Our Insights

FSC Technology Workshop Series – Digital Identity

Securing trust in digital identity is a growing global concern

Recent high profile coverage of data protection missteps (e.g., Facebook and Cambridge Analytica) has put digital identity concerns at the top of the agenda, particularly as corporations face stiffer regulatory requirements and clients demand greater control over personal information.

Financial institutions are well positioned to play a key role in the development of broadbased digital identity ecosystems and leverage the benefits of improved service offerings to clients. Trust, however, will remain a precious commodity - easily lost and difficult to regain.

Key insights

  • Maintaining trust will be critical for organizations to encourage their clients to share data
  • Industry is encouraged to play a more proactive role in setting standards and shaping future DI ecosystems
  • Trust in DI technology could spur the development of "digital twins" for human users

A new source of value

Once synonymous with cybersecurity technology and operational risk management, digital identity (DI) has assumed broader importance as a potential source of value for firms seeking to improve and personalize service offerings to clients.1 Building robust DI platforms is also viewed as an opportunity to improve the user experience, which is increasingly impacted by growing and more complex security demands.2 The ability to switch effortlessly between diverse and disparate interfaces with a unique digital passport is naturally appealing for consumers and businesses seeking to streamline the user experience, and governments seeking more efficient service delivery.

Handing control back to the user

Although digital footprints have grown exponentially, market participants have been slow to address DI challenges and develop frameworks that can empower end users to ultimately decide how and with whom they share their data. “The only person who should have ultimate control over my identity information is me," said Nick Giurietto, Australian Digital Commerce Association CEO, a participant at a recent Financial Services Council technology forum hosted by RBC Investor & Treasury Services in Sydney. “I should be the one who is aware of who has access to what attributes, I should have the ability to revoke that access, and provide consent to those I want to transact with. We are a long way away from that in the way we currently manage identity."

While internet users may become complacent about their personal data, a succession of high-profile cybersecurity incidents has raised awareness. The Cambridge Analytica incident, which impacted millions of Facebook users, has served to focus attention on the potential magnitude of such events. According to management consultant Gerd Schenkel, “The Facebook issue has done us a huge favour because it has accelerated consumer awareness. That was going to happen anyway but now it's happened in a big bang."

Maintaining trust with clients has never been more critical for organizations and is only expected to continue growing in importance as DI ecosystems develop. Consumers will not only demand stronger safeguards over their personal data but also insist on more transparency over its use and greater control over how its is shared. Organizations are urged to provide this “granularity of control" to users to build trust and encourage them to share information. “Out of that comes meaning," said Schenkel. “Meaning and trust are the two big drivers of future business models, and identity is the key platform for that."

Setting the digital framework

Discussion continues among technologists, governments, and privacy advocates as to the most appropriate framework for DI systems and who should set the parameters. Should personal data be centralized in government databases or outsourced to industry?

Through its Digital Transformation Agency, Australia is seeking to establish a "trusted digital identity framework" as part of its Govpass program, a collaborative effort between government, banks, and fintechs. Some see the project as limited in its ambitions, focusing on proof of identity capabilities, rather than building an ecosystem that can empower subjects to control and share data. “I firmly think that industry is not doing enough to build this future ecosystem at the moment," said Giurietto.

Consumers will not only demand stronger safeguards over their personal data but also insist on more transparency over its use

Financial services companies are nonetheless seen as well placed to deliver 'identity as a service', being already heavily regulated while boasting a long history of safeguarding clients' private data.3 Moreover, with the push towards open banking regimes in Australia and other jurisdictions, much of the technical work in building digital identity architecture is already underway. Open banking is likely to create the user habits and expectations “that people should expect from all industries," said Schenkel. “There is an aspiration to move beyond banking into other consumer services. I think banking as an industry will set those standards."

Travelling with digital twins

'Identity' is evolving to become an asset class and its underlying assertions may be best secured by distributed ledger technology given that it allows for unforgetable and publicly verifiable identity proofing," said Giurietto. This will have implications for asset managers and registries. “Identity, as a special class of assets will probably end up being maintained on blockchains, or at least the assertions about identity," he said. “That allows efficient trading using so-called smart contracts. We'll likely see an evolution of value transactions as well, away from bitcoin but towards some sort of a fiat-backed digital currency. The result will be an interconnected system for which identity is an anchor."

Building broad-based digital identity ecosystems will take time, but once clients are invested and confident enough to share their data, the potential applications are significant according to technologists. Digital twinning, the technology of driving improvements in real assets using virtual models, is one application that may proliferate when fully integrated DI ecosystems go live. Digital twins for humans could soon be ubiquitous in an increasingly automated and interconnected world. “There will be a collection of services around you," said Jan Zeilinga, director of Cyber Security Services at KPMG. “You will have automated cars and houses and multiple digital personas which means you'll always be connected through different devices, channels and services. That's why standards are important."

You may also like

Sources

1. KPMG (October 12, 2017) Why digital identity is now a board-level topic

2. The Economist Intelligence Unit (June 20, 2017) Digital identity - a precarious balancing act

3. Ibid.