Data

What it will take to make digital identity real

  • To achieve a digital identity system, banks need better ways of designing trust into identity verification services and clarity on who owns customer data
  • Privacy and security are paramount, but a bank can only make those measures as good as their level of customer convenience
close

Email a Friend

What it will take to make digital identity real
The biggest problem with digital identity is that it's just a pain in the ass. As banks, governments and e-commerce giants try to solve the issue of customers having account overload and password amnesia, the problem becomes that security is just inconvenient: there are so many required security specs for passwords and so many different passwords to remember, it's just easier to create an easy-to-remember password and use it for everything -- and at the end of the day, if an account is hacked, the bank can just return the money. No big deal. Passwords are how customers identify themselves for every service they use. They know the system is hackable but still entrust companies their data, even if they don't actually trust them. Fixing the system means there has to be a single identifying entity that people trust, that has an established history of collecting and holding personal information. Banks are the best positioned to do so, but trust has to be part of the process of designing identity verification services and it should be clear who owns customer data and what happens to it. “The use of digital identity will exceed the use of physical identity when more digital identity solutions emerge in the market -- that’s what’s lacking today,” said Matthew Thompson, director of digital business development at Capital One, which launched a digital identity application programming interface (API) this week that lets websites and apps authenticate the identity of their customers against the identity information stored by their banks. “We have to design for trust in the solutions: trust with the relying party or business partner that they can trust the assertion we’re making, and trust with the consumer that they want to use or share the information in this ecosystem. When those things come together you'll see digital identity exceed the use of physical identity.” Who has my data? Collecting customer data is in the interest of the customer, banks (or any company, really) will tell you. By doing so, banks say, they can improve their products and services. Knowing more about customers -- their preferences, routines, where they save and when they splurge -- helps them personalize their offerings and deepen connections with customers, which makes them feel even more comfortable granting the banks even more of their data. Right now, it’s not clear who owns customer data, whether it's banks and our payment information or Facebook and the details we put on social media. Banks are held to higher standards of privacy and security; that’s part of what makes them so well positioned to take the lead on providing digital identity services. “We don’t know who really owns our data but I bet you the large banks absolutely don't want that" to be made explicit, said Pascal Bouvier, a venture partner with Santander InnoVentures, the Spanish bank’s fintech venture capital arm. “There [would] be clear liabilities as well as clear asset and cash flow streams that people either have access to -- or don't. In order for us to fully actualize federated digital identities built off data streams we create directly or indirectly, we need to have some type of clarity on that ownership.” The ownership question is also more important now than ever, as startups and technology providers look to increase their data-sharing agreements with banks. Intuit has landed agreements with JPMorgan Chase and Wells Fargo; Finicity just signed one with Wells; Xero established similar deals with Wells, Silicon Valley Bank and most recently, Capital One. These initiatives also give banks safer ways to move data and help give customers control over how their data is used -- the holy grail of digital identity -- by using application programming interfaces instead of the more commonly used screen scraping method, in which customers log into the third party site or app with their bank credentials and that company “scrapes” the information to log in as the customer to retrieve account data as necessary. Convenience over safety The widely agreed upon solution is data minimization: That an organization will collect only the data it needs, using it only what it agreed to use it for and getting rid of it when the purpose is achieved. A bartender doesn't know customers' ages to serve them, she just needs to know it’s greater than or equal to a certain age. One way is to let the customers opt in to having their data shared. The Canadian banks have a solution to this. Or put a disclaimer on the bank website that spells out how the data is going to be used. But that’s slightly inconvenient. And even when customers are cynical toward banks, they seem to be trusted enough to continue serving them. “Consumers will always choose the path of least resistance, and if you rely on your consumers to be interested in their best interest when it comes to security, that’s probably not going to happen,” said Ryan Fox, director of consumer identity at Capital One. “We’re always two-step or multi-factor authenticating our customers. It’s always dynamic, always risk-based, aways multilayered.” In 2015, Capital One launched SwiftID, which removes the friction of passwords by letting people authenticate biometrically from their phones when signing in from an unknown device. By designing security right in the banking experience, Fox says, the bank can send the customer a push notification they can respond to in a second instead of requiring them to read a lengthy security statement, Fox said. The important thing for banks to remember when building on their security is that people don't think about it in terms of what’s most secure; they think about what’s easiest, he said. “That’s why touch ID had such an adoption rate," Fox said. "We went away from knowledge-based login to something I can just touch. It was adopted not because it was a pattern they understood but because it took half the time. Is it easier? Yes. Do I have a cognitive load associated with doing this? No? Then I’ll do it.”

0 comments on “What it will take to make digital identity real”

Data, Sponsored

How marginal improvements in data strategy can yield tremendous results

  • The truth is brutal: data is hard, and most people don’t understand it.
  • Here's how marginal improvements to a company's data strategy can have a profound impact.
Quantalytix | December 14, 2022
Data, Podcasts, Sponsored

‘Earned wage access is the next evolution in improving day-to-day liquidity’: Argyle’s Matthew Gomes

  • Director of strategy at Argyle, Matt Gomes, joins us on the Tearsheet Podcast.
  • Listen in to our conversation about how payroll and employment data API platforms enable financial institutions to bring the next generation of financial products to consumers.
Argyle | September 22, 2022
Data, Podcasts, Sponsored

‘Developers have become as central a figure as the banks’: Fiserv’s Niranjan Ramaswamy

  • VP and GM of embedded fintech at Fiserv, Niranjan Ramaswamy, joins us on the Tearsheet Podcast.
  • Listen to our conversation about how Fiserv empowers developers to build products that bring fintechs and FIs together.
Fiserv | September 21, 2022
Data

Another PayPal exec joins MX: 6 questions with CTO Wes Hummel

  • PayPal vp Wes Hummel joins MX as a CTO, merely weeks after PayPal svp Jim Magats joined MX as its CEO.
  • Hummel believes the next stage of development in the industry will see fintechs connect with the financial industry at large.
Subboh Jaffery | September 08, 2022
Data, Podcasts, Sponsored

‘Not all fintech integrations are created equal’: Fiserv’s Jon Nordhausen

  • VP of product strategy at Fiserv, Jon Nordhausen, joins us on the Tearsheet Podcast.
  • Listen to our conversation about how cloud data integration is removing friction and enabling new capabilities for data to flow seamlessly between fintechs and FIs.
Fiserv | September 07, 2022
More Articles