How self-sovereign identity mitigates fraud and builds a more inclusive future
Every year, banks spend billions on compliance requirements related to identity and personal data such as KYC and AML, which are becoming increasingly strict. In the EU, there’s GDPR, PSD2, and eIDAS while in the U.S., there’s the Bank Secrecy Act and now California’s Consumer Privacy Act. And those are just the rules that make most of the headlines.
Banks know these regulations all too well — imposed by lawmakers to protect consumer rights as well as prevent fraud and criminal money laundering. As such, financial institutions have made enormous investments in order to develop robust identity verification systems for their internal and client purposes.
But even equipped with some of the best security in the industry, fraud and money laundering persist, a perpetual game of cat and mouse that’s only become harder to mitigate in an increasingly digital landscape.
Worse yet, many of these compliance methods, in practice, are better served at pleasing regulators than stopping determined malicious actors. On the same token, they create further barriers for legitimate customers in the context of financial inclusion.
It’s why fraud and money laundering remain persistent issues while billions of people around the world still lack access to a basic checking account.
“The financial system today is based on claims that aren’t verified.”
Just how porous those identity verification systems are is exemplified by the fastest growing financial crime in the U.S., according to McKinsey — synthetic identity fraud:
“Banks have become much more effective at preventing many types of fraud thanks to their investments in technology, but criminality has evolved in response. Rather than using a stolen credit card or identity (ID), many fraudsters now use fictitious, synthetic IDs to draw credit. Indeed, by our estimates, synthetic ID fraud is the fastest-growing type of financial crime in the United States, accounting for 10 to 15 percent of charge-offs in a typical unsecured lending portfolio.1 Instances of synthetic ID fraud have also recently been reported in other geographies.2 More worrying still, much bigger losses are building up behind these IDs like hidden time bombs.
That risk is because of the way the fraudsters typically operate. Over months, if not years, they build up a good credit record with synthetic IDs. Only when the credit lines are maximized do repayments cease — or, in the jargon of the business, do the synthetic IDs “bust out.” Fraud rings sometimes establish thousands of synthetic IDs, all waiting to default. The largest synthetic ID ring detected to date racked up losses for banks of $200 million from 7,000 synthetic IDs and 25,000 credit cards.3”
Given the way the system works today, it’s almost as easy to open up a fake credit line as it is to create a fake user account on your favorite social network. And as McKinsey notes, there are no convenient answers to the problem given the way the current system is set up:
“To date, there has been no efficient way of uncovering synthetic ID fraud. To crack down on it, every customer seeking credit would have to undergo even more rigorous ID checks than they do already.”
In other words, attempting to address the issue via traditional means would only further exacerbate issues for good actors.
“98 or 99% of money laundering today goes undetected. Only the dumbest bad guys get caught.”
It’s a snapshot into a systemic issue that aligns with GlobaliD co-founder and CEO Greg Kidd’s assessment of the status quo:
“The financial system today is based on claims that aren’t verified. 98 or 99% of money laundering today goes undetected. Only the dumbest bad guys get caught. Financial controls are easy to defeat because banks are spending vast sums on compliance checks to please their regulators, not to actually catch criminals. Banks’ internal silos just make the situation worse.”
As Greg notes, the fact that banks maintain customer data in separate silos only exacerbates the problem. Bad actors can commit the same crime across multiple platforms without being detected.
Everyone in one place, good and bad
In an ideal world, the solution to systemic financial fraud, compounded by financial exclusion, might not seem intuitive at first glance.
Rather than attempt to exclude bad actors from the system — thereby also excluding good ones — we should be including everyone both good and bad.
“It’s not for bad guys or good guys, but for everyone together in the database.”
Why is that a good idea? Having the bad guys in the ecosystem allows financial institutions to learn from their activities, thereby providing them further information context by which to deny them services.
As Greg believes, “It’s not for bad guys or good guys, but for everyone together in the database.”
The problem is that having everyone’s data in a single database naturally raises issues of privacy and surveillance — which is essentially the reality of the status quo, where companies like Facebook and WeChat hold all the data themselves.
That means such a system would only be viable given a privacy-preserving framework, where individuals control and own their data and their identity.
It’s also why the movement behind self-sovereign identity continues to build momentum. By preserving people’s privacy and empowering them with data ownership, we’re also paving the way for mitigating financial fraud and building a more inclusive future.
Join a growing trusted community and experience how digital identity works for you.
