Skip to content
CCG Insights

Insight

  • Insight

What Role Will Financial Institutions Play in Digital Identity?

What Role Will Financial Institutions Play in Digital Identity?

What Role Will Financial Institutions Play in Digital Identity?

 

Photo by rawpixel.com from Pexels


When you go through security at the airport, you prove your identity by showing a document such as a driver’s license or passport, along with your face, to the security agent. This is known as two-factor authentication — something you have (the document), and something you are (your face). But online, you are more often asked to produce one factor, something you know — your username and password.

But something else we know is how careless the large technology companies are with storing these credentials, unencrypted, accessible to thousands or millions of people. As a consequence, it’s becoming common to opt into two-factor authentication online, which typically involves use of the mobile phone. But two-factor authentication is not universally used, and is an imperfect solution.

The problem of proving that we are who we say we are online is as old as the Mosaic browser, and indeed, anonymity is often a virtue of online behavior, for good and bad reasons. A great deal of software has been developed to allow users to privately view content and avoid surveillance, but users also face friction in authenticating themselves in order to use needed services, from their bank’s website to the online portal of their health insurance provider. Flashing a driver’s license doesn’t cut it. Nor do biometrics, which are siloed on various devices and not universally accessible.

Users end up with fragmented identities and means to authenticate proliferate confusingly. The average smartphone user has 80 apps installed on his phone, and each may have a unique username and password, at least according to best practices, and each has a store of data about that user that is being shared or sold to other services. User data is leaking all over the internet, and the originators of that data, the consumers themselves, have ceded control of their personal information to a large number of self-interested organizations.

Two financial services companies, Mastercard and PayPal, have taken steps forward to help consumers get a handle on the situation. PayPal joined a Series A investment round in Cambridge Blockchain, a company whose stated mission is to help users control their online identities:

“As part of the investment, PayPal’s first in blockchain, the company is exploring how it might use Cambridge Blockchain’s platform to let its users prove who they are while still preventing personal information from being unnecessarily shared. Think Facebook login, but where the users have control over who gets to see the information used to prove who they are.”

Cambridge Blockchain is beginning its work with the 600,000 citizens of Luxembourg. The company recently completed a course in an accelerator sponsored by PayPal in Luxembourg, and PayPal maintains an office there.

Vinny Lingham, CEO of the identity management firm Civic, elaborated on how blockchain can be used to protect user data:

“Blockchain technology introduces new ways to manage and simplify that personal data. A consumer’s verified identity can live on their mobile device. That verified identity could be used to anonymously authenticate consumers, meaning no username or password is needed to create or login into an account. That verified identity could also be shared on-demand to prove identity at a bar or gain access to an office building. It is unlikely you leave that house without your smartphone, and blockchain lets us turn your device into a secure access mechanism, both in-person and online….

“The first step in creating mobile identity solutions is making who you are about ownership, not information. If you apply for a credit card online, you do not have the opportunity to actually prove who you are. You enter your name, address, social security number and with that information, the company runs a credit check to access your creditworthiness. Yet, you never have to prove ownership over the information you shared. Ownership is assumed. Combining biometrics and identity introduces the idea of ownership. You cannot share data if your biometrics do not show ownership of that data.”

Mastercard has partnered with Microsoft to provide something similar, also using blockchain or distributed ledger technology, and sees banks as trusted gatekeepers:

“Mastercard envisions a platform in which consumers have control of their identity information and it is stored locally on their devices, rather than in a centralized system that Mastercard would need to defend. The ID would be set up through a bank or other participating institution that already holds identity information about the individual. And people would manage their enrollment and interact with their universal ID through that institution’s secure mobile app.

“‘It’s a consumer-centric model for digital identity that gives consumers control,’ says Ajay Bhalla, president of cyber and intelligence solutions at Mastercard. ‘It will securely bind a person’s identity to their smartphone or any other device, and the idea is that this will unlock new and enhanced experiences for people as they interact with businesses and service providers.'”

Europe is leading the way in data protection with GDPR, but the U.S. may not be far behind. California has enacted a data privacy law that experts believe will provide a minimum standard for other jurisdictions, notably New York, to follow and expand upon.

But the regulatory landscape so far lacks coherence on this issue. Courtney Stout, chief privacy officer for S&P Global, said yesterday at the Empire Startups Fintech Conference in New York, “Every regulator is involved in privacy. There is no cohesive message.” This means consumers and the institutions serving them are likely to be presented with a patchwork of guidance from multiple regulatory bodies rather than a simple standard.

Financial institutions need to be alert to the advances being made in their own space, particularly when Mastercard has said explicitly it expects banks to take part in such a system. And following the technological advances, as always, will come the regulation. Those already in place in Europe and parts of the U.S. are likely to be replicated, affecting bank customers everywhere.

Reliance on edge security such as smartphone manufacturers is an additional risk that will need to be confronted. Phone number porting is a disturbingly common attack that the telecommunication companies have done an inadequate job addressing. Until a better solution appears, consumers need to be vigilant in controlling their mobile phones and other factors commonly used in authentication, such as email addresses.


Subscribe to CCG Insights. 

You Might Like These, Too

Fintech Is Vital to the Future of Banking, Regulators Agree

California and Europe Privacy Regs Pressure FIs and Finserv Organizations

It’s Time To Talk to Regulators About Fintech

It’s Time To Talk to Regulators About Fintech

Fintech App Downloads Don’t Equal Engagement

Fintech App Downloads Don’t Equal Engagement

Fintech Funding Reached New Heights in 2018 But Where Are the Partnerships with Banks

Fintech Funding Reached New Heights in 2018, But Where Are the Partnerships with Banks?

Leaders in Bank Consulting

About CCG Catalyst
Latest Insights
CCG

PHOENIX • NEW YORK • LONDON • SINGAPORE

Phone: +1-480-744-2240  • Contact Us

© 2023 CCG CATALYST CONSULTING. Privacy Policy & Terms of Service.
Request a Call Back
Linkedin Twitter
Subscribe
to our Insights
Subscribe
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT
BANK
FINTECH
FUSION
  • About
  • Services
  • Insights
  • Fintech
  • Research
  • Team
  • Contact
  • Press
  • Careers
  • Events
  • RFI / RFP
  • Terms
  • Privacy
Linkedin Twitter Search
Subscribe for Insights

CCG INSIGHTS FOR BANKS, FINTECHS, AND CREDIT UNIONS

The Fed, Real-Time Payments, Alexa and Apple P2P, Part of Payment Revolution
  • Weekly digest of what's new
  • New research snapshots
  • Exclusive access to banking and fintech research
  • Industry news
  • Invitations to webinars and webcasts