Interview with Signicat on cross-border digital identity & onboarding

What challenges do financial Institutions face when they want to digitally onboard customers in more than one European country?

First of all, different countries have different regulations. Even though they are based on  Anti-Money Laundering laws (Directives 4 & 5), there tend to be national variants.

Additionally, there is a lack of unique identifiers for individuals. In some countries, each individual is assigned a national identification number, which stays with you over your lifetime. In Norway, this personal number (akin to a social security number) is used to uniquely identify you, and acts as the primary key to various accounts.

Not all countries have persistent national identification numbers, and even if they do, they might not be in use as an identifier in official systems.

Digital onboarding will also have to be done differently according to the legal frameworks and regulatory interpretations specific to each country. For example, in Norway and Sweden there are verified eIDs such as BankID that streamline the onboarding process.

In the Netherlands, they use an eID called iDIN. However, iDIN doesn’t provide the national identification number, so this must be acquired in a different way, for example, from scanning a passport or other identity document.

In Germany, the regulations are such that electronic document scanning is not allowed and culturally unacceptable. One method that is approved is the use of live video interviews via two-way video chat, although there are technical and psychological constraints that limit adoption of this approach.

This is why, here at Signicat, we spend so much time working on our Digital Identity Hub. We’re connecting the requirements of each market into our platform, so that companies looking to streamline digital onboarding across borders can interact with our API and get access to a number of markets.

Since most of the eID schemes are domestic, how can financial institutions leverage the national schemes for cross-border onboarding?

An EU regulation we work closely with is eIDAS, which provides a set of standards for electronic identification and trust services for digital transactions in the European single market. A milestone for eIDAS passed on September 29th 2018, when citizens were granted the right to use a notified national eID for accessing public services in other Member States. However, only Germany and Italy notified their schemes by that deadline and it will take time for other eID schemes to notify, it seems.

This means people will be able to use their eID in different countries, and in an ideal world, you would have this as your login, but in practice, you will probably have to issue a local ID for this purpose. Coming back to Norway, you need a Norwegian national identification number to open a bank account. That means that as a foreigner, you must use your home country electronic ID to create a Norwegian identifier, and this will typically take a few days.

The eIDAS regulation was initially meant for public services only, but there seems to be a lot of interest in using it for private services as well. Assuming that banks decide that they can trust foreign electronic identities, and that they are of a sufficient level of assurance, they will save a lot of money on onboarding.

Could you provide some insights into the adoption of digital identities in Europe? What are the benefits of widely adopted eIDs?

First of all, we’ve conducted some research around customer onboarding, and as part of that, we explored the adoption of eIDs amongst consumers, and put together the results in our The Battle to On-board II report. A key finding in this report is that people seem most open to banks being the provider of eIDs. This fits well with our experience, as the successful Nordic eIDs are all driven by bank consortiums. Furthermore, our belief is that a true eID should be omnipresent, and should be used for many different purposes. Examples of this include digital banking, insurance, healthcare, and interacting with government services.

Other benefits are that users have only one login to remember and that the cost of maintaining the infrastructure can be centralized. The use of eID will also help gain cross-border customers, as the majority of consumers in the survey wanted an eID that they could use across Europe. This is especially true in Sweden, where knowledge of eID is also the highest. Only 22% of people do not want to use their eID across Europe.

For businesses, they no longer need to worry about user verification, as this is done by the eID scheme, and due to the centralized management, there are fewer security incidents.

What is less successful is having a separate eID for government services only. In some markets, they’ve set up government-led eIDs, but people only use these a few times a year, meaning it doesn’t get ingrained in their everyday usage patterns, so they forget.

Considering the context delineated above, have you noticed any impediments in this area? And how may both governments as well as the private sector overcome them?

Based on our experience, there are a few keys to ensuring eIDs get adopted:

1. They need to be usable in multiple areas. They can’t be used just to access your tax returns; they need to be usable for banks, insurance, health as well as governmental services.

2. There needs to be an agreement to cooperate. It took a while, but the banks in Norway finally realised there is little competitive advantage to battle each other over identity security infrastructure, yet there is a massive upside if a common eID can be adopted. In our Battle to On-board research, we found that in Sweden (with its pervasive eID), citizens were most likely to attempt to sign up for new financial services. We believe this is because it is simply easier.

3. They need to contain the information required to meet KYC and AML requirements.

4. The banks should be in the forefront of using and promoting the use of the eIDs for their own logins and electronic signatures. This will ensure that people get used to these, trust them, and see the benefit of having only one identifier.

5. They need to be inherently mobile.

If an eID can meet these requirements, we believe it stands a good chance of success.

How does Signicat operate in markets that do not offer digital identities?

We provide a range of technologies, both developed by ourselves as well as through partners that help address onboarding where there isn’t a centralized eID. These include document scanning (passports, ID papers, etc.), facial recognition from ID documents, and other forms of verification. We work with companies like Mitek on ID verification and we also work with companies such as IDNow, which does live video chat.

Liveness testing is also a big thing, and we help detect that the person is alive, real, and accurate, instead of someone just wearing a mask.

Finally, we conduct lookups on the data we collect to make sure they are accurate. There is a number of registry lookups we use to validate the information we collect.

About John Erik Setsaas

John Erik Setsaas is VP of Identity and Innovation at Signicat. He is responsible for ensuring that Signicat’s digital identity services are at the forefront of innovation, whilst solving the needs of customers, partners and end users. With over 20 years’ experience in identity and over 30 years in software product development, John Erik is a pioneer in the identity space. Before joining Signicat, John Erik was Chief Development Architect for SAP Identity Management and taught ecommerce, identity services and security at Buskerud University College in Norway. He is also a board member of the EEMA, Europe’s leading digital identity think tank. A seasoned speaker, John Erik has presented at international conferences including Money20/20, OIX, Trustech and World eID & Cybersecurity.

About Signicat

Based in Norway and founded in 2007, Signicat is the first and largest Identity Assurance Provider in the world, providing regulated markets with the technology to create mutual trust between organizations and their potential customers.