Something similar is conveyed in the proclamation by payments and identity expert Dave Birch in his book “Identity is the new money”, published in 2014: ”Identity and money are changing profoundly, because of technological change, and these two trends are converging so that all we will need for transacting will be our identities…We all need to start planning for the transition to identity-based transactions”.
In 2014 this was visionary, at least to all of us working with digital identity and payments. But today, it is quickly becoming reality and mainstream. Digital identity services are scaling fast, payments are leading the fintech revolution, banking interfaces are becoming open and consumers expect instant and convenient online payments.
# The internet was designed to connect machines, not people
The internet was designed for machines to exchange data, not for people to conduct business. A large part of today’s pain and fraud is down to how we authenticate and create trust between online counterparties. If you don’t know who is on the other side, their word has no value as a bond.
There is a whole industry of fraudsters online. Every year 120m variants of malware are being developed, much of it trying to capture our personal information. Stolen identity is valuable, and can be used to defraud money in endless ways. The cost of identity theft is not limited to direct monetary losses. Privacy is being compromised, trust is being eroded and the benefits of digitalization to society are diminished, all because of identity fraud.
Username and password has for too long been the primary, if not only, choice we had to prove ourselves online. But it has obvious drawbacks both on convenience and security. Several billion data sets are breached per year. Our passwords are in the wrong hands, as is our personal information and payment credentials.
Digital identity solutions can solve many of these challenges. Having a high-security digital identity with 2-factor authentication overcomes most of the problems with simple passwords. A mobile phone is the ideal platform for digital identity – it is always with you, always connected to the network and a mobile number is the leading global identifier through which identification requests can find you. Additionally, smartphones have biometric sensors for convenient transactions and multiple other features that can be used to improve security.
# Digital identity has been slow to grow but is now going mainstream everywhere
First legally recognized digital identity solutions were launched in Finland over a decade ago. Since then, mobile identity solutions have been scaling across the Nordics, the Baltics, Switzerland, Austria South Korea and others. They are taking the first steps towards going mainstream across some of the largest markets globally like China, Germany, UK, and Canada. Driving this proliferation of digital identity is the intersection of fast growth in internet commerce and biometrics on mobile.
Identity solutions come in many forms and shapes but each of them has four distinct functionalities to cover. First is user enrolment, where a person’s identity is verified, authentication credentials are issued, and the user’s identity profile is established. Second is authentication – the action of verifying that the counterparty is in fact the correct, intended person. Increasingly this is done by entering a PIN code or with biometric data – fingerprint, face recognition or iris scan are the most common. If correct, the requesting counterparty receives confirmation of your identity from the Identity Provider (IdP). The third step, transaction authorization, can be separate or combined with authentication. The fourth and final step is processing the authorized transaction. Depending on the use case, processing can mean things like granting access, storing consent or transferring money.
Each of these four steps is currently undergoing rapid development. New regulations are setting standards for enrolling user identities remotely, i.e. online rather than through a face-to-face meeting. Technologies for face recognition, document verification and identity attribute checks have matured to become usable for secure, fast and convenient electronic identity verification at scale across borders. In identity and banking jargon this is called eKYC (eKnowYourCustomer). After establishing strong digital identity, further enrolment is fast, cheap and secure with identity switching.
Mobile phone-based authentication has traditionally used One Time Passwords (from SMS or security token) or SIM-based security keys. These are being left behind as high-security smartphone apps take their place with better user experience, versatility, cost, distribution logistics through app stores and the ability to use mobile phone security capabilities like biometrics.
Development of high-security mobile app-based biometric authentication has been boosted by the need for mobile banking and payments as well as new payments regulation like PSD2. Currently, though, there are still only a few app developers that have a market-proven level of high security and long-time customer references to back it up. Building a true high-security app is a considerable challenge and simply not possible for most app developers.
Combining secure authentication, transaction authorization and instant payment processing fulfils the promise of identity as proxy for money. A simple fingerprint confirmation sends funds to a recipient, often using a phone number as the account identifier. Digital wallet services like PayPal, Apple Pay and AliPay confirm transfers immediately and even these are superseded by instant mobile payment services like Swish in Sweden, Venmo in the USA and many others in which also the money arrives instantly.
# Look into the future of identity and money
Payment is just one type of digital transaction. Most digital transactions do not involve direct money transfer at all – The European Banking Authority (EBA) has estimated that only 20% do. Identity is much bigger than just payments.
Traditionally payment systems integrate authentication and money processing into one service bundle – often with multiple middle-men involved—each taking their cut from transaction value, like in credit-card payments. But this is changing. Payment is increasingly authorized through identity solutions and money transfer is processed separately through whichever payment rails are most efficient for the transaction at hand. The processing is, after all, just data transfer, albeit with high security requirements, and will eventually be commoditized and free. The value in payments migrates to the identity solution, which is better placed to manage the transaction risk. “Your identity is your bond” and it is backed up by your account balance or credit-line. The Identity Provider guarantees that counterparties are correct and insures against identity fraud in transaction.
Looking much further into the future, there is a distinct likelihood that both identity and money itself will become “digitalized”. Distributed identity solutions have compelling advantages for privacy-by-design, but even more importantly third-party certification of user attributes is both cheaper and more secure than using centralized attribute data services.
In a Bitcoin-type world, money could mean reliable stablecoin cryptocurrency holdings stored as security keys in your “identity wallet” that can be transferred as payment to any other recipient wallet with a secure authentication transaction – instantly and for free. Transaction processing automation could be taken further with smart contracts, i.e. by adding executable code on top of digital money. Regulators combating money laundering would have access to an immutable audit trail. Combining digital identity with cryptocurrency provides the security layer – nobody else than the rightful owner can access or transfer money. My identity would become my money.