Decentralised Identity as an enabler to open banking
Decentralised identity is undoubtedly an enabler to open banking. It offers significant benefits in terms of transparency, innovation, and customer empowerment while addressing key risks related to security and privacy. The Open Banking Directory, a central repository of approved service providers, is bound by very strict membership rules. To register as an Account Information Service Provider (AISP), firms need to prove that it has the necessary security provisions in place to protect customer data. They will also need to ensure that they can authenticate users – in their own service and when accessing third party Open Banking APIs. Since 2021, the CMA has consulted on arrangements for the future oversight of open banking. This consultation referenced a proposal by UK Finance (a trade association for the banking and finance industry), which had engaged with stakeholders to develop a blueprint for a new organisation to replace Open Banking Limited, which would serve the needs of the significantly larger number of financial institutions by enabling an open data and payments market. As of April 2023, there were 339 FCA-regulated providers enrolled in open banking in the United Kingdom. Many of them provide financial apps that help manage finances; others are consumer credit firms who use open banking to access account information for affordability checks and verification. Access to open banking via digital identity using Self-Sovereign Identity (SSI) benefits the ecosystem through better on-boarding, security, transparency and choice. To date, much of the airtime in financial services, about SSI and decentralisation, has been about cryptocurrencies, using algorithms such as bitcoin, transaction auditing or smart contracts. However, this ignores another important thread which is digital identity, and how this can help organisations and consumers secure their interactions and transactions. SSI doesn't operate alone, and forms part of the cybersecurity, business outcome and improved user experiences triangle which is very relevant to open banking as it could be used for enhanced enablement. In the context of open banking, digital Identity and SSI can help solve: Portable Verifiable Data: SSI can be used to move variable data across organisational boundaries. When coupled with a trust framework, it allows vendors to define which source of data they trust, receive verifiable data without tight data links to the external source systems, and minimise GDPR or data security requirements through selective disclosure (only asking for and storing the data they need - also good for users). Onboarding: It allows for the re-use of, say, government issued digital credentials, such as those coming through eIDAS 2.0 in 2026, or create identities using identity verification services to provide remote Know Your Customer (KYC) or AML (anti-money laundering) processes within remote on-boarding scenarios. It allows the user to store and hold these credentials, making the user the network and capable of exchanging them when required during different user journeys. Transparency: Using SSI and decentralisation technologies puts users’ identity data in their own hands. Holding verifiable credentials in wallets, such as Microsoft Authenticator, puts them at the centre of the consent model so they understand when and with whom they're sharing data with. Biometric Security: Verifiable credentials can contain, or be bound too, other data like biometrics. This means during transactions, step-up security logic can be used in a multi-layered and multi-factored security approach to check not only the user knows something, has something in the form of a one-time passcode but could also have biometrics checked on demand. Technologies, such as Microsoft AI Face services or iProov, can ensure the user sitting at a remote terminal is the account holder. These technologies can detect AI generated deep fakes using desktop or phone camera technology, so are deployable in several user scenarios and on demand. For example, transaction size or personal detail update requests could trigger a face check. The opportunity for financial services brands through open banking is to give consumers greater choice through new services using data which has historically been held in financial silos. Using SSI capabilities which store verifiable identity, biometric or other data within user held secure digital wallets, offers a new level of access, openness and opportunity which seems to be perfectly in alignment with the principles of open banking.
|
Ella Gago-Brookes
Ella joined techUK in November 2023 as a Markets Team Assistant, supporting the Justice and Emergency Services, Central Government and Financial Services Programmes.