The Identity Proofing Guide: How FIs can measure identity proofing success, and why we need biometrics

The following was produced by Tearsheet Studios. We worked with consulting firm Ulysses Partners to create a four-part series on identity proofing and the importance of user experience in its emerging landscape. The series is based on our co-created publication, The Identity Proofing Guide: A practical hands-on review of user experience in leading solutions.

In this session we’re joined by David Milligan, managing partner at Ulysses Partners, and Ashim Banerjee, founder and CEO of IDMission. We’ll be talking about the role of identity proofing in financial services at this moment, how an FI can measure success when it comes to identity proofing, and where identity verification fits in the payments space.

Watch the video

Listen to the podcast

Subscribe: Apple Podcasts I SoundCloud I Spotify I Google Podcasts
The following excerpts were edited for clarity.

David Milligan: I'm David Milligan, and I've been working with fintech firms and in the banking space for over 20 years. I've worked with over 120 financial services organizations (primarily banks), and also with hundreds of fintechs around the world. Previously, I built a fintech & bank match-making platform that was acquired by KPMG in 2017. Today, I head up a boutique consulting firm called Ulysses Partners. We work with mid-size banks, other financial institutions, and well-established fintechs around the world, to help them work together towards digital transformation. 

Ashim Banerjee: My name is Ashim Banerjee, and I'm the founder and CEO of IDMission. Before IDMission, I was part of a fintech startup that was acquired by TSYS. I've been in payments for a long time, and in the last few years I’ve been working on the convergence of payments and identity.

Identity proofing in financial services: the lay of the land

David Milligan: As we've talked about in a previous session, ”identity proofing” – being able to prove who we say we are during many business processes – is critical.

With the incredible growth of uptake in digital channels in financial services, we've seen rapid adoptions of digital onboarding, forced by the circumstances by financial institutions. In the course of doing so, we also saw a rampant uptake in fraud – nearly 40% of US consumers in 2020 reported experiencing some sort of identity fraud. 

The reason that's happening is that often, identity proofing hasn't been addressed in a very robust way. In the rush to get something in place, the identity proofing solutions chosen have not always been the ones using the newest technologies, and providing the best user experience. 

We see the use of biometrics and document-centric identity proofing as being the ‘gold standard’ for identity verification. In The Identity Proofing Guide, we surveyed the leading solutions, and found that the user experience of doing identity proofing has evolved greatly over the past few years. FS organizations need to make sure that they're up to date, using the best solutions. In our research and rigorous evaluation process, IDMission came up as the top ranked solution in terms of user experience – which is really why Ashim is with us here today.

Ashim Banerjee: Thank you, David. I’ll add that identity itself is something that needs to be established not just at the time of account opening or onboarding, but all throughout the customer's lifecycle: account opening, transacting, receiving account support. Instead of login and password, why not just use the selfie I submitted at the time of account opening? Wouldn't it be much better to just take a voice sample and authenticate me using my voice? 

The experience over the lifecycle is fragmented. And that can be easily unified using the same biometrics that you've collected at the time of ID proofing, which makes the experience significantly better while simultaneously improving security.

David Milligan: There's been a bit of a debate recently, a public fear, around biometrics and their use when it comes to accessing government services. It's important for us to understand that biometrics firstly isn't a new phenomenon – our handwritten signatures are just a crude form of biometric. 

As we see more fraud and bad actors, it's become much more complex. In that complex space, we need to use the very best technology and approaches to proving someone's identity at the time that they sign up for a service.

Benchmarking identity proofing success for FIs

Ashim Banerjee: In the previous talk, Ruby Walia talked extensively about the idea that the user experience is what ends up creating metrics that are of value to the bank. 

The whole idea of using a signup process is to help people to sign up easily, conveniently, and securely. Using the right digital identity proofing processes, and integrating them with the rest of your onboarding process, will result in larger numbers of people signing up in shorter amounts of time. 

David Milligan: Financial institutions focus on metrics like the false positive rate, or the false negative rate (which we’ve become much more familiar with than we used to be, thanks to COVID testing). But perhaps it’s no longer the right measure, and there are more nuanced approaches to this. 

It's not about getting the most accurate model. The appropriate metrics depend on the nature of the transaction and what you're trying to achieve.

Ashim Banerjee: These days, when we talk about identity and identity proofing, a lot of companies are using newer technologies, such as machine learning and artificial intelligence. So the question becomes: ‘How do I know what performance I should expect from my machine learning models?’ 

For example, accuracy is often considered the benchmark, but it’s actually the least useful model, depending on your use case. Accuracy in itself gives you a small part of the picture, while there are other metrics created by machine learning to indicate how the model will perform for your particular business case. So it's important that business people spend more time understanding the different metrics before deciding which model is likely to work for them.

Identity proofing in the payments space

David Milligan: Identity matters more in different contexts, and payments is one of those moments of truth.

Identity verification is triad: it can be knowledge-based, like a password or pin; it can be something that you have, like our mobile phone on which we receive some sort of a text code; and finally, it can be ‘something that you are’ – which is the biometric element. You can type in a CVV to prove you own a card, but you don’t in fact need to have that card to know it. That’s why we need better and more secure ways to prove our identities.

Ashim Banerjee: Our identity is the oldest thing; ever since Adam and Eve, we’ve been able to look at each other and identify one another. When people ask how modern digital identity is likely to progress, all I say is, ‘Look how payments progressed over the last 20 years, and that’ll tell you how identity will progress – over the next five years'.

Payments progressed from exchanging physical tokens as guarantors of payment, to card-based payments, and then to the idea of a tokenized payment where, for security reasons, the card number is never actually exchanged, only a token. You can easily see identity progressing in exactly the same way. In fact, I would go so far as to say it's likely that your face or your biometric becomes a token not just of your identity, but also of your payment. 

It's not hard to imagine walking to a Safeway or a Whole Foods, and instead of tapping your card to complete the payment, there's a tablet with a camera that recognizes you, and the payment just happens as you walk through. We are actually doing this today with several customers who are trying to create this magical user experience.

Another example: imagine you’re at a Boston Celtics game. During halftime, you go get a drink, and instead of standing in line, you go to a self-service bar with a device that recognizes you, allows you to pick your drink, and walk away. 

David Milligan: Biometrics is a sensitive topic, but it’s possible as long as we communicate properly around it, and work to establish rules and transparency. Using your biometric to prove your identity at the moment of need, is like pre-authorizing a payment to Uber so you can step out and not think of it. And when you no longer want to use Uber, you can remove your authorization to do that. 

We need to make sure that the industry communicates as a whole around how we can use biometrics in the most transparent and clear way. There are tremendous benefits for all to using biometrics, both when signing up for a new offer and then using it afterwards.