Digital Wallets and Digital Identity: the contemporary banking mustToday, we have to prove who we are in nearly all the applications and services we use. Whether it’s showing your passport when traveling abroad, verifying your age at a bar, or getting into college, there’s no shortage of common ground when it comes to verifying your identity.
This is the most important point of verifying yourself when it comes to finance and banking. Whether it’s applying for a mortgage, entering into a new mobile contract, or signing a new lease, the client must be able to prove that they are who they say they are and that they have the necessary funds and a transparent credit history.
Banking is one of those sectors having undergone massive digital transformation over the last years and is rapidly moving away from analog ways of doing business. It is no longer necessary to visit a bank branch in person for many events — in fact, a survey conducted by KMPG found that one in five consumers in the UK have not visited a bank branch since the Covid-19 pandemic — a great digitalisation trend that is meant to expand further.
As many consumers increasingly apply for mortgages, open accounts, and manage their finances purely digitally, there is a growing case for digital identity.
About Digital IdentityDigital identity works exactly like the physical one, only in a digital environment.
Digital identity appears in two main forms. The first one is a digital version of an official identity document, such as a digital driver’s license, which is stored in a mobile wallet on your smartphone.
The second one is represented by credentials for accessing online services. They are usually created during the initial identity verification process (KYC), usually involving verification of an official identity document and, increasingly, some form of biometrics. For the consumer, this could be the data they use to log into the mobile banking app on their smartphone.
These two areas cover a huge number of interactions, including both everyday moments and life milestones. Signing a new SIM contract with a mobile provider, connecting a smart speaker to a home smart hub, and getting a loan to start your own business are at different ends of the spectrum in terms of value, yet they are all digitally accessible.
Digital identity verification has a number of advantages, one of which is convenience and simplicity for customers. However, if this is not done in a secure manner, it may compromise end user data.
In the absence of personal verification, how can the person and business on both sides of this interaction know that whoever they are dealing with is a genuine and trusted party? This is especially true in the banking sector to protect customer money and prevent fraud.
Trusted digital identities are essential to bridge this gap and ensure that people and machines can trust other organizations, businesses and devices, and vice versa.
The importance of Digital IdentityWithout trust of their customers, banks and other financial institutions will not be able to implement the digital transformation they need to improve the quality of their services. Similarly, in the absence of trust, consumers will not feel comfortable using online tools, which may mean they miss out on access to essential services, which is a major barrier to integration.
Today, many users rely on online banking services more than ever before. Massive branch closures mean that for many this is the only way to access financial services, so building trust is vital.
Moreover, “traditional” forms of identification are no longer enough to provide proper online security. Using passwords in isolation, for example, no longer meets the needs of a society that depends so much on being online, given that they are a relatively weak form of authentication. As criminals constantly look for holes in the armor of consumers and businesses, more needs to be done to protect these parties.
Protecting your Digital IdentityCriminals always find a way to take advantage of disasters. Over the COVID-19 pandemic, there was a surge in phishing emails and online scams by nefarious individuals and organised groups who want to steal data. A good way to provide an extra layer of security beyond passwords is to use multi-factor authentication (MFA). Multi-factor authentication means using something other than a username and password to log into an account. This could be an authentication app on a mobile phone, or a security key that plugs into a USB port. With MFA enabled, even if criminals somehow manage to get hold of logins and passwords, they still won’t be able to log in without this “second factor”.
First, if attackers find they can’t access an account because of MFA, they’re much more likely to just try another one rather than waste time and effort trying to bypass or remove MFA protection. Secondly, the MFA implementation process can only increase the security awareness of all users, which benefits everyone, both privately and professionally. One of the biggest security threats is account hijacking. If hackers gain access to an Office 365 account, not only can they use it to send and receive malicious emails that appear to be from a legitimate sender, but they can also access data and information stored in OneDrive or SharePoint. It’s like getting the keys to a kingdom: the financial and reputation damage can be enormous. For too long, convenience has been more important than security, such as being able to log in with just a password from anywhere at any time. The main problem with passwords is that most people are not good at choosing strong passwords and tend to reuse passwords rather than setting different passwords for each account. Reusing a password, choosing a weak password, or not detecting a phishing email all put users at risk. But once MFA is set up, the security system appears. This isn’t to say that it’s infallible — the MFA can be exposed too — but it takes extra time and effort, and in many cases the perpetrators simply won’t bother. If people choose their own passwords rather than using a password manager to set and store strong passwords, the result is usually a weak password. It’s incredibly true that the most popular password of 2019 was 123456, and “password” is number four. Cybercriminals use this complacency to launch automated attacks against hundreds of thousands of accounts using lists of commonly used passwords, a technique called password spraying. The success rate may be low — perhaps less than one percent — but if they target 100,000 accounts, that’s still a lot of compromised accounts.
Inserting credentials comes from the fact that people often use the same password for multiple accounts. Passwords stolen in one data breach are reused to access other platforms. In these cases, a super-strong password is useless.
How does Digital Identity protect usDigital identities are designed to solve all these problems. Not only do they provide 100 percent trust in all links in the value chain, but they also play a key role in enabling inclusion for all parts of society, providing security through unique biometric identifiers such as fingerprints and facial recognition, and creating a seamless experience for consumers and ensuring compliance for businesses. They must also be created with confidentiality in mind by design principles. Identity data should be stored on the device in secure chips or secure applications, biometric verification occurs locally where possible, and users should retain control over the data they choose to share.
When properly designed, one of the advantages of digital identity solutions is the ability to exchange only the necessary data — only in the form of a transaction or certificate. To put this in context, when you contact a real estate agent to rent a property, you are usually asked to provide 6 months of bank statements to prove that you are financially viable, or if you are not, details of a guarantor who can vouch for you. In fact, all you need to prove is financial solvency — why would you need to provide detailed bank statements for this? In practice, digital IDs in this context would be enough to show the real estate agent that you are financially viable without handing over a bunch of data about your personal finances.
Trust is the most important currency in the digital world, and in the banking sector as well. Digital identities are how that trust is communicated and implemented, and as such, their importance to our online community cannot be overemphasized.