Search This Blog

Thursday, 2 February 2012

Travelling With The ID Pioneers

Seeking a New State of Identity
If the penultimate CSFI roundtable on Identity in Financial Services was anything to go by, the final one should be a proper knock-down, drag-out affair worthy of past pioneering epics ;-) In fact, the Innholders should replace it's sign for the day, to read:

The issue that sparked the most heat (again) was whether banks might somehow be suited to be the guardians of the so-called 'hard' element our identities - the proof currently required to move our money, access our government records and so on - rather than 'soft' credentials necessary to access, say, your social media accounts. 

Spotted the flaws already? 

We shouldn't bother picking on the banks anymore (though it is fun). I mean, I seriously doubt they want to be cast in this role at all. And as Richard Martin pointed out, the banks are each wedded to different identity solutions, chosen for fairly mundane IT procurement reasons rather than any attempt to use ID services as a source of competitive advantage (banks compete?!) in offering secure access to your money their services. At any rate, to the extent that any banks are availing themselves of the latest e-ID tools to more efficiently KYC their customers, they are merely using the credit reference agency databases. So if one were to look only at the development of 'hard' identity services, one should cut through the banking platforms to the credit reference agency roadmaps and how they plan to enable access to those services in ways that are much more useful and empowering for consumers.

And while the Money Laundering Regulations do erect a reasonably heavy barricade to the usability of financial services, it's unduly trusting to pretend they amount to best practice in establishing a person's identity. Real danger lurks in this idea that social media identity is somehow 'soft'. The premise for this seemed to be that Facebook, Google, Amazon, eBay and so on don't offer any services that attract the need for 'bank-standard' ID checks and personal data protection, and couldn't operate to such high standards. Yet, many of them already operate financial institutions. And I suggest that there is more real value to the use of your identity to personalise products and pricing than in simply accessing your bank records. Even the Eurocrats are onto this. It's ironic that the person who was most pressing in his demand to know 'who owns my identity data' in a social network setting also admitted to entering a joke date of birth in a leading social media service. I guess he'd also be the first to complain if that service provider and those in its network were to hold the 'lie' against him...

But, of course, identity verification is developing in ways that mean your joke date of birth in one or more databases - and even your passport, driving licence and energy bill - won't necessarily matter amidst a far wider set of identity factors. As I've explained after the previous roundtable on this topic, what makes us unique is our collection of behaviours and the data they generate. So I'll end this post in a similar way to the last.

There are two key identity problems to be solved. As consumers, we need to be able to simply, conveniently and efficiently prove our identities in the course of any day-to-day activities.  And as a community, we need the source of that proof to be less vulnerable to being hacked or guessed, and to contain its cost.

Given those key problems, the solution cannot possibly comprise a single, static set of data that is 'held' by some institution. Rather, the solution has to involve the capability to generate a unique and momentary proof of identity by reference to a broad array of data generated by a user's own activity,  which is then immediately useless and can be safely discarded.