Financial crime is a very complex topic. Criminals are clever, devious, and unpredictable. Whatever controls organisations put in place, criminals will find the weak spot and seek to exploit it for their own nefarious gain.
Identity sits at the heart of many crimes – criminals pretending to be someone else (‘impersonation’), creating fictitious identities (‘synthetic identity’), finding ways to assume the identity of normally law-abiding citizens (‘identity theft’) – as well as coercing naive or vulnerable people (‘mules’) to use their legitimate identities to unwittingly facilitate criminal activity.
It stands to reason therefore that secure digital identities (such as secure cryptographic digital credentials such as W3C verifiable credentials or ISO 18013-5 Mobile Driving Licences) will play an important role in the ongoing fight against organised crime. And those digital identities can help prevent crime in both the physical and digital worlds.
There are many reasons why digital identity should be better than performing manual checks on physical documents.
First, cryptographic credentials are much harder to forge than physical documents. Perhaps the best example today is that of the passport which is usually both a physical and digital credential. Technology exists (and is widely used) to scan the physical document as part of an identity check, to facilitate remote onboarding and KYC checks. But the physical part (or an image of it) is susceptible to tampering. Much better to use the secure cryptographic credential held in the chip.
Digital credentials can be issued more frequently than physical credentials. For example, in the UK for some years it has been possible to obtain a short-lived ‘check code’ to allow a car rental company to have temporary access to your driving record. It is not a big step to imagine the UK DVLA issuing a temporary digital version of your driving licence into a digital wallet, that is valid for just a few days. There is no need to be constrained by the costs and complexity of issuing physical documents.
In March 2020, FATF (the global money laundering and terrorist financing watchdog) issued guidance on the role of digital in AML/CFT. They said that ‘reliable digital ID can make it easier, cheaper, and more secure to identify individuals in the financial sector’.
Depending on where you live, you may or may not have something you would recognise as a digital identity, i.e. a wallet, account, or another digital tool that you can use to prove who you are in various contexts. There are a few places, such as the Nordics, where such systems exist and are used at scale. But these are still the exception rather than the rule.
Over the past years, there has been a rapid rise in the use of document scanning solutions – requiring the user to scan a ‘photo ID’ with their mobile phone combined with a facial biometric check. These are not true digital identities. Instead, they act as a bridge from physical documents to the digital world. There is no denying that these solutions were hugely valuable during the pandemic enabling remote identification but they have their limitations. They require you to have the document with you – not a problem when locked down in the pandemic but more of an issue in more normal times. They also only provide a very limited set of data.
Consider the example of someone wanting to place a large bet on the World Cup final. They will need to prove their identity for AML purposes but potentially be able to prove their age, show the source of funds and pass affordability checks.
The topic of liability continues to hamper the adoption of digital identity solutions. The idea that service providers rely entirely on third-party ‘identity providers’ who do not accept liability, to perform their identity checks is problematic.
Where that service provider is an AML reporting entity carrying the regulatory risk, then they will need to have control over the end-to-end process to manage their risk. Furthermore, the risk exposure of every service provider is different. It cannot be the case that a one size fits all identity verification will work across financial services, let alone across the economy.
Digital identity solutions can play an important role but they are not the whole answer. They can make the process digital. They can make the process more secure and reliable. But they will need to be augmented by background checks sufficient to address the service providers’ risk.
This is one reason why a credentials approach to digital identity makes sense. Rather than ask the customer for their ‘digital identity’ you ask them to share one or more verifiable credentials from their wallet, and these combined with other evidence enable the service provider to make its own determination about the customer.
When you consider the plethora of use cases out there, the differing requirements of service providers and the fragmented sets of documents and data available for customers, it is clear that service providers need flexibility. Digital credentials in wallets are coming but it will be years before they are ubiquitous and standardised.
In the meantime, service providers will need orchestration capabilities to support whatever digitised or digital identities the customer may have.
This editorial was initially published in the Financial Crime and Fraud Report 2023 which dives into the captivating world of fraud management, digital onboarding, and financial crime in the financial services industry. You can download your free copy here.
Steve is an esteemed digital identity expert, advising banks, governments, and tech firms on governance, architecture, and implementation. He's contributed to various digital identity initiatives worldwide and co-authored guides for the DIACC and the EPA. Steve is also a member of PCAG, advising the UK government on privacy and consumer concerns.
Consult Hyperion is a UK and US-based consultancy specialising in secure electronic transactions, with over 30 years' experience. They help global organisations take advantage of new technologies and regulatory changes in payments, identity, and future mobility. They design systems, offer digital innovation, and unblock technical issues, while their in-house Hyperlab team quickly prototypes concepts and delivers secure software.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now