3 days ago
Will identity become the ultimate currency?
0
This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.
This is an excerpt from The Future of European Fintech 2025: A Money20/20 Special Edition.
The meaning of the term 'Digital DNA' keeps changing as technology, especially in financial services, marches inexorably forward. What once might have literally meant how DNA (in genetic terms) is expressed in a digital format now encompasses many facets – ranging from human physical characteristics to unique identifying or verification information and even patterns in behaviour and actions observed in a system's users (or increasingly, by 'bots' - applications that are programmed to perform certain tasks, whether helpful or nefarious) while in communication with that system.
Now, when we talk of digital identity in financial services, there's a growing list of ways financial institutions and their business and security partners verify clients' authenticity and authority. These might be deployed during interactions such as account opening, onboarding, transaction execution or screening, or any number of mundane or urgent (such as anti-money laundering detection) reporting applications. 'Positive' identification of financial systems players and providers is definitely not just about passwords and PINs anymore, but it's more important than ever.
Tom Moore, head of financial services at Moore Kingston Smith, explained such identification methods used in the industry include 'advanced biometrics, such as facial and voice recognition,' and increasingly, behavioural biometrics as well. The latter might be described as observing and tracking the conditions, actions, and patterns surrounding a system user's activity on a system, including speed or key selection when typing, velocity, or direction of mouse travel when filling in forms or checking boxes, how touchscreen options are selected, and so forth.
Julija Fescenko, head of marketing and communication for Magnetiq Bank, pointed out that emerging digital identity tools help fight what is a massive and growing fraud threat faced by the financial services industry and its customers. That's because fraudsters are becoming ever more adept at 'faking' identities, stealing information and access, and committing all sorts of crimes, schemes, and scams using similar technological tricks or tools to subvert legitimate use of financial systems.
Fescenko believes biometrics and digital identity advances are likely to become 'essential for future financial access,' and even now, she said, they are demonstrating their worth in many areas, including 'making the onboarding process both seamless and secure.'
'Digital identity and biometric verification are more sophisticated, integrated, and user-centric than ever before,' added Moore. These and other emerging tools, he stated, have been 'seamlessly embedded into the UX,' to 'provide customers better control over their (user experience) and personal data.'
Wendy Redshaw, chief digital information officer at NatWest Group, concurred. 'We see digital identity evolving through wider use of biometrics and the growth of decentralised identity models,' she said. Ahmed Badr, chief operating officer at GoCardless, hailed the growing usage and superiority of digital ID methods over traditional forms of authentication, and pointed to their speed and utility value for businesses as well. 'Biometrics,' he asserted, 'can accelerate tedious processes such as identity verification, reducing the burden on firms to repeatedly perform the same checks on individuals.'
With all of the benefits that biometrics and digital identity innovations offer, Badr and his fellow experts in financial services also recognise these tools and techniques bring new compliance challenges. They point to specific concerns around EU General Data Protection Regulation (GDPR) and privacy requirements that must always be firmly embedded in the identity verification processes used by FIs and fintech firms.
'Biometric data, for example, is classified as 'special category' data,' Moore explained, 'which requires explicit consent and additional safeguards; so, businesses need to have strong data protection measures and more robust security' to meet regulatory requirements in this area.
Fescenko also cautioned of the balance that must be maintained between innovation and privacy rights – citing GDPR regulations as well. NatWest's Redshaw said the bank ensures that all developments it undertakes 'align with our artificial intelligence and data ethics code of conduct, prioritising transparency, individual agency, and responsible data use.'
Meanwhile, Badr asserted, one advantage of new identity verification tools is to simplify compliance, but it's not quite that simple: 'If done right, biometrics can make it easier to comply with GDPR. However, the growing use of sensitive biometric data raises concerns about possible misuse or breaches.'
How can we build a harmonised digital identity amid conflicting regulations?
As business expands further beyond local and national borders, questions are mounting about how to take identity verification to the next level – to unify its procedures and processes in an internationally-agreed, recognised, and practiced approach. Given the diverse regulatory environments involved, this is a daunting challenge. But it's doable, say our industry experts.
Unification of international ID standards and verification procedures, Badr predicted, 'would be a massive help in fulfilling obligations to verify and carry out checks for Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF).' An added benefit of implementing common ID verification standards regardless of nation or region is that it 'could significantly streamline processes and reduce inefficiencies for businesses operating across multiple jurisdictions.'
But discussions and negotiations on these topics and the potential of harmonised identity verification regulations won't generate 'quick hits' either. Badr noted that it will likely take a lot of time and effort for regulators in multiple jurisdictions to reach consensus on how to proceed, and, as he put it, 'feel comfortable in unifying these systems,' due to not just their differences in national laws and priorities, but also 'significant concerns (among some) about the 'big brother state' implications and the potential for misuse of that information for other purposes.'
NatWest's Redshaw expressed a similar affinity for common ID standards within her bank: 'We recognise the potential for a unifying identify verification system across borders to drive growth, enhance security, reduce fraud, and prevent identity theft.' Yet, those implementation challenges remain, she said, due to 'differing regulatory environments, national data standards, and varied approaches to privacy.'
'Any solution,' on cross-border ID verification, Redshaw stated, must not only ensure 'compliance, transparency, and trust,' but also needs to be aligned to AI and data ethics and codes of conduct. The path to take, and 'the key to realising the full benefits of a cross-border solution,' Redshaw asserted, is to harmonise these frameworks, 'while protecting individual rights and maintaining robust oversight.'
Simplification of compliance and customer onboarding would be two key benefits of a unique cross-border identification system, agreed Magnetiq Bank's Fescenko. She reiterated, however, that the significant challenges of putting such a system in place can't be ignored: 'To achieve this, we must address data sovereignty, interoperability, and differing national regulations.'
One workable framework, Fescenko suggested, could be a 'federated model, potentially based on European digital ID initiatives like eIDAS 2.0,' which 'could serve as a foundation for this system, supported by trusted public-private partnerships.'
Moore is ultimately supportive of his banking and fintech counterparts' viewpoints, yet raised cautions on the realistic promise and outlook for common identity verification standards, especially as fraudsters continue to grow more creative and competent every day in 'breaking the rules' proposed standards attempt to establish. These new processes and regulations governing them can't simply be instituted on their own, he said, but must be rolled out and maintained as part of a coordinated approach internally within institutions and countries or regions as well as among the wider universe of extra-national institutions and regulatory bodies. They must also acknowledge that innovative and malevolent forces are lining up to try to defeat them in the marketplace.
'New threats such as deepfakes present a huge fraud risk for any businesses relying on biometric data, so measures such as continuous identity verification - constantly monitoring user behaviour, device health, and contextual risk factors to detect anomalies and revoke access if necessary - or liveness detection (how a system determines if any biometric is real, from a live person at the point of capture) need to be integrated.' These conditions, he said aren't optional, but essential for success of any coordinated ID verification initiative.
Moore also noted that transaction friction can't be so impeded by any new ID checking standards that the pace or growth of commerce is unreasonably slowed either. 'There's got to be a balance […] if the fintech has overly restrictive systems it could impact the UX, while a lax system could lead to non-compliance or data breaches.'
Moore agreed with his fellow experts in banking and fintech that 'decentralised identity models might allow more people to manage their digital identities without relying on a centralised authority, but fintechs using those models still have to comply with GDPR.'
He emphasised: 'If they're processing the personal data of individuals within the EU or EEA. Privacy has got to be considered from the outset,' if proposed solutions to verify 'Digital DNA' are to succeed as the 'new currency' of ultimate security within the financial services world.
