Digital infrastructure allows financial institutions to verify identities without relying on face-to-face meetings or physical documentation.
The COVID-19 pandemic has made clear the business advantages for those banks that don’t need to rely on branch networks to onboard clients and process transactions.
DigFin recently wrote about the need for digital identity databases that can be safely shared in order to fight money laundering.
But digital identity goes further than preventing crime. It is increasingly the key ingredient to making cross-border payments seamless, cheap, and ubiquitous – while still keeping transactions an attractive business for banks.
To achieve this requires a trusted and secure infrastructure. Get that right, and banks can tackle a range of problems, including know-your-customer checks, detecting fraud, and defending against cyberattacks.
Foundations
Sopnendu Mohanty, chief fintech officer at the Monetary Authority of Singapore, told the recent Sibos conference audience that digital identity is foundational for any digital economy. “The future economy will run on digital rails,” he said, noting the success of Singapore’s MyInfo identity system in helping banks and other institutions conduct quick onboarding and payments services, based on customer consent.
The good news is that more governments are looking to build their own digital infrastructure – with the Hong Kong Monetary Authority now charging ahead on its own digital infrastructure plans, as DigFin reported.
But these projects create challenges of their own.
“Identity matters,” said Dakota Gruener, San Francisco-based executive director of ID2020, an organization dedicated to fostering digital identities worldwide. “It dictates what rights and services and can or cannot access,” such as education, healthcare, voting, and financial transactions.
Yet one in seven people worldwide, about 1.1 billion people, can’t prove their identity in our current systems. They are excluded from the modern economy, Gruener said at Sibos.
Trust
From a banking perspective, the challenge is how people and organizations can trust one another in the digital realm.
Rod Boothby, global head of identity at Santander in San Francisco, says the ubiquity of spam, phishing emails, fake information and misinformation make it hard for banks to undertake big projects like reacting to climate change or serving excluded populations.
The advent of digital identity systems is helping, though. Boothby cited Norway’s BankID system, in which people or companies use their banks to prove their identity online.
“That has reduced fraud from 1 percent of transactions to 0.00042 percent of transactions,” he said. Eventually such screens can be applied to anti-money laundering screens or other barriers to trade finance and other services.
In practice, this means a system like BankID allows people to prove their identity without revealing sensitive information. For example, a vacation rental host doesn’t want to have to hand over utility bills or a driver’s license in order to assure guests they’re legit. Instead, the host can direct inquiries to a bank, or a company operating on its behalf, such as a telco or power company.
Gruener points to a pilot program ID2020 is running in Bangladesh in which proof of vaccination is being turned into a digital identity. “Only 20 percent of kids in Bangladesh get a birth certificate,” she said, “but most people receive a proof of vaccination, which can be turned into a proof of identity.”
Databases
Then in places like Singapore, Thailand, and India, the governments have built full-blown digital ID databases that banks and other organizations can leverage for payments.
For example, Singapore’s MyInfo is an electronic KYC system that all local banks now use for customer onboarding, and to let customers aggregate a view of all their accounts. The system is now testing new use cases, such as healthcare information. It’s also working on ways to ensure consent is simple and clear – a work in progress, but there are now 3 million residents (about 60 percent of the population) using MyInfo for a variety of routine tasks.
Many countries are now racing to build digital ID infrastructure. Even in advanced societies like Singapore, there’s no one-size-fits-all solution. “No one technology company or government can deliver this for all use cases,” said Alan Lim, head of the financial infrastructure office at MAS.
Any digital infrastructure has to involve multiple stakeholders, with some means of orchestration, be it centrally or via authorized actors like banks.
Compatibility
This creates a new challenge: compatibility. Coordinating all the necessary components in a national system is hard enough. The task becomes very difficult when it crosses borders. Infrastructure can’t sync due to different laws for data ownership, personal data protection, and the inability of national systems to talk to one another.
“There’s a lot we need to harmonize,” said Lim.
Singapore’s MAS has been working with other countries to make some progress. Singapore and Thailand have connected their domestic payment systems, so that a person in Singapore can send money instantly to someone in Bangkok using just the recipient’s Thai mobile number. And vice versa. This is slashing remittance costs for Thai workers from as much as 15 percent of a transaction down to about 3 percent, says MAS’s Mohanty.
This is possible because both countries have digital identity infrastructure underpinning their payment networks.
Singapore is now looking to tie its PayNow payments network with India’s United Payments Initiative, its payment stack on top of its digital identity database.
The world is too big and complex to assume Singapore’s system will connect to everyone (although that would solve many headaches). We are still a long way from a digital infrastructure as global as SWIFT’s messaging system for payments.
Systems
There are some frameworks that are becoming best practice, but these will vary based on whether a system is operated centrally by the government, or left to market forces; and whether they cohere around just a single national identity format, or if they are built to include multiple types of ID.
Most people have various things that can serve as ID: a driver’s license, a credit card, an office key card, a vaccination document. Each has its uses in different contexts. “National digital identity is an important credential, but it’s only one,” Gruener said, advocating for standards that allow people to use multiple forms of credentials.
She acknowledges this gets confusing when there’s also a need for proving different credentials belong to a user, but she says this requires building infrastructure so these things can complement each other. “Credentials, proofing, and national ID are all different pieces of the puzzle,” she said.
Lim says MAS has developed a national-ID template involving users, the service providers (which he calls Relying Parties, such as a bank), and identity providers. All three parties share a network that lets them exchange information in a trusted manner, with the aid of biometrics, one-time passwords, and other tools.
Lim outlines several design challenges:
- Trust: cybersecurity has to be effective, protective of user privacy, and educate people on how to protect their own account.
- User-centric design: Privacy, user control, accessibility, and inclusivity are just as important as make it slick and efficient.
- Portability: Users need to be able to present various proofs (to enter a bar might require both an age check and a vax check), and use those across different types of services (a bar, a bank).
- Interoperability: a common language that all service providers can understand is critical to enable identities be used abroad.
- Governance: it’s essential that a system have a legal framework, technical agreements, and standards regarding data collection, data sharing, and commercial uses.
Although these systems will vary across polities, industry practitioners agree that digital infrastructure is a public good that requires government initiative. It’s the critical building block to payment rails, systems for clearing and settlement, open banking, data exchange, and credit scoring.
There are plenty of use cases in rich countries, such as making payments, invoices, purchase orders and billing seamless and accessible. The biggest gain will be in emerging markets: India is an example of leapfrogging the Western status quo with its digital identity system.
“Digital ID lets people in emerging markets participate in the global economy on a level playing field,” said Santander’s Boothby.