EXCLUSIVE: ‘A question of trust’ – Rod Boothby, Santander in ‘The Fintech Magazine’
Rod Boothby, Global Head of Identity at Santander and Co-chair of the Open Digital Trust Initiative, believes banks hold the key to restoring broken confidence in an online world. Now, he’s asking them to mobilise to fix it
Who do you trust to vouch for you? Your government, your doctor, a solicitor? How about your bank? By the end of next year, millions of us could be looking to the organisations we deposit our money with to be the custodians of what is, arguably, a much more valuable asset – our digital selves.
The Open Digital Trust Initiative is being steered by the Institute of International Finance and the OpenID Foundation, which have built a coalition of organisations across the identity community, to create a global digital trust infrastructure that hopes to assign a new role to regulated entities – financial institutions principal among them.
It’s called the Global Assured Identity Network (GAIN) and it maps out a way for banks and others to offer digital trust services via APIs. To be clear, that’s not just for banks to act as gatekeepers for our identity in relation to financial services, but also delegated responsibility to confirm we can travel across borders, access health services and much more.
Why should banks take on the mantel?
According to Rod Boothby, global head of identity at Santander and co-chair of the Open Digital Trust Initiative, because they already have what it takes to execute on possibly the most important mission of all – ‘to deliver truth and trust while allowing people to protect their privacy’. And they can do it by leveraging their existing electronic know your customer (eKYC) and strong customer identification capabilities, as well as the confidence invested in them by public and business.
“Banks treat your identity as an asset and they can provide a custodial service to protect it, just as they provide custodial services to protect your cash or your stocks, because it’s your property,” says Boothby. “By delivering this [identity-as-a] service, we hope to reduce the challenges we see globally around whether or not people are who they claim to be online – and that covers everything from annoying spam messages, to catfishing on a dating site and spreading misinformation via social media.”
The aim is to deliver what is, in effect, ‘financial-grade’ identity assurance alongside a dramatically-simplified user experience that’s characterised by far fewer passwords and forms. GAIN will be made possible by a new standard for verified data sharing services, developed by Santander and built on top of OpenID, the protocol that’s used billions of times a day by people across the world to log into platforms such as Facebook and Google.
It will allow banks to securely transmit information related to customers in three circumstances: to verify a customer’s identity, the bank simply confirming the client’s name and other basic identifying information to a third party; to share a summary of the information but not the private data behind it – for example, to confirm a person is old enough to buy alcohol but not revealing the date of birth; and to confirm and fully share verified data.
All of the above would only be initiated with the customer’s consent, but the potential use cases that could be built on top of such a global standard are myriad – think applying for a product and getting the best deal based on your profile characteristics; enjoying a simplified vetting process when renting accommodation or applying for a job; even helping to select the right profiles for you on a matching platform; or simply proving you can act on behalf of your company. It’s ideas like these that Boothby hopes to explore further during Sibos.
“Every time new standards are created, huge new value is built on top; many players come forward to provide all sorts of services,” he says.
To deliver those across borders will require partnerships, of course – hence the importance of building out the network.
“There are huge partnership opportunities to help bring this to market,” says Boothby. “For example, if you have a small company, you don’t want to sign contracts with 2,000 banks globally; you want to work with an entity that brings all the banks to you – a broker or aggregator. And those organisations could work in domain specific spaces, like healthcare, facilitating information around insurance and payments, travel or even managing vaccine status.”
Banks have collaborated to build mutualised infrastructures before – transaction rails for trade, cards, digital payments and securities. Identity is now, as the Institute for International Finance, recognised when it co-published the GAIN white paper in September, the next such ‘critical frontier for the global economy’.
Boothby believes that, with this new purpose, banks could not only address several of the threats currently undermining their status – namely disintermediation and fragmentation of financial services – but also turn the security and compliance cost centre into a revenue stream, countering the effects of the unlevel playing field caused by how some aspects of open banking are being implemented.
Thus, for banks, facilitating truth, trust and protection could be seen as not just a moral imperative, but also a business one. The idea of banks collaborating over identity flows isn’t entirely new. Although confined within regional borders, there are several forerunners for a trust network operated by banks: Sweden and Norway have the almost universally-adopted BankID, Germany has the Yes network, Belgium has Itsme, and 17 million Canadians access federal government services via Verified.Me.
“In Sweden or Norway, when you go to a website, instead of clicking ‘log in with your Google ID’ or ‘log in with your Facebook ID’, you click ‘log in with your BankID’,” says Boothby. “A message on your phone from your banking app asks if you really want to log in, and, if you’re registering for a site, if you want to really share that information with it. Usually, the bank will be able to reduce the amount of information that is shared. For example, in the UK, if you want to buy a lotto ticket, the National Lottery needs to know only two things; that you’re a UK resident and that you’re 16 years or older. That’s it. They don’t need your name, your picture, your biometrics; they don’t need to know your address.
“We want to create this simple, easy flow, where you can bring your identity wherever you go. You no longer have to spread your identity information everywhere; instead, you have the choice as a consumer to work with an institution that you trust, an institution that doesn’t resell your data.”
While there are obvious privacy advantages for consumers, using banks to validate a business’ identity could benefit the economy, too.
“If I want to order goods from a company in a different country, and a bank in that part of the world can say ‘this person with a widget factory is trustworthy’, I can order widgets from them in confidence, knowing they’ll deliver,” says Boothby. “This levels the global playing field. Businesses do not have to give a cut of their profit to some big online company to distribute things for them. Instead, they can go direct to their counterparties.”
Importantly, it could address the rising, and seemingly unstoppable, tide of online crime targetting businesses and customers daily. The United Nations estimates that money laundering, alone, is equivalent to two-to-five per cent of annual global gross domestic product (GDP).
“The amount lost to financial crime and money laundering is stunning and facilitates all sorts of damaging activities,” says Boothby. “So, how do we create an environment where the individual has better control over their information and people don’t constantly feel they are under threat?
If we get this right, this standard will mean you can be certain you’ve reached a specific person who’s made a decision, and that the data they’ve shared with you is bona fide,” says Boothby. “They really are the CEO of that company and can sign legal agreements on its behalf. They really are in accounts receivable, that is a real invoice, and those are real payment instructions. They really are from a company‘s call centre and are trying to help you.”
The urgency now is to persuade financial institutions to collaborate to deliver that trust with global reach; to bring about, as the GAIN white paper describes it, a fundamental shift in the digital economy.
“This is an open and free standard and we’re hoping many will want to learn about it,” Boothby adds. “We have huge challenges around identity and need participants to join us in solving them.”
This article was published in The Fintech Magazine #22, Page 12-13
People In This Post
Companies In This Post
- Trovata Moves Upmarket with Multibank API Integration Available to SAP and Oracle Customers Read more
- Invesco Advisers Announces Portfolio Management Changes for Invesco Municipal Closed-End Funds Read more
- Guardz Launches AI-Powered Multilayered Phishing Protection To Secure SMEs Read more
- Andorix Deploys HFR Networks’ Time Sensitive Networking Switch to Deliver Converged In-Building Services Read more
- Codego Launches the New Era of Crypto Gift Cards Read more