Inside Capital One’s digital identity strategy
- Banks act as stores of trusted information and identity is core to their business
- Building effective identity solutions requires collaboration and trust among different parties across industries
In an ideal digital world, people would have digital identities and own them entirely, without any one organization — your bank, Verizon, state government, Facebook — controlling all aspects of it.
One reason effective identity solutions haven’t taken shape in the past is the space requires a lot of collaboration among different parties; so far, most efforts have been unilateral, said Matthew Thompson, Capital One’s director of digital business development.
Now Capital One is trying to change that, with a digital identity application programming interface (API) that lets websites and apps authenticate the identity of their customers against the identity information stored by their banks. The bank plans to launch out of its beta mode later this year.
For example, instead of a customer providing her name, address and birthdate when registering a Lyft account, she can enter her Capital One account credentials instead and the bank will share her verified identity information instantly and securely.
“We work hard to put our customers in control of their information and enable transparent exchange and access to it,” Thompson said. “We’re seeing regulation in places like Europe that are effectively driving industry towards [self sovereign identity] as a requirement. We want to be ahead of regulation here by doing what’s best for customers.”
Banks already act as stores of trusted information. They have an identity relationship with millions of customers and can provide a lower friction wave for them to prove who they are online. Many solutions in the market today use things that have relatively low success rates and put the friction on the user to prove who they are, like knowledge-based authentication. Answering questions like ‘Which of the following streets did you live on in 2001?’ is harder to answer than it seems for people in urban areas that move a lot.
The recently revealed identity project between IBM, authentication provider SecureKey and Canada’s major banks — Bank of Montreal, CIBC, Royal Bank of Canada, Scotiabank and TD Bank, as well as credit union network Desjardins — is another example of banks collaborating with networks outside themselves to try to fix the problem. They’re creating an app that allows people to verify their personally identifiable information for services like new bank accounts, driver’s licenses or other utilities.
“You don’t want to trust one entity with all aspects of identity, it’s good to have checks and balances in that system,” he said. “And frankly, all the components that are required aren’t core competencies to any one company providing these services. Identity is core to our business.”
In the U.S., BBVA made digital identity the theme for the ninth edition of its Open Talent fintech competition. The finalists, which were announced earlier this month, will have the chance to work with senior leaders across BBVA and make business connections. Also, USAA has invested in and adopted the technology of ID.me, which lets financial institutions remotely verify customer identities. Thompson cofounded ID.me in 2010 and left eight months ago to join Capital One.
“What’s missing in the ecosystem today is the ability to leverage trust you’ve already established with one party and extend that out beyond the one party,” Thompson said, noting he often uses “trust” and “identity” interchangeably. “Trust shouldn’t live in silos. To be effective with identity requires trust by all parties involved.”