Banking on online identity verification

June 16, 2008 at 11:51 pm 6 comments

It’s interesting to see how some see business opportunity out of government regulation while others see only downsides.

During April’s Identity Conference, Kiwibank boss Sam Knowles complained about how the proposed anti-money laundering law provides no value, only an unnecessary regulatory burden.

For a bank which markets itself as a New Zealand bastion against domination by foreign (i.e. Australian) banks, it would do well to look across the Tasman at the example set by the branchless retail bank ING Direct.

According to an article in Australian IT, “ING Direct has led the way in using anti-money-laundering identification processes to come up with a method for opening an account purely online. The Dutch bank has claimed bragging rights for the first end-to-end online account opening facility in Australia…which uses an almost instant online identity verification process instead of the traditional 100-point security check to allow customers to open savings and term deposit accounts.”

“ING Direct has taken advantage of new AML [anti-money laundering] legislation that allows financial institutions to replace the traditional 100 point security check, which uses physical documents such as passports, with electronic AML compliance checks.”

According to the bank, “We were able to show the Government that electronic verification was robust and an alternative method to face-to-face. The legislation now says you have to conduct verification but it doesn’t prescribe the channel.”

From my perspective, this is cool. It works for people, it works for banks (even more so for branchless retail banks). And, it’s another small step forward in unlocking the Internet’s potential for higher-value transactions.

But the way that ING Direct verifies a person’s identity isn’t without potential flaws. Australian customers fill out an online application form and their identity is checked by FCS OnLine, a third-party identify verification service.

FCS OnLine seems to be offering online identity verification by checking information submitted by applicants against public databases. It’s difficult to see how relying solely on knowledge-based identity verification provides sufficiently robust results. On the other hand, presumably they overcome privacy requirements based on active consent from applicants.

So, if the outcome is desirable but the online identity verification process employed is suspect, it would be desirable for a better process to be used.

What that would be? For a start, one that is robust, economical, and user-centric. Even that’s quite a tall order. And, as far as I know, one that doesn’t exist- yet.

That’s where the wheel turns a full circle and New Zealand banks, including Kiwibank, may one day come out ahead if policy issues related to private sector use of igovt (specifically, the Identity Verification Service) mentioned in a Computerworld article are resolved.

Which raises the question of when is government a justifiable party?

(Hat tip to a colleague for the link to the Australian IT article and getting my blogging juices flowing again.)

Advertisements

Entry filed under: Aus, government, identity, igovt, NZ, personal_info.

Freeing the cyber seas Sweden: Lex Orwell

6 Comments Add your own

  • 1. Kevin Cox  |  June 17, 2008 at 6:02 pm

    Our company offers a user centric identity verification model for Australian citizens. The first versions are being used with SportingBet and Sportsbet. We would be interested in your thoughts and comments.

    The concept is to give users various ways from which they choose to verify themselves. That is, the model is for the user to assert they have an association with other organisations and we give them ways that they can prove the assoication. In our case we are initially using the Electoral Office, the White Pages, the Tax Office the passport office and medicare.

    Take a look at http://www.edentiti.com

    Take a look at http://www.edentiti.com and

    Reply
  • 2. Vikram  |  June 17, 2008 at 10:49 pm

    Thanks Kevin.

    Edentiti looks interesting for a number of reasons.

    First, the notion that “A person’s identity is formed from their relationships with other people and organisations. A public identity is the sum of those relationships.”

    So the focus is not on unique identity but public identity. That seems to be fit-for-purpose for betting but, as a knowledge-based system, is probably not for high risk requirements (such as opening a bank account or applying for a passport).

    Secondly, it looks like you’re not differentiating identification from authentication. So, adding voice biometrics can provide higher assurance that it is the same person (i.e. authentication) but not who the person is in the first place (identification).

    Overall, I can see the value proposition for both customers and service providers where the identity-related risk is low or, at a maximum, moderate but not for high risk identification requirements.

    My 2 cents…

    Reply
  • 3. Adam Smith  |  July 26, 2008 at 3:26 am

    It’s good to know that the identity debate is a hot topic across the globe. As providers of electronic ID checks for both anti-money laundering compliance and fraud prevention in the UK, the topic of robustness is one that we often come across.
    To ensure robustness when conducting e-ID verification, it is essential that identity is cross-referenced against multiple reliable data sources and, dependant on the particular circumstances, paper documentation and supporting checks conducted.
    As with most things, knowledge is power and the more information that is available on which to base our judgement, the sounder our judgement should be.

    Reply
  • 4. Kevin Cox  |  July 29, 2008 at 5:34 am

    Vikram sorry but just noticed your comment on my comment:)

    The person who claims they are the person contacts directly or indirectly each of the other parties to the relationship each time they wish to be identified. The physical biometric of the voice (or fingerprint or photo) is important because of future use. The biometric is no further proof the first time a person uses the system but the second time it is. The biometric is also important to as a protection against stolen identities. It enables a person whose identity was stolen to prove it was not them. It also enables prosecuters to have a stronger case when they catch a person who is suspected of identity fraud.

    Reply
  • 5. Rob Monster  |  February 19, 2009 at 9:40 am

    The challenge with most of these solutions for identity verification is that they are easily gamed — run a background check and then take the open-book test.

    I recommend checking out Identity.net . The solution developed here addresses a global need for “proving that you are you on the internet”.

    PM me if you want more details.

    Reply
  • 6. ACH  |  August 26, 2010 at 6:52 pm

    Identity verification systems are a fast and inexpensive way for businesses to determine if consumers are who they represent themselves to be. I found a blog “National ACH” which is basically a payment processing blog uses ID verification systems to protect against loss from fraudulent transactions. For more details visit
    http://www.nationalach.com/

    thanks 🙂

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


This blog is no longer updated. See the About page for more info. I'm currently active on Twitter.

Follow me on twitter

Feeds


%d bloggers like this: