Regulating identity
As different types of identity verification techniques are introduced, it remains to be seen the extent to which banks will move towards partnering with other entities, whether government or commercial, to offer collaborative identity solutions.
Ville says: “When we consider the usage and sharing of identity data in broader networks, from a regulated bank perspective this becomes a question of liability and customer consent. For example, if a customer would like to share a certain identity or other personal attribute from their bank, this is all fine and well as long as the technical capabilities of doing that in the future are in place. The bigger question here is what is the liability of the bank as a financial institution when they give that attribute to a third party with their customer’s consent? These things have to be very clearly defined. For example, if that attribute is being used by a third party to secure a transaction, we have to be 100% clear that every participant in this chain has the same understanding about what the liabilities are related to using this data.”
The evolution of broader identity networks also involves concepts such as self-sovereign identity (SSI), which argues that a person controls their own identity across all areas and touchpoints of their digital persona. By managing all of the aspects related to their digital identity themselves, the goal is for a person to operate with the same level of trust and freedom as they have in the physical world.
Ville adds: “SSI is one of the most interesting questions for financial institutions in the near future. We’ve already seen some of the global networks in the SSI space been to a large extent dismissed by financial institutions due to the fact that it’s impossible to control risk on a global level. However, building verified data networks at a national level from the ground up based on local laws and local trust mechanisms creates a very strong foundation for doing this in a sustainable and regulatory compliant way. As national networks get up and running, interoperability offers the possibility of joining different regions together to grow organically connected identity networks. European level initiatives on SSI can play a key role on the path towards interoperability. Especially from a Nordic standpoint, connecting our upcoming national networks with other European networks in the future is a great opportunity to build an interoperable data economy in this region. If we’re able to find interoperability across these networks at the EU level that’s a good stepping stone towards maybe one day having some kind of a functional global network.”
Know Your Customer, Know Your Device
With the average customer now accessing their banking services on more the one device, banks will be able to develop more nuanced approaches to the level of trust attributed to different digital identities.
Ville says: “If banks have good information on their customers and their personal attributes, one of the extensions of those attributes should be linking them to an array of different kinds of devices. Those devices could have different trust levels and depending on, for example, the kind of software being installed on them, again with the customer’s consent, banks could use that data in order to take them up the ladder in terms of trust levels as they access different kinds of digital channels. Know your device or understanding the digital fingerprint and trust level of devices is obviously important and is going to be an interesting area of growth for managing customers profiles in the future.”