How can we manage identities in the digital age?
Thursday 21 January 2016
We are on the threshold of a revolution in financial services - a findustrial revolution as it were - which promises extraordinary leaps in efficiency for all kinds of transactions. Finance is being redefined and challenged by small, agile fintech companies which specialise in the smart application of technological innovations to meet customers’ needs more efficiently and effectively than ever before.
Arguably the biggest obstacle to our society reaping the full benefit of this findustrial revolution is the issue of trust in transactions. When stock exchanges developed centuries ago, a handshake between (predominantly) gentlemen was considered enough to commit extraordinary amounts of capital to new economic ventures. When Jonathan’s Coffee House in the City of London developed into London Stock Exchange, its motto was (and still remains) Dictum Meum Pactum - my word is my bond.
Fast forward to the 21st century and we find a financial industry recovering from enormous reputational damage following not only the global financial crisis but a succession of trading scandals. We also find a society concerned increasingly about personal security, following high profile cyber attacks on business in an attempt to harvest customers’ personal data.
The secret to all of this therefore is to find reliable and secure ways to help people confirm their identities in the digital world and to manage their identities safely.
How can we prove how people are who they say they are?
The obvious example of the challenge is that favourite fintech buzzword: Blockchain. The opportunities afforded by distributed ledger technology enable everyone transacting in a market to see details of every trade undertaken: of who did what and when. The issue for this exciting technology - and the reason why its first appearance as the engine for Bitcoin has been so controversial - is that actors can hide behind false identities. The names they input into the system might not be what their mothers call them.
That is why the World Economic Forum is currently discussing how to bring Dictum Meum Pactum into the digital era. How can we prove people are who they say they are?
The WEF’s Disruptive Innovation in Financial Services Project has done a great deal in the past year to build consensus across some of the key players in this industry to agree a perspective on this complex and ambiguous subject. We have brought together banks, exchanges, regulators and other authorities to look at identity in the 21st century.
In the digital world, people might have as many identities as passwords. They will have multiple avatars for their online shopping accounts, their banking, their social media posts. Each of these they may manage separately.
Each identity has a number of elements. There are those characteristics which are unchanging - date of birth is one, but also there is biometric data and DNA analysis which can help to prove an individual’s identity. There is even your heartbeat signature. Then there are the identifiers provided by authorities: permanently assigned information such as passport and social security numbers. And there is an individual’s accumulated identity, which changes over time and is based on the individual’s behaviour: your digital footprint, for instance, or your credit score.
Your digital ID can therefore be a rich record of your behaviours and attitudes, then. Your spending patterns can be monitored and analysed to generate credit scores and then to agree credit loans. Your digital footprint might provide useful evidence for pricing more accurately your health insurance. Your associations with peer groups might indicate your likelihood of managing your finances effectively. Your behaviours might also indicate you are a “safe” person to provide financial services to, in a world with heightened risk of crime and illegal activities.
All of this information is theoretically possible to gather and can be attributed to your identity. But how should this be done? Who should be entrusted and empowered to do it?
Perhaps the best informed firms to manage digital identity are those with the richest store of information - those major retailers or smartphone providers which have high volume contact with their customers. They can compile and create a detailed picture of customer behaviour which can contribute to understanding an individual. Some of the earliest credit scoring companies were spun out of retailers, for example.
But of course individuals want to ensure they own this information - that it is accurate and that it is used responsibly in circumstances over which they have some control. Which is why this is a challenge that likely requires a broad system-like solution that cuts across both the public and private spheres, and importantly, is applicable across jurisdictions and geographies. A complete digital ID network if you will.
Imagine then if this network comprises every individual’s complete and authoritative digital ID report, of which they are the owners and gatekeepers. Your personal ID report would act as a completely comprehensive record of your ID attributes, with data fields automatically maintained and populated by trusted third parties. Your credit score would be provided by an independent authority for instance; a record of insurance claims maintained by your insurer; a criminal record maintained by the courts. And all in real-time. Imagine then that you permission access to this report on a field-by-field, attribute-by-attribute basis.
Your word would indeed - and unarguably - be your bond.
Once we have agreed as a society how we can and should manage our identities in the digital age, the Fourth Industrial Revolution can properly get underway. The future of finance and commerce may never be the same.
David Craig is president of Financial & Risk, Thomson Reuters’ largest division. This article originally appeared on the World Economic Forum blog, Davos 2016. It is published here with his permission. ■