Every day we’re experiencing the truly transformative impact smartphones have had over the last decade. For many, the smartphone has already replaced the digital camera and set us free snapping and sharing in quite an incredible way that creates a window to global events. Alongside this, three digital technologies have been busy evolving, unconnected to each other; Open Banking, Digital Identity and Blockchain. However, when those three digital technologies converge within the smartphone environment, something greater than the sum of the parts has the potential to happen.
In this article, I will explore the recent and expected development of these three technologies and how their convergence could create a guarantor, filing cabinet and safe on a smartphone in everyone’s pockets. The ability to prove information about ourselves by using ourselves, and not a physical document, feels empowering and it is. It also promises real gains by reducing costs, saving time, increased convenience and greater protection from fraud.
Since September 2019, UK online banking providers have been required to allow authorised third parties access to their account holders’ personal data. The requested data includes information such as name, date of birth, home address, telephone number, email address, account balance, account transactions and much more. It doesn’t end there;
This innovation is driven by a belief that it will increase competition and create innovation within the financial services sector. Customers consent is expected because of the numerous benefits it provides. For example, the ability to seamlessly pay for services, such as for a minicab journey, via a phone App. Another benefit is financial recommendations from these authorised third parties, recommendations generated by the analysis of the transactional data within the accounts. This gives customers the ability to save money on services and financial products through direct comparison with the market.
To ensure consumers are fully protected from fraud, and before they give consent to any third party, it is important that they check that the third-party company is regulated by the Financial Conduct Authority (FCA) or is on the Open Banking Register.
So applications and regulation exist, but the reality of the information flow is delivered by the use of application program interfaces (APIs), biometrics and machine learning (Narrow AI). APIs are used as a secure method of communication between third party applications and online banking systems which use biometric and machine learning for customer authentication. Be it fingerprint, face, iris, keystroke, or voice recognition they greatly improve security and reduce the risk of fraud.
A Digital Identity should not be confused with an ID card. It is as much or as little as the holder wishes it to be. As with Open Banking, it is a digital technology that brings benefits to both the companies that create, adopt, and use the technology and to the individual user.
The UK Government Digital Identification Framework is still in its consultancy stage; we can however surmise the most likely way in which it will be implemented.
The more adventurous will have stored an aeroplane boarding pass or a loyalty card in a smartphone wallet. A Digital Identity would most likely reside in a digital wallet, as an App on a smartphone or as an application on a computer, acting as a depository, holding confirmed personal attributes. These attributes would be entered from trusted sources within the network of companies using the scheme.
Every individual piece of data will be weighted, depending on its source and the trustworthiness of the company that has added the data to the network. For instance, data sourced from a passport would rank more highly than data from a utility bill. The reliability of the scheme member onboarding that data would also affect the weighting of the data. The scheme members will have their own weighting dependent on the reliability of the data they’ve entered.
This creates a trust network. An individual’s home address could be absorbed from a bank statement and then given more weight when it is again absorbed from their driving licence. If a scheme member adds incorrect data, their weighting would be lowered, if it happens regularly, they can be removed from the scheme. The risk of fraud is reduced as this trust-based system ensures the integrity of the data and that of the companies inserting data into the wallet.
One benefit of such an information loaded wallet would be the ability to open an account with a bank, which can be done in person but could also be actioned online without the need to travel to a branch, removing the risk of damaging or losing valuable documents such as passports or birth certificates.
Once attributes are entered and suitably weighted, they can be used endlessly. Such quick onboarding would improve customer experience and reduce costs for the participating companies.
It also protects against identity fraud by limiting which information is handed over; if you are asked to prove your age, be it to buy an alcoholic drink or to secure a discount as a pensioner, this could be done without even giving your date of birth. If you give consent, the app will confirm that you are over 18 with a ‘yes’ or a ‘no’. You can confirm your address without displaying any embarrassing credit card debt.
It also offers consumers increased protection from scams and criminals as the wallet will only release information to requests from trusted sources, ensuring that the person or company you are dealing with is who they say they are.
Traditionally we have been used to getting vaccinated before going to far-flung lands, mostly voluntarily, but sometimes as a condition of entry. Due to COVID-19, our need to prove that we have been vaccinated may change radically. With a verified digital entry in your wallet, this would be a quick and easy process and again could even be actioned online.
Blockchain, which is also referred to as Distributed Ledger Technology (DLT), offers a different method of storing and managing information online.
Between these two terms, you may be able, to some degree, to guess how it works.
A ‘ledger’ is a book in which transactions are recorded on a page, a Blockchain also records transactions, but these are stored in blocks of data.
‘Distributed’ refers to the storage location of the Blockchain transactions. In this case, it is not centralised. It is not stored in a single location but duplicated between many locations (nodes). There are different types of nodes, some of which exist because rewards are offered for participating in the Blockchain network. The greater the number of participants, the more secure the Blockchain becomes.
‘Blockchain’ refers to the fact that each new block of data is linked to the previous block of data. In a book, this is done by incrementing page numbers. Imagine if an accounting ledger full of transactions went from page 4 to page 7, you would instantly know that the ledger had been interfered with and that a page was missing. The same applies to Blockchain. Instead of using page numbers, it uses a hash.
A hash is a small digital fingerprint cryptographically created from a block of data. The hash from a block is stored in the next block that is written, creating a chain, linking all the blocks together.
As the hash is created from the contents of a block, i, breaking the chain and highlighting that the data has been changed. If this happens, the modified block can be ignored.
Due to the distributed nature of Blockchain, there will be copies of the correct block. The node with the modified block can be ignored and possibly any future blocks from the same node.
Much has been written recently about the environmental impact of Bitcoin mining. This is due to the authentication protocol used by Bitcoin. The protocol selects who will write the next block and receive the reward for doing so. There are two commonly used authentication protocols, Proof-of-Work and Proof-of-Stake.
Proof-of-Work requires great investment in computer hardware and energy. There are obvious questions over its sustainability and environmental impact.
Proof of Stake, however, does not share these issues. The closest comparison I can conjure is that of a premium bond. You purchase a premium bond, and whilst you hold the bond, there is the chance that you may be randomly selected for a prize. You can cash in the bond and get your money returned at any time.
With Proof-of-Stake, you purchase a crypto coin or token, place it in a crypto wallet and choose the stake option. An algorithm within the Blockchain selects who will write the next block from all the staked wallets within the Blockchain, and therefore collect the reward for doing so. The crypto wallets differ from other wallets as their transactions are cryptographically stored securely within the Blockchain.
Even though Open Banking was created by regulation, Digital Identity is currently seeking regulation, and Blockchain has progressed ahead of regulation. These three digital technologies are coming together in a way that could create a seamless interchange of data benefitting all involved. Open banking with its API’s and Biometric Authentication provides a new level of access to your data. Digital Identity using wallets located on Biometrically secured devices creates the ability to hold a trusted copy of your data. Lastly, Blockchain, with its high level of security, using encryption and its distributed nature, ensures your data is protected.
These rapidly emerging and maturing technologies are already benefiting businesses. If your company holds, relies on, or captures data on its customers are you prepared?
Alan Cook is a principal consultant with Triad working with organisations in the private, public and third sector to support their transformation ambitions.