Opendata, web and dolomites

Report

Teaser, summary, work performed and final results

Periodic Reporting for period 1 - IDAaaS (Trusted online service for identity assurance)

Teaser

The financial services (FS) industry is undergoing the biggest transformation in its long history. It is rapidly becoming a digital business: the European FS industry expects to invest some €62bn in IT until 2018 to cope with the digital transformation. Besides, European...

Summary

The financial services (FS) industry is undergoing the biggest transformation in its long history. It is rapidly becoming a digital business: the European FS industry expects to invest some €62bn in IT until 2018 to cope with the digital transformation. Besides, European regulators want to open the market to competition enforcing, at the same time, ever-stricter legislations for online transactions, like the EU Anti-Money Laundering Directive 4 (AMLD4) and Payment Services Directive 2 (PSD2) for the prevention of identity theft and financial fraud, including tax avoidance, money laundering and terrorist financing. As a result, lack of sufficient IT personnel and volume of regulatory changes are top concerns reported by financial institutions.

Know-your-customer (KYC) is a legal obligation for online onboarding into financial services to ensure that the person (or an organization) claiming a particular identity is in fact this person (or organization). To this end, in September 2015 the EU adopted eIDAS Regulation on electronic identification and trust services for electronic transactions. Nevertheless, eIDAS provides a regulatory environment with three assurance levels (low, substantial and high) but it is up to the Member States to define both the tools needed for each assurance level and the associated financial services allowed per level. This has resulted in a fragmented landscape of electronic identity and complicated procedures: e.g. in the UK almost 40% of users abandon the on-boarding process because at some point they become frustrated enough with the online application. This is a barrier for people and companies to access national and cross-border financial services online, hindering as well the development of the FS industry in Europe as a digital single market, as stated by the European Commission.

Signicat’s innovation relies on the integration of different tools for identity assurance to help financial institutions comply with legislation, while simplifying user’s online on-boarding through one-stop-shop: the Signicat Toolbox. Financial institutions intermediate with their users through our standardized interface to dynamically meet the assurance level requested for each service, meaning that by combining the tools, the eIDAS security level of assurance increases. In the Nordic countries where Signicat is market leader, banks have reported a compliance cost reduction of up to 80.4% and an increase in completed on-boarding from 20% to 70% since our electronic identity (eID) is being used, as we allow users to reuse the information already provided to other institutions as an individual eID-Hub. We offer a high service level assuring up to 99.8% availability 24/7 to match the customers/users’ needs.

Our technology helps financial institutions to increase online onboardings up to 70% and to comply with legislation with up to 80.4% cost savings: after five years of commercializing IDAaaS in other EU countries, we estimate €12.8bn cost savings for our 299 new customers.

Signicat is the first identity assurance as a service (IDAaaS) provider to the financial industry in the Nordic countries with around 30% of the market share. The overall objective of this project is to upscale, pilot and commercialise in the other EU countries our technology, opening to citizens a secure market for online banking in national and EU cross-border transactions as a single market.

Work performed

IDAaaS has been tested internally as well as in small scale customer implementations, using configurations with one or more of the following components; eID, register lookups and ID paper verification, orchestrated by the Signicat Assure engine. The internal functionality testing has been performed with employees, using primarily Nordic identities as the employee base primarily consist of people with Nordic origin.

There has been a number of possibilities to perform functional tests both inside and outside of the Nordic region in relation to customer and partner demonstrations. Demonstrations have been performed for the companies in the financial sector in UK, Germany and US. The solution has been implemented in production for customers based in Norway and the Netherlands. Currently four customers are accessing production environment. In addition, there are a number of companies with access to pre-production for testing and implementation purposes.

The User experience (UX) is key to guiding the end user through the process of a digital on-boarding. We have improved the UX to increase the number of successful transactions, implementing functionality like auto capture of images and glare detection when capturing ID papers. The UX has been optimized to work on mobile and desktop browsers. Going forward we will need to continuously improve the UX based on feedback from customers and end users.

The use of eIDs as part of the onboarding flow is working as expected. The very nature of optically capturing information from ID papers and performing fraud detection using a mobile or desktop camera has confirmed to us that this is not an exact science. We have tested a number of leading vendors within this space and all of them has limitations and shortcomings when it comes to certain geographies, id types or simply basic document analysis. It confirms that we need to be able to run multiple engines in parallel, corroborate with registries and other data sources as well as perform analytics and data quality checks on top of the respective ID paper verification engines. A number of registries has been integrated and can be used in IDAaaS transactions to augment the identity data or corroborate identity indicators.

The Signicat Assure Orchestration engine is performing well, running preconfigured linear flows.

Based on the functionality tests performed, the foundation for a large scale pilot is in place. The identified findings show the direction for the upcoming development activities, and it is expected that the large scale pilot will validate the current findings as well as introduce new ones that can further improve the product.

Final results

While banks require consumers to visit bank branches to sign up as a customer, consumers expect that everything can be done digitally. This is true for most digital services today, but not including banks and other financial institutions. By providing a digital-only solution, this will make it simpler for consumers to sign up to new financial services. With the arrival of PSD2 (Payment Service Directive 2 – EU Directive 2015/2366), which came into effect in 2018, it is expected that a lot of new players will enter the market, and the need for smooth on-boarding is a requirement for these to succeed.

With the arrival of eIDAS (EU regulation 2014/910), there will be more focus on assurance levels, as eIDAS defines Low, Substantial and High. It is up to the organization to decide which level is required for a customer, based on a combination of risk and regulation. It is possible to do an initial onboarding using assurance level low, and then step this up to a higher assurance level at a later stage, when the risk increases, or regulations demand it. The core of the IDAaaS is that the bank (or any other organization) can onboard new customers with the required assurance levels. The goal is to provide the eIDAS levels of assurance in each of the European countries, to make it simpler and harmonized.

Website & more info

More info: https://www.signicat.com/identity-assurance-service/.