Identity Management and the Future Role for Banks

othiriondebriel's picture

A large percentage of our lives is now conducted digitally (both on a personal level and at work), and this is set to continue with our demand for speed and convenience. This means there are billions of digital identities stored in many different systems with varying degrees of security, and cybercriminals are devising more sophisticated methods to leverage any weakness.

In a 2018 Global Economic Crime and Fraud Survey by PwC found that 64% of respondents said losses due directly to their most disruptive fraud could reach US$1 million. 

If the upwards trend in identity theft continues, we will need a more logical approach to identity access management (IAM) that balances convenience with security, especially considering PSD2 and the directives for greater consumer protection along with the growing importance of Open banking trend. As banks have a proven track record regarding storing and protecting customers’ identities, perhaps we should look to them to become central ‘holding tanks’ for digital identities.

Identity management models

There are three models of identity management: internal, centralized and distributed. They all have good and bad points.

Internal identity management

This is the typical model where a single organization provides and manages the identities for its employees to gain access to various internal systems, physical access and other internal services. The organization calls all the shots as to how an ID is created and used. There is no centralization across the ecosystem, so users will have multiple identity credentials to keep track of, in addition to identities they may need outside of work, such as bank logins.

Centralized identity management

A more user-friendly model is centralized, where a single organization (including governments) acts as an identity provider that authenticates users to everyone else in the system. The national citizen register in the Netherlands uses this model.

The beauty of centralized ID management is that multiple application providers can be accessed by the same user identity, which streamlines service delivery—more convenient for users as it reduces the number of identities needed. It provides a single version of the truth, and a complete, accurate and standardized view of non-confidential data across different users.

Having just one location for all that data can be risky, depending on the security initiatives implemented. If users lose trust in the system, even without just cause, reputations can plummet.

Distributed identity management

This is an interesting model for identity management, as multiple identity providers share information with other providers within their ecosystem. In the TUPAS system in Finland, banks act as identity providers, so that a user’s bank credentials provide access to a wide range of services from other providers.

This model provides users with a convenient ‘digital wallet’ of credentials, meaning they don’t rely on information from a single provider. The downside is that the information from different identity providers isn’t standardized.

Where banks come in

As financial institutions already have their customers’ trust as a provider and manager of secure identities, it’s a logical step for them to lead the way in identity access management across a distributed ecosystem. In light of PSD2, ID protection is even more vital, and who better than banks to share data securely? This extension from authentication into identification seems like a natural and logical move for the banks, they will need an optimized infrastructure that offers:

  • the right authentication platforms for federated identities
  • a layered authentication approach using advanced threat detection capabilities, complying with PSD2
  • cost effectiveness
  • lower risk
  • a platform that builds trust
  • an appealing user experience

Choosing the right partners will be crucial and it’s in the best interests of financial institutions to consider new approaches to engage new and existing customers.

Resources

For more information on how HID Global is helping financial institutions, feel free to consult the following resources:

Webinar – Open Banking and the Challenges to Implementation

White paper – The Role of Digital Identity in the Future of Banking