Mark Haine, Don Thibeau, Nick Mothershaw, and Daniel Goldscheider uncover updates on the Global Assured Identity Network (GAIN) and share reasons why banks should prioritise building identity wallets.
If you are interested to read the first part of this interview series, check out Part 1.
An analogy I use is money. We can think about spending money in two ways. One is having cash in your pocket. For example, if you have five euros in your pocket and you want to buy a croissant and tea, you don't need anyone else involved in that transaction. You don't need a bank or internet connectivity. Self-sovereign identity and wallets function like that and are a private and direct exchange between you and the Relying Party (verifier), much like using physical cash.
Cash transactions offer advantages such as privacy because you don't have to disclose much information about yourself, and the same goes for the spending habits of the cash receiver. However, it's not practical to always carry all your money in cash. The same applies to the identity world.
The other model is the bank account, which in the identity space is akin to an identity provider (IDP). You request the IDP, whether it’s Google or a bank, to share specific information, such as your name, passport number, or email address, with the intended recipient.
This is different to the wallet model, which aligns with the self-sovereign identity concept. In this case, you don't rely on an IDP to prove your identity. Instead, you have a digital wallet that contains your government-issued identification, similar to having cash and a government ID in your physical wallet. You can share that ID directly with the recipient, ensuring that other entities like Meta or your bank don't gain knowledge of your identity.
The choice between these metaphors depends on the situation. If you need to prove your identity to a shop or an insurance company, it may not be a concern for your bank to be aware of that since they will be involved in the payment process anyway. However, there are situations where you may prefer to keep certain identity-related information private, like proving your age at a casino or other contexts where confidentiality is important.
Having the ability to carry both a bank card (IDP model) and a digital identity wallet (self-sovereign model) offers flexibility and options. GAIN focuses more on the IDP side, where it becomes advantageous if all the IDPs can speak the same language for smoother interoperability. On the other hand, Open Wallet leans towards the wallet side, offering a different approach. It's important to note that these approaches are not mutually exclusive, and they don't compete.
Nick – When GAIN (Global Assured Identity Network) was initially launched, we recognised the importance of various parties in achieving interoperability within a global network. Banks play a crucial role in certain regions like Germany and Canada, where they serve as identity providers. In other areas, governments take on the responsibility of managing identity, and they will always be involved due to the way governments have structured these issues.
Additionally, telcos have a role to play in specific parts of the world. In the context of GAIN, we identify five different parties that need to collaborate: government, telcos, banks, tech giants, and independents or disruptors, such as retailers.
In a few weeks' time, we will be releasing a new GAIN paper that embraces the involvement of these parties, providing a more comprehensive understanding of their roles within the network.
I think the primary incentive for banks to build their own wallets is defensive. If banks choose not to build their wallets, they become reliant on external entities to provide digital wallet services. This dependency can pose risks and challenges for banks.
In the physical world, being just a card in someone else's wallet has never been a significant concern for banks. However, in the digital realm, the dynamics are different. A digital wallet provider has the potential to demand fees from the bank, extract transaction data, or promote their own products, which can create conflicts of interest.
Unlike physical wallets where the provider doesn't compete with the bank, digital wallet providers can potentially become competitors. For example, imagine a physical wallet manufacturer trying to sell a credit card that directly competes with the bank's offerings. This scenario is unheard of in the physical world, but it's a real possibility in the digital space.
To safeguard their interests, banks should have a wallet strategy and not be solely dependent on an oligopoly of wallet providers. Such a concentration of power can be detrimental to the interests of banks, consumers, and even other industries like car companies. For instance, if a wallet provider, were to venture into producing cars in the future, they might exclusively promote this vehicle within their digital wallet ecosystem when you access a car key for another brand.
Therefore, it is essential to have a healthy wallet ecosystem. The efforts by the European Union to promote wallet democratisation are welcome because they aim to ensure a more inclusive and competitive environment.
Nick - If we want digital ID to be the enabler that it has the potential to be, then we must go further than simply digitising real-world credentials. Each organisation, be it a bank, an airline, or a retailer, will be following its own industry specific processes and rules to proof users. It is unreasonable to expect the user to understand all the processes and rules, work out what is needed and fulfil the criteria for each transaction. If the user journey is difficult and the experience painful, then it will become a barrier to digital ID success.
Digital ID, therefore, needs to be smart and ‘help’ users through the processes, without requiring them to understand the complexities surrounding them. All the user needs to see and approve is that they’ve been asked to get or share certain information. The detail of how credentials are assembled, assessed, derived, minimised. collated or packaged to achieve this should not be transparent to the user. The smart ID must do it for them.
Trust Frameworks will be vital in facilitating this. As more countries develop standards to govern digital ID ecosystems, it’s vital that they are designed to support smart digital ID.
A shared digital future has to work well for everyone involved and the most crucial ingredient for this is trust. The growth of identity fraud has made the ability to establish trust far more complex than it has ever been. With more people needing to, and wanting to, access services remotely, organisations have to know with confidence who they are dealing with and what that person is eligible to do. For users, they need to be able to provide trust in their identity to any organisation, so that they can access the services they are entitled to.
How trust is established, how it is conveyed and embedded, will come down to digital ID, and it promises to be a game changer.
As such, digital ID ecosystems have grown rapidly. So has the need for some form of governance framework to facilitate trusted identity transactions between participating entities.
Around the world, several forms of Trust Frameworks are being developed and evolved, while many more countries are just at the start of their journey. These frameworks aim to provide the rules and guidelines needed for effectively governing the collection, verification, storage, exchange, authentication, and reliance on credentials about an individual person, a legal entity, device, or digital object.
Our work over the years on the governance of digital ID and, more recently, our evaluation and comparison of existing Trust Frameworks around the world, has identified a number of salient components. We believe that these components need to be considered for any Trust Framework, wherever they are in the world, to be successful and deliver on the promise of a shared and trusted digital future.
Don't miss our upcoming installment as we delve into the challenges faced by Europe's digital identity wallet initiative, explore strategies to overcome them, and unveil the future of the digital identity wallet landscape. Stay tuned for insightful revelations!
About Daniel Goldscheider
Daniel is the Founder and ED of OpenWallet Foundation, a consortium of companies and non-profit organisations collaborating to drive global adoption of open, secure, and interoperable digital wallet solutions as well as providing access to expertise and advice through our Government Advisory Council. He is an avid advisor and investor in numerous fintech startups.
About Don Thibeau
Don Thibeau serves on the Board of the OpenID Foundation after 10 years of service as Executive Director. He was the founder of Open Identity Exchange and now serves as its Vice Chairman. He currently works in early-stage venture funding.
About Mark Haine
Mark is an engineer and entrepreneur who has focused his career on building solutions that enable business and mitigate risk largely in financial services. Mark has helped organisations navigate the complexities of securely enabling third-party access to data via APIs in tightly regulated environments.
About Nick Mothershaw
Nick Mothershaw is Chief Identity Strategist at the Open Identity Exchange (OIX), a non-profit trade organisation on a mission to create a world where everyone can prove their identity and eligibility anywhere through a universally trusted ID. Working with organisations across the globe, Nick is leading the development of clear guidance around inter-operable, trusted identities. In his previous role as Director of ID and Fraud at Experian, he led the development, launch, and operation of a full ‘Identity as a Service’ solution – the first live example of a digital ID that is seamlessly interoperable across the public and private sector in the UK.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now