In the backdrop of the operating environment of financial institutions and banks, a technology is emerging that has the potential to disrupt the way business is conducted – digital identities (DI). Its significance is underpinned by several important factors: new legislation, future readiness, and customer experience.
DI is seen as the solution to compliance and regulatory standards such as FICA and Know Your Customer (KYC). Therefore, organisations that are proactive in preparing for their future reality will realise several benefits related to regulation: compliance, which helps avoid legal consequences such as fines; building trust with regulatory authorities (minimising regulatory scrutiny); and maintaining a good reputation.
A non-trivial aspect of the long-term survival of organisations is their ability to cope with future challenges, changes, and to exploit concurrent opportunities that arise. First movers in implementing digital identity solutions would greatly enhance their future readiness and be well positioned to reap the benefits.
Shortfalls of the current model
The current operating environment lacks a consistent identity for the customer, resulting in various inefficiencies on both the business and customer sides.
On the business side, there is redundant data collection, resource wastage (when documents and verifications are duplicated for the same customer, and manual labour is used in cases where internal systems can’t share information), and an increased risk of fraud.
On the customer side, individuals lack control over their identity information, document gathering for contracts is cumbersome, and they need to verify themselves constantly, leading to wasted time and resource.
Definition of a digital identity
A digital identity is a collection of information in the form of attributes and credentials that can uniquely identify a person. It is used to verify a person in all contexts where traditionally a government-issued Identity Document (ID), and other supporting documents such as proof of residence, are required for verification and processing (World Bank, 2016). A digital identity combines a customer’s identity information into a single multifaced unit that can be stored in a digital device such as a mobile phone or a physical item like card.
A digital identity exists in an ecosystem made up of several parties that are responsible for the creation, regulation, and secure storage and sharing of digital identities.
The customer: The owner and controller of the identity who gives consent to other parties to obtain and use their digital identity.
The government: Sets guidelines in the form of regulations that protect and empower the customer. It creates standards on how information can be created, stored and shared. It also imposes penalties on breaches of those standards.
Issuers: Entities that create specific elements of a digital identity such as an identity document, university degree or proof of residence. They act as verifiers when a party who wants to validate a claim of identity by a customer request a verification e.g. comparing an identity document supplied by a customer with the original in database at Home Affairs and declaring its validity.
Requesting parties: Organisations that receive a digital identity from a user usually because they offer a service or sell a product that needs identification. They have minimum standards that must be met in order for digital identity to be considered valid.
Who would be served by digital identities?
Professionals and other participants in the formal economy, characterised by high education, time constraints, affluence, and tech-savviness, stand to benefit from increased efficiency, improved customer service, and 24/7 access to services. Individuals in the informal economy and on the fringes of the formal economy, including financially constrained individuals, would gain access to essential private and public services. The elderly, facing mobility challenges and lower technology savviness, would also benefit from increased access points, such as scanners at local shops, improving their access to essential services. Moreover, this shift to digital identities would result in significant cost savings, reducing transportation and expenses associated with accessing digital services.
Using current technology to implement digital identities
The current landscape is characterised by Web 2.0. technology, featuring limited interoperability, low automation, dependence on human labour, sub-optimal security, and inefficient data utilisation. However, these problems aren’t inherent to Web 2.0.; its full potential has not been realised. Web 2.0 can address these issues and provide a comprehensive digital identity solution, as demonstrated by various examples globally. Therefore, the notion that Web 3.0. technology is necessary to create a digital identity solution is a misconception. Web 3.0. is only necessary for specific features like full user control and decentralisation, it is not a prerequisite.
Implementing a digital identity solution with Web 2.0. involves leveraging interoperable platforms and technologies such as APIs for seamless communication between systems. APIs can facilitate real-time communication across different platforms, fostering the exchange of information and the creation of a connected digital identity ecosystem.
OAuth, a widely used open standard for authorisation, facilitates secure user authentication by enabling third-party applications to access user data without exposing credentials. Integrating social media logins streamlines user authentication and taps into existing, widely adopted authentication systems, enhancing security and user convenience. For secure credential management, employing advanced encryption algorithms like AES (Advanced Encryption Standard) safeguards user data stored within the system
Efficiency gains and benefits to organisations
The elimination of re-verifying customers who have previously provided their information and documents, coupled with the automation of processes, can significantly reduce time delays and customers’ exposure to identity risks in the KYC verification process. Once customers’ credentials and documents are verified and stored centrally, they can be securely shared or accessed in real-time by any department of an organisation. Streamlined administrative processing would lead to cost savings and free up human resources for more demanding tasks.
Efficiency gains and benefits to organisations
The elimination of re-verifying customers who have previously provided their information and documents, coupled with the automation of processes, can significantly reduce time delays and customers’ exposure to identity risks in the KYC verification process. Once customers’ credentials and documents are verified and stored centrally, they can be securely shared or accessed in real-time by any department of an organisation. Streamlined administrative processing would lead to cost savings and free up human resources for more demanding tasks.
Extending interoperability infrastructure to give customers the means to store and share their digital identity, credentials, and documents would unlock higher efficiency, improved customer experience, and interconnectedness. It would allow customers to share their digital identities beyond the organisation to third parties who use KYC and sell products and services that require identification. Creating an app containing identity information and credentials, facilitating sharing through means such as secure messaging, smart tokens, or NFC, to name a few, could achieve this.
Cities in Europe use the technology to facilitate real-time, without human intervention, scooter and bike sharing systems where riders needing transport find a scooter around their location, verify themselves by scanning a digital QR code then use a mobile app to pay for the rental after their trip. In Nigeria, an environment closer to ours, people have a hybrid identity card (a physical card with a digital equivalent) embedded with a chip that can act as a digital wallet, capable of performing transactions in addition to serving as a secure digital identity.
QR code scanning is the most mature and consistently used method of sharing identities across the world.
Using cutting-edge technology to implement digital identities
While many benefits of digital identities can be realised with existing technology, Web 2.0. and other short-term innovations, fully preparing for the future necessitates leveraging Web 3.0 technology. The current technology, even in improved versions, has limitations. Realising certain aspects of digital identities, such as fully anonymising data, maximising security, and achieving full decentralisation, requires the use of feasible cutting-edge technology, as seen below.
Enhanced Biometric Authentication using AI and ML:
Biometric data, such as fingerprints, iris scans, and voice recognition, can be used for strong and unique identity verification. Apple’s Touch ID and Face ID, or fingerprint authentication on smartphones, exemplify the use of biometrics in digital identity. AI and ML can enhance identity verification processes by analysing patterns and detecting anomalies (increasing accuracy and reducing errors).
Quantum-Safe Cryptography:
As quantum computing advancements pose potential threats to current cryptographic methods and renders them inadequate, quantum-safe cryptography ensures the security of digital identities in a post-quantum era. The National Institute of Standards and Technology (NIST) is currently standardising quantum-resistant algorithms for cryptographic security in the United States.
Zero-Knowledge Proofs:
Zero-knowledge proofs allow a party to prove possession of certain information without revealing the information itself. This technology enhances privacy in digital identity. Zcash, a cryptocurrency, uses zero-knowledge proofs for transaction privacy.
Successful implementation of digital identities worldwide
Estonia’s execution sets an unprecedented global stand in country-wide interoperability, unification of citizen data and convenience. With a goal of using digital technology to create a more efficient, transparent and accessible government and society the Estonian government created digital infrastructure, X-Road, that give its citizens access to virtually all government services and private sector offerings of parties who’ve opted in.
It has a “once only” policy that dictates that no piece of information about a certain person should be entered twice. In practice government services such as accessing healthcare, submitting taxes and voting can be fulfilled online and are more than 90% of the time. Furthermore, if customers want to make big purchases such as buying a car they do not need to prepare documents; information about their income, debt, savings and investments can be accessed from other sources that are integrated into X-Road.
Estonia’s e-Estonia’s and Sweden’s Digital-ID identity solutions leverage technology and high-end devices and are suitable for countries with a high proportion of affluent and educated citizens. Digital-ID is a fully digital identity created by a consortium of banks that is equivalent to a government issued identity and has many uses e.g. entering into financial contracts and checking in at the airport.
Blended identity solutions
Our environment is better suited to blended identity solutions that leverage mobile phones as well as chips embedded in documents or cards.
Nigeria and India, with whom we share many characteristics, have implemented such solutions. For individuals with smartphones, they can download an app containing their identity information and use it in the usual way to verify themselves and share their identities. For those without smartphones, a smart card is issued, storing identity information on a chip. To share their identity, the smart cards are scanned with purpose-made machines at various government and non-government service providers. In the case of Nigeria, the smart card is also used for financial transactions, as it can receive money as well.
Current state in South Africa and the future
Bankserve, in collaboration with other parties, embarked on a journey to understand the requirements for implementing a digital identity solution in South Africa. They facilitated discussions with banks, fintechs, the government, and other key stakeholders to explore key questions, use cases, regulatory considerations, and priorities. They consider these various parties to constitute the “digital identity community”.
The goal of the initiative was both ambitious in scale and potentially transformative. The aim was to use digital identity infrastructure to foster financial inclusion, improve key services (particularly education and healthcare), increase the reach of private and public sector services to the wider population and to improve the security of the country’s digital ecosystem through formalisation. The aims are well considered, realistic and promise to elevate the lives of everyday South Africans.
A successful implementation of a digital identity solution as envisioned in the initiative would contribute to addressing key problems the country faces such as high inequality, poor education outcomes, financial exclusion, and digital fraud.
The key areas of inquiry were identifying a viable model for the South African context, selecting priorities for a digital identity solution, identifying key stakeholders and outlining a regulatory and policy framework to support the ecosystem.
Through this initiative, they determined that South Africa may adopt one of several models implemented globally, such as those discussed above. After a planning phase driven by the digital identity community, they provided five recommendations to be implemented.
Recommendation 1: Digital identity model
A hybrid model that combines features centralised and self-sovereign systems and lives digitally as well as exists as a physical item.
Recommendation 2: Key stakeholders
Setting up a scheme administrator who will be the custodian of the ecosystem responsible for setting up and maintaining a trust framework, forming key partnerships and supervise the governance of the system.
Recommendation 3: Key focus areas and use cases
Suggested focus areas are financial services, healthcare, and social protection. Main use cases identified were electronic KYC (eKYC) and digital onboarding.
Recommendation 4: Regulatory framework
Suggested the development of framework that prioritises open data and open finance.
Recommendation 5: Technology
Defined the characteristics of the technology to be developed or adopted when the ecosystem and infrastructure are built. They include high security, ease of use, efficient and tamper proof.
The initiative outlines strong viable recommendations that set a solid foundation for a digital ecosystem. A hybrid system is well suited given the profile of our population and technology maturity. The stakeholder model suggested with a central coordinating party has been tried and tested and complements the operating environment. Key focus areas address some of the country’s most pressing and enduring problems.
The recommendations, while valuable, could benefit from additional details to enhance their practicality, particularly in the case of recommendations 4 and 5. These suggestions might be strengthened by including a plan for getting buy-in from regulators (as they have numerous competing priorities). Additionally, the discussion on the fundamental technology underpinning these recommendations could be further enriched by providing more specific information about the most suitable and viable technologies for implementation. This would contribute to a more comprehensive understanding of the proposed strategies.
Conclusion
Digital identities in the business sector and wider economy promise disruption by addressing compliance, future readiness, and enhancing customer experiences.
The current inefficiencies in customer identity management underscore the need for a unified and consistent digital identity ecosystem.
While Web 2.0 technologies can facilitate implementation, the incorporation of Web 3.0, marked by blockchain and AI/ML, may unlock optimal benefits. Global success stories, particularly in Estonia, Nigeria, Sweden and India, showcase the efficiency gains of widespread interoperability. South Africa’s initiatives aspire to use digital identities for financial inclusion and societal betterment, emphasising the importance of inclusion, regulatory support and technology choices.