Report explores potential banking digital identity options

Findings from an American Bankers Association (ABA) and management consulting firm Oliver Wyman report maintain there is a framework for bankers to bolster fraud-protecting digital identity initiatives.

© Shutterstock

The Growing Significance of Trusted Digital Identities in U.S. Financial Services identifies three areas where digital identity solutions can make the largest impact to decrease the possibility of fraud – identity proofing and KYC2; authentication; and transaction authorization and monitoring.

“Implementing digital identity solutions can greatly reduce fraud and improve operational efficiency, but getting started can be complex,” ABA Office of Innovation Senior Vice President of Innovation and Strategy Brooke Ybarra said. “This new report is a valuable resource for banks as they dive into this critically important space.”

Identity proofing and KYC2 is the process of verifying a customer’s identity and issuing them with digital credentials, typically involving asking for personal information that includes names, addresses, and social security numbers and verifying the information against related documents such as proof of address or government-issued credentials such as a driver’s license. The documents also undergo verification checks to determine authenticity.

The report details that authentication recognizes legitimate returning customers in order to permit access. A recent survey of domestic banks determined 85 percent of institutions rely on username-password as the primary way to authenticate returning customers. But authorities acknowledged that despite the addition of various two-factor and multi-factor elements, the username-password standard is still easily defeated by threatening entities using techniques that include phishing and SIM-swaps sidestepping the control provided by one-time passcodes.

Transaction authorization, per the report, is deciding whether to permit individual transactions initiated by the customer. The decision will be made by checking the customer’s access rights and other relevant factors and assessing the transaction risk in real time.