In a recent Indicio Meetup, Elijah Levine, CEO of Black Mountain, Indicio CEO Heather Dahl, and CTO Ken Ebert discussed the digital transformation of banking and finance, driven not only by decentralization and digital assets, but by consumer preference for mobile interaction. An opportunity or a migraine? That all comes down to digital identity — and how banks and financial services manage customer authentication.
By Tim Spring
Banking and financial services are in the mobile age, whether they like it or not. With 55% of customers preferring mobile banking, adaptation to a world of seamless digital interaction isn’t a choice. Many customers — but especially those who have grown up digitally native — don’t see the point of going into a brick and mortar building any more; they want to open an account, manage their finances, and access services as they do everything else — through their phones.
Here’s the problem. The scale of this opportunity to reinvent banking is anchored to a pre-digital, show up in person, world. And its a drag.
“We’re working with the biggest and best bank in the world,” said Elijah Levine, CEO of Black Mountain at the Indicio Meetup, “and for them to verify our identity, we need to bring two physical forms of identity into an in-person branch for a physical person to do a touch and feel test… using their banker’s best judgement for if this paper document is real.”
How, then, do you onboard and authenticate a new customer remotely — especially when paper documents and pictures can be easily forged with ubiquitous AI tools?
Verifiable Credentials with biometrics: A revolution in identity verification
A Verifiable Credential makes information tamper proof and cryptographically verifiable — meaning you don’t have to check the data in a credential against the same data stored somewhere in a database.
For a customer logging into an account this means no more passwords or usernames — by presenting an account credential from a digital wallet, they gain seamless access to their account. What this means for both the bank and the customer is that a key vulnerability — stolen login credentials — is removed as a security risk. You can’t phish for data that doesn’t exist.
The process of verifying the credential also doesn’t just include verifying the customer, it also means verifying the identity of the bank so the customer can be certain it is their bank. Again, the shuts down a common phishing tactic of luring customers with emails or sms messages that purport to be from their bank.
But Verifiable Credentials reach peak usability when they combine verified biometrics with biographical data. By using Indicio software, a bank can enable a customer to turn the data in their passport into a credential, a process that includes taking the embedded image in the passport and performing a real-time face map of the passport holder to ensure both match.
“The beauty of combining a verifiable credential with a biometric,” said Ken Ebert, CTO of Indicio, “is that it can bind the data in the credential to the person who is presenting it and in a way that’s stronger than just having a set of data in a file… If you’ve bound the biometrics to opening the wallet as well, you can tell that the person is not only present, but they’re the one that the credential was issued to. And you can match that data to the data in the credential for purposes of ascertaining that you’re dealing with the right person”
This functionality allows us to not only verify the data presented, but that the correct user is there at the time of data submission, making presenting someone else’s credentials without their consent essentially impossible.
It also provides a simple way to dodge a deepfake: simply ask the person to present an authenticated biometric. The verifying software will compare the live image to the biometric in the credential to see if it matches.
All this allows customers to verify their identity information from anywhere without the need to bring their paper documents to a building. And there’s no need for a bank or a relying party to have to store a person’s biometrics to verify them, simplifying the stringent privacy compliance around biometric data too.
What does this mean for KYC?
This technology is poised to change KYC, but it doesn’t need to be an all or nothing replacement of current infrastructure. “Although this is a new and cool technology,” said Ebert, “it doesn’t have to immediately supplant everything that’s already going on in KYC. It’s an add-on. It’s an enhancement. It’s a boost of confidence or a higher assurance level. It’s an immediate benefit, but it doesn’t have to be a rip and replace. It can integrate with existing systems. That’s part of the beauty of it —we’re not reinventing KYC”
But KYC will be reinvented. Gradually, the collection of physical documents will become unnecessary, as everything can be turned into a Verifiable Credential and leverage portable digital trust.
You can start using Verifiable Credentials to transform IDV right now.
Want to start offering virtual identity verification? Indicio Proven contains all the components you need to quickly set up Verifiable Credentials for your users and manage accounts and access through your admin portal. Just ask us for a demo and we’ll show you how easy it is to get started. Or, if you’d like a more customized solution our team would be happy to offer a free consultation and work with you to meet your exact requirements.
