During the last few years, many of our daily activities went through drastic changes due to the growing digitalisation. Nowadays, the way we interact with each other, perform errands, participate to civil society, and, of course, the way we do business is very different compared to ten or even five years ago.
If one has to pick the most impacted sectors, retail and finance (especially in relation to digital payments) are probably the ones to look at. Think, for instance, to the online shopping business. A decade ago, consumers considered buying online a futuristic and, most likely, not reliable feat[i]. Today, many people will happily ditch their local store in favour of online shopping platforms (or online enabled shopping experiences) when confronted with a better offer[ii].
The current environment originated from a number of factors. First, we have to consider the change in the cultural background of the people. The new generations (like Millennials and Generation Z) are well versed in technology and most of their daily living revolves around it[iii]. Second, the massive and widespread penetration of mobile devices enabled seamless and user-friendly experiences. A growing number of people is now used to this kind of user experience, and they do expect it from the services they buy. Third, there is a mounting regulatory pressure in the financial sector, with particular regard to the Eurozone. Regulatory evolution and the subsequent requirements arising from the new Payment Services Directive (also known as PSD2) are pushing for a more open digital financial market. In particular, when looked in the context of other norms, such as eIDAS, the General Data Protection Regulation (GDPR) and the Network and Information System Directive (NIS Directive), it appears clearly that the European regulators are accelerating toward a Single Digital Market, which will bring many changes to the financial sector as well[iv].
As already said, in the context of the wider financial sector the area that registers the highest degree of change is that of payment. Some non-financial players have indeed entered this market with a number of Fintech solutions that seem to be widely appreciated by the public. International brands like Apple and Samsung introduced their smart payment services[v], along with local start-ups (like the Italian Satispay), which are enjoying a roaring growth as well[vi]. This indicates that the users are not only ready, but also eager to adopt smart payment solutions and drop traditional payment methods like credit cards and money transfers[vii]. In this scenario, traditional players such as banks and insurance companies are still relatively lagging behind. One of the solutions to bridge the gap between expectations and service offering might be to foster the adoption of digital identity solutions and to leverage their full potential.
The concept of digital identity carries a number of benefits for both users and companies. In 2018, the International Telecommunication Union published a document that contains a non-exhaustive list of the most prominent ones such as improving the convenience of users, improving service delivery, lowering the cost of service delivery, creating new revenues opportunities, and enhancing security[viii].
Even though the topic of digital identity is now prominent in many debates about future technologies and digitalisation, it is a relatively dated concept. The idea of digitising identities is old as the internet, if not as old as the concept of computer itself. Throughout the years, this concept grew steadily, following the evolution of the technological environment. The boom of social media drastically moved forward the notion that users online should be somehow identified, although the real pioneer in this field was the Estonian Government, which in 2002 established the first national digital identity scheme in the world[ix].
But what are, precisely, the benefits for the financial sector, and why is digital identity so important? To answer this question, we have to consider what lies at the heart of every financial transaction (not involving cash), which is trust. Users literally entrust financial institutions with their money and to intermediate for them in interacting with other users. Users feel confident in doing so because financial institutions built a solid reputation around their capabilities to prove the validity of financial transactions[x]. Financial institutions are, in the end, providers of trust and some major players in the financial arena, like Mastercard, decided to use this concept to spearhead their entrance in the digital identity arena[xi].
In the day-to-day context of cash-transactions, users do not necessarily need an intermediary to guarantee the validity of the transaction. Everything is performed face-to-face. However, following the significant increase in non-cash payments and non-cash transactions[xii] due to the introduction of digital channels, the landscape has changed. Merchants, in particular, need to verify the identity of person buying their goods with a high level of confidence. This is exactly where financial institutions can play a prominent role.
Compared to other players in the field of identity, financial institutions have clear advantages. As their traditional business already require them to verify the identity of their customer with a high level of assurance, they have the means to translate such a level of assurance into a “commodified trust”. This is something that other companies such as the Fintech companies described above, or social media juggernauts like Facebook and Google, cannot (yet) do. Consider the following example. John Doe wants to buy a bottle of wine from the website of his local liquor store. The shop needs to verify the age of John before performing the payment. Now, both the identity provided by a bank and that provided by other companies indicate the age of John. However, it is more likely that the identity issued by the bank will have a higher level of assurance, since the identity enrolment procedures for banks are stricter and usually involve the verification of nationally-issued IDs. Hence, the shop can have more confidence that John has reached the legal age for drinking alcohol and sell him the desired goods.
Financial institutions, though, are not the only players capable of providing high level of assurance for identities. There is at least one other category, this being national authorities. Most likely, a national authority will have the means to provide for the highest level of assurance an identity can have. However, even when compared to these national actors, financial institutions still have the upper hand. Indeed, even though national digital identity schemes might be extremely reliable (in terms of level of assurance), they are very often limited to a specific country. Cross border digital identity systems are rare and complex to be implemented. On top of the already intricate technical issues, national authorities willing to make their systems interoperable have to face legal and political obstacles. Some supranational authorities are trying to work out the problem, such as the EU with the eIDAS regulation[xiii] and the STORK project[xiv]. However, a real global digital identity initiative is still far from becoming a reality. These constraints apply to financial institutions as well. However, it will be relatively easier for them to establish international identity schemes trough global partnerships with other actors. The flexibility granted by the B2B model enables them to build real international networks their customers can rely upon.
Lastly, an additional yet crucial element makes financial institutions a potential candidate to implement digital identity schemes. One of the key success factor for digital identity is to reach critical mass in a two-sided market. End-users will enrol in the digital identity scheme only if there is a clear value in doing it. The value comes from the participation of service providers to the digital identity schemes. However, service providers will not invest resources if there is no certainty about the share of users they can target (i.e. the name of end-users in the digital identity scheme). Since financial institutions are already well positioned in this two-sided market, they can act as intermediaries. By offering digital identity services to both of the sides, they can ease the matching of demand and supply.
As described, digital identity is becoming pivotal in the context of digital payments and transactions and financial institutions have all the characteristics to become the go-to solutions. In some countries, such as Canada[xv] and Sweden[xvi], financial institutions already play the role of main digital identity provider. However, this should be seen as a starting point. Providing digital identities with a high level of assurance can become the bedrock for new services and new offerings to the clients. For instance, financial institutions can collaborate with operators in other fields (such as e-mobility, e-health, e-government, etc.) to create a really integrated and seamless holistic experience, and promoting the advantages of digital identity beyond the mere financial sector.
AUTHORS
Andrea Rigoni – Partner Deloitte Risk Advisory
Alessandro Ortalda – Senior Consultant Deloitte Risk Advisory
[i] Data shows that it was not until 2017 that the e-commerce share of total global retail sales surpassed the 10%. https://www.statista.com/statistics/534123/e-commerce-share-of-retail-sales-worldwide/
[ii] See, for instance, a comparison of purchases from online and physical stores on Black Friday in Australia in 2017 and 2018. https://www.statista.com/statistics/943803/black-friday-purchases-online-physical-stores-australia/
[iii] https://www.inc.com/ryan-jenkins/how-to-secure-millennial-spending-with-mobile-payments.html
[iv] https://ec.europa.eu/transparency/regdoc/rep/1/2018/EN/COM-2018-772-F1-EN-MAIN-PART-1.PDF
[v] https://www.auriemma.group/apple-pay-makes-up-77-of-mobile-payments-among-debit-card-users/
[vi] https://www.ilsole24ore.com/art/finanza-e-mercati/2018-08-10/pagamenti-digitali-satispay-si-allea-cse-ed-entra-30mila-pos-173750.shtml?uuid=AE4SduZF
[vii] https://ricerca.repubblica.it/repubblica/archivio/repubblica/2019/01/14/satispay-arriva-a-quota-mezzo-milione-di-clientiAffari_e_Finanza22.html
[viii] https://www.itu.int/en/ITU-D/ICT-Applications/Documents/Guides/ITU_eID4D_DIGITAL%20IDENTITY_ROAD_MAP_GUIDE_FINAL_Under%20Review_Until-05-10-2018.pdf
[x] https://www.linkedin.com/pulse/why-financial-institutions-fis-drive-digital-id-rob-galaski/
[xi] https://www.mastercard.us/content/dam/mccom/en-us/issuers/digital-identity/digital-identity-restoring-trust-in-a-digital-world-final-share-corrected.pdf
[xii] https://cashessentials.org/app/uploads/2018/07/2018-world-cash-report.pdf
[xiii] https://ec.europa.eu/digital-single-market/en/trust-services-and-eid
[xiv] https://ec.europa.eu/digital-single-market/en/content/stork-take-your-e-identity-you-everywhere-eu
[xv] https://securekeyconcierge.com/
[xvi] https://www.bankid.com/en/om-bankid/detta-ar-bankid lock
