Open banking today allows users to easily manage their financial accounts and payments with greater ease and convenience than ever before. Customers can now access their financial information and conduct transactions digitally through apps and online services and can even easily transfer money from across borders. However, this advance in technologies and services has also given rise to increased cybercrime and fraudulent transactions. Bad actors leverage these technologies to steal and launder money under fake digital IDs making it almost impossible to monitor and regulate. As fintech consultants, we’ve especially seen this in the payments space, where fraudulent transactions can be extremely costly to identify and correct.
In order to combat this, payments consultants have long recommended implementing strong KYC (Know Your Customer) initiatives that require some sort of physical proof and/or biometric data to validate customer identities. This has since been mandated as part of PSD2, making it a basic requirement of open banking today.
However, KYC puts a strain on the banking establishment, requiring additional proofs to verify identities for transactions, and also creates additional points of friction in the customer experience.
In order to combat this, some new startups are looking at leveraging new technologies (artificial intelligence, blockchain, etc.) in order to simplify this process and create a single core digital ID that can then be used for both KYC and AML. This is supplemented by Strong Customer Authentication standards which require two-factor authentication to ensure clear identification. Implementing this isn’t easy though and requires specialised knowledge and expertise in the fintech consulting space.
How does the core ID help validate user identity?
This core ID though simply proves the customer’s identity through information that is inherently tied to the customer, such as name, date of birth, fingerprint, etc. Therefore, it’s rather limited in scope. This core ID can then be enriched with assigned attributes that may vary depending on the customer’s situation, such as email address, physical address, etc. Finally, further enrichment can be attained through accumulated attributes, such as transaction history, health records and behavioural preferences.
At each level of this process, a score is awarded to the digital ID, assigning it a Level of Assurance (LoA). Broadly, there are four LoAs –
A simple “pass” that authenticates all vital attributes of the ID have been cleared.
“Moderate risk” is assigned to the user, usually because of login failure due to erroneous authentication, possibly due to human error.
“Substantial risk”, signalling that the system should ask for further proof to verify identity.
Elevated “substantial risk” that then requires face-to-face authentication to verify identity.
With Strong Customer Authentication, companies are expected to ensure that three specific factors are taken into account – possession, or something the user owns, such as a phone; knowledge, or something the user knows, such as a PIN; and inherence, or something that intrinsic to the user, such as biometric data.
Why introduce a digital ID?
The benefits of establishing such an enriched digital ID are many. For one, this simplifies the customer experience, ensuring that interactions across the ecosystem are smoother and friction-free. Customers have repeatedly proved to be willing to part with personal information provided they receive a suitably smooth experience in return, and a digital ID would be the first step to such an experience.
The digital ID would also simplify operations, doing away with paper and face-to-face verifications. This deeper collaboration would lead to reduced operational costs for onboarding and KYC, and build a “trust network”, where customers control their own data. Of course, a strong digital ID would also reduce the ability of bad actors to exploit the system and provide collective risk management, thereby reducing the risk of fraud and data breaches.
Some countries have already started implementing digital IDs with great success. Sweden, Norway, Finland and Denmark all have a successful digital identity system used by over 70% of the population. Estonia has made it a national mandate, and all Estonian citizens can use their national IDs to get digital access to all of Estonia’s e-services. What these countries have shown, though, is the ability to establish and adapt digital IDs for multiple use cases when done with the support of both the government and private partners, such as banks.
As expert payments consultants in the fintech space, we’ve been asked to guide our digital transformation clients through the process of developing secure authentication protocols that ensure KYC and AML protocols are adhered to. To know more about how we can help you with your payments consulting needs, contact us.