EXCLUSIVE: “Knowing me, Knowing You” – Stacey Wilkinson, NatWest in ‘The Fintech Magazine’

As NatWest rolls out a digital ID service for its customers, Stacey Wilkinson explains why bank-led identity solutions are a natural evolution of FS

Question: who probably knows more about you than anyone else – even closest friends and family?

Answer: Your bank. Why?

Because, as regulated institutions, we have long expected our banks to uphold the highest standards of security and probity and we’ve been happy to trust them with not only our money but also something even more valuable: our personal identifiable information – our names, date of birth, and addresses.

Not only that, but, as many of us have a long relationship with a bank (65 per cent have been with the same provider for at least 10 years, according to research from the UK’s Financial Conduct Authority in 2022), we’ve left them with a very rich transaction data trail to learn of our spending habits, lifestyle and changing status as we pass through life.

And, in line with financial regulations around data privacy, onboarding and fraud protection, we will also delegate authority to them to share elements of that information on a need-to-know basis with third parties – and third parties will trust that it is correct.

Therefore, in an ever-growing global digital economy, banks are surely well-placed to be the guardians of our digital identities as they look to extend services to customers by leveraging open banking and APIs.

However, while other countries have long offered bank-led digital IDs to their citizens for use in both private and public sectors – BankID in Sweden was the world’s first, way back in 2003 – the UK has been something of a sloth.

And that could be due, in part, to a somewhat fractured backdrop at government level.A government-led plan to lead the way with its Government Gateway digital identity scheme for all its services was first announced in 2001 but subsequently became embroiled in internal disputes between the tax office and the department for Government Digital Services (GDS), with the tax office developing its own services, using an existing Government Gateway ID.

Government Gateway was eventually superseded in 2019 by Gov.UK Verify which, at the end of 2022, was itself replaced by Gov.UK One login, on to which an increasing number of services, including the tax office, have since started to migrate (are you keeping up?)..

Without a public mandate to create a compulsory national digital identity scheme, the government is now allowing the private sector to provide digital IDs by establishing the Digital Identity and Attributes Trust Framework – a set of rules and standards designed to establish trust in digital identity products.And, taking learnings from hugely successful bank-led digital ID schemes in other countries, the UK’s major banks are waking up to the opportunity.

In late 2023, Lloyds announced it had partnered with tech firm Yoti to unveil its Lloyds Bank Smart ID app, giving its customers a way to prove their identity and age through their mobile phone. A few months earlier, in April, NatWest had announced its Customer Attribute Sharing digital identity solution, developed by its Bank of APIs department.

Stacey Wilkinson, product owner for NatWest’s digital identity solution, is in no doubt of the role banks can play in the adoption of digital identities in the UK, ‘built on the foundation of trust that banks have with consumers’.

“Banks in the UK can take learnings from markets with widely-adopted digital identity solutions that are being used in financial services, but then can also be used to access a gym, or to hire a car, and other uses outside the financial sector. In Belgium, one of the biggest drivers of adoption was being able to use your itsme credentials to log in to the Belgian government website. So there’s a great collaboration opportunity between public and private sectors.”

NatWest’s digital solution allows its customers to share their bank-held data with third parties using three options, effectively creating a ‘one-stop shop’ for smoother and speedier digital experiences.

“First we have provision, where a customer can choose to share their bank-held attributes in their raw format, so name, date of birth, address and email, to speed up onboarding journeys on third-party sites,” explains Wilkinson.“Second is verification, where a customer can ask the bank to verify that the attributes they’ve shared elsewhere are correct. So, for instance, if I need to prove that I’m over 18 to access a service or a particular product, my bank could vouch for me.

“There’s a great collaboration opportunity between public and private sectors”

“And third, is address update notification. If I update my details with the bank, I have to update them with a number of other service providers that I already share my data with. I just want to do that once, and have my bank share that, with my consent.”

Digital identification specialist OneID is the first consumer of NatWest’s Customer Attribute Sharing service, making it available to businesses across a wide range of use cases, including e-document signing and digital onboarding.Wilkinson describes the potential benefits to businesses as being ‘astronomical’, not least when it comes to reducing fraud.

Giving recent evidence to a UK Government Parliamentary Committee, OneID cited that the BankID scheme in Norway had reduced fraud to 0.00042 per cent of payment volumes as it was used by most people for most online transactions. I think fraud reduction is the biggest opportunity for businesses,” says Wilkinson.

“Second, is enhancing customer experiences. If a customer is going through an onboarding journey, they may have 10 clicks to get to the checkout, filling in their personal details, or taking a photo of their passport. Those journeys can take up to five minutes when they are used to seamless one, two, three-click experiences elsewhere, and businesses are striving to deliver that now.”

In payments, including cross-border, it means they can provide instant verification at the point of sale. But Wilkinson also sees how identity-sharing APIs can be used to create opportunities for banks in embedded finance, where their relationship with consumers is often disintermediated by third parties.

“To be active in an embedded finance ecosystem, you need to know that it is your customer at the other end of the screen, and that is where digital identity has a huge role to play. There’s a great opportunity for banks to be more present in that space,” she explains.

All this rests, of course, on banks retaining the trust of their customers and their willingness to allow their data to be shared. Under NatWest’s system, the customer is in ‘full control, the entire time’, says Wilkinson, and can revoke that consent at any point.

“These are financial-grade APIs that we have built. It is a very trusted point of connectivity for customers. They use open banking right now to share information such as their account details and transaction history. Putting the identity attributes on top of that, and giving the customer control, just seems like a natural extension of open banking.”

THE TRAILBLAZERS

Bank-led ID schemes in Europe

BankID (Sweden)

Partners: Danske Bank, Handelsbanken, Ikano Bank, Länsförsäkringar Bank, SEB, Skandiabanken and Swedbank. Mobile operators Telenor and Telia
Number of users: Eight million
Description: BankID was the world’s first banking electronic ID (e-ID), in 2003. Today, most internet and mobile banks, financial companies and payment solutions as well as state and municipal e-services use it. An unrelated version of BankID also operates in Norway with 4.2 million users.

itsme (Belgium)

Partners: Belfius, BNP Paribas Fortis, KBC/CBC and ING. Mobile network operators Orange, Proximus and Telenet.
Number of users: Nearly seven million
Description: About 80 per cent of Belgians between the ages of 16 and 74 have set up an itsme account since its creation in 2017. The app is used to login into government services and banking applications, and to verify identity for an array of official services. The application is often used as a replacement for e-ID card readers.

MitId (Denmark)

Partners: Banks are represented by their industry organisation, Finance Denmark, with the public sector represented by the Agency for Digital Government.
Users: Nearly five million
Description: MitID is a digital ID that can be used for various purposes, including transferring money in online banking or logging into public self-service solutions. The minimum age to get MitID is 13. Introduced in 2022, MitId is the third generation of Denmark’s e-ID.

Finnish Trust Network (Finland)

Partners: The majority of Finland’s banks, including Osuuspankki, Nordea, Danske Bank and Handelsbanken. Mobile operators Telia, DNA, and Elisa.
Users: More than five million
Description: Finland’s primary digital identity scheme is a combination of mobile IDs and bank IDs. Introduced in 2019, FTN is now used by thousands of public and private services.

Smart-ID (Baltics)

Partners: All major internet banks in the Baltics, including SEB, Swedbank, LHV and Luminor. Mobile operator Telia.Users: More than three millionDescription: Launched in 2017 by SK ID Solutions, Smart-ID built on its earlier offerings, ID-card and Mobile-ID. Smart-ID is now the most popular mobile authentication solution across Estonia, Latvia and Lithuania.

This article was published in The Fintech Magazine Issue 31, Page 18-19