Shaping digital identities for the finance sector: Future Identity Festival day 2
Digital identities have been hailed as a means for authentication that could solve difficult issues and usher in a new era of digitalization across the world. But technology alone cannot solve digital identity. In order to achieve the hoped-for benefits, digital IDs will need standards and regulations.
After day one of the Future Identity Festival 2023 saw discussions on business models, fraud, and decentralized solutions, speakers gathered in London for day two to discuss policy issues and attempts to integrate digital IDs into payments and financial services. The conference was held on November 13 and 14.
Panelists said Europe has made a “huge leap forward” in the direction of defining standards last week when the European Parliament and the Council of the EU reached an agreement on eIDAS 2.0 regulations, which are expected to shape a trusted and secure digital identity for all Europeans.
The ultimate goal is interoperability among different countries and different use cases, Francisco Martins, regional senior sales manager at IDnow, said during a panel on digital ID standards and frameworks.
“If we think about how everything looks now, it’s a very fragmented landscape where every country has its own regulation, its own style. And sometimes regulation even hinders innovation,” says Martins.
Open Identity Exchange’ (OIX’) recent analysis of eight different trust frameworks across the world paints a complicated picture of global regulations behind digital ID. Even within particular frameworks finding common ground is complicated.
The European Digital Identity Wallet (EUDIW) will have to tackle the problem of integrating certificates from institutions that have different frameworks and standards, such as those from educational institutions and the private sector. Many more standards-shaping bodies may need to be formed for this in the European Union, panelists pointed out.
Current European regulations have also done little on frameworks for authentication even though many biometric companies have been talking to the regulators.
“I know there’s lots of lobbying being done,” says Martins. “But I haven’t seen anything in writing.”
Payments and digital IDs have a cautious relationship
The situation increases in complexity when payments are added to the mix.
Financial services have been moving away from authentication with a simple PIN and password towards digital identities.
Different information could be included in digital ID from a cross-border payments perspective, says Sanjeev Bhatti, principal product manager for emerging payments at Bank of New York Mellon. While that sounds straightforward and achievable from a technological perspective, when it comes to regulating interoperability and data exchange, things may look different.
“Everyone has an idea in their head, how they think it will work,” Bhatti said during a panel on the convergence of payments and identity.
Bhavna Saraf, head of payments, products and propositions at Santander UK, says that the regulators’ role is to keep track of financial stability and ensure there are guardrails. And whilst the pace of movement from the regulator has been slow, it’s not been zero either, she adds.
“They’re looking for that comfort, some sort of material tangible evidence which can only combine experimentation and putting things out there to say it works or it doesn’t work right,” says Saraf.
Leveling the playing field
There may be other reasons banks are slow to adopt the digital ID revolution.
Banks are being disintermediated and their market has never been less safe, says Victor Chatenay, strategy and innovation manager at RBS International. Members of Gen Z and younger generations may not even need a bank account. A big part of where banks are still relevant today is proving identity in situations like leasing a new apartment, he adds.
The EU is trying to level the playing field in digital services and digital IDs are a key factor that could promote plenty of innovation, not just from big banks and institutions but also from startups.
“Any service you can think of, or ways you interact with the internet or digital ecosystems will endorse some kind of authentication,” Chatenay explained during a panel on digital wallets and reusable identities.
One important move that will aid the EU is making the EUDI Wallet mandatory for strong customer authentication. banks and other regulated sectors, such as telecoms, health care, transport, energy and insurance. The strategy is supposed to put Europe on par with other digital economies after missing the boat on the internet revolution. This is an important legal point that differentiates the European and UK approaches, panelists said.
Aside from the technology and regulatory issues, other geographies are also facing political conundrums. Governments see digital identity as a way forward but it is a tricky political issue as well.
“In the UK and especially in the U.S., there’s a lot of negative feelings around digital identity,” Bhatti concluded.
So when will we be finally using our digital wallets? While some predict that by 2026 we will see a harmonious ecosystem of coexisting wallets, others are more pessimistic.
“I think things like using your driving license to prove you’re old enough to buy a bottle of alcohol, that’s probably going to happen at this side of the decade and 2020s,” says Lloyd Emmerson, director of strategic solutions at Cifas. “But to become fully mainstream, the big financial institutions are going to take a long time because you’re asking them to upgrade a very fundamental process.”