Banks are starting to show interest in the idea of a universal federated digital identity. Already in Canada and the United Kingdom, banks have struck partnerships with government entities so consumers can have a single login for banking and government services. Stateside, BBVA Compass is one of the financial institutions dabbling in this area.
One notable BBVA initiative lets customers send and receive money through the payments service Dwolla. What makes the arrangement unusual is that the customers use their same BBVA username and password to sign on at Dwolla. This information functions as a digital identity of sorts, allowing Dwolla to recognize who they are without having direct access to any of their personal information.
What follows is an edited excerpt from our interview about the future of digital identity with Chad Ballard, BBVA's director of mobility and new digital business technologies.
-
Banks have to know a lot about their customers, who generally trust them to keep personal information secure. Who better to serve as digital identity providers in a post-password world?
March 27 -
The way we verify people are who they say they are must evolve to reflect new technologies like peer-to-peer platforms and the Internet of Things and the ways millennials live and work.
March 27 -
Asking for static information like a mother's maiden name seems increasingly passé, since shared "secrets" can be stolen or gleaned from the Internet. But without a brilliant alternative, and done with care, knowledge-based authentication still has value.
March 24
Is this vision of a universal federated digital identity something we might see relatively soon, or is it more future state?
CHAD BALLARD: Well, there are certainly a lot of different parties thinking about this, but we haven't yet seen a ubiquitous solution out there today. Creating one single common solution is challenging because we have a very large and complex financial environment.
The other issue would be educating consumers. Fraud and privacy concerns are top of mind for consumers. They may initially be uneasy with having a digital identity that is centrally stored and managed. If it's something that is certificate or token-based, it may be more difficult for the average user to grasp or understand.
Should banks be the entity to manage this centralized identity?
I think banks are already considered to be trusted, secure holders of information, so it would make sense. Outside of perhaps a government agency, consumers are used to banks playing that role of secure, trusted adviser.
Are you experimenting with the concept of digital identity now?
We have been working on a model like this in a partnership with Dwolla. Our customers can send and receive real-time payments [using Dwolla]. Our customers can log in to Dwolla using their bank credentials, so they don't have to give sensitive account information or credentials to a third party. We do not share our customer information with Dwolla.
Was educating customers a challenge?
It's an easy thing to get customers to use, because all we're asking them to do is authenticate with their bank. It's something they do every day. We're not asking them to do anything nonstandard or create a separate identity that they are not used to. So for us, this idea is not a future consideration; we're working on it now.
What role might the blockchain play in this new world of digital identity?
The blockchain offers many interesting opportunities, and there are a lot potential use cases when it comes to authentication. You hear about some companies already using it to certify authenticity in markets where fraud is prevalent, such as diamonds and fine art. It's possible the blockchain could end up being the single, secure token element to certify the authenticity of everything. And obviously identity could be a part of that.