7 minute read
A question of trust
Much to GAIN: The proposed new standard could restore banks’ status
Rod Boothby, Global Head of Identity at Santander and Co-chair of the Open Digital Trust Initiative, believes banks hold the key to restoring broken confidence in an online world. Now, he’s asking them to mobilise to fix it
Who do you trust to vouch for you? Your government, your doctor, a solicitor? How about your bank?
By the end of next year, millions of us could be looking to the organisations we deposit our money with to be the custodians of what is, arguably, a much more valuable asset – our digital selves.
The Open Digital Trust Initiative is being steered by the Institute of International Finance and the OpenID Foundation, which have built a coalition of organisations across the identity community, to create a global digital trust infrastructure that hopes to assign a new role to regulated entities – financial institutions principal among them. It’s called the Global Assured Identity Network (GAIN) and it maps out a way for banks and others to offer digital trust services via APIs.
To be clear, that’s not just for banks to act as gatekeepers for our identity in relation to financial services, but also delegated responsibility to confirm we can travel across borders, access health services and much more.
Why should banks take on the mantel? According to Rod Boothby, global head of identity at Santander and co-chair of the Open Digital Trust Initiative, because they already have what it takes to execute on possibly the most important mission of all – ‘to deliver truth and trust while allowing people to protect their privacy’. And they can do it by leveraging their existing electronic know your customer (eKYC) and strong customer identification capabilities, as well as the confidence invested in them by public and business.
“Banks treat your identity as an asset and they can provide a custodial service to protect it, just as they provide custodial services to protect your cash or your stocks, because it’s your property,” says Boothby.
“By delivering this [identity-as-a] service, we hope to reduce the challenges
we see globally around whether or not people are who they claim to be online – and that covers everything from annoying spam messages, to catfishing on a dating site and spreading misinformation via social media.”
The aim is to deliver what is, in effect, ‘financial-grade’ identity assurance alongside a dramatically-simplified user experience that’s characterised by far fewer passwords and forms.
GAIN will be made possible by a new standard for verified data sharing services, developed by Santander and built on top of OpenID, the protocol that’s used billions of times a day by people across the world to log into platforms such as Facebook and Google.
It will allow banks to securely transmit information related to customers in three circumstances: to verify a customer’s identity, the bank simply confirming the client’s name and other basic identifying information to a third party; to share a summary of the information but not the private data behind it – for example, to confirm a person is old enough to buy alcohol but not revealing the date of birth; and to confirm and fully share verified data.
All of the above would only be initiated with the customer’s consent, but the potential use cases that could be built on top of such a global standard are myriad – think applying for a product and getting the best deal based on your profile characteristics; enjoying a simplified vetting process when renting accommodation or applying for a job; even helping to select the right profiles for you on a matching platform; or simply proving you can act on behalf of your company. It’s ideas like these that Boothby hopes to explore further during Sibos.
“Every time new standards are created, huge new value is built on top; many players come forward to provide all sorts of services,” he says.
To deliver those across borders will require partnerships, of course – hence the importance of building out the network.
“There are huge partnership opportunities to help bring this to market,” says Boothby. “For example, if you have a small company, you don’t want to sign contracts with 2,000 banks globally; you want to work with an entity that brings all the banks to you – a broker or aggregator. And those organisations could work in domain-specific spaces, like healthcare, spread your identity information facilitating information around insurance everywhere; instead, you have the choice and payments, travel or even managing as a consumer to work with an institution vaccine status.” that you trust, an institution that doesn’t
Banks have collaborated to build resell your data.” mutualised infrastructures before – While there are obvious privacy transaction rails for trade, cards, digital advantages for consumers, using banks payments and securities. Identity is now, to validate a business’ identity could as the Institute for International Finance, benefit the economy, too. recognised when it co-published the GAIN “If I want to order goods from a company white paper in September, the next such in a different country, and a bank in that ‘critical frontier for the global economy’. part of the world can say ‘this person
Boothby believes that, with this new with a widget factory is trustworthy’, I can purpose, banks could not only address order widgets from them in confidence, several of the threats currently undermining knowing they’ll deliver,” says Boothby. their status – namely disintermediation “This levels the global playing field. and fragmentation of financial services Businesses do not have to give a cut of – but also turn the security and compliance their profit to some big online company cost centre into a revenue stream, to distribute things for them. Instead, they countering the effects of the unlevel can go direct to their counterparties.” playing field caused by how some aspects Importantly, it could address the rising, of open banking are being implemented. and seemingly unstoppable, tide of online
Thus, for banks, facilitating truth, trust crime targetting businesses and customers and protection could be seen as not just a daily. The United Nations estimates that moral imperative, but also a business one. money laundering, alone, is equivalent to
The idea of banks collaborating two-to-five per cent of annual global gross over identity flows isn’t entirely new. domestic product (GDP). Although confined within “The amount lost to financial regional borders, there are crime and money laundering several forerunners for a is stunning and facilitates all trust network operated by sorts of damaging activities,” banks: Sweden and Norway says Boothby. “So, how do we have the almost universally- create an environment where adopted BankID, Germany the individual has better has the Yes network, Belgium control over their information has Itsme, and 17 million and people don’t constantly Canadians access federal feel they are under threat? government services via Verified.Me. If we get this right, this standard will
“In Sweden or Norway, when you go to a mean you can be certain you’ve reached website, instead of clicking ‘log in with your a specific person who’s made a decision, Google ID’ or ‘log in with your Facebook and that the data they’ve shared with you ID’, you click ‘log in with your BankID’,” says is bona fide,” says Boothby. “They really are Boothby. “A message on your phone from the CEO of that company and can sign legal your banking app asks if you really want to agreements on its behalf. They really are in log in, and, if you’re registering for a site, if accounts receivable, that is a real invoice, you want to really share that information and those are real payment instructions. with it. Usually, the bank will be able to They really are from a company‘s call reduce the amount of information that is centre and are trying to help you.” shared. For example, in the UK, if you want The urgency now is to persuade financial to buy a lotto ticket, the National Lottery institutions to collaborate to deliver that needs to know only two things; that you’re trust with global reach; to bring about, a UK resident and that you’re 16 years or as the GAIN white paper describes it, a older. That’s it. They don’t need your name, fundamental shift in the digital economy. your picture, your biometrics; they don’t “This is an open and free standard need to know your address. and we’re hoping many will want to learn
“We want to create this simple, easy about it,” Boothby adds. “We have huge flow, where you can bring your identity challenges around identity and need wherever you go. You no longer have to participants to join us in solving them.”
