By Paul Dunphy, Research Scientist for OneSpan
In the Netflix series The Crown, a lead character exclaims: “Who wants transparency when you can have magic?” Magic and transparency can be thought of as different extremes of how large and complex institutions try to win our trust. Typically institutions choose “magic” due to the lack of insight they provide, which means we can only hope that they will act in our interest. We often depend on such institutions – but since we can’t trust magic, we need transparency instead.
Today, technology is providing new transparent approaches to identity verification for banks to improve issues with the customer due diligence phase of onboarding. Aite Group found that abandonment rates for financial account opening processes range between 65 – 95%, depending on the product. If this process is not conducted thoroughly, banks could face regulatory action and costly fines. When re-framing this problem from one that banks must solve individually, to one that banks can solve collectively, then new approaches become possible.
Banks can solve problems in identity verification by sharing a live log of data related to identities that have already been verified. Yet this can be difficult to realise, even in the digital age. Pragmatic challenges such as: tracking master copies; resolving version conflicts; and managing concurrent updates, can create an aversion to this type of arrangement due to the risk to the integrity of those records.
Distributed ledgers (blockchains), can help here. Over the years we’ve learnt that:
- You can choose between 1,000 cryptocurrencies at this very moment
- Programming errors in smart contracts will lead to power struggles amongst those who govern public blockchains.
- Realising a truly decentralised ledger is difficult since centralised power structures naturally emerge.
- People spent $4.5M on an Ethereum-based game about breeding cute kittens
- Permissioned distributed ledgers are more than “just” shared databases
- Creating a global cryptocurrency is difficult for many reasons, including fraud prevention.
Given the attention that distributed ledgers have attracted in recent times, it is inevitable that the first forays into applying transparency to solve identity verification problems have used this technology.
Let’s look at two different approaches to how banks can create transparency by using distributed ledgers.
A Shared Log for Identity Verification
If banks are able to co-operate and maintain a shared log of data relevant to identity verification it can help streamline identity verification. KUBE (Know Your Customer Utility for Banks and Enterprises) is a technology that has been proposed by the Isabel group along with Belfius, BNP Paribas Fortis, ING, and KBC to achieve exactly that.
The technology aims to increase the efficiency of onboarding for business customers through a shared log of identity attributes previously checked by member banks. The technical details of KUBE are not yet clear, but the distributed ledger in the architecture will contribute to consensus between each bank on the latest version of the log, along with assuring the integrity and availability of the data. Once customers are registered in the KUBE system, the identity verification performed with one bank is available to another bank with the consent of the customer, who receives the benefit that they only need to verify their identity once amongst that federation of banks.
In this example, KUBE provides a verifiable and transparent log which creates transparency between banks on the network. But, the customer must rely on KUBE to protect the confidentiality of their personal information.
One other option is to re-envision digital identity completely to place the customer on more of an equal footing with banks. Decentralised Identity (self-sovereign identity) is a model of digital identity whereby a user is equipped with cryptographic techniques to create, self-verify, and own a digital identity that is portable between relying parties. Its constituent components are a trustworthy shared log, public key cryptography, and verifiable credentials (now a W3C standard).
Sovrin is one exemplar of this approach and its technology comprises a public-permissioned distributed ledger based on Hyperledger Indy and cryptographic credentials following the W3C standard. For example, after identity verification the customer is provided with a verifiable credential from that bank, which is stored in an identity wallet on the customer’s mobile device. When the customer onboards with a new bank, they provide that credential along with a decentralised identifier (DID) that they use, and prove their ownership of both using properties of public key cryptography. The receiving bank must then check the validity of the credential on the shared ledger. Thus, identity need only be verified once amongst a federation of institutions and the customer retains control over disclosure of personal information.
This area is one of active investigation; as such, there is no product that is ready-to-go. One crucial challenge that requires research is the relationship between user experience and privacy, since in this model customers will inherit new responsibilities and software to use to manage their privacy.
Privacy is Important
Both examples require privacy for both customers and financial institutions. When designing a shared log for identity verification there might be an inclination to start with a minimum viable product that simply pools the personal information of customers. Pooling the personally identifiable information (PII) of customers creates an attractive honeypot for attackers, and a point in the system design where information can be accidently leaked.
In addition, banks have their own privacy concerns. Clearly, we shouldn’t design a system where banks can conduct surveillance on each other. In the design stage of a technology, we must consider how the benefits of transparency can solve new problems, while at the same time, finding acceptable levels of data confidentiality and privacy.
The value of transparency-enhancing technologies such as trustworthy shared logs are subject to a network effect, which means that the value of an application in the financial industry is tightly coupled with the number of financial institutions that choose to use them. The exciting research direction of the future is to investigate how distributed ledgers and transparency-enhancing techniques more generally, can create new applications in banking, and reduce our need to trust magic.
HOW IDENTITY IS SECURELY UNLOCKING THE SME BANKING MARKET
By Mike Kiser, senior identity strategist at SailPoint
Have an identification card in your wallet? With a selfie and a few short minutes, you could have access to a business bank account.
Small and medium enterprises (SMEs) have long been the fuel that drives the global economy, representing around 90% of businesses and more than 50% of employment worldwide. Over the last few years, a range of financial services and platforms have arisen over the last few years to support the banking needs of these organisations. They are often digital natives and are innovating to meet the needs of their clientele.
This innovation provides great ease-of-use and rapid access to credit but also demands a careful consideration of their assumed security approach. The aforementioned scanning of an identity and a quick photo to establish a bank account demonstrates the rising importance of identity in both the consumer and enterprise arenas.
The blurring of the lines between personal and corporate identities (in this case, an individual acting on behalf of a small business) is still in its infancy. Combined with the ubiquity of mobile devices, individuals will tire of maintaining different accounts, different personas, different lives for each activity. Usability will demand that identity be reusable, portable, and secure.
This has massive implications for enterprises and the financial institutions that serve them if they seek to prevent cyber-attacks; thankfully, the same element that presents the security challenge also offers the solution: identity.
A New Vantagepoint
Just as individuals desire a single identity to unify their interaction with disparate parts of the world, organisations can use identity to grant them a single, holistic view of an individual (attributes, access, and behaviour) rather than seeing only a fragment at a time. This is particularly important for these new financial institutions—much of their technology stack is cloud-based, which often leads to splintered security approaches. An identity-based approach must be cloud-aware, and able to distil these complex environments into simple and easily governed infrastructure.
This collectivisation also allows security to use identities in the aggregate: to see what groups of similar individuals exist, what access these groups have, and what their usage of this access typically is. All of this contributes to the establishment of what normal is, whether it’s attributes, access, or behaviour. Once the “normal” is established, then the outliers—the potential threats—may be quickly triaged.
Adaptability: The New Imperative
The recent wave of change has demonstrated that financial institutions and organisations must be ready to adapt quickly to shifts in the environment. Portions of IT staff and services have been furloughed, and adjustments to new realities are essential. An identity approach that learns from the evolution of changes in the previously established areas of normality can grant enterprises the ability to see what is coming next and invest appropriately. Much like a view from an elevated position grants the ability to see beyond the normal horizon, basing a security strategy on identity makes it inherently adaptable.
Identity: Innovation and Security Intertwined
Identity, then, is a foundational consideration for financial institutions seeking to provide services for the perennially important small and medium enterprise sector. By eradicating barriers to entry that have historically kept financial organisations and enterprises apart, it is driving rapid adoption and a growing market for innovative banking. At the same time, it shows the path forward to securing those new services in a pre-emptive, adaptable way.
Now if you’ll pardon me, I must go open a bank account for my next start-up—from my mobile.
OPEN BANKING: ARE CONSUMERS KEEPING AN OPEN MIND?
Last September, the European Union’s regulatory requirement for banks to open up their payment accounts via application programming interfaces (APIs) came into effect. Since then, open banking has taken centre stage within European retail banking and payments. In this blog, Elina Mattila, Executive Director at Mobey Forum, shares insight into how emerging consumer attitudes may impact open banking services in the coming months.
It has been over six months since the revised Payment Services Directive (PSD2) came into full effect and with it, required banks to allow third party providers to access payment initiation and account information. While the regulation was designed to facilitate open banking, the market demand was uncertain. Would we, as consumers, choose to embrace the new services enabled by open banking? And if so, under which conditions?
To understand consumer attitudes, Mobey Forum and Aite Group partnered on a pan-European study to determine the appetite for open banking services amongst 1000 consumers in Finland, France, Germany, Spain, and the United Kingdom. The study, launched in November 2019, revealed many important consumer trends and attitudes, including key priorities and potential barriers for adoption.
Consumer appetite for change
The consumer benefits of open banking are largely perceived to be compelling, yet this counts for little if the providers of those services are not deemed trustworthy. This is an observation reflected in the study, which highlighted consumer confidence in service providers as critical to open banking adoption. People want clear visibility of who is managing their finances, and the overwhelming majority (88%) would prefer their primary source of open banking services to be their main bank, as opposed to other banks or third-party providers (TPPs).
Consumers also indicated high levels of trust in their current bank of choice, reflected by 77% preferring to use a financial product comparison service offered by their main bank. By enabling customers to compare the pricing and conditions of a range of financial products on the market, they feel more comfortable that banks have their best interests at heart. This is a welcome trend, and one which should be celebrated in the aftermath of the 2008 financial crisis. For the banking industry to have rebuilt trust levels in this way bodes well for consumer adoption of future innovations.
With a trusted provider, one third of consumers were then either ‘very interested’ or ‘extremely interested’ in integrating open banking services into their financial routine. This applied to specific use cases: account information services (32%), pay by bank (33%), purchase financing (25%), product comparison (35%) and identity check services (35%). Unsurprisingly, consumer willingness to adopt these services relies heavily on providers continuing to prove that they can be trustworthy stewards of personal data.
For those unwilling to adopt open banking, concerns largely focused on reservations around security and privacy. As open banking becomes more sophisticated, it will be interesting to analyse the nuances around how consumers engage with third parties. Established brands are perhaps more likely to be trusted by consumers than lesser-known online retailers. For this reason, consumers may hesitate to engage newer companies than brands they are already familiar with. In an industry as varied as finance, this creates additional intrigue in the ongoing battle for market share between the newer ‘challenger’ banks and the older, more established European banks.
Consumers might, however, be willing to deprioritise trust and, instead, favour convenience and usability. When questioned over their willingness to adopt a new payment method, for example, 91% of respondents indicated that they could be tempted to switch either by financial incentives or the promise of greater convenience.
The path forward
While open banking is still in the relatively early stages of development, it has made significant progress in a very short period of time. Not only is it allowing consumers to share financial data with authorised providers as they wish, but it is set to spark more competition and innovation within the market.
From a business perspective, open banking is expected to create lucrative new revenue streams, particularly for companies which are able to innovate quickly and react to consumer demand. It is prompting consumers to reconsider how they manage their finances and – most excitingly – it’s not even close to reaching its full potential. It should bring a whole new era of service partnerships between banks and TPPs, which will enable a new generation of innovative financial services.
For the industry to truly fulfil its potential, it is vital that stakeholders are able to explore new business models, innovations and changing customer expectations for open banking in a commercially neutral environment. Mobey Forum’s open banking expert group provides exactly this, and we look forward to supporting our members as they shape the future of digital financial services.
Where to find out more
The opportunity for open banking is explored in more detail in a report by Mobey Forum and Aite Group, entitled Open Banking: Open Minds? Consumer Appetites for New Banking Services. It provides banks and other financial services stakeholders with a market view on consumer appetites toward new open banking services and explores the possible roadblocks to consumer adoption. It is also discussed in a podcast featuring key representatives from Interac, Erste Group Bank and Strands Finance.
AI: CUSTOMER FACING EMPLOYEES’ BEST FRIEND IN THE FINANCIAL SERVICES INDUSTRY
By Ryan Lester, Senior Director, Customer Experience Technologies at LogMeIn We’ve all heard the old saying “money talks.” Well...
HOW IDENTITY IS SECURELY UNLOCKING THE SME BANKING MARKET
By Mike Kiser, senior identity strategist at SailPoint Have an identification card in your wallet? With a selfie and a...
FIVE REASONS WHY YOUR BUSINESS’ PROCUREMENT TEAM SHOULD BE USING A CONTRACT MANAGEMENT SYSTEM
By Daniel Ball, business development director at Wax Digital Even in today’s digital-first environment some businesses are still storing...
EXEGER – CHANGING THE PERCEPTION OF POWER
FINASTRA GLOBAL SURVEY SHOWS APPETITE FOR OPEN BANKING PICKING UP PACE WORLDWIDE
86% of global banks surveyed are looking to use open APIs to enable Open Banking capabilities in the next 12...
STOCK MARKET ANALYSTS DISCUSS HOW TO INVEST DURING A RECESSION
Online tool looks back at how world markets recovered after the last recession in 2008 Analysts take learnings from previous...
PROTECTING YOURSELF AGAINST A RECESSION
James Turner, Director at Turner Little The coronavirus outbreak has spread to businesses, leaving many around the world counting...
LIBERTY BANK REINFORCES ITS FRAUD STRATEGY TO FURTHER PROTECT ITS CUSTOMERS
Liberty Bank, the third largest bank in the Georgia, has reinforced its fraud strategy to address the rising volume of...
COMMERCIAL FINANCE SPECIALIST IGF NAVIGATES THE LOCKDOWN
Leading independent commercial finance specialist, Independent Growth Finance (IGF), entered the lockdown after a record-breaking financial year came to an end in March. In April, it was accredited by...
COVID-19 WILL BE THE TIPPING POINT FOR DIGITAL TRANSFORMATION IN PROCUREMENT
Seven in ten organisations in the UK say the global pandemic has increased the need for procurement to digitally transform...
TRIO OF NEW REGIONAL DIRECTORS HEAD UP TIGERWIT’S GLOBAL EXPANSION
Following the release of their record revenue for the last financial year, award-winning online trading platform, TigerWit, has strengthened their...
SECURING THE EVIDENCE FOR VAT AND TAX
Filippa Jörnstedt, Senior Regulatory Counsel at Sovos Businesses are almost entirely digital in their nature. With sophisticated technology now...
TIPS TO PROTECT YOUR CASHFLOW DURING THE COVID-19 PANDEMIC
By Rita Cool, Certified Financial Planner at Alexander Forbes Financial Planning Consultants The full impact of the COVID-19 pandemic is...
RETAILERS WHO OPEN THEIR DOORS WILL NEED EXTRA HELP
With thousands of retail stores given the green light to open in the next few weeks the government needs to...
LEADING BANK IN TURKEY USES ONESPAN’S MOBILE APP SECURITY SOLUTION TO HANDLE DOUBLING OF DEMAND FROM COVID-19
OneSpan’s scalability helps DenizBank protect millions of mobile banking users as the coronavirus pandemic drives massive increase in hacking attacks...
KASKO PARTNERS WITH VIVIUM TO LAUNCH FULLY DIGITAL BIKE INSURANCE IN BELGIUM
Vivium, a member of the P&V Group, turned to the InsurTech provider to build an omni-channel and bilingual insurance product,...
THE STRATEGIC ALLIANCE BETWEEN MINSAIT AND AURIGA WILL PROVIDE AN INNOVATIVE OMNICHANNEL PLATFORM FOR A SUPERIOR BANKING EXPERIENCE
Minsait, an Indra company, and Auriga have reached a strategic agreement that will strengthen their position in the digital transformation...
INFORMAL PUBLIC TRANSPORT: FRONT-LINE MOBILITY HEROES
By Devin de Vries, CEO, Where Is My Transport Every week, 5 billion commuters in emerging markets have no...
FIXING THE FLAWS IN FINANCIAL SERVICES’ DATA MANAGEMENT
Simon Cole, CEO at Automated Intelligence, a cloud-based data compliance and governance solutions provider to the financial services sector, warns FS...
FROM MANUAL TO MACHINE LEARNING: HOW TO APPROACH THE RECONCILIATION ‘PROBLEM’
By Christian Nentwich, CEO at Duco At the start of 2020, before the global coronavirus pandemic changed the world,...