11 April 2017
To reach full adoption, eID means must be trustworthy, seamless, cross-border and convenient
The higher the level of assurance of electronic identification means, the better they can serve as legal proof for verification of the identity of a person. Banks are in an ideal position to act as identity providers of eID means in line with the eIDAS regulation. In this blog, I speak with Andrea Servida, Head of Unit ‘eGovernment and Trust’ at DG CONNECT at the European Commission about the importance of trust and the position of banks in creating electronic identification means. It is the second blog on this topic, the first blog was about the eIDAS regulation and the opportunity it beholds for the entire European Union.
As of 29 September 2018, EU citizens and businesses will be able to use their national electronic identification means to access online public services across the EU, provided that these means have been ‘notified’ by their Member State for cross-border use. What is more, eID is not just about accessing public services, it can also provide trust, security and convenience for businesses and their customers. This is made possible by the eIDAS Regulation, which introduced a set of rules for electronic identification and trust services for digital transactions. Servida headed the Task Force that shaped the proposal for the eIDAS Regulation. He is now responsible for fostering understanding and awareness about the transformative nature of the eIDAS Regulation across various sectors in the digital realm. According to Servida, eIDAS is a great opportunity for the public and private sector to join forces. Here is the link to his latest blog on the Commission activities to accelerate the uptake of eIDAS.
Managing identification processes is in the DNA of banks
What is important, is the key role of the private sector in this ecosystem. Servida emphasises that the private sector will play a major role in this new digital world, not only as a key sector relying on government issued/recognised eIDs, but also as possible identity providers. This is already the case in some countries where the bank cards are recognised as official eID means by the state. According to Servida: “Banks are professionals in risk management and managing the identification processes is an element that is in their DNA. In this perspective, banks are well placed to offer those types of services, beyond what is just the banking relationship between the bank and the customer.”
Customers must provide a passport or an identity card while opening a bank account to verify their identity. The credentials issued then by the bank can be used to verify the online identity in a safe online environment for third parties. This puts the bank in a perfect position to function as identity provider for eID means under eIDAS: once the person has been identified and verified online, he can do his business digitally and across other member states, with electronic means that have the level of assurance that is equivalent or higher than is necessary for these services. Of course, the prerequisite for this is that these eID means are recognised by the state in which they are issued and are notified by that Member State for cross-border use, in line with the process and requirements set by the eIDAS Regulation.
The advantages for banks as an identity provider
In my opinion, playing the role of an identity provider beholds three particular advantages for the banks:
- Banks can strengthen the relationship with the customer, because their credentials and brand are being used for third parties;
- It’s a new business model to attract new business and income. The timing is ideal, because they must take the step anyway to embrace new possibilities in a post PSD2 and AML5 environment;
- Banks can provide new services like a data guardian angel with, for example, risk profiling, which could be useful for e-commerce. There is a chance to step up and take an active role in the path of a seamless shopping experience. This means banks can provide a login and several payment methods, together with other services such as e-signing, e-invoice and e-mandate.
Four keywords to reach full adoption rate
While banks are in the perfect position to provide electronic identities, the next step is to make sure that consumers or companies will use these electronic identification means. Servida points out that there are four keywords to reach full adoption rate:
1. Trust: “If I have something that I trust for several reasons, because it is associated to an experience for a business collaboration, such as between myself and a bank or telephone company, maybe I am more inclined to rely on these types of means for any kind of authentication tasks to which I am exposed or which I am required to fulfill to get access to a service.”
2. Seamless: “We don’t want to have a changing user experience when consumers want to access a different service. It should be seamless across all types of devices and future communication environments.”
3. Cross-border: “Digital is by nature cross-border, so it makes perfect sense for digital identity platforms to have an international scope as well.”
4. Convenience: “This is the first keyword we always preach and it goes hand in hand with trust, security and cross-border. There is no point to roll out something that is hardly usable. Convenience is going to educate the users that higher trust and security means protection for them in the first place. It would limit the need to disclose personal data to services which possibly provision their personal data.”
These are four keywords to increase the usage of eIDs in general, but that are also applicable to the banking sector. Combining the bank’s role as a safe and trusted environment can indeed be an interesting role for the upcoming years, not only for payments but also for identity. A very important point is that there is enough reach to the consumers and trust and convenience to use the mechanisms. That is one of the reasons why banks could be very successful in being the identity provider as they have the reach, the trust and the adoption degree to the citizens.
An open call for proposals gives the possibility to test the technical implementation
Banks can also apply to the open call for proposals which has been recently launched under the Connecting Europe Facility Programme which enables, among others, the connection of private sector services to the national eIDAS-compatible eID infrastructure, the “eIDAS node”.
The call represents a good opportunity for banks to receive funds to connect their services to the eIDAS node and proceed to the testing in a cross-border scenario thereby opening their way to eIDAS-compliant eID provider.