Interoperable, open-source verifiable credential technology simplifies KYC and enables seamless, secure financial transactions for anything from anywhere with anyone, delivering the privacy and security needed for open banking to flourish.
By Trevor Butterworth
Verifiable credential technology solves a fundamental problem in digital banking, fintech, and payments: how can you reliably know your customer is your customer (and from the customer’s perspective, that their bank or financial app is their bank or financial app)?
Issuing a verifiable credential to a customer, if they already have an account or when they create an account and have gone through identity assurance, means that both the bank and the customer have a cryptographically secure, peer-to-peer way to connect to each other and verify who is who.
Practically, this means the beginning of the end for logins and passwords to access your account. You just swipe and share the credential that your bank has issued to you, and the authenticity and ownership is confirmed by the bank checking the metadata and cryptographic signatures on a distributed ledger network. No personal data is needed to confirm you are authorized to access your account.
But the underlying communications protocol does much more than enable password replacement online: DIDComm (Decentralized Identifier Communications) can enable verification across different modes of communication. For example, your bank could push a message to your phone asking whether it is really you who is talking to their employee at the bank at this moment, and that message would come through the direct, you-to-bank channel you have previously created.
This simplicity becomes enormously powerful when it comes to payments as other organizations can quickly verify the authenticity of you as the genuine holder of a specific bank account. The verifiable credential is biometrically bound to your device, and it can only be held in your secure digital wallet (it can’t be sent to someone else to use). And, once again, you verify your identity through a uniquely encrypted, peer-to-peer communications channel with each business or organization you are interacting with.
This is just the start of your journey into frictionless, verified payment. Add a bank-issued credential for your credit card, and you can directly share the details with a vendor without having to type them in, thereby eliminating the risk of error. Similarly, direct deposit can be managed through a credential—one you could share with your employer. No worries that your paycheck isn’t hitting your bank account; instead, instant verification and seamless authorization with the capacity to double check that you are the person the organization is interacting with.
Verifiable credential technology is a foundation for authentic digital relationships. With all the benefits of simplicity and speed comes the capacity to know who you are interacting with on a one-to-one basis and the ability to build a meaningful digital relationship through the trust that comes with seamless verification..
Verifiable credentials will transform KYC
So far, we’ve just talked about what a basic bank credential identifying an account holder can do for you, the bank customer. It’s important to understand how these benefits help your bank or a financial institution meet its regulatory obligations.
Governments and international law require banks and financial institutions to “know who their customers or clients are” to prevent financial crime, money laundering, and the funding of terrorism. This process, abbreviated to “KYC” (know your customer/client), includes establishing proof of identity and address, along with additional information depending on your relationship to a business and its bank account, risk assessment, and periodic checks.
The higher the financial risk, the more important (and expensive) KYC is. There is no way around the effort required to ensure that your customer is trustworthy enough to be your customer; but a verifiable credential that records this information and enables this information to be shared in a privacy-preserving, tamper-proof way means that expensive KYC can be reused.
Now think about what this means for the multiplicity of financial transactions that require a much higher level of financial approval than creating a basic bank account. Mortgage? Swipe and share the financial information required by your broker from your KYC credential. If the mortgage broker trusts your bank, then they can trust that the information in the credential you hold is authentic, comes from your bank, and hasn’t been altered. This speeds up everything for the customer, removes unnecessary waiting for and duplication of financial documents and their verification, and reduces business costs. Everyone is happier.
Verifiable credentials will accelerate open banking
But the ability to share more complex financial data in a verifiable way helps propel a wide range of services and products that fall under the category of open banking. Open banking means that financial institutions and third-party fintech providers can share and use customer financial data with the customer’s consent. This has led to the creation of financial apps and services for both consumers and businesses and opens the way for new sectors—like utilities— to offer financial services.
The category of Personal Financial Management includes apps that analyze a person or family’s financial expenditures, bills, and help them execute financial planning or improve their credit scores. Importantly, these apps help with financial inclusion because they can create better ways for people to budget and save and, crucially, avoid high-debt borrowing.
Apps for small-to-medium sized businesses enable financial institutions to provide a range of financial management services from accounting to expenses and time-sheet management. Payment initiation providers can bypass credit and debit card payments and, with permission, initiate payments to and from bank accounts. And small businesses can get much better financial planning and support from being able to share more granular financial data.
The sticking point with open banking? Both Deloitte in the US and Juniper Research in the UK have identified privacy and security as the biggest obstacles to its adoption. And rightly so, there is an enormous amount of valuable information at risk.
These concerns are precisely those that verifiable credentials can solve by enabling the creation of authentic digital relationships. By using verifiable credentials over DIDComm, you can eliminate the risk from point-to-point integrations and centralized information exchanges.
You can improve the functionality of APIs by replacing webhooks with DIDComm, meaning that information can be extracted from an API in a way that can only be decrypted by the intended recipient. We’ll be publishing a more detailed technical article on this, but for now the upshot is that an API plus DIDCom will enable authorized money transfer between accounts and third parties.
For retailers, the headache of chargeback fraud can be solved with an “intent-to-buy” credential or function—a proof that, yes, I authorize this purchase.
And finally, there is the inescapable logic of what happens when banks, financial institutions, third-party fintech providers and businesses and organizations can all rely on verifiable credentials for customer authentication and payment: verifiable credentials will be able to transfer value, not as tokens or equities, but as alternatives to debit and credit cards.
The scope of digital transformation through open-source verifiable credential technology in banking, finance, fintech, and payments is enormous, the implementation, surprisingly easy. Verifiable credentials can be layered on top of existing identity access management systems, and they can orchestrate multiple systems as if they were one. Indicio has developed the automated governance software — DeGov — to make even the most complex information flows work seamlessly for consumers.
If you want to learn more or see a demo, contact us!