. The subject of the programme was bank security and it featured Gloria herself investigating how she was ripped off by bank fraudsters. Basically, a woman who looked nothing like her used a fake driving licence to withdraw more than a hundred grand from her Santander account.

‘It was easier for four strangers to access my money than it is for me!’ Rip Off Britain’s Gloria Hunniford slams bank security after frauds stole £120,000 from her account 

From Rip Off Britain’s Gloria Hunniford slams bank security after frauds stole from her

The bank teller involved was initially suspected of being part of the fraud and was prosecuted but acquitted on the grounds that she hadn’t the slightest idea who Gloria Hunniford was. Fair enough. It would be like prosecuting me for being unable to pick Kim Kardashian out of a police line up.

It’s easy to make fun of bank security (as I have) but there is a real problem behind this story. A bank doesn’t want to annoy good customers but it has to have security in place to at least mildly inconvenience fraudsters if nothing more. And the bank security has to cope with all sorts of circumstances. What if you drop your smartphone down the toilet? I’ve done that. And here’s another good example.I once ran out of petrol in my car. So I called the AA (I’m a Gold Member of that, too) and

they told me that they couldn’t bring petrol because it’s against health and safety regulations, so they towed me to a garage. I filled up the car, wandered in to pay and… discovered I’d left my wallet at home. (Not the first time I’ve done this.). Having thought about it, and left the car keys with the clerk at the filling station, I phoned my bank. It turned out that there was a branch a few minutes walk away, so I set off to find it. On the phone, I answered some security questions, and when I got to the branch there was (if memory serves) £30 waiting for me. Hats off to Barclays.

From Taxis, Boris Johnson and another step closer to VC Day | Consult Hyperion

Now, I don’t remember what those security questions were, but I’m pretty sure that a determined fraudster would know the answers or know how to talk themselves round them. But I do want to live in a world where when I forget my wallet I can till get some cash out the bank!

One problem, in the Gloria Hunniford case, is that asking a customer to present a driving licence as proof of identity is the kind of “security theatre” that I was talking about in Sydney this week as a guest of the lovely people at Australia Post.

The bank clerk has no way to know whether the driving licence is real or not, so asking for it and looking at it is like taking part in a play about security where everyone is an actor who knows their lines but there is no actually security involved at any point. Surely this is one of the crucial differences between old identity and new identity, between dumb identity and smart identity, between analog identity and digital identity.

Had the bank digital identity interacted with the customer digital identity rather than the clerk interacting with the bogus Gloria, then there would have been mutual verification and real security. Imagine what the conversation at the counter could be…

Bogus Gloria Hunniford (BGH): “Hello, I’m Gloria Hunniford and I’d like to withdraw £150,000 from my account”.

Santander Bank Clerk of the Future (SCF): “Certainly Madam, let me check your Financial Services Passport.”

At this point, she pulls up the details of Gloria Hunniford’s account on her screen and the system sends a message encrypted using Gloria Hunnford’s public key. This is sent to the Santander app on Gloria Hunniford’s mobile phone.

BGH: “Sorry my phone was carried away be a seagull on the way to the bank so I don’t have my Financial Services Passport”.

SCF: “No problem Madam, we have a spare phone here.”

The bank clerk picks up the branches’ spare Samsung S7 and runs the Santander app. She puts in the Gloria Hunnford’s sort code and account number and when the app asks for verification, she holds it up and asks “Gloria” to log in using face verification (or voice or iris or whatever).

BGH: “Ah, unfortunately, I tripped over a paving stone yesterday and smashed my face into a Ford Focus. Due to my emergency plastic surgery, I’m afraid I will fail the face verification process”.

SCF: “That’s no problem Madam, we can re-enroll you. Please come back with your fingerprints, your voice and a barely legible photocopy of a gas bill from six months ago”.

Now, there is some actual security, because the real Gloria Hunniford will see a message pop up on her phone about authorising a withdrawal at the Santander branch and she will either hit the “no” button or the “no, and please connect me to the  whitehall1212.police.org.uk emergency fraud chatbot so that I can alert the plod to a crime in progress”.

Look, the banks in Europe have to implement Strong Consumer Authentication (SCA) anyway, so why not implement properly so that you can authenticate yourself the same way whether on the phone, in the branch, browsing the web or mucking about with your phone? I imagine this is the sort of thing that my colleague Gary Munro will be talking about on 9th November 2016 as he is one of the experts taking part in the techUK seminar on strong authentication in PSD2. You’d be mad to miss it.

“Knowing Me Knowing You, Ah–Ha !” – Strong Authentication in PSD2

From TechUK

The fact is that if we really want to replace security theatre with some actual security, we have the technology. 

 

The WEF blueprint for digital identity – the middle way

The World Economic Forum (WEF) has just published their report on “A Blueprint for Digital Identity”. It begins with a disclaimer from “Deloitte”* saying that “This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business”. But what’s the point of reading a report that isn’t going change any decision or action that you make? I think quite the opposite: you should read the document and make the decision to have a strategy towards digital identity and start to explore different scenarios covering how it will affect your business right away.

First, let me admit that I was excited to see that WEF/Deloitte* have finally caught up with Consult Hyperion’s thinking on this kind of thing. Back in 2008, I wrote that:

Banks ought to be looking at both providing and consuming identity services and developing better identity and authentication services not merely for their internal use to reduce phishing and pharming but as a line of business in an online society. They are the obvious category of institution to provide credentials, manage personal information and deliver identity into the marketplace.

From Digital Identity: I’m sure banks have a strategy for this kind of thing

The WEF report says that “There is a strong business case for Financial Institutions to lead the development of digital identity systems” and goes out to categorise these are cost reduction, new revenue opportunities and transformational new models (i.e., outside core banking). I agree that it’s important to look at the saving money and making money opportunities in this way because in any bank that I’ve spoken to about this sort of thing, it’s been clear that the saving money business case has to stack up before there will be any investment.

As for the blueprint, the report suggests three approaches, – the institution, the consortium, the industry – which I paraphrase here:

  • A single institution could create its own system, focusing on cost saving but with limited potential for further adoption (but I think ”ChaseID” would struggle against “AppleID”);

  • A consortium could create a co-opetition infrastructure along the lines of the payment networks (some sort of financial services passport);

  • The financial services sector as a whole could create some form of industry identity utility that could be used to deliver “wholesale” identity services (I could get gas, electricity and identity all from the same retailer);

I’m rather in favour of the middle option as I think it delivers immediate improvements to the day-to-day transactions of modern life and it is, above all, feasible. But what exactly would it implement? The model of identity transactions that the WEF present (page 43), which divides identity transactions into authorisation, attributes and authentication is I think a little too narrow. The model we use at Consult Hyperion (“Three Domain Identity”, or 3DID) provides a better platform for discussion and exploration (but then I would say that wouldn’t I) because it makes the relationships between identities, attributes, credentials and so on more explicit.

3D Domain ID with FIDO

When it comes to discussing archetypes (or “marketectures”)  that will make sense (page 62), the use of the 3DID model makes it easier to understand the different options but considering who will control each of the domains. If, as WEF recommend, it is the financial institutions who control the Digital Identity and they link this to a variety of Mundane Identities from different sources and well as to a potentially large numbers of Virtual Identities (where credentials are held, essentially) it gives them a pivotal role. This might be in a federated structure, where each banks holds its own KYC and makes it available to other banks, or some other options. However it’s done, the authentication (proving you control the digital identity) is another matter.

One of the reason why I have such an interest in the “middle way” WEF blueprint is that I’ve been part of a techUK working group looking at this since 2014.

A ‘financial services passport’ refers to an aspirational digital identity, issued by UK financial services providers, and mutually recognised across the financial services industry.

From Workshop: Towards a Financial Services Passport

Such a passport would not only be used for financial services and for the benefit of financial institutions. It could be used to improve all sorts of services that desperately need a proper identity infrastructure. It could with internet dating, protecting people on twitter from trolls, access to adult services and other “sharp end” applications of digital identity that would be transformational not only for bank revenues but also for consumers in the mass market. The solutions to the big, immediate problems in these areas come not from the digital identity itself but from the virtual identities built on top of it, because the virtual identities are a way to communicate attributes rather than identity.

So what might banks do with your identity once they’ve got it safely locked away in their vaults? Well, one idea, particularly popular with me, is that they might give you a safe, pseudonymous virtual identity to go out an about with.

From Tired: Banks that store money. Wired: Banks that store identity | Consult Hyperion

The idea of strong pseudonymity is particularly appealing: a pseudonymous virtual identity with a bundle of credentials attested to by regulated financial institutions should be more than enough for almost all day-to-day transactions. This would allow for a new tranche of what economists call “incentive functions” to be created by banks, encouraging transactions where none would have taken place otherwise.

But back to the WEF report. In conclusion, despite my preference for our model (!), when it comes down to it, I think that the middle way (the consortium approach) is the place to start and I strongly agree with the principal recommendation of the report, which is that (page 101) “Implementation of a digital identity system should follow a bottom-up approach”. What the WEF calls “natural identity networks” I might be very tempted to label”communities”. So let’s create identity solutions for communities (starting with the financial services passport for the retail financial community of customers, providers and regulators) and find ways to interconnect them rather than trying to think up some kind of top-down “World ID” for the communities to implement.

* “Deloitte” refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients.

Identity and inclusion, an ongoing case study

America is a strange country to foreigner such as myself. And one thing that is particularly strange about it is the constant demand for identification in a society that lacks an identity infrastructure. The most obvious manifestation of this, as I’ve written before, is that when I am asked for identification (in order to get into a building in America, for example) I can present documents that the security guard cannot conceivably verify or validate (e.g., my UK driving licence) or documents that are not identity documents at all (e.g., my expired building pass for our office in New York) and gain entry. This is, as is often remarked, security theatre not security. It’s like a play about security where we all say our lines and play our parts but there’s no actual security involved at all. When it comes to identity, there’s definitely something odd about America.

Buying an assault rifle is easy. You need not show formal identification… Opening even the most basic bank account is far more arduous. The process begins with a rigorous ID check…

From It’s easier to buy an assault weapon than open a bank account. Really. – The Washington Post

Now, I don’t want to get into the madness of KYC/AML here as that’s not the point I want to make, although I will flag up the fact that America has something in the region of a hundred million unbanked people. The point I’m making here is that I don’t understand why we can’t implement a universal risk-based approach for “small” accounts in order to get people into the financial system (not necessarily through a bank account, of course). In Europe, we have a very interesting case study unfolding in front of us right now.

When Anas Albasha arrived in Germany after fleeing Syria in late 2014, one of the first things he tried to do was open a bank account. “In Germany you need a bank account for everything,” he says.

From Without German bank accounts, refugees are stuck in limbo – FT.com

Indeed. Rich Germans and people smugglers might well keep their cash in 500 euro notes, but poorer law-abiding Germans use debit cards and direct debits. If you don’t have an account, you have no access to the infrastructure of daily life. And, in my opinion, if you keep everyone out because one or two of them might be terrorists, then you don’t get to track, trace and monitor the terrorists anyway. Hence the German plan to give refugees a sort of provisional identity so that they can enter the financial system makes complete sense.

But it has been a struggle to persuade banks, which have to verify their customers’ identities, to open accounts for refugees. The heart of the problem is documentation. “Many refugees arrive in Germany without a passport or ID card; that’s just the way it is after the journeys they have been through,” says Katharina Stamm, an expert on migration law at the charity Diakonie.

From Without German bank accounts, refugees are stuck in limbo – FT.com

In September 2015, the Federal Financial Supervisory Authority (“BaFin”) relaxed the KYC requirements for refugees so that they could gain access to formal financial services.

With immediate effect and for a transition period, refugees will be able to open a basic account even if they cannot produce a document satisfying the passport and ID requirements in Germany.

From BaFin – News – BaFin makes opening bank accounts easier for refugees

Later last year, in October, the German government went further and passed a law requiring banks to offer these basic bank accounts to refugees. Unfortunately, and despite that law coming into effect in June of this year, “

Germany’s anti money laundering law still contains a clause that effectively requires a passport or ID card to open an account.

From Without German bank accounts, refugees are stuck in limbo – FT.com

Incidentally, we have the same problem here in the UK because the only ID document that refugees have is the Biometric Residence Permit (BRP) and many bank staff refuse to accept this as an ID document for opening an account. As the British Banking Association point out, “banks have to undertake thorough checks before opening accounts in order to comply with strict anti-money laundering rules”. Once again, as in Germany, it is AML rules trumping KYC rules. And I don’t want to point the finger as to the origin of the problematic AML rules, but the Centre for Financial Inclusion do note that it might be better for society to have people inside a system where they can be monitored and risk managed. 

Lower [KYC] requirements also means that governments concerned with international security (particularly the U.S.) must determine how they will mitigate the risk of new financial services innovations.

From Financial Inclusion and Immigration in Europe – Disrupting Identity Norms | Center for Financial Inclusion blog

I’m writing about this because I’m in Ivory Coast for the International Finance Corporation (IFC) and MasterCard Foundation conference on “Partnership for Financial Inclusion”. I was here to keynote about risk management for digital financial services (and how “fintech” and “regtech” can help) but I’ll definitely be hoping to learn more about the relationship between identity and inclusion from the experts here. 

IFCMCF2016 Q&A

I’ve already had a couple of pretty interesting discussions about the idea of building “bottom up” (i.e., attribute-driven) identity to help with inclusion and the relationship between such identities and those KYC/AML issues discussed above. I’m genuinely curious to know what you all think about this stuff – please get in touch – and how some of this thinking might connect with initiatives such as Identity 2020.

Payment competition and banking in a post-PSD2 world

I happened to be talking about access to payment infrastructure (something I blogged yesterday) at a client event yesterday, and got involved in a discussion about how the fintechs might begin to work with banks in the new world of PSD2 and mandatory APIs. This has been subject of great interest to me at the recent Money 2020 Europe (with top, top players like Shamir Karkal from BBVA and Alex Mifsud from Ixaris explaining why the move to APIs will mean a big shift in the delivery of banking services) and other recent events. Generally speaking, and this is a sweeping generalisation, I think there has been a shift in European bank thinking in recent times. They well understand that if they do nothing, then in the instant payments, API-centric, PSD2 world they stand to lose significant income. The outsourcing company Accenture, for example…

estimates that the new new breed of payment initiation service providers will erode 33% of online debit card transaction volumes and 10% of online credit card transaction volumes resulting in a total market share of 16% of online retail payment volume by 2020.

From Banks set to lose 43% of retail payments revenue under PSD2

So the Payment Initiation Service Providers (PISPs) stand to capitalise on the new arrangements (if the banks do nothing, of course). What kind of services might they provide? Well, an obvious example is integration with social media. If you look at the use of instant payment “overlay services” (as they call them down under) in the UK (PingIt and PayM) it is far less than the use of, for example, Venmo in the USA. And Venmo doesn’t deliver immediate settlement (it works through the debit card networks). In the last quarter of 2015, Venmo transferred $2.5 billion. In January 2016 alone it transferred $1 billion. So why is it so popular? It’s the integration with social media. Just over half the users are 18-24 and half the payments relate to food and drink sharing! On a US college campus, “I’ll Venmo you” has entered the lexicon. In the UK, “I’ll PingIt you” has not. Paym is growing steadily, but it is still only transferring about £12 million per month.

Venmo 1Q16

So now imagine, post-PSD2, a combination of the immediate availability of funds like PingIt and Paym with the social media integration of Venmo. It will be a wholly different payment experience. I’ll give you an obvious example. My wife and some of her friends are planning a weekend break in August. They do this through a Facebook chat group. But when it comes to settling up for hotels and air fares, everyone has to log out, e-mail everyone for their bank details and log in to home banking and set them up as payees, then make the payments. Then everyone else has to log in to their bank accounts to see if the money has arrived and that it is the right amount. In 2018, however, it will all be different. Facebook will be integrated with instant payments through APIs so that it can function as a PISP. When my wife gets a message to say that she owes her friend £100 for her air ticket, or £25 for her share of the dinner, or £10 for the tickets to a show, then she will put money into her return message just as she adds emoticons today. Under the hood, Facebook (which of course knows the bank account of the person you are sending a message to) will initiate an instant payment and within a second or so her friend will get a message to tell that the money has arrived. Remember, Facebook already do this is in the US through debit cards (like Venmo).

It’s not all about payments though. The other category of organisation with direct access to the bank account, the Account Initiation Service Providers (AISPs) also stand to benefit from bank inertia. The row about “screen scraping” in the US adumbrates similar pressure for bank strategies in Europe.

JP Morgan Chase CEO Jamie Dimon is incensed about fintech startups like Mint, Acorn and Bloom “scraping” his customers’ data

From Banking App Competition; Why OTT “Skinny Bundles” Fail | AdExchanger

I’m sure his experienced strategists will be quick to reassure him that third-party access to bank accounts (the data is the customers, not the banks, of course) ought to be seen to be an opportunity for JP Morgan Chase to develop some terrific new products and services. The reason why customers of JP Morgan Chase use Mint is because JP Morgan Chase do not provide a suitable, better product for them to use instead. Mr. Dimon, as a champion of free enterprise, would surely object to organisations building walled gardens and using regulatory barriers to defend them. If Facebook or Amazon provide a better financial services app for customers to manage their JP Morgan Chase accounts, then good for them.

In fact, it seems to me, that this is a very likely outcome of rational market evolution. I buy my electricity from whichever supplier offers the best deal for our household. When I change suppliers, I don’t need to change my TV. When I change banks, why should I change my digital wallet if I don’t want to? With a standard API, might personal finance management (PFM) app and my wallet app and my social networks will all access my bank account, whatever my bank. And if I change banks, whatever.

So… what makes sense for banks? Why bother making the wallet or PFM apps? Why not instead provide the best possible API to people who are better at making these apps. Why bother with PingIt and PayM? Why not instead provide the best possible API for PISPs to use. Why bother with fancy applications at all? Why not instead provide identification and authentication services (through APIs of course) that all of these other apps, APIs and services will depend on. After all, if I’m going to give Facebook access to my bank account then Facebook need to be pretty sure that it’s actually me and I need to be pretty sure that it’s actually Facebook. My bank is a rather obvious middleman here.

DCSI Schematic v2

All of which leads me to suspect, as I have mentioned before with tedious regularity, that the banks should focus on what the Euro Banking Association call the “non-mandatory, non-payment APIs”  (as shown above) as a basis for strategic advantage and get together to agree a digital identity infrastructure and a common set of digital identity APIs. Nothing to it, really…

The blockchain won’t make everything better, but it might make identity better

A friend of mine went to open a savings account with a UK building society. She had had an account there for more than 20 years, but wanted (for purposes of administrative convenience) to have a separate account to put cash in for her son’s college money. Armed with a passport, she went to her local branch only to be told that the would have to go home and come back with a copy of a recent utility bill — because her passport was not a proof of address (I think) — which, naturally, she couldn’t be bothered to do. So she went home and opened an online savings account with her bank, which did not ask for a copy of a recent utility bill and just had to put up with the several days delay in transferring money from the old to new account. This is not to complain about the building society. The nutty rules are government KYC/AML/ATF rules, not the building society’s. But what seems odd to me is that while people like my friend are being annoyed and inconvenienced about an account that will hold something in the region of five or six grand maximum, actual theft and money laundering appears to continue at a grand scale. The cost and inconvenience for the little people is not part of the equation. My old chum Matteo Rizzi raised a similar point about the tremendous worldwide waste of money there is in not doing much about money laundering and related crimes.

Yesterday I had to go to a notary to notarise my utility bill to proof my address for a company in our portfolio, which bank asked (rightly) for KYC … And I am ALREADY a customer of that bank.

[From I miss Three Things in Fintech today.. | Matteo Rizzi | LinkedIn]

On the one hand, this sort of nonsense is funny and provides useful anecdotes to support conference presentations, but on the other hand it makes me wonder what the point of these rules is, particularly the rules around AML. I’ve written before about the lack of cost-benefit analysis around the unelected and unaccountable Financial Action Task Force (FATF) rules and I’m certainly not the only person questioning the approach.

Though the regulations have limited impact on criminal activities, they still cost money. Tracking illicit money flows requires a considerable bureaucracy. Enforcing the regulations cost an estimated $7 billion in the U.S., and probably far more.

[From Why the World Is So Bad at Tracking Dirty Money – Bloomberg Business]

The amounts of money spent on KYC are still rising and may be about to get even higher. Still, I suppose, at least it means that fraudsters cannot open bank accounts any more. No, wait… according to the Cifas, the UK’s fraud prevention bureau the number of bank accounts opened using stolen or fictitious identities doubled last year. Doubled. The public end up paying for this, in more ways than one.

In the best of cases, anti-money-laundering efforts are likely to do no more than raise the cost of transactions. A system that misses all but a fraction of a percent of criminal financial flows is almost guaranteed to miss terrorism finance in particular, which involves very small sums

[From Why the World Is So Bad at Tracking Dirty Money – Bloomberg Business]

HHhhhmm. So no impact on money laundering and no impact on terrorism. Yet the costs continue to spiral out of control. As do the fines associated with non-compliance (see chart). Barclays has just been fined $100m+ for customer due diligence (CDD) failures relating to a multi-billion dollar fund deal back in 2011. I’m not picking on Barclays by choosing this example, it just happens to be in the news today. It does, however, help to make a useful point about the spiralling cost and complexity of CDD.

At one point, the clients agreed with Barclays to make a change to the Trust Deed, which related to who ultimately got a pay-out from the transaction and under what circumstances the beneficiary could be changed [but eventually] it gave up trying to check who would or could get paid by this mammoth transaction.

[From FCA fines Barclays for financial crime failings on ‘deal of the century’ – Business Insider]

This is the sort of thing that shared ledgers ought to end forever in a world of ambient accountability. The idea that a regulated financial institution would be able pay money to person or persons unknown would be consigned to the database of history. And, of course, it would certainly be possible to construct a translucent consensus computer system (of which a replicated distributed shared ledger might be an excellent example) in such a way as to partition knowledge of identities: in other words, the trading bank might not know who owns a particular wallet (for example) but it would know for sure that another regulated financial institution does and, more importantly, that regulators can find out if needs be.

fom_panel

There was a panel about this sort of thing at the San Francisco Future of Money and Technology Conference last week. The kind people there had invited me on to a panel to discuss issues around the blockchain and identity with StellarR3CEV and MaidSafe [video]. It was actually Paige Peterson from MaidSafe who raised the point about partitioning, and she was spot on: this is a fundamental mechanism for managing identity in a connected world. Incidentally, during the panel I drew the distinction between taking external identities (such as a passport or driving licence) and storing these in a shared ledger and “growing” identities on a shared ledger. Top down versus bottom up identity or, as my old chum Giyom Lebleu tweeted during the panel, uppercase identity versus lowercase identity. I really like this useful characterisation and will undoubted start using “ID” vs “id” in presentations henceforth! Anyway, it was a very thought provoking discussion, so many thanks Joyce, Tim, Paige and chairperson Dan for a great panel.

Connecting is getting easier, disconnecting is getting harder

After I’d been blathering on at some event about how connecting things up is really but disconnecting them is really hard, someone sent me a link to a story illustrating an amusing case of the unexpected consequences of connectivity. A woman found out her husband was cheating on her with nanny because he had photos and texts on his iPhone, which was linked by iCloud to her iPad.

Gwen Stefani apparently discovered Gavin Rossdale was cheating on her after discovering some explicit texts and photos on the family’s iPad.

[From A guide on how to not let an Apple device ruin your marriage – NY Daily News]

I didn’t know who Gwen Stefani was, so I went off to goggle her on my skyper (as England’s greatest living poet, John Cooper Clarke, would put it) hoping that she might be a junior minister at the Home Office or an executive a technology company, but it turns out she’s a pop singer. Oh well. There’s no reason to expect pop stars to understand Apple’s settings any more than I do, so I put the story to one side. Until this morning, that is.

This morning I went through my browser history to try and find a page about a workshop that I was supposed to be going to. I couldn’t remember the name of the workshop, but I knew I’d been to the web site in the last day or two so I opened up my browser history. And found hundreds of web sites dealing with carpet remnants.

My wife and I are a very traditional couple. We share everything. It’s in our marriage vows. The bank account, the speeding tickets, the browser history. And we don’t have a nanny. So I don’t care about my wife seeing my browser history and she doesn’t care about me seeing hers. The reason I mention this episode though is to make a point: connecting things up is getting progressively easier, but working out who should be able to access what and when and under what circumstances is becoming increasingly complicated.

In fact, I’m tempted to say that it’s becoming so complicated that it will soon be beyond human comprehension. When I take a photo with my iPhone, I already have literally no idea where it will end up, and why some photos show up on my laptop and others don’t is completely baffling. (Although I have noticed that when I actually want to find a photo that I can remember taking a few months ago, I can never find it.)

Today it’s your photos, tomorrow it’s your financial transactions, soon it will be your identity that is unpredictably smeared through the interweb tubes with predictably chaotic results. Time for some thinking about identity partitioning and permissioning: more soon.

Shared ledgers might not disrupt payments, but identity

Thanks to Marc Hochstein from American Banker for pointing me to this video of the Stanford Blockchain Workshop that he chaired in March. If you are interested in the subject of blockchains, identity and reputation then put your feet up get a cup of tea and enjoy watching some really smart people introduce a lot of really interesting concepts.

Panel: Casey Fenton (Sovolve / Couchsurfing), Patrick Deegan (ID3/OMS), Primavera De Filippi (LOVE), Muneeb Ali (Onename)

[From Stanford Blockchain Workshop (March 2015)]

These people are on to something. And they are not the only ones. A similar gathering of the great and good (how come that classification never includes me!) on Richard Branson’s island came to a similar conclusion, highlighting identity as one of their four key application areas for the blockchain.

We discussed that the identity stack is a core application for the blockchain, it’s a critical piece for further development and needed for a trusted information economy system.

[From Richard Branson’s Necker Island And The Blockchain Summit (Part 2) | Vancouvered Weblog]

Bearing in mind that I always interpret the word “the blockchain” in these circumstances to mean “some sort of shared ledger that will probably be permissioned in some way”, I think they may be right.

So our identities could be verified by reference to a series of our blockchain transactions. For privacy and security reasons, each blockchain transaction should be coded so as not to give away much information about the transaction itself.

[From The Fine Print: Of #Blockchains And #MultiFactorAuthentication]

This kind of idea deserves serious examination. The idea that I might demonstrate some attribute to a third party by demonstrating ownership of a transaction output on a blockchain is interesting, especially when combined with smart contract stuff. It’s an exciting field. There are companies like Shocard and OneName already active in the space and new ones coming along all the time. For many of our financial services clients, radical reduction in the costs of identity-related compliance are a much higher priority than some marginal reductions in transaction costs.

I think we can begin to speculate about the use of a permissioned ledger to hold KYC information and the merging of auditing and compliance to replace AML “gates” with permanent monitoring of transactions on a blockchain (more on this tomorrow), the restoration of financial services in accordance with the FATF risk-based approach on a per-transaction basis. This would really be a new world, and would be really a revolutionary use of shared ledger technology.


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.