Modern banking and the opportunity in upgrading digital ID

By Aidan McCarty, Co-founder and Co-CEO of Unum ID

As with most industries, the digital revolution continues to transform banking and financial services at breakneck pace. Rapid technological innovation has already reshaped both customer behavior and the market.

Today, four out of five Americans use mobile apps for banking. An estimated 150 million have used a digital wallet at some point in their lives, and digitally native fintechs have started buying up legacy financial institutions. Banking is now online all the time and on the go with every smartphone.

Digitalization and mobilization have enabled a host of impressive new capabilities and business models in banking and financial services. They’ve also caused many new frustrations and threats — and on an enormous scale. Increasingly, those frustrations and threats center on the issue of identity.

Trusted and verified participant identification is core to any financial transaction. But current digital ID mechanisms are laborious, costly, fractured, and ripe for abuse. This presents an enormous challenge for banking and financial institutions and an enormous opportunity.

Daunting Landscape

As digital commerce ascends, so does digital crime; particularly rampant are identity theft and fraud. The Federal Trade Commission reports that identity theft cases more than doubled in 2020. According to a recent Javelin Strategy & Research study, “total combined fraud losses climbed to $56 billion in 2020, identity fraud scams accounted for $43 billion of that cost” aided by increasingly sophisticated digital scam tactics utilizing social media, chatbots, texts and emails to extract and misuse personally identifiable information (PII).

Today, the world addresses this digital identity problem with a fractured set of verification checks that transfer the labor of proof to each individual for each interaction. This is why consumers are constantly asked to fill out forms online, create passwords, complete CAPTCHAs, answer authentication questions, and so on. These now-common processes are repetitive and tedious for users, costly for institutions, haven’t thwarted criminal activity, and produce ever-growing collections of vulnerable PII that effectively compound the problem. One need only reference the latest cybersecurity breach headlines to grasp why things must change. Banking and financial services are uniquely positioned to lead that charge.

Indisputable Opportunity

As Oliver Wyman partner Peter Carroll observes, “banks can assert a powerful leadership position in an emerging field of great importance: Digital Identity.”

The top priorities must be reducing the broad collection of PII and establishing a stronger and more secure one-to-one relationship between a digital identity and a physical person.

Digital identity can be linked to a physical person via secure hardware and biometrics now embedded in smartphones. Using strong multifactor authentication resolved locally on a user’s device (FIDO) eliminates the need for passwords and shared secrets. And with operational prowess in secure customer data management and meeting stringent regulatory reporting and compliance requirements, banks and financial institutions can play a crucial role in productizing the use of that technology to upgrade digital ID.

The ability for an individual to verify their digital identity once with their bank, store that information, and be able to reuse it everywhere would save an excessive amount of time, effort and cost — and present an attractive new line of services that enhance both personal and institutional cybersecurity and strengthen digital ID.

Considering KYC

Banks and financial institutions are already subject to meeting know-your-customer (KYC) regulations. So why not put all that effort to use? Organizations required by law to spend time and money verifying user information could recoup their costs while helping other companies that need access to parts of that data, providing a faster and more secure onboarding experience to their users. And, they can stop collecting information that they neither need nor want to assume responsibility for storing and safeguarding.

With user consent embedded in the process, banks and financial services institutions could issue biometrically secured digital ID cards via smartphone to their users with pertinent KYC data attached. Then, users could present those cards to merchants in a vendor network to instantly sign up for services or create pre-approved accounts, without the need for passwords and without the need to fill out endless forms and offer up hoards of PII.

Imagine a future where every interaction with a new service is as easy as checking out with Apple Pay — two clicks and a biometric — with the security of bank-level verified data-bound to an individual through their smartphone. Such a service could instantly establish proof of residency or constituent identity for government technology platforms, including address, email, and phone verification that can be stored locally and reused within a mobile application.

A service could also supply proof of age, allowing a vendor network to validate that a user meets age requirements without collecting or accessing any other personal information, including actual age or date of birth. This is possible for many use cases and any user/vendor in the network.

Essential implementation details must include local private-key storage on secure hardware (e.g., in a smartphone) for every participant locked by locally resolved biometrics or behavioral authentication. This allows bi-directional authentication of both parties in any interaction without any shared secret such as a password or OTP. And key storage at the edge enables end-to-end encryption, safeguarding sensitive information against any party outside of the direct transaction — including the network itself.

Data must similarly be stored locally and encrypted. Local storage of sensitive data massively reduces risk and unlocks the capacity for explicit, traceable consent from both data issuers and end-users in any transaction.

Such a marketplace for reusable KYC data allows a single verification for access to many services with a simple smartphone and the simple press of a button — reducing user friction, limiting PII collection and storage, and upgrading digital identity for the benefit of all. It’s an opportunity banks and financial institutions shouldn’t pass up.

Aidan McCarty is Co-founder and Co-CEO of Unum ID. Currently revolutionizing commerce and digital identity. With a background in biochemistry and biophysics, I love complex problems, and I hate waiting around for others to solve them. I am a serial entrepreneur, a 3x published researcher, and a public speaker. I leverage my unique skill sets in entrepreneurship, politics, science, and tech to provide value to society. Connect on LinkedIn.