Banks could become the guardians of their customers' digital identity if a pilot being run by the Society for Worldwide Interbank Financial Telecommunication (Swift) is accepted by its members.
A group within Swift has already agreed the basic architecture and business model for a service that banks could offer customers that will protect their digital identities against fraudulent activity.
The service would be like a digital vault which the bank would sell to customers. Swift would host the services and be the gatekeeper. The service would mean that when a customer pays for something online using their bank card, for example, they would not have to enter their card number. Rather the merchant would be redirected to the digital vault where, after approval, it would receive confirmation that the payment will be made. No details change hands.
Authentication service pilot
Kosta Peric, head of innovation at Swift, said the society has already created a PKI-based authentication service for CFOs at its member institutions, which includes banks and large corporates. "The banks told us they wanted a service for CFOs, but maybe tomorrow there could be a service for the mass market," he said. The pilot could take Swift's user base from tens of thousands to millions.
"We are running an incubation project to see what is next in the concept of digital identity management," Peric added.
If the concept becomes a service, it would make online activity easier and more secure for consumers. If a consumer has four bank accounts they will no longer have to adhere to four different security protocols. It will also ensure that personal information need not pass to companies that consumers buy from, but rather the bank will confirm the identity without passing on information.
Taking control of personal data
Swift is a not-for-profit cooperative which began in 1973, with 239 banks on board from the start. It provides a network that sends an average of 17 million financial transaction messages every day across 209 countries. About 8,000 financial services businesses use it. During 2010, it processed more than four billion financial transactions.
As well as security, the idea that consumers have control of who sees their details is a critical feature. To this end Swift is working with IT industry experts such as Linux proponent Doc Searls, who is heavily involved with the concept of vendor relationship management (VRM). VRM gives the consumer control of their relationships with suppliers. Swift's proposed digital vault service is an example.
Peric said the consumer would have a choice of where to store the vault. It could, for example, be on a personal smartphone, hosted by the bank, or even held by Swift.
Swift also has a prototype of an iPhone app which will act as a security token for authenticating online activity. This would negate the need for multiple security tokens. But Peric said the company is currently testing the security of the service.
In June, Swift told Computer Weekly it is incubating a project to provide community-based cloud services for banks, including an app store for financial services organisations.