Most Popular

What’s New?

Can a business invest in stocks?GLEIF’s verifiable LEI issuer qualification programWhat are child entities and how do they relate to other entities?Do I need an LEI when selling shares?Business Transparency: How to create an environment of trustAnti Money Laundering (AML) in banking: Everything you need to knowKYC in banking: Why it’s important and how to comply?Corporate structures demystified: What you need to know?ASIC releases a new consultation paper about changes to its derivative transaction rulesWhat is a parent company and how does it work?How long does it take to get an LEI?ISO 5009 – Identifying organizational rolesISO 17442 – Standard for LEI code structureESRB discusses the future of LEILegal Entity Identifier (LEI) vs Tax Identification Number (TIN) in AustraliaWhat documents are required for LEI registration in Australia?Who is an LOU in the LEI dimension?GMEI vs LEI RegisterLapsed LEI – Why should you keep your LEI active?Who is an LEI Registration Agent?Are LEIs public?What is LEI transfer?Can an individual have an LEI?Who needs an LEI code?Do LEI numbers need to be renewed?Why is an LEI code required?How much does an LEI code cost?LEI Lookup – Fully dedicated LEI search websiteISIN to LEI mappingGLEIS | Global LEI SystemMiFID regulation | MiFID II LEIvLEIGLEIF | Global Legal Entity Identifier FoundationCompany Autocomplete by LEI RegisterOpen LEIEuropean Market Infrastructure Regulation | EMIRWhat is an LEI database?Legal Entity Identifiers in cryptocurrencyLegal Entity Identifiers in KYCDigital identity predictions for 2020The future of cybersecurity – DeloitteLegal Entity Identifiers in digital certificatesBroad adoption of LEIs could save the global banking sector $2-4 billionLegal Entity Identifiers for government entitiesThe European Market Infrastructure Regulation (EMIR) and Legal Entity Identifiers (LEIs)The FCA will take a pragmatic approach to supervising reporting on Brexit DayAdoption of LEI in payment messages by the Payments Market Practice Group (PMPG)RegTech London – Event summaryCybersecurity in a nutshellLEI deadline postponed by ASICHow to get an LEI in Australia?What is LEI-search?LEI Register and RapidLEI announce an official partnership

Digital identity predictions for 2020

What does 2020 have in store for digital identity? Here are some of our predictions.

More countries will begin to adopt national ID schemes

A national identity scheme tells us much about the state that creates it. Schemes come in many forms, with the government taking many roles from identity issuer to regulator. Gemalto has visually explained the ecosystem.

Trusted National Identity Scheme 1

Here’s an example of the UK system:

The case is slightly different in Estonia where identity is given a more citizen-centric point of view with the government taking the role of identity issuer. Each citizen receives a national identity card (so far 98% of the country is covered) and this card allows them to access online services.

In countries like Sweden and Finland, the banking industry has taken on a key role as the issuer of digital identities. While no country has the perfect ecosystem, newer countries, like Kenya, that adopt these systems have lessons to learn and ideas to build upon.

2020 will see more national identity schemes launched and more projects to be announced. The world is realizing the benefit of giving citizens a national ID that can help them access the banking sector and public sector.

The digital identity landscape will get less complex

One World Identity has been helpful in segmenting companies in the Identity and Access Management space. Their document mapping the identity landscape looks a little heavy right now, and there are no signs of slowing down. Companies are starting each day to solve new challenges in the industry or gain a piece of a growing market share.

Companies solely dedicated to Identity Verification, Know Your Customer, Identity Proofing and Compliance are mapped with trade organizations and password managers.

We don’t think we’ll see a slowdown in companies popping up in this space anytime soon but we do think that companies will start to build partnerships and collaborate more with API-driven approaches. This will lead to one-size fit solutions that will become the norm. Identity verification, issuance, federation, and brokerage are areas where we can see good opportunities for joint ventures and API-driven workflows. For a business that doesn’t want to deal with complex identity data, this partnered one-size fits all solution will be useful.

Phishing attacks will increase – This time, with a thirst for identity data

As security gets more complex, so does a cybercriminal’s strategy. Password complexity hasn’t changed much, and people still tend to use the same passwords for most accounts, but there has been the adoption of multi-factor authentication that hackers are now trying to bypass with a new type of authentication attack.

By tricking users into pretending to be a company they trust, hackers can ask users to identify themselves with a fingerprint or a picture of their faces. This biometric recognition is then stolen and used to gain access to their accounts.

There has already been a couple of attacks that have sought to get access to a user’s biometric data. These types of attacks don’t show any signs of slowing down.

The ownership and control of identity will be a major topic of discussion

There is consensus in the industry that identity attributes should belong to and be controlled by the people who own them. Citizens.

Organizations shouldn’t have to issue digital identities. Instead, each person should bring their own identity, choose which information they share with the company and an independent authority would verify this data before a digital information exchange takes place.

When it comes to the advantages of using blockchain to store identities, the list is endless. The control of data is with the person who owns it, they can revoke access to data by third-party companies, update the data themselves and delete information they don’t want. Everything that GDPR regulators would die for.

Since Satoshi Nakamoto released his white paper on Bitcoin in 2008, we still haven’t seen widespread adoption of digital identity. Why?

There are a few answers to this question. The first is that there is still a lot of debate about what we would use to authenticate ourselves online. Right now, we typically use a password and username, and in higher-level situations, we have to identify ourselves with a bank account, address, passport, or driver’s license. Some experts say that we could use identity attributes like proof of bank account ownership, library memberships, government accounts online, etc. Some argue that we should use biometrics like facial recognition or fingerprints, but both have already been successfully hacked. Others say we could move towards a model using identity attributes based on our behavior, but most consumers find this terrifyingly dystopian. And many experts say the answer is a mix of all the above.

“Whenever things as sensitive as biometric templates are written to an immutable ledger, you don’t know what will happen with that data years into the future.” Says Ed Eykholt, VP of Engineering for non-profit biometric service provider iRespond, in an interview for Biometric Update.

But what counts as an identity attribute? How do you regulate this and stop sensitive data from being accessible to hackers? These questions are still up for grabs, and W3 org has a working group that has been making a good start.

The industry has already put to bed ideas of using blockchain for identity because running sensitive identity data in the blockchain would be tricky to do securely. A centralized identity service on a decentralized data exchange platform appears to be the way forward, but who becomes responsible for this data? Would you trust the government with it? Or your bank?

We’ve already seen what security issues a nationwide identity database can create, thanks to India’s Aadhar hacking incidents. The fact is, there are still a lot of questions to be answered and a lot of collaboration between private and public companies all over the world to make this work.

The banking industry will be focused on trust

2020 will be a busy year for banks. Banks were traditionally trusted with safeguarding the gold bullion, but today, banks have a much larger responsibility to safeguard our data. There have been significant challenges in doing so, especially as Open Banking encourages the sharing of data via APIs with third-party providers and FinTech.

The move will bring about significant benefits for consumers and allow greater market competition, but it does create more layers for data to leak or be exploited. One that banks and financial technology companies alike will have to work hard to close.

Banks are also having to think about Know Your Customer (KYC) checks and what they can do to improve a system that is already being exploited. According to UK Finance:

“Unauthorised financial fraud losses across payment cards, remote banking and cheques totalled £844.8 million in 2018, an increase of 16 per cent compared to 2017.”

AnticMoney Laundering (AML) and KYC checks are not sufficient enough. While Legal Entity Identifiers have the potential to greatly reduce fraud, improve KYC and shorten onboarding times on the side of B2B, there’s still a gap when it comes to B2C transactions. Could LEIs also be the answer to B2C? We’ll have to wait to find out the answer!