A WHITE PAPER PRODUCED BY FINEXTRA IN ASSOCIATION WITH HID GLOBAL OCTOBER 2018

THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER 01 Introduction...... 3 02 Iterative technology developments in biometrics...... 4

03 Authentication credentials that span businesses and sectors...... 7 04 Evolving authentication standards...... 10 05 The rise of open banking…...... 11 06 Secure authentication and identity access across third parties and borders...... 14 07 Why and how banks should play a central role in federated identity...... 16 08 Privacy regulation and customer control of their data...... 19 09 Ways of working – collaboration and innovation...... 20 10 Summary ...... 21 11 About...... 22 7 What should financial institutions be doing about blockchain right now? 25 03 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER

01 INTRODUCTION explores these trends and highlights some of the more advanced responses advanced the more of these highlights and trends some explores in the financialbusiness both a regulatorysector case from perspective. and This white paper, produced by Finextra by with in association produced Global, HID paper, This white of the digital Andof of financial experience age. institutions, long with their a play to are placed well assurance in trusted and the economy, identity role in these developments. central role and businesses interact and transact in the economy. Digital identity and and Digital identity transact and in the economy. interact businesses and will years be radicallyin coming the different thanauthentication simple the the dawn since persisted have that combinations username/password and PIN A number of long-term trends that have been building over the past decade the past decade over building been have that trends long-term of A number consumers that transform the way to and digitalare identity combining them, in theory they could determine which aspects in which theory digital their them, determine of they identity could canscenarios. be used in different attributes – the possibility of unbundling becomes real. In a world where where real. becomes In a world unbundling – the possibilityattributes of exists that data and about identity their of individuals be arein control to the identity can also be comprised of a person’s digital trail accounts, online of can a person’s alsothe of identity be comprised multiply the identity activity build that transactions. and And as the elements assigned and through accumulated attributes to inherent – from a person’s Things, an asset. transactions, On an as individual as basis, well human possible determining and determine the transactions in which that entity can participate.” An entity the transactions entity can that in determine which and participate.” of Internet in the emerging can entity or, be a legal an individual person, But over the past 20 years, the concept of digital identity has emerged, with has digital emerged, of identity years, the concept the past 20 over But defined recently Forum Deloitte and Economic World varying The definitions. individual describe that attributes of an entity asdigital a “collection identity the form of personal interactions and physical documentation. documentation. physical and interactions personal of the form Being able to prove you are who you say you are is a basic underpinning of of underpinning are is a basic you say you are who you prove to able Being services, as private and such activities access public and to economic many healthcare, in financial justice and has services. proof Traditionally come this 02 ITERATIVE TECHNOLOGY ITERATIVETECHNOLOGY DEVELOPMENTS IN BIOMETRICS some of the scheme’s design and implementation choices while providing lessons providing while choices implementation and design the scheme’s of some schemes. identity biometric countries implementing other for of creation toused patch Indiareportsallow say Post ofthe analysis Huffington the enrolment of versions from earlier code comprises it shows identities forged security the recent of As features. some a result,software have yet not did that in the program by enrolment speed up to critics the move are questioning software was that the enrolment of use a version to operators allowing private village and centres locally kiosks installed across sign-up PCs in of on thousands the country accessible. – making more code the source biometric implementation in the world, forming the basis of “the Stack” India the basis of forming in the world, implementation biometric Reserve The Bank India of payments. including it, services of of top on built data open and a privacy framework includes that layer administers the consent store. virtual a tokenized of the launch including inSecurity 2018, introduced upgrades option, biometric as facial an recognition serviceID additional for support and answering year to security way 10 some the nearly initially criticisms of went the of many compromising system, the entire of hack a recent But system. old has again thrown question into security an identity, of creation measures around came in the form of two-factor, or multi-factor authentication. Introducing Introducing authentication. multi-factor or two-factor, came of in the form device messaging and devices card mobile or reader tokens, key random securityof financiallevel for institutions. a higher introduced confirmation in terms of problems their without not were Although implementations has become this experience, user and approach interception susceptibility to banks at worldwide. widespread are authentication to approaches biometric has reliability that improved, Now common. more becoming ID largestis the national for system the AadhaarIn India, biometric fingerprint The first steps in online digital authentication beyond username and passwords username and beyond online authentication firstin digital steps The

04 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER 05 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER Indonesia’s KT Brazil’s Abrid Malaysia’s MyKad India’s Aadhaar fingerprint system India’s Aadhaar fingerprint fingerprint imaging devices Brazil bank ATMs with multispectral disruption Innovation and Latin America’s ATM fingerprint technology INNOVATION AND DISRUPTION IN BIOMETRICS AND DISRUPTION INNOVATION payments for iPhone users Santander’s voice-activated Individual banks too, are embracing biometrics to improve secure authentication secure authentication improve to biometrics Individual banks are embracing too, voice introduced Santander In Europe, customers. their for make easier and life Customers iPhone. users with for an Apple in the UK in 2017, payments activated transactions recent their ask about or can instruct someone, the bank pay to card reader debit its speaking device. their by And has Barclays upgraded into device, biometric vein banking online a finger to for generator key random and with scan a Smart cannot the vein be data ensure on retained the user to by SIM in transit. or the bank side on compromised This highlights the importance of fraud mitigation and detection throughout the throughout detection and This mitigation highlights fraud the importance of access possible and motivations The rollout. biometrics any of stage planning of monitoring ongoing But upfront. be considered to need actors bad of routes is alsorequired.usage of system patterns and workflows human incorporating Aadhaar to worldwide, schemes are similar identity There national Abrid, Brazil’s smart and a mix cards biometrics all of include citizens. for These And like Aadhaar they are KTP. the becoming Indonesia’s and MyKad Malaysia’s services, financial sector private and including public an ecosystembasis of of layer. transactions, shares that an authentication finger vein recognition Bank of China Hong Kong’s of facial recognition technology Barclays upgrade of debit card reader and Barclays upgrade of debit random key generator to a finger vein device random key generator Construction Bank of China’s introduction Construction Bank of China’s Aside from government agencies, the financial industry with its history financial long the investing agencies, government from Aside best is money security customers’ digital of their and to physical improvements in placed relationships. to transfer its customer bilateral the identity outside solutions use characteristics. And more advancements are in the encryption likely and use characteristics. advancements And more take place should ensuring data, validation while that the biometric of validation raw not and models profile is based on it than the device bank rather level, at at the individual for protection This data. will greater only biometric not ensure a of indamage the event the bank also from reputational protect but consumer breach. data technology at its automatic teller machines (ATM) while Bank of China Hong Bank China while Hong of (ATM) machines teller automatic its at technology has beenthat approach an recognition, vein with the same finger has done Kong than Latin America banks a decade. more has for Japanese among common provide to mode preferred as technology the fingerprint embraced also rapidly access financial to services security convenient Brazil, and ATMs. In for via multispectral advanced bank fingerprint have ATMs of the majority example, imaging authentication. devices for behavioural of the addition will in biometrics Future involve innovations dynamics, keystroke analysis, mouse gait or include could that biometrics Elsewhere, Construction Bank of China has recently introduced facial recognition Construction Bank ChinaElsewhere, has introduced recently of

06 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER 07 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER 03 AUTHENTICATION CREDENTIALS CREDENTIALS AUTHENTICATION AND BUSINESSES SPAN THAT SECTORS EUROPE (TAN). TUPAS is administered by the Federation of Finnish of Financial Services, is the Federation and administered by TUPAS payments, online accepting for uniform interface as the banksrelatively a offer the service. adopted widely have agencies government even and sites eCommerce the of between participants, some so arrangements require does bilateral It smallest banks represented. are businesses not and It is certificatebased.a – not scheme based identity is a PIN/TAN TUPAS of a a combination using solution secret”proprietary identification “shared numbers withusername transaction password and authentication one-time used for more than just secure customer interactions with are bank. their interactions Here than secure just more customer used for some examples: provide to use it outlets and stores other and In Finland banks identities issue digital the banks services. access their to to a fee time the identity each pay They is known used. the country’s of This the introduction as scheme, predates TUPAS, because and in 1999, card scheme identity electronic government mandatory non has scheme eID as is seen the main the government reason wide adoption, its of adoption. widespread achieved not regularly issue verified identity solutions that can be used across multiple multiple canthat across be used solutions identity regularly verified issue the drivingas as scenarios. and well Consider which license, organisations with combined or, age of as proof up doubles verifying drive ability to legally, with account various a new establish can help be used to documentation, other organisations. sector public or businesses the financial industry history agencies, long its with from government Aside digital and physical security to customers’ their of ininvesting improvements the bilateral outside solutions transfer identity its to is best placed money financial the world, And around in various places relationships. customer can that be solutions in digital providing taken the lead identity have institutions Traditionally, governments and their agencies have been the only bodies to the only been have agencies their and governments Traditionally, CANADA credentials to obtain access to online government services. government access obtain online to to credentials consortium, known Authentication the new and as the DigitalNow Identity to extend to use the technology to plans Canada (DIACC), Council of services, online sector and as private as well paper traditionally authenticating It is also apartment. or house a processes, renting as such manual identification link and record information to as a way technology blockchain incorporating neither that so in blind,” a highly be “triple secure, – to distributed way together the third in the party the technology nor service, the identity the bank holds that a full have viewmiddle the transaction. of commercial and government sites. Participating banks include ABN Amro, ING, banks Participating include sites. government and commercial Bank. Insurers Belastingsdienst Delta Rabobank, , de Bank Triodos SNS and with agreed participate to Freo the pilot. and have Lloyd with forces the tech the largest banks joined telcos and 2017, In Canada in late to bid in a “supercluster” provincial and governments academics, industry, banks were major The in digitalthe challenges economy. identification solve called SecureKey solution a technology to in contributing and already invested Canadians use bank their to authentication enable to in 2012 launched that section. asBanks uncommon service digital is not identity acting together providers the in Norway, the Finland example, Beside Europe. in Western and Northern wasBankID successful scheme digital right from the start identity thanks its to use within for was initially available only Swedish BankID, however, openness. only becamethe financial successful servicesit was and made once sector, use. to business any for available service, banks digitalwhich Dutch a national identification are on also working use bank their will details to login access to other customers online allow Ficora has mandated that a new more secure approach be delivered by the banks by be delivered secure approach more a new that has mandated Ficora in with secure line authentication. on regulation harmonised EU 2019 March by banks are the major But 2019. will in September TUPAS be decommissioned in Finland, brokers maintainstill to as trusted their identity placed well position assurance certifiedidentity been of have and levels havingas or substantial high Trust Services, commonly and more Identification on Regulation the EU under 2016. in states member effect in cameknown into which as eIDAS, 2019, and 2018 throughout implemented operationally isThis being regulation this of type impact the wider and will regulation of be discussed in a following This architecture is a little dated, and as such, the country’s telecoms regulator regulator This telecoms architecture the country’s as and is such, a little dated,

08 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER 09 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER

AGENCIES 17 Now in different stages of Now in different stages implementation in 17 agencies MILLION 5 Login.gov were using Login.gov By May, 5 million customers FAST ADOPTION OF NEW US NATIONAL ID AND AUTHENTICATION SYSTEM ID AND AUTHENTICATION OF NEW US NATIONAL FAST ADOPTION UNITED STATES UNITED to have more global impact – at least in the authentication part the digital of in least the authentication – at impact global more have to identity puzzle. Technology Transformation Services Digital Service. the U.S. is and currently Transformation It Technology Customs including 17 agencies, in of implementation stages in different Personnel Entry of the Office Global program and Protection Border and the GSA is now initially, authentication user on Focused USAJobs. Management’s verification, with identity for partner and selection moving through vendor to individuals their and of photos based on authentication document a focus on facial recognition. including documents, US citizensengage on way that the a significant Whileimpact this have could is that likely US-based initiative is another there agencies, with government their Under the prior system, Connect.gov, there were some banks some getting involved were there Connect.gov, system, the prior Under USAA example, – a bank serves that For authentication. in pan organisational militarymillions of families their and – firstidentity-as-a- used members the access to services customers from different enable to service ID.me product Affairs or State the Veterans as of the Department such agencies, government banking online their using Maine, credentials. of common the using now Login.gov, were million customers five 2018 As May of the General Services by (GSA) developed Administration’ platform login a common create to attempts four been have there States, In the United with But departments. government across authentication for framework and ID a national of the idea to House the White and resistance from the public government of system state and federal a complicated system, authentication The difficult. proven hasit with agendas, services, different agencies federal and in 2017. service, recent wasmost launched Login.gov Login.gov Login.gov – launched in 2017 Login.gov – launched in 04 EVOLVING AUTHENTICATION STANDARDS to log into non-Google services, non-Google take to into those services although log be able to not may Google-specific the same of verification. firmware advantage Windows launching after shortly with followed anMicrosoft announcement Windows any on a password without allowing authenticate users to Hello, fingerprint and – face biometrics using browser, device web the Edge and 10 websites. in device to sign to a FIDO – or compliant recognition Other members are helping push the global reach of the FIDO of standards reach the global further, push are helping Other members NTT DoCoMo Amazon, the likes of Google, Microsoft, Samsung Pay, including own its thing, do to the continuing Although with Apple China Telecom. and sector. technology consumer the entire represent quite consortium can’t called the Titan product a new of the launch Google announced 2018, In July general for scheduled and customers Cloud to initiallySecurity available Key, Bluetooth logins over authenticate is used key to The months. insale subsequent device the FIDO is as basedthe and on specification it can USB, also and be used define an open, scalable, interoperable set of mechanisms that reduce mechanismsthe reduce of set that interoperable scalable, open, an define technical specs has published It users. authenticate to passwords on reliance for and biometrics, incorporating experience (UX), user a passwordless for Both have NFC or dongle. USB UX, a push-button factor incorporating second asymmetric the heart the cryptography security at of model. American In 2015 Express, Bank America include of ING, PayPal. and Members Bank America of for was the firstbankto use specification FIDO the globally to give Android, capabilities sign-in ID Touch and fingerprint enable to biometrics banking the BofA mobile into log to way a convenient customers iPad and iPhone fingerprint. their using app The Fast Identity Online (FIDO) Alliance Online is technically (FIDO) an to industry up set Identity body Fast The

10 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER 11 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER Account Information Service Providers (AISP) to who account servicing account who to Service Information Account (AISP) Providers service issuing card-based instruments.Payment providers Payment Initiation Service Providers (PISP) that can initiate a payment can that a payment initiate Service Initiation (PISP) Providers Payment payment service providers (ASPSPs, e.g. banks) are obligated to provide provide to are obligated banks) e.g. service (ASPSPs, payment providers payment customers’ their access the balance transaction and to on data through APIs. accounts from a payer’s bank account and facilitate the transfer of funds the transfer the of to facilitate and bank account from a payer’s bank account. recipient’s 05 THE RISE OF OPEN BANKING OPEN OF RISE THE underwriting; as as well services small to businesses. among concern was there some was formulated, being PSD2 when Originally, is a counter-view there But the risksbanks disintermediation. of about the bank can that base for develop customer are a new TPPs that evolving areas be resourced the bank that not might in consumer-facing innovate and identity and the authentication Yet fronts. multiple tackle on to enough part this ecosystem still evolving with of new restsmanagement the solely banks. holding account •  •  financial ranging from banksOrganisations non-bank established and business cases are fintechs establishing and running newer to institutions services; aggregation programmes in areas budgeting as account pilot such credit loyaltyprogrammes; risk financial personal and management; Open banking is a concept notably being championed in Europe, where it has it where in Europe, championed being notably bankingOpen is a concept heart its At the Services the Payment by Directive 2 (PSD2). enabled been the financial and data customer and the account unbundling is about concept banks, by making and services tightly been held them previously have that via financial ecosystem of a wider services API to available organisations, particularly in payments. include: PSD2, in as defined the thirdThese party (TPP), providers •  2019 MARCH MARCH 2019 TPP DEADLINE MARCH 2019 AND PROVIDE TEST ENVIRONMENTS TO TPPS BEFORE MARCH 2019. AND PROVIDE TEST ENVIRONMENTS enabled by the Payment Services Directive 2 (PSD2). At its heart Services At Payment by the is concept the enabled Directive 2 (PSD2). services have financial data that the and customer and account the unbundling about via API to a wider available them making and by held banks, tightly been previously ecosystem of financial services organisations, particularly in payments. Open banking is a concept notably being championed in Europe, where it has been where been it has Europe, in championed being notably a concept is banking Open Framework, unveiled in 2017, has a similar set of objectives to PSD2. The The PSD2. to has a similar objectives of set in2017, unveiled Framework, banks biggest involved, Kong’s Hong only it is are differences there that major with than rather the mandatory work to TPPs choose they and and can pick Also PSD2. access with the HKMA by dictated prescriptive the more is being the first standards,draft and having published API approach recommended 2018. in July API Open its Framework of But it is not just in Europe where the idea of open banking open has of gained the idea where in just Europe is not it But sharing data into regime a new comes In Australia, example, traction. for control accessand to, greater It to aimsconsumers give 2019. July effect in permitting data, their third accredited parties banking receive over, to data purp a specific be used for to it for express consent provide customers when Banking Open Authority’s Monetary Kong the Hong Kong, In Hong BANKS MUST HAVE FULLY DEVELOPED TECHNICAL SPECIFICATIONS FOR THEIR COMMUNICATION INTERFACES, DEVELOPED TECHNICAL SPECIFICATIONS FOR BANKS MUST HAVE FULLY

12 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER 13 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER that can develop and innovate in consumer-facing areas that the bank might not be might bank the that areas consumer-facing in innovate and can develop that identity and authentication the fronts. Yet to tackle multiple on resourced enough ecosystem part rests still evolving new with account of the this solely management holding banks.”\ There is a counter-view evolving that TPPs are a new customer base for the bank bank base the for customer a new are TPPs that evolving a counter-view is There March 2019. communications dedicated for While the API moves standardisation the Regulatory of the requirements achieve to work continue, interfaces and (SCA) Authentication Customer Strong on Standard (RTS) Technical progressed. is more (CSC) Secure and Communication Common working groups. There are several of these, such as the Berlin Group, UK Group, as the Berlin these, are such of several There groups. working develop to banks BankingOpen chosen PRETA, some have and while in own their partnership with or on This could others. APIs, either bespoke been have there but term, in the short interoperability for challenges cause a central infrastructure create to markets in some moves can that manage between banks the using TPPs and interoperability and communications standards.various evolving for their technical fully specifications Banks have developed must before TPPs to environments test provide and interfaces, communication In Europe, the PSD2 is industry leaving API to standardisation bodies/ the PSD2 In Europe, Threat – detecting generic threats tracking and device detecting – generic identifying IDs, Threat including of user, the profile a behavioural – creating biometric Behaviour the details transactions in of real-time, using Anomalies – monitoring application integrity tampering, malware attacks. phishing and application application and navigation page swipe and behaviour, keyboard, mouse usage. transactions, and sessions learning anomalous identify to methods machine parameters. of analysis hundreds of as as well continuous 06 SECURE AUTHENTICATION AND AUTHENTICATION SECURE THIRD ACROSS ACCESS IDENTITY BORDERS AND PARTIES •  •  •  eIDAS provides the legal foundation for individuals and businesses to safely safely to individuals businesses and for foundation the legal provides eIDAS financial process. Many access services one-step transact and in a convenient identity this of federated implementations using are considering organisations partlyBut to fulfilPSD2. of approach SCArequirements the management stillare layers profiling and required. detection fraud cyber threat enable Artificialto used is being increasingly intelligence frictionless as part adaptive and detection a risk-based, fraud of and be most To promote. as eIDAS such regulations that approach authentication across three areas: work needsto effective, any approach AI driven place at many financial institutions, and it also allows “inherence” as one of one as it financial many also “inherence” at and institutions, allows place Solutions in biometrics. innovation for paving the way the three elements, banks, at developments inhouse and companies, from various technology all verified have been SCA as compliant. being has also Banking Euro of firmlyThe use Association (EBA) the mandated more authentication”, website electronic seals or for certificates “qualified known ason commonly digital in regulation certificates,for the provided as trustand services transactionselectronic in identification for the electronic Regulation) (eIDAS market internal At a basic level SCA requires two-factor authentication, which is already which in SCA requires authentication, two-factor level a basic At

14 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER 15 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER Artificial intelligence is increasingly being used to enable cyber fraud to used enable threat and being increasingly is Artificial intelligence approach authentication adaptive frictionless and partdetection as of a risk-based, promote. eIDAS as such regulations that Barclays, the UK Government Digital Service (GDS), Orange, OT-Morpho and and OT-Morpho Orange, Digital Service the UKBarclays, Government (GDS), eIDAS sector public the use test of to UK), (OIX Exchange the Identity Open has currently progressed past the It standards banking borders. for across a prototype. develop research to stage electronic identification schemes to access public services in other member services accessmember public to other in schemes identification electronic trust electronic services for market internal a European creates It countries. service delivery as seals, electronic e-signatures,such time electronic stamp, ensuring - by they that will borders. across work authentication website and make this to possible. how Banks out in working the way are leading sector public and private a consortium of are Barclays and among HSBC from digital national identity a citizen’s testing the use of organisations co-financed in the UK. a bank by project, account open France The to HSBC, brings together Facility, Connecting Europe the Union’s European eIDAS ensures that people and businesses can businesses and use own their national ensures people that eIDAS 07 WHY AND HOW BANKS SHOULD SHOULD WHY BANKS HOW AND PLAY A CENTRAL ROLE IN FEDERATED IDENTITY explicitly prove their identity. identity. their prove explicitly recognised online as a device is theirs using for that’s Or if a customer be could they site, redirected being a verification of to instead shopping, device address, IP home of through a combination instantly authenticated via recognition face and the device camera. identity identity documents (such as face and voice recognition) are captured in a recognition) voice as and face (such documents identity will interactions be future customer client, a new onboarding when branch service and staffless to invest the customer, willhave for convenient more can all these painlessly authenticate or be used biometrics to of time, if some the customer. calls service If a customer canCustomer also personalisation be improved. (such contextual of information a combination the bank mobile, from their as an authentication provide could biometrics voice and as caller identity) to the customer on the burden process reduce and background invisible the bank, not only in making the customer feel that their money is safe, but in is but safe, money their that feel in making only the bank, the customer not just beyond moves as identity But reputation. and brand the bank’s protecting cross-organisational shared multi-lateral to authentication, secure bilateral open partas out new flowing of data in with and the customer authentication, cases business new emerge. banking world, identity (KYC) and Customer as Know Your such requirements Identity directions, multiple banking on the sector imposed from are being verification perspective. both a bank customer and canand be onerous—from often processes currently that automating and recognition identity Speeding up biometric If supervisionrequire can efficiencies. human drive operational Secure authentication of customers can provide its own business benefits to own can benefits its business provide customers of Secure authentication

16 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER 17 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER CUSTOMER-CENTRIC MINDSET – EVOLVING THE DIGITAL STRATEGY EVOLVINGCUSTOMER-CENTRIC MINDSET– THE DIGITAL THE ROLE OF ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING their established mechanisms for validating user information for commercial commercial for information validating user mechanisms for established their regulatoryand purposes. not only have to think about what their customer wants in terms of financial wants in terms of customer their think what to have about only not turning while a profit), happy they can the customer how keep services (and with other interactions they can customers’ also their how understand but organisations. the banksAnd for can that there this establish culture model, business and being revenue replace could that fee-based revenue new for is the potential In an August as 2016 payments. parts such in other the business, eroded of argues Forum financial that institutions are Economic World report The because of drive systems” to digital identity positioned well “exceptionally new business model. In addition to their many existing models - they need existing - they many need their to models In addition model. business new services. identity of This requires their a reset provider of of the role add to has Customer-centricity a mantra been in customer-centricity. to approach experience years asrecent banks the customer optimise processes put their to how the processesoffice dictate back let not silos, and of out keep data first,to with all the bank. this experiences interaction their of But is in the customer bank. and between customer relationship a bilateral of context its the bank is helping service as an identity provider, world, In the new They in the economy. with actors other many in interactions their customers sign-in attempt is based on established patterns. The higher the risk the higher score, The patterns. established is based on attempt sign-in be required. may authentication of layers additional more Banks customers. are their in and investing security used to themselves for encryption charge leading in the financial the by sector This is demonstrated as own their part or on of either technology, innovation authentication and partnerships. industry and groups a in adopting invest to they need already, haven’t those that for now, But In order to realise these advanced customer service realise to banks customer strategies, these advanced willIn order machine delivering with layer technology a authentication integrate to need can systems that so learn capabilities identify from data, learning (ML) with This enables make and minimal decisions patterns intervention. human is increasingly becoming which approach, authentication a risk-based is also being but within security, internal enterprise common corporate interactions. bank-to-customer for financial by regulators pushed banks on canbasedcustomer this risk build profiles approach Using strengthen security their to as location, such information measures. Data risky how device and each determine can to a score form reputation network for validating user information for commercial and regulatory purposes. The World Economic Forum argues that financial institutions are “exceptionally well well “exceptionally are institutions financial that argues Forum Economic World The established mechanisms because identity of their systems” to digital drive positioned their identity. The stakes are much higher for customers when it is not just just is not it when customers for higher stakesThe are much identity. their transaction occurs, banks risk. balance at an can If a fraudulent account is if an identity balance. their But restoring by happy easily customers keep forthe bank. difficult In this more making case, is much good compromised, is far better than cure. prevention not wish to store their clients’ personal data. And, they could extend their their And, data. extend personal they could clients’ their wish store to not fee- separate, a as identity ID-only offering clients, include bases to customer otherwisebased service not do transact individuals who with for Based them. they in the economy, interactions customer of this understanding on greater advisory financial extended alsocould services offer behaviour-based and insurance. banks models, business new willon potential these effectively deliver to But prevention, fraud of edge the they leading that are at demonstrate to have protect abilityto bank’s in the confidence can have customers that and Banks could also offer identity-as-a-service to businesses that can’t or do or businesses Banksidentity-as-a-service to can’t that also could offer

18 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER 19 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER 08 PRIVACY REGULATION AND REGULATION CUSTOMER PRIVACY CONTROL DATA OF THEIR security Particularly data. of if they align with approach, design a privacy by Digital Asset Grid as abandoned SecureKey used in by Canada the now and SWIFT by initiated project banking its and partners. GDPR allows for customers to request transfer of data to third to data transfer parties, of request to customers allows for GDPR outline does which PSD2, Unlike “technically where feasible.” only but the actual this if not API for technical connectivity, framework, requirements as online such data, customer of a lot hold that companies non-bank Although also they new might so. discover do not need companies, technology if they did. models business service identity this, provider pursue to banksDespite are positioned well privacy and still while sovereignty, models respectingbusiness customer business links to, EU member states in May 2018, California implemented its its California implemented 2018, in May states member links EU business to, quite is not regulation that though own similar Privacy Consumer 2018, Act of Congress States the United level, a federal At precursor. asas EU its extensive the bipartisanisalso bill Social considering Privacy and Media Protection similar although shot been privacy bills have Rights 2018, ActConsumer of the past decade. down over in implemented being are or reforms underway Other privacy regulation privacy regulation extensive where in the EU it’s as China. But countries such is first bankingcolliding open legislation. with (GDPR) have at their heart the idea that customers should have sovereignty sovereignty have should heart their customers that at the idea have (GDPR) be more requires much PSD2 innovation, for in the quest But, data. their of data whatever with only the customers share not banks, by must up who given authorised bythe as alsoTPP, licensed with but they request, sufficiently any customer. has already had implementation its is regulation a European While GDPR services and with technology impact, businesses multinational global many processes. and all standard customers for as protection a data it adopting in, or with companies customers for became enforceable after GDPR A month Both PSD2 and the recently introduced General Data Protection Regulation Regulation Protection General Data introduced the recently and Both PSD2 09 WAYS OF WORKING – WORKING OF WAYS COLLABORATION AND INNOVATION execute on new business models around the provision of identity as a service. identity of the provision around models business new on execute rules the right ensure ground to they willBut collaboratively act to also have experts matter subject and This employing will in place. are put involve with and and in industry groups regulators teams, engaging and working innovative technology partners. competitive necessity. Whether it’s establishing and running and establishing physical it’s Whether necessity. competitive of all infrastructure the benefit to payments secure international for alliances, the regulatory to agenda, respond and set to helping participants, or realise to many banks able been of have groups cooperative and associations in those countries that has adopted been This model in the sector. innovations digital service ID in bank-led kind a central playing of role some already have And this bankingrelated as will open other and continue likely economy. their the world. around out play initiatives regulatory led banks will the curve of ahead Individually, stay in to secure need and test will They discover, to need customers. their for authentication The banking industry is no stranger to establishing partnerships due to to banking partnerships due establishing The to industry stranger is no

20 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER 21 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER 10 SUMMARY New technologies such as blockchain, biometrics and AI, and will biometrics as blockchain, a part all such play technologies New of big driver the financial and is a sector in the future digital of identity, banks will collaboratively, work to in these areas. continuing By innovation improving economy, identity in the emerging a central role play to continue strengthen their to models business new developing experience and user line. bottom enabler for economic and political development. This is the case both for political and development. economic for enabler advanced countries with more emerging individuals, unbanked for many and societal and improvements. innovation foster seeking to economies While growth management digital is expected identity for in demand protection privacy and for demand is consumer also there a greater solutions efficient provide to banking placed The is well sector fraud. from identity sharing critical and with of way in data access, a secured storage private and systems domainscan that identity across be used with different different assurance. of levels The world is becoming increasingly digital, and identification is a key is a is digital, increasingly becoming identification and world The

[email protected] , contact , contact @finextra , follow www.finextra.com 11 or call +44 (0)20 3100 3670 3100 call (0)20 or +44 Finextra’s unique global community consists of over 30,000 fintech fintech 30,000 over consists community of global unique Finextra’s banks inside financial and specialist working institutions, professionals and service organisations and consulting providers, application fintech Finextra The mainstream actively community providers. technology of the evolution on comments and in posting opinions their participate to Finextra data surveysand information contribute they addition, In fintech. reports.and moreFor information: Visit This report is published by Finextra by Research.This report is published specialist leading financialtechnology Finextra Research is the world’s fintech 100,000 over source. Finextraoffers news information and (fintech) www.finextra.com. to visitors to items features TV and news, content Finextra in Research all 1999, covers aspects financialtechnology of Founded banks, involving vendor and institutions operation and innovation retail within and cards banking, and organisations the wholesale payments sectors worldwide. Finextra ABOUT

22 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER 23 | THE BANK AS UNIVERSAL DIGITAL TRUSTED ID PROVIDER www.hidglobal.com countries. HID Global® is an ASSA ABLOY Group brand. is an ASSA Group Global® HID countries. ABLOY moreFor information: Visit information: more For experience. digitalfor offering and management lifecycle identity comprehensive HID’s based digital security cloud physical and PKIcertificates, mobile includes accesson-line to secure, convenient offers portfolio Our extensive solutions. growing meet to regulatory organizations helps and services applications and compliance. simple just beyond going while requirements employees 3,000 has over Global HID in Austin, Texas, Headquartered 100 morethan support officesthat international operates and worldwide HID Global powers the trusted identities of the world’s people, places and and places people, the world’s of the trusted powers identities Global HID and productively work transact to safely, people for possible make it things. We access to convenient people give Our trusted solutions identity freely. travel verified digital things connect and and physical can that places be identified, digitally. tracked and and world in a connected digital protect identities to organizations enable We trusted assess cyber transactionsaccurately risk empowering deliver while to to organizations help solutions Our innovative smart decision-making. threats in real mitigate and time ensuring while authorized fraud only detect user compromising without can information access securely sensitive people HID Global HID ABOUT Finextra Research Ltd All rights reserved. 1 Gresham Street No part of this publication may be London reproduced or transmitted in any form or EC2V 7BX by any means, electronic or mechanical, United Kingdom including photocopy, recording or any information storage and retrieval system, Telephone without prior permission in writing from +44 (0)20 3100 3670 the publisher. Email © Finextra Research Ltd 2018 [email protected] Web www.finextra.com