d1revolver - Fotolia

Banks ideally placed to fill identity void, says consultant

Current approaches to identity are too backward looking and need revision, according to a UK-based business management consultant

Banks are ideally suited to providing identity services and should play a key role in this, according to Dave Birch, director of innovation at Consult Hyperion.

“There are good reasons for thinking that current identity infrastructures are not good enough to compete with social networks over the next 20 years,” he told EEMA’s ISSE 2017 conference in Brussels.

Birch believes banks could and should provide the service, adding that banking nowadays is essentially about data, not money.

Banks are even losing territory to third-party payment service providers, he said, with Chinese banks reportedly losing up to $500m this year in fees to service providers such as Alipay.

“However, the real loss to the banks was giving up the data because now they have no direct relationship with people and therefore not opportunity to provide value-added services,” said Birch.

“Banks are not places to store money; they are places to store data. And if they lose that, it is not clear what they are going to do.

“Therefore there seems to be an imperative to try to find a way for banks to play a role – and I believe it could be the key role – in the emerging identity space,” he said.

But according to economist Tyler Cowen and investment banker Matt Levine, in the next 20 years we might see a fight between financial institutions and social networks and decentralised blockchain builders over who gets to be the keeper and verifier of everyone’s identity.

“Social networks have the reputation calculus that is needed for the risk management of the future, which is why they are a potential threat to banks,” said Birch.

UK banks, he said, will be required to implement Open Banking by early 2018, with the top banks being forced to open up their application programming interfaces (APIs) to third parties, as previously reported by Computer Weekly.

Read more about identity management

“But the threat is not going to be from startup fintech [financial technology] companies, but from the likes of Amazon, Google, Facebook and Microsoft, who will all have access to those APIs,” said Birch.

“Once people can do all their banking in Facebook, and Facebook has API access to its users’ bank accounts, banks will [go from] being relegated banks to being heavily regulated ‘pipes’,” he said.

While organisations can make a lot of money out of being ‘pipes’, Birch said: “There is a world of difference between choosing to be a ‘pipe’ as a strategic option, and being forced to become a ‘pipe’ because the government forced you to open your APIs.”

However, Birch believes banks have another choice because they have the capability to create the infrastructure required to support identity services that are a better fit for the future than current systems, such as ING’s Itsme mobile app, that are merely digital versions of government identities.

Managing multiple identities

According to Birch, the world needs systems that address the complex requirements around identity, such as the need for multiple identities that certify only key attributes, such as being over 18, without revealing a person’s actual age.

It also needs systems that deal with the need to delete identities and replace them with others, such as people in witness protection programmes, the need to have anonymous identities for things such as signing up to adult entertainment sites, and the need to protect whistleblowers.

“For example, if a nurse wants to report a surgeon for being drunk on duty, there is a need for an identify system that could confirm that an individual is a bona fide nurse and qualified to make the report, but that there is no link back to the name of that individual,” said Birch.

“While banks are never going to make a living out of implementing mandatory services because there is no margin for opportunity, they can look at non-mandatory API services as a way of creating a [revenue-generating] business model.

“Some banks are looking at non-mandatory payment services, but a lot of banks are looking at non-mandatory, non-payment services to give them a distinctive position in the market, and I believe identity management falls squarely into that void,” he said.

In the light of the fact that banks have to implement identity services because of open banking and to comply with the revised Payment Service Directive (PSD2), Birch believes they should implement it in a “modern, sophisticated, forward-looking and intelligent” way to take on third-party competitors.

“A nice way of thinking about banks is as digital relationship managers because it underpins the transition to the gig economy,” said Birch.

One bank that is “heading in the right” direction, he said, is the Commonwealth Bank in Australia, which is running a pilot with Airtasker, a local online community market where people and businesses can outsource tasks, find local services or hire flexible staff.

“The scheme certifies that the person offering services on Airtasker is known to the bank, but does not reveal any other personal information. It provides the assurance that if something goes wrong, something will be done about it because somebody knows who the person is,” he said.

According to Birch, this is an example of how a bank can construct trust services that have immediate commercial value, but where no personal information is shared, providing a real example of how banks could play a key role in identity services.

Read more on Identity and access management products