Rob Behnke
December 19th, 2023
Identity verification and management are essential for many industries. This is especially true in the financial sector, where the ability to verify that someone is who they claim to be is essential to protect against financial fraud and theft of funds.
As the financial sector evolves and moves increasingly online, there is a growing need for digital identity solutions. Designing these solutions to be usable, accessible, and secure is essential to move the financial sector into the future.
Historically, identity management and verification have largely been a paper-based process. When a user wants to set up an account, they prove their identity using a driver’s license, passport, birth certificate, or similar document. After identity verification is performed, the user can set up authentication credentials that can be used to verify their identity in the future.
As the financial sector moves more toward the digital, this approach to identity verification and management becomes less effective.
Some of the major downsides of traditional identity verification and management include:
Inefficient Processes: Verification of physical identity documents is commonly performed manually. This is inefficient and time-consuming for both the financial institution and the customer.
Risk of Fraud: Paper documents are considered secure because they are difficult to forge. However, difficult does not mean impossible, and users may be able to open or gain access to financial accounts using fraudulent documents.
Challenging Remote Verification: Remote verification of physical documents can be difficult and may require holding a document up to a webcam or submitting a scan. As a result, it is easier for a user to submit fake documents as some security features — such as ultraviolet markings — can’t be checked remotely.
Limited Access: To prove identity with government documents, an individual needs to have those documents. This limits access to financial services to individuals who have and can produce the necessary documentation.
Traditional identity verification procedures had their issues but were usable when the majority of banking was performed in person. However, as banking moves online, the limitations of traditional identity verification can create significant challenges and make it more difficult for organizations to meet know-your-customer (KYC) and anti-money laundering (AML) requirements.
The financial sector needs the ability to verify a potential client’s identity before opening an account or performing transactions. Financial institutions have a couple of options for implementing digital identity management with modern technology.
One option for digital identity management is to transition from purely physical identity documents to digital ones. For example, a driver’s license, passport, or other government identity card can be updated from a plastic card to a smart card with an embedded chip.
Building these chips — which are already commonly used for tap-enabled payment cards — into government IDs enables them to store private keys and digital certificates on the card. These provide the ability to implement digital identity verification based on digital signatures and modern cryptography rather than manual verification of physical identity documents. User authentication can be further enhanced by implementing biometric authentication for users authenticating via these smartcards.
The European Union (EU) has implemented a European Digital Identity program designed to provide all EU citizens with a digital identity by 2024. In addition to storing the private keys and digital certificates needed for identity verification, the digital IDs will also store all other required identity documents, making it easy to prove identity and eligibility for financial services online.
Another option for implementing digital identity management in the financial sector is to use blockchain technology. Blockchains have built-in identity management, using digital signatures to authenticate every transaction before it is executed and recorded on the digital ledger.
This identity verification verifies that a transaction was performed by a particular blockchain account rather than tying it to the owner’s real-world identity. While this is adequate for blockchain transactions, it may not be enough for KYC/AML regulatory compliance.
Soulbound tokens are a special type of non-transferable token designed to track identity information — including real-world identity, membership in an organization, attendance at an event, etc. — on the blockchain. If a user has undergone traditional KYC/AML and received a soulbound token from a KYC/AML provider, that token can be used to verify the user’s identity for all future transactions without the requirement for each individual organization to perform its own identity verification process.
The move from traditional, physical identities to digital identities may be driven by the increased digitalization of the financial sector. However, making the move also provides several potential benefits for a financial institution and its clients, including:
Enhanced Security: Digital identity solutions rely on digital signatures for identity verification. This offers improved security and fraud prevention when compared to traditional methods of identity verification.
Improved Efficiency: Digital identifiers can be immediately and automatically verified. This simplifies the process of confirming user identity before opening an account or performing financial transactions.
Regulatory Compliance: Traditional identity verification documents can be forged, which can undermine KYC/AML efforts. Digital certificates are unforgeable without the proper private key, making them a superior solution for regulatory compliance.
Digital identity solutions are increasingly vital for financial institutions. As online banking and other financial services become more common, traditional methods of identity verification are increasingly ineffective and not fit for purpose. Digital identity solutions offer the potential to more securely and efficiently verify a user’s identity remotely before allowing them to open an account or perform a transaction.
All modern digital identity solutions are based on digital signatures; however, financial institutions have options for how they can implement the required infrastructure. One option is to use a centralized identity provider — such as the EU — to provide digital identities for all citizens. Another is to build on blockchain technology to create a more decentralized identity management solution. The right choice for a financial institution likely depends on its use cases and the options available to it.