identity crisis FinTech

Blog: Are we heading for an identity crisis in FinTech?

Are we heading for an identity crisis in FinTech

Banks are, or are fast becoming, digital businesses and the customers they are competing for are “always on” – used to services accessible from any device and tailored to individual preferences. This brings its own set of problems, not least of which is verifying a customer’s identity online.

Establishing if someone is who they say they are in today’s virtual world is a major headache for banks and fintechs, thanks to the strict regulations they operate under and the difficulty in providing non-physical, verifiable forms of identity.

Consumers are demanding mobile first, digital services, and financial service providers need to meet stringent KYC processes that are rooted in a physical world at odds with today’s digital consumer. If this security process means popping into the branch or copying a 20-digit code from a SMS to an app, customers simply won’t buy it.

For fintech challengers, keen to steal business away from established providers, it needs to be simple for prospective customers to access and use their services, and, crucially, to trust them as much as current providers. Without this trust it won’t matter how innovative the service or how slick the mobile experience is – customers will stick with who they already have faith in to keep their details safe.

We can see this effect in action – security has improved beyond passwords and mother’s maiden name-type questions, but at the expense of convenience. Over 40% of applications for financial services products are abandoned. The current approach to identity doesn’t fit with either the shift to digital or the increasingly global nature of financial markets.

ID proliferation in the post-password era
The market has begun to address the issue. Major technological breakthroughs are being made such as new biometric techniques – skull-produced sounds will soon supplement fingerprints and facial recognition; projects such as HSBC’s voice recognition service; and use cases like consumer ID credentials stored in Apple Wallets, are all part of the effort to solve one of the biggest problems in tech: “how do I prove who I am, simply, securely and digitally?”

Organisations like Google, which announced Project Abacus earlier this year, are developing proprietary solutions that banks and other players can use to authenticate customers. Industry bodies like FIDO and the GSMA are creating standards designed to govern how IDs are managed and individuals are authenticated. At the same time regulators are mandating that providers enable strong authentication as part of PSD2 and eIDAS efforts to harmonize the single market in Europe.

While these efforts are important to addressing this issue, the mix of proprietary, industry and public policy approaches have created a plethora of different technologies, standards and alliances with only one clear result: confusion.

There is currently no “killer” identity solution. For every service, whether it’s online banking, insurance, online shopping, government eIDs or something else, a different ID is being used.

An identity crisis?
Everyone understands that the reliance on passwords cannot continue, and that existing authentication approaches sacrifice usability for security. However, creating multiple authentication methods is not the solution to consumers having to remember and manage multiple passwords.

With financial institutions and fintechs desperately seeking a solution to the problem, and consumers suffering from password/PIN fatigue, the solution is simplicity, ubiquity and scale, not more fragmentation. There needs to be a common approach or underlying infrastructure that solves the following problems:

  • Usability – consumers need a fast, simple and consistent method with minimal friction, across channels, markets and service providers.
  • Security – with fast changing regulation and increased threat from fraudsters, the approach must be ‘banking grade’ to offer providers and individuals peace of mind.
  • Scalability – consumers want to be able to use the same method and ID credentials across service providers and markets, and providers want to be able to use the same system across all channels and countries to grab market share.

Unless addressed, the identity crisis will mutate into market inertia. Providers will wait for the right solution to adopt and throw their weight behind. Meanwhile consumers will resist shifting from passwords and PINs until a better alternative is in place.

Enter digital identity
A different approach is needed – one that tackles the core problem: how can a consumer establish an ID credential that can be used across multiple services, standards and technologies?

For this to work in any sort of ubiquitous, scalable manner we must first create a single, robust digital ID and determine how it can be passported across services and markets. The irony is that almost every consumer has at least one trusted digital identity – either government or industry scheme – that could provide the answer. For example, Scandinavia has BankID, Estonia has ID kaart and the UK has GOV.verify.

So rather than reinventing the wheel, financial service providers should use the existing public and private eID infrastructure that is gathering pace across Europe and beyond. The trick will be pooling them together into one central area so that they can be used across multiple geographies, multiple providers and for multiple purposes.

A federated approach
Rather than making their customers go through onerous KYC processes, organisations in regulated markets, such as financial institutions, can use existing customer credentials via an ID hub. Customers can register and use services quickly and simply, and financial service providers can accelerate expansion, boost market share, accelerate regulatory compliance and potentially capitalise on some of the enormous investment already made in KYC.

The financial services sector is undergoing the biggest transformation in its long history. Regulators across the globe want to open the market to competition and enforcing ever-stricter legislation. Meanwhile revenues are declining, cyber-attacks are increasing, and fintech challengers are competing on services that were traditionally the preserve of established banks.

Digital identity has the potential to be the foundation from which providers can create better, digitally-native services that are highly secure yet easily accessible to new and existing customers regardless of where they are. Without a new approach, all financial providers will be paralysed by the identity crisis.

By Gunnar Nordseth, CEO, Signicat

gunnar nordseth signicat

CEO Signicat, Gunnar Nordseth

Gunnar Nordseth has more than 20 years of experience with information security, PKI and digital identity, and has since 2006 been CEO of Signicat.

Posted in Blog.