Gemalto: Trusted Digital ID for Banks

The customer control can be the corner stone of digital transformation. This TRUSTECH keynote exposes how banks can stretch their compliance assets beyond the sole scope of banking.

The customer control can be the corner stone of digital transformation. This TRUSTECH keynote exposes how banks can stretch their compliance assets beyond the sole scope of banking.

What’s Digital ID for Banks?

Gemalto is a key player that keeps the data safe, guarantee digital privacy and compliance with digital regulation.

It appears really inconvenient to create the same kind of online profiles over and over again. Filling forms with the same information, such as first name, last name, home address, etc. But this is the way digital identity is managed today, “in silos”.

Service providers are creating profiles, and the ID attributes from those profiles are not shared from one service provider to another, and the user experience is different from one to another. For the end user, this is a really bad situation. Federated identity is solving this problem, that’s why more and more service providers are creating consortiums which allow a user experience similar from one service provider to another. The identity attributes can be shared between, one and another.

The self-sovereign identity model is having the same benefits for the end user. The revolution comes from the fact that there’s no central entity in the middle owning the data. The data is owned by the users, who can alone decide how to share it and with who. That will allow one service provider or another to upgrade his profile with a new identity attribute. So, consortium is the key to achieve convenience in the digital journey.

In Sweden, Swedish banks created bank ID and this scheme is used by more than 73% of the Swedes, which is a huge penetration rate. With this scheme, Swedes can access governmental services and private services, banking being only one of them.

The same thing happened in Belgium, where the app “Itsme” was launched. As the user goes online and encounters the Itsme button, a notification is appearing on the smartphone. By opening the notification, he creates a transaction certificate which will go in the back-end to be checked. If the result is positive, the user is granted the access on the service provider website, making the user journey very smooth.

It started with the bank, but it’s now expanding to other providers. Belgian citizens can now use it to fill up their taxes, to check their pension rates and it’s been expended beyond the sole banking scope, because insurances are now using it, and it can also be used beyond the Belgian territory.

A New Sovereign Identity Model

By combining consortium for a smooth user journey in the digital identity landscape and the importance of the mobile to achieve a good user experience, a new sovereign identity model appears:

  • Certifiers are the one in charge of checking the ID attributes. When they validate one, they’ll post an attestation. Verifiers make sure the ID attribute is trusted. The ID wallet belongs to the users, and it will accept verifiers to get access to one ID attribute or accept certifiers to complete the profile with new ID attributes.
  • The ID wallet itself can behave as a certifier, at the very beginning of the journey. The user would for example get his phone number certified. Or by scanning an ID document with security features, the user would have the scan being compared to templates to ensure that the security features are genuine.
  • If this is validated, the user is then asked to perform a video flow. During it, he will have to perform a gesture with his face which is the proof of liveliness. The image of the face will be compared to the photography on the ID document. If it matches, the ID attributes from the ID document are digitalized.
  • If the user goes to a retail bank, by clicking on the ID wallet he will be requested by notification to share the ID attributes he needs. When he does so, he’ll be granted the access to the retail banks. For all service providers, users might not want to share all their details. To preserve those, they can click on the ID wallet to give their age but not their exact date of birth for example.

When banks are investing in digital, they’re fulling three main drivers, which are user experience, cybersecurity and regulations. The ID wallet is entirely mobile-based. It’ll be the same user experience from whatever service providers. It’s also security wise because it has been developed by the security by design concept.

Speaker: Emmanuel PAYRAUD, Gemalto