!css
2016 Expert views

Spotlight on digital ID

“Striking a balance between simplicity and security is different for retail and for corporate customers. In cash management systems, we can have security that requires certification and multiple signatures. But such an approach would be too complex for the retail banking environment.”

By Philippe Mirland, Head of Bank Solutions Engineering, GTB - Philippe Marquetty, Global Head of Payments & Cash Management Products, GTB - Raymond Bunge, Head of IT solutions, GTB

 

The main question for the payments industry regarding identity is who is in front of the payments device validating a transaction. Authentication is a big issue as our identities are spread over a wider footprint when making payments transactions, including computers, mobiles and social networks etc. As an increasing number of transactions in payments and cash management become digital, knowing who we are dealing with is a key concern for banks.

Banks collect a huge amount of information about their customers in order to comply with Know Your Customer regulations. They also gather a lot of data on payments behaviour. From this mass of information, banks must focus on a few key elements including identification and authentication of those who are transacting. We must also ensure that when customers transact online, their information is safe and segregated.

Banks are under pressure to develop new, value-added products and services in collaboration with bank and non-bank partners, using the information we have gathered about our customers. However, banks are relatively constrained by their regulatory obligation to ensure the security of customers’ information.

Identity issues for banks are related not only to external customers and how we recognise them, but also to internal bank staff and how we recognise who is authorised to do what. Often within a bank or a company using cash management solutions access rights may need to be shared. Typically, the management of such rights is static with a token issued to a particular user. The sharing of tokens is complex and a simple solution could lie in the application of biometrics to the problem.

A possible new way of authenticating transactions is to use the mobile phone as a token, which would be applicable for individual retail customers, corporates and international corporates. The phone can become a strong authentication system, with the combination of biometric methods such as voice or fingerprints.

Any authentication solution has to strike the right balance between simplicity and security. It is universal in financial services that customers want a simple and consistent experience when dealing with a bank. Simplicity must ensure that all users can understand the system, but it must not be so simple that it can be compromised.

The idea of a universal digital identity that would work across devices is being examined, both by banks and governments. Some governments are looking to introduce the digital identification of their citizens, but this is only at a national level and is not very common. At present there are many different solutions that can be brought to the table for digital identity. This diversity is difficult for customers – both retail and corporate – to handle.

When we consider the identification of those people who are processing a transaction, the question is less about authentication and more about what that person is permitted to do within the company. Increasingly, fraudsters are using social engineering techniques to manipulate bank staff into conducting certain transactions that are not in the interests of the company. Systems have to be developed that can identify unusual transactions even if they are seemingly conducted by an authorised person.

The ability to store information and authenticate transactions should be recognised as an asset by banks. Customers have confidence that banks can do this and we can apply our expertise to the problem of identity in the digital world. We can help customers to do e-commerce safely. In the future, banks could become involved in non-financial services transactions, offering to authenticate whether someone making a transaction is who they say they are.

The ability to store information and authenticate transactions should be recognised as an asset by banks. Customers have confidence that banks can do this and we can apply our expertise to the problem of identity in the digital world. We can help customers to do e-commerce safely. In the future, banks could become involved in non-financial services transactions, offering to authenticate whether someone making a transaction is who they say they are.

“Corporate cash management customers are more willing to accept a more complex approach to digital identity and security because they are dealing with valuable transactions and the risk is high if the transaction is fraudulent.” Philippe Marquetty, head of Payments & Cash Management Products

“Banks have an important role to play in the new world of digital payments: we can act as the ultimate safe storage solution for customers’ personal information. We can also authenticate transactions and products for clients.” Raymond Bunge, Head of IT solutions