6 minute read 25 Jan 2019
businesswoman using digital tablet counter

How to enable trust and digital identification in Open Banking

By

Hamish Thomas

EY EMEIA Payments Leader and UK Advisory Banking Technology Leader

Transformation leader in payments and open banking. Passionate about technology’s potential to create opportunity and manage risk. Optimistic runner. Film enthusiast.

6 minute read 25 Jan 2019

Show resources

Digital identification will potentially provide a trusted financial services network with simplified customer access to digital products.

Open Banking is an emerging global trend driving increased choice for how individuals and businesses consume financial services. Significant change is expected as the industry adjusts to a digitally-enabled economy, seeking to provide better outcomes for customers and appropriately manage the risk of a new digital ecosystem. An increasingly customer-centric regulatory agenda is compelling institutions to leverage new technologies, and give customers more control of their data and identity in the digital economy.

For a truly integrated digital ecosystem to work, businesses and individuals must seamlessly navigate across ecosystem participants without enduring several similar authentication and onboarding experiences. Developing efficient and effective Know Your Customer (KYC) processes remains a common industry objective. However, harmonizing standards and risk appetite is a frequent stumbling block to industrywide KYC initiatives.

Providing a cross-industry, cross-sector, verified and enriched digital ID will potentially provide the foundation of a “trust network” where customers participate and control their own personal data, with simplified access to digital products and services, and operational challenges for institutions are eased.

Current approach to identity confirmation

Traditionally, identity has been verified through physical documentation that confirms a person or business. Acquiring goods or services historically required face-to-face interaction, so presenting verification documentation did not create a significant burden. Digital channels have increased remote availability of goods and services, but the corresponding identity verification process has largely been left behind. Issues around the failure of identification services to digitize in line with evolving digital channels must be resolved if customers and banks are to realize the promise of an increasingly digital economy.

Why change is necessary

Open Banking, the second Payment Services Directive (PSD2) and General Data Protection Regulation (GDPR) are catalysts for digital developments. These regulations potentially provide customers with more banking choices, control and a competitive banking market that permits third parties to access their financial data for new services, beyond those provided directly by their bank. Financial institutions with compelling products and services within this changed landscape can innovate and grow market share.

The current lack of standardized authentication and authorization mechanisms to acquire new products and services leads to a poor customer experience due to these common challenges:

  • Every new onboarded customer must provide information, leading to time-consuming, repetitive new product application processes.
  • Newly developed products are tied to the creating institutions and are difficult to switch or move around, without repeating arduous onboarding procedures.
  • Increasing levels of private company and personal information to open a new bank account necessitates lengthy forms and supporting documentation.

There are also highly complex and expensive customer onboarding KYC requirements for service providers. Customers face the challenge of trusting new service providers with their personal data. Therefore, an approach that builds customer trust in safely securing their personal information is critical.

Differing requirements for customer data

Service provider onboarding is further complicated by divergent requirements for customer data when onboarding; e.g., data requirements likely differ for property insurers versus personal loan providers. The lack of a reliable method to exchange trusted data between providers presents numerous challenges:

  • Service providers lack visibility into the provenance or veracity of customer data from digital interactions.
  • Difficulty enticing customers to switch or use services from multiple providers without a seamless, pain-free onboarding and product portfolio management platform.
  • High drop-off rate in the account application process.
  • High level of manual effort and operational cost when verifying customer information during the onboarding process.
  • Risk of disintermediation through propositions from third-party providers enabled by FinTech and Open Banking.

Digital identification as a solution

A trust network of institutions and businesses could address these challenges. This network would be linked by a set of shared, digitally identifying data attributes permissioned by the customer, and adaptable to the relationship.

This framework could create a trusted adaptable digital identity, where customers authenticate themselves digitally with service providers, thus removing a key pain point in the onboarding journey. A permissioned, trusted digital identity engenders greater customer trust in institutions, as customers have sole control over their identifying data that institutions may only share based on customers’ comfort levels around security and privacy.

A “core” or digital ID, with the customer’s basic proof of identity information, potentially could be expanded to include additional attributes, enabling an enriched digital ID, with the trusted data required to enable onboarding.

Core digital ID attributes

A core digital ID can serve a number of purposes. It could prove that a customer is who they say they are and contain only static identifying fields (e.g., name, date of birth and biometric data) to verify identity and track the provenance of the digital information. As this information is the same across institutions, a digital ID created by one service provider may be accepted by another, provided an agreed set of standards are adhered to. The level of assurance and core data within this digital ID would enable access to a range of services.

An enriched digital ID

A digital ID that only proves a customer’s identity is useful, but limiting. Both the Level of Assurance (LOA) that a digital identity provides and the identity attributes it attests to will impact the services it enables.

Core digital IDs with LOA Level II (when moderate risk is associated with erroneous authentication), Level III (where a substantial risk is associated with erroneous authentication and identity proofing procedures are dependent on verifying identity information) and Level IV (when substantial risk is associated with erroneous use and face-to-face authentication is required) are good services for tracking static customer information (i.e., name, gender, date of birth). However, the range of services that can be accessed using a digital ID is not solely predicated on the level of assurance that the static data provides.

Many attributes to access financial services require transient or temporally sensitive pieces of information to perform requisite due diligence and provide access. Greater value can be delivered by enabling an enriched form of digital identification and facilitating the sharing of a digital ID across a trusted network.

The outcome of introducing a digital ID

Establishing an enriched digital ID to exchange trusted data between ecosystem participants will lead to a better experience for business and retail customers and financial institutions. Customers will no longer face lengthy and frustrating onboarding processes, with face-to-face and paper verifications of their identity. Collaboration among customers and institutions will grow Open Banking ecosystems and reduce operational costs for onboarding and KYC. A shared approach to enriched digital identification also will provide collective risk management, reducing the ability of bad actors to access public and financial services, and reducing the likelihood of fraud and cybersecurity breaches for customers.

In summary, providing a cross-industry, cross-sector, verified and enriched digital ID can potentially build a “trust network” where customers participate and control their own personal data, with simplified access to digital products and services. It would deliver operational and revenue benefit to financial institutions and other “trust network” participants, improve access to and adoption of digital financial services, and ultimately encourage growth of the digital economy.

Adapted from an article originally published in International Banker.

Summary

As Open Banking acts a catalyst for digital change, banks have an opportunity to innovate and grow their market share. Digital identification has the potential to provide the foundation of a “trust network” where customers control their own personal data, with simplified access to digital products and services. In this new environment, operational challenges are erased. 

About this article

By

Hamish Thomas

EY EMEIA Payments Leader and UK Advisory Banking Technology Leader

Transformation leader in payments and open banking. Passionate about technology’s potential to create opportunity and manage risk. Optimistic runner. Film enthusiast.