The bustling Fintech industry needs robust Digital Identity Systems

A snippet of my work on Multi-jurisdiction Digital Financial Services from the Media Ventures course with professor Alex Pentland and Joost Bonsen at MIT Media Labs.

A critical piece in digital payments and access to digital financial services

As the world is progressing towards a digital economy, the need for a robust, secure and privacy preserving digital identity system cannot be stressed enough. Digital financial services in banking, payments and lending provide a breakthrough in bringing the un-served and under-served population into the financial system. For widespread adoption of digital finance, digital identity management systems are crucial, in order to enable a swift and secure adoption.

Know Your Customer (KYC) and financial services

The KYC norms are a pain point for the financial institutions which they are mandated to comply with. It is also a pain point for consumers who need to provide various documents like proof of birth, proof of address, and identification documents provided either by government agencies or other recognized entities. KYC is also not a one-time process, but a recurring process, requiring information about the customers to be updated regularly. The aim of such stringent norms is to curb illegal transactions and transfer of value between entities and individuals involved.

In the context of fintech, the KYC norms seems to be an even bigger challenge than for traditional financial institutions which spend a lot of money to comply with these norms. According to a recent report, the on-boarding process can take up to 34 weeks and cost up to $25,000 per client. For fintech companies which serve low value and high volume customers, the traditional methods of KYC verification will make the business unviable and unprofitable. Digital identity can help fintech companies deal with this in a cost-effective manner, and thus provides a great opportunity to innovate in this domain. Traditional financial institutions will also benefit hugely in not just using the digital identity for KYC, but also being poised to provide digital identity services and act as identity providers. A recent World Economic Forum report on digital identity has explored this very particular notion in great detail.

This innovation roadmap of multi-jurisdiction financial services — in digital payments and credit provision — is focused on the huge potential that lies in the emerging markets. A summary of this market potential can be understood from a recent report by McKinsey on ‘Digital Finance for All’. There are 2 billion people in the world without a legal identity, which poses a great challenge for financial inclusion, effectively excluding those people from essential financial services.

This challenge is existing in both developing and developed economies, although the problem is bigger in emerging and underdeveloped economies. More so, whether it be due to the rise of cryptocurrencies and technological innovations in digital payments — or the use of alternative data for assessing creditworthiness — the global financial services ecosystem is heading towards more stringent KYC norms, anti-money laundering regulations, privacy and security issues, and richer personal data stores, all of which rely on an underlying layer of trust and digital identity.

Cash-in and cash-out (CICO) transactions

One of the building blocks of a robust infrastructure for digital finance is to have an extensive network of CICO points. Through the network of agents and point-of-sale (PoS) networks, users can take cash out and put cash into their digital wallets. This is essential to create a seamless digital transaction experience. For these transactions — and especially the cash out transactions — existence of a robust digital identity system is essential to curb thefts and ensure that it is not being used for money laundering purposes.

In an interview with Amir Hasson from Oxigen USA — whose Indian arm is the second biggest mobile wallet company in India — he mentioned that enabling cash out services would unleash the biggest potential of the digital payments market which industry players are waiting to reap. In India, the central bank is doing a pilot with Oxigen to test the CICO from digital wallets using the unique digital identity system of India, AADHAAR, provided by the Indian government.

Credit provisioning and a data rich identity

The world is aggressively moving towards a digital age with people conducting transactions and interacting among themselves, and other entities, digitally. This leads to an explosion of big data and the digital trails that we leave behind. A holistic digital identity would comprise of an individual’s or an entity’s various personas that it has in the digital or virtual world, as in this digital era the personal data that is being generated today is immense.

A richer digital identity deriving from privacy preserving data sharing — i.e. creating a personal data store — can potentially provide a solution to digital identity woes and create various business value propositions, including the provisioning of credit. A recent white paper on such a holistic digital identity management system has been explored by MIT’s Connection Science initiative.

Such a system providing holistic digital identities would aggregate the user data across various domains and would also give the control to the user over its digital identity. This form of digital identity goes beyond the use cases of identification, authentication and verification. Many value propositions can emerge from the rich data attributes. For example, with an increase in the take up of digital payments by the low- to middle-income individuals and SMEs, there will be an extensive trail of digital transactions which can be used for credit analytics and help in the real-time disbursement of loans.

Credit analysis for small ticket loans is currently very expensive for banks and financial institutions, and hence the rate of interest or the cost of capital is very high even if it is ultimately perceived as less risky than loan disbursements to companies and individuals with high creditworthiness as established by traditional credit models. This excludes a large section of the market from credit access through formal financial systems.

‘Capital Float’, an India-based startup, uses financial transaction data to disburse loans in the range of $1,500 to $150,000 to SMEs. The prototype test claims that the loans are disbursed within two minutes through mobile phones and the requested amount is transferred to the account directly. This entails partnerships with banks in India and other partners which provide the financial transaction data. The financial transaction data trails of merchants with their suppliers or from their customers represents a potentially rich source of data that can be used for credit scores. Another interesting example is a startup named ‘Numerated’, which was incubated inside the four walls of Eastern Bank, one of the largest regional banks in Massachusetts. Numerated uses various sources of alternative data along with the access of huge data sources from the bank. Many layers of data sources could be applied for building the credit scores and with the application of machine learning algorithms, the prediction power of delinquencies and default rates could be improved by a big margin.

Challenges faced in existing Digital Identity systems:

Maintaining Simplicity — With digital payments and other digital financial services, the key is to make the entire process simple, whether from a cash based system or from traditional banking. However, with complex KYC norms, fintech companies and digital finance solution providers are facing a big challenge. On one hand, they have to comply with the stringent norms which require some sort of physical identity and verification, while on the other they need to keep it simple, digital and mobile first, for retaining and acquiring consumers.

Security — A big challenge being faced is the security and privacy of users. Due to lack of a robust digital identity system there is a huge concern about fraudulent transactions due to a privacy breach of identity attributes, which affects consumer confidence as well as potentially incurring heavy monetary losses. In fact, the traditional banking system is facing this challenge as well. In 2014, around 15.4 million consumers in the U.S. banking market were victims of identity theft or fraud resulting in a loss of $16 billion.

Scalability — The other big issue is achieving a scalable solution to digital identity management. The existing systems are largely fragmented leading to a siloed system. As a result, the entire authentication and verification system is rendered inefficient, hence there’s a strong need of a digital identity system that cuts across markets and identity service providers. Since the digital identity challenges have caught the attention of many market participants, various efforts are being done at proprietary, industry and policy levels, leading to more confusion.

Example 1. AADHAAR — Digital Identity Scheme in India

Aadhaar is a unique digital identity system in India, governed by the Indian Government and has covered more than 1 billion people to date. This is being considered as a leapfrog by India, advancing ahead of many western countries like the U.S. Aadhaar, a biometrically linked ID, has provided an identity layer to conduct transactions and various other services digitally, cutting across markets. India recently launched an Aadhaar-based payment mobile application called ‘BHIM’. This is primarily a merchant application and, since it can be linked to bio-metric authentication, the consumer only needs to provide a thumbprint to conduct transactions, and a bank account linked to the Aadhaar card.

This is a path-breaking technology feature enabling digital payments in India. Various digital payment companies are using this interface to capitalize on this feature and minimizing even the role of plastic cards and point-of-sale machines. However, there have been serious concerns with this type of system. This system takes very sensitive data like bio-metrics and the entire data is kept in a centralized ID management system, with a single point of failure acting as a ‘honeypot’ for hackers and fraudsters. In addition to this, the sensitive personally identifiable information (PII) and the other Aadhaar card details are susceptible to exposure and privacy breach, raising serious concerns.

Example 2. Estonia — leading the way in digital identity

Estonia and other Nordic countries like Norway, Finland, Sweden have been leading the world with their push towards a digital economy and e-governance. Around 98% of banking transactions in Estonia take place on the Internet, hence the country is much less dependent on cash.

Startups like GuardTime and Bitnation have been developing blockchain based solutions for secure storage digital identity attributes data and creating digital identity for not just Estonian citizens, but also a borderless digital identity recognized by the Estonian government. The initiatives so far have been promising, however, , a complete and holistic digital identity management system is yet to be rolled out on a large scale.

The future: Blockchain enabled Digital Identities?

It is critical to first imagine and define the new digital identity systems and architecture which could solve the problems with existing systems, and then see how blockchain technology could act as an enabler to make it a reality. The problem that the industry faces due to the hype of blockchain technology is that the identity systems are being approached with the blockchain technology at its core. Thomas Hardjono of MIT’s Consortium of Internet Trust while talking to us asserted that it’s still very early days for blockchain technology. Moreover, it is not the technology which is a bigger challenge but the standardization of the technology, necessary legal frameworks to support the envisioned systems and managing the resistance of the incumbent industry players and norms.

The architectures discussed in the MIT Connection Science white paper on Digital Identity foresee that digital identity systems provide control to users over their data and identity attributes. The user can decide what to share and with whom for different use cases. In this scenario, there will be different business cases that will need to be looked into by the identity providers, who may not be the same as government agencies or other technology giants which currently control our data. Such self-sovereign identity management systems with a decentralized system would reap the benefits of blockchain technology to the maximum. The other two identity management systems, namely centralized and federated, do not offer full control to users, and don’t solve the challenges pertaining to a single point of failure which is the case in centralized digital identity systems like the AADHAAR system in India.

The role of different stakeholders in a digital identity management system, namely: the user; identity provider; and relying parties have been potentially identified, as well as how the collaboration of government agencies, industry players and identity providers (creating a new opportunity for startups), can help foster such a digital identity management system. Partnership from industry players like financial institutions, healthcare providers and e-commerce giants would enable privacy preserving data sharing to take place and create a robust and holistic digital identity system.

One important thing to keep in mind while envisioning a blockchain enabled system is what should be kept on the blockchain and what should be kept off the blockchain.

Even though blockchain technology provides an added level of security due to its immutable nature, the sensitive digital identity attributes or personally identified data including bio-metrics should not be kept on the blockchain, but only hashed attributes should be on chain that point to the raw data. Since the data sharing takes place privately, the raw data is never exposed to the outside world and the source of truth can be verified since it is kept on the blockchain and is immutable.

There are various models and prototypes being piloted by startups in the digital identity space, and there are market signals from governments worldwide and industry players that are beginning to tackle the challenge of digital identity systems. At the same time, this creates chaos and confusion with many different initiatives being taken at various levels. The need of the hour is for a concerted effort to envision the future digital identity systems and to establish the standards of the emerging technologies making them a reality.