Should Banks Be The Guardians Of Our Digital Identities?

Digital Identities

Blockchain technology’s potential to ease Know Your Customer (KYC) headaches as well as cutting costs associated with anti-money laundering (AML) are an exciting proposition for banks and financial organizations. But as we start to see individual’s identities validated and authenticated on the blockchain in real time, should banks be the guardians of this data? Armin Ebrahimi, founder and CEO of ShoCard explores.

It only seems like yesterday that your birth certificate was enough to validate your identity. Yet, electronic forms of ID are beginning to become an accepted way to electronically validate your identity – from boarding passes, multi-factor login and authentication, banking transactions and ticketing – blockchain is proving it really could form the backbone of a universal digital identity system. Especially as the distributed ledger technology has some useful functions such as creating evidence chains for identity verification.

Perhaps one of the most prominent examples of digital identification to date is Estonia’s e-residency cards, where citizens and non-Estonians can apply for a secure digital residency. It is the first programme to realise the vision of citizens controlling their own digital identities and granting governments and companies – like financial institutions, permission to access their details opposed to vice versa. Using an open-source public key encryption, numerous secure functions can be performed online regarding a citizen’s identification, from tax and financial transactions to university admission records. However, to create a scalable solution for cross-organizational identity management, the use of the blockchain can further increase security and protect privacy.For banking and financial institutions – the need for a robust, efficient and effective universal digital identity system is clear. Customer identification is at the core of many financial services processes – therefore being able to seamlessly verify that customers and counterparties are who they claim, are via quick access to a token or digital certificate would help alleviate KYC compliance headaches for banks.

With penalties and fines at a record high, banks are required to do greater due diligence on their customers in an effort to screen for money laundering. Distributed ledger systems can provide the basic infrastructure and tools for various areas within risk management and money laundering. Developing a universal system will help counteract some of the constant pressure on banks – both in terms of money spent and internal resources dedicated to this task.

Another benefit worth mentioning is greater security. By locking down personal data, criminals would have fewer opportunities to hack into customers’ accounts thereby reducing the time and money spent investigating fraud cases, which usually results in banks having to reimburse customers who have been victimized. Transactions can be authorized by secure digital signatures owned by consumers attesting to their authenticity and eliminating fraudulent reuse of user’s account information in financial transactions.

Digital Trust?
Whilst banks increasingly seeing their future as the guardians of identity — many wonder if perhaps they lack an essential component: digital trust?It was only 2014 when JP Morgan Chase, the nation’s largest bank, acknowledged a massive data breach that affected 76 million households and 7 million small businesses, where hackers obtained personal information such as customer names, addresses, phone numbers and email addresses.

A recent Capgemini report mirrors the same concerns, revealing that less than a third of banks offer both strong data privacy practices and a sound security strategy. With only one in five confident that they can even detect a cybersecurity breach.

Additionally, estimates from a 2015 survey indicate that 7% of US households were unbanked, representing approximately 9 million households. On top of this, almost 20% (24.5 million households) were underbanked, relying on checking or savings accounts but preferring to deal in cash. By having users in charge of their digital identity, and easily securing transactions from simple login into their banks or performing transactions online, security levels can be significantly increased. Furthermore, users can limit the identity footprint they leave behind with each transaction or institution so there is less data to be hacked and stolen. Therefore, for digital identity to become truly universal, rather than banks being in control, citizens should become the guardians of their digital identities and authorize who has access to which parts of their personal details.

Why Blockchain?
The blockchain is the means of validation and verification, allowing anyone to look at the data path. The data itself is never placed on the blockchain and is always maintained in encrypted form with the user. The blockchain only maintains one-way hashes that are digitally-signed that can never be reverse engineered. However, they can be used for validation and verification of user’s data when they choose to present it to a third party.

In our opinion, banks make the ideal authenticators in this new universal digital ID system. Take our solution, ShoCard for example, we’re placing a user’s identity, encrypted, on their phone where they have control; we then place validation codes through digital-signatures and one-way hashes on the blockchain. Not only does it protect consumer privacy, it’s as easy to share and use as showing one’s driver’s license.

The benefit of this form of digital identity is that a user can use this digital identity beyond one institution. For example, the same identity can be shared with other banks, merchants or third parties where a user can present their identity and have it independently verified by a third party, like a financial institution using the blockchain. A user can present a limited portion of their identity to a second bank when transferring money and claim ownership of an account with their first bank. The second bank can instantaneously and securely verify that the user was affirmatively identified by the first bank and the account number belongs to them.

In this dawning age of transparency, banks, governments and organisations need to work toward empowering individuals to decide for themselves how their data should be handled, in respect to how their digital IDs are stored, updated and accessed.

About The Author
Armin Ebrahimi, founder and CEO of ShoCard is a blockchain company working with banks and organizations to offer an interoperable solution that easily integrates into existing systems for universal identity validation and authentication.