Digital identities in financial services: navigating risks and seizing opportunities

In an era marked by rapid technological advancements, the financial services industry finds itself on the precipice of a transformative shift: the emergence of digital identities. As traditional bricks-and-mortar banking now exists alongside seamless online experiences, the concept of digital identity is gaining ever greater significance.

The dawn of digital identities

A digital identity is akin to an online passport or ID card. It's a way for an individual to prove who they are when using the internet or digital services and helps websites, apps, and online services know that you're really you.

In the context of financial services, digital IDs are the electronic representation of an individual's identity, often verified through a combination of personal attributes, biometric data, and other unique markers. This evolution has been driven by the increasing prevalence of online transactions, remote account access, and the need for enhanced security measures.

Opportunities abound

There are many advantages to recognising and promoting the adoption of digital identity technology in financial services including:

Enhanced customer experience

Digital IDs facilitate frictionless onboarding processes, eliminating the need for customers to physically visit branches and wait in lines. This results in a seamless and efficient experience that can significantly boost customer satisfaction and loyalty.

Improved security

Leveraging biometric data and multi-factor authentication, digital IDs offer robust security measures that are more resistant to fraud and identity theft compared to traditional methods of verification.

Streamlined operations

Financial institutions can streamline their operations by automating KYC (Know Your Customer) and AML (Anti-Money Laundering) processes through digital identity verification, reducing manual workload and human error.

Financial inclusion

Digital IDs enable easier access to financial services for individuals who may not have access to physical bank branches, promoting financial inclusion and economic empowerment.

Navigating the risks

While the benefits are enticing, the adoption of digital IDs is not without its challenges. Banks and financial institutions must be vigilant in addressing these risks to safeguard their operations and protect customer trust. Key risks for financial institutions include:

Data privacy and security

The collection and storage of sensitive personal data raise concerns about data breaches and cyber attacks. Robust encryption, regular security audits, and compliance with data protection regulations are paramount.

Identity theft

If not properly secured, digital IDs can become targets for cyber criminals aiming to steal personal information. Financial institutions must employ state-of-the-art authentication methods to prevent unauthorised access.

Technological vulnerabilities

Relying heavily on technology exposes financial institutions to vulnerabilities arising from software bugs, system malfunctions, and hacking attempts. A robust IT infrastructure and proactive security measures are essential.

User acceptance

Convincing customers to adopt digital IDs requires a high level of trust. Institutions must educate customers about the benefits while addressing concerns about data privacy and security.

The role of regulation

Banks and financial institutions need to navigate an evolving legal landscape around using digital IDs.  While the compliance burden can seem daunting, this landscape can also provide a degree of certainty leading, hopefully, to higher consumer trust and greater user take up.

Standardisation

Regulatory frameworks can establish standards for digital identity verification methods, ensuring consistency and interoperability across the industry, leading to more use cases and more users.

Compliance

Clear regulations can aid financial institutions in meeting compliance requirements relating to data protection, privacy, and customer due diligence. This protects both institutions and customers from potential legal and financial repercussions.

Accountability

Regulations can hold institutions accountable for safeguarding customer data and ensuring proper authentication processes. This deters negligence and encourages a responsible approach.

Trust

Earning customer confidence is key to the success of digital identity solutions and legislation and regulation can play a big part in developing this by making sure customers are informed and have rights if things go wrong. For example, the draft European AI Act aims to foster citizens' trust in AI-based applications and systems and the European Digital Identity Wallet (explained below) also aims to strengthen citizens' trust through comprehensive security measures by design, many of which align with GDPR standards (such as privacy by design and privacy by default, prevention of user tracking and purpose limitation, as well as the principle of data minimisation).

Innovation

Despite fears that over regulation will stifle innovation, if it is clear and pitched appropriately, it can provide a framework that encourages the development of secure and innovative digital identity solutions, driving the industry forward while minimising risks. Digital IDs are, for example, key to using accounts on Web3 and metaverse applications.

EU position: European Digital Identity Wallet as part of the new European digital identity framework

As part of Europe‘s '2030 Digital Compass: the European way for the Digital Decade’ program, the EU has built on the existing Regulation on European Electronic Identification and Trust Services (eIDAS Regulation) and proposed a new European digital identity framework. One of the central parts of this new framework (currently in draft) is the so-called European Digital Identity Wallet (EDIW/EUiD-Wallet). The EDIW securely stores not only identification data of EU citizens, but also electronic attribute certificates such as driving licences, certificates or health certificates, and makes them accessible to public and private bodies on request. According to the responsible Committee on Industry, Research and Energy (ITRE), the EDIW should be free of charge for all citizens but there should be no disadvantage to those not wanting to use it.

The recitals of the proposal explicitly state that the new EDIW should be designed (among other things) to secure the electronic identification of customers and the exchange of specific attributes necessary to comply with customer due diligence requirements under AML regulations. It should also support the fulfilment of stronger customer authentication requirements for financial services logins and transactions in payment services.

The EDIW is clearly intended to be used by the financial sector: simplifying the application for a bank loan is a key use case as highlighted by the Commission. The EDIW will streamline the application process because the customer will be able to send the required documents (identity data, credit rating and income statement) directly to the bank via the EDIW, without sending in paper documents or having to attend a bank branch in person.

The EDIW should make it easier to comply with EU financial services regulations and provide a better and safer customer experience for those in the EU.

Scandinavian countries leading the way

While the technical and regulatory implementation of the EDIW is still being debated in the EU Member States, some have had an accepted and reliable digital identity solution in place for a long time. For example, Denmark and the “NemID” system (replaced in 2021 by the “MitID” system). This system is based on a private partnership collaboration between Danish banks and the public sector. More than 90 percent of the Danish population between the ages of 16 and 90 use the system today. In Sweden, customers have been using digital identification solutions for more than 20 years to conduct banking transactions, sign documents or even buy train tickets online.  The European Commission is clearly hoping that the EDIW will facilitate wider take up across the EU given nine out of ten bank customers bank online, and physical mail is used increasingly rarely.

What's next for digital identities?

The explosion of AI-enabled tools adds to the exciting mix of verification products and services now available. AI tools can more readily detect fraudulent documents by tracing watermarks and microprinting. However, AI can also be used to deceive through incredibly well-structured deep-fakes, although ironically, it is also AI which may best equipped to perform 'liveness' checks to combat such creations. This is recognised in the draft EU AI Act that particularly mentions the use of specific AI systems to detect deep fakes for law enforcement agencies.

The emergence of digital identities presents a revolutionary shift in the landscape of financial services. While risks such as data breaches and identity theft loom large, the benefits of enhanced customer experiences, improved security, and operational efficiency cannot be ignored. Through a combination of robust security measures, customer education, and proactive engagement with regulatory frameworks, banks and financial institutions can harness the power of digital IDs while mitigating potential risks. As the industry evolves, those who adeptly balance innovation with responsibility will undoubtedly thrive in this new era of finance.