Most Popular

What’s New?

Can a business invest in stocks?GLEIF’s verifiable LEI issuer qualification programWhat are Child Entities and How do They Relate to Other Entities?Do I need an LEI when selling shares?Business Transparency: How to Create an Environment of TrustAnti Money Laundering (AML) in Banking: Everything You Need to KnowKYC in Banking: Why It’s Important and How to ComplyCorporate Structures Demystified: What You Need to KnowASIC releases a new consultation paper about changes to its derivative transaction rulesWhat is a parent company and how does it work?How long does it take to get an LEI?ISO 5009 – Identifying organizational rolesISO 17442 – Standard for LEI code structureESRB discusses the future of LEILegal Entity Identifier (LEI) vs Tax Identification Number (TIN) in AustraliaWhat documents are required for LEI registration in Australia?Who is an LOU in the LEI Dimension?GMEI vs LEI RegisterLapsed LEI – Why should you keep your LEI active?Who is an LEI Registration Agent?Are LEIs public?What is LEI transfer?Can an individual have an LEI?Who Needs An LEI Number?Do LEI numbers need to be renewed?Why is an LEI number required?How much does an LEI number cost?LEI Lookup – Fully dedicated LEI search websiteISIN to LEI mappingGLEIS | Global LEI SystemMiFID regulation | MiFID II LEIvLEIGLEIF | Global Legal Entity Identifier FoundationCompany Autocomplete by LEI RegisterOpen LEIEuropean Market Infrastructure Regulation | EMIRWhat is an LEI database?Legal Entity Identifiers in CryptocurrencyLegal Entity Identifiers in KYCDigital Identity Predictions for 2020The Future of Cybersecurity – DeloitteLegal Entity Identifiers in Digital CertificatesBroad Adoption of LEIs Could Save The Global Banking Sector US $2-4 BillionLegal Entity Identifiers for Government EntitiesThe European Market Infrastructure Regulation (EMIR) and Legal Entity Identifiers (LEIs)The FCA Will Take Pragmatic Approach to Supervising Reporting on Brexit DayAdoption of LEI in Payment Messages by the Payments Market Practice Group (PMPG)RegTech London – Event SummaryCybersecurity in a NutshellLEI deadline postponed by ASICHow to get an LEI in Australia?What is LEI-Search?LEI Register and RapidLEI Announce Official Partnership

Digital Identity Predictions for 2020

digital predictions for 2020 illustration

What does 2020 have in store for digital identity? Here’s some of our predictions.

More Countries Will Begin to Adopt National ID Schemes

A national identity scheme tell us a lot about the state that creates it. Schemes come in many forms with the government taking many roles from identity issuer to regulator. The ecosystem has been visually explained by Gemalto.

Trusted National Identity Scheme 1

Here’s an example of the UK system:

The case is slightly different in Estonia where identity is given a more citizen-centric point of view with the government taking the role of identity issuer. Each citizen receives a national identity card (so far 98% of the country is covered) and this card allows them to access online services.

In countries like Sweden and Finland, the banking industry has taken on a key role as issuer of digital identities. While no country has the perfect ecosystem, newer countries, like Kenya, who adopt these systems have lessons to learn and ideas to build upon.

2020 will see more national identity schemes launching and more projects to be announced. The world is realising the benefit of giving citizens a national ID that can help them access the banking sector and public sector.

The Digital Identity Landscape Will Get Less Complex

One World Identity has been helpful in segmenting companies in the Identity and Access Management space. Their document mapping the identity landscape looks a little heavy right now and there’s no signs of slowing down. Companies are starting up each day with the aim of solving new challenges in the industry or gaining a piece of a growing market share.

Companies solely dedicated to Identity Verification, Know Your Customer, Identity Proofing and Compliance are mapped with trade organisations and password managers. You can download the image here yourself.

We don’t think we’ll see a slow down in companies popping up in this space anytime soon but we do think that companies will start to build partnerships and collaborate more with API driven approaches. This will lead to one-size fit all solutions that will start to become the norm. Identity verification, issuance, federation and brokerage are areas where we can see good opportunity for joint ventures and API driven workflows. For a business that doesn’t want to deal with complex identity data, these partnered one-size fits all solutions will be useful.

Phishing Attacks Will Increase – This Time, With a Thirst for Identity Data

As security gets more complex, so does a cybercriminal’s strategy. Password complexity hasn’t changed much and people still tend to use the same passwords for most accounts but there has been adoption of multi-factor authentication that hackers are now trying to bypass with a new type of authentication attack.

By tricking users into pretending to be a company they trust, hackers can ask users to identify themselves with a fingerprint or a picture of their face. This biometric recognition is then stolen and used to gain access to their accounts.

There has already been a couple of attacks that have sought to get access to a user’s biometric data. These types of attacks don’t show any signs of slowing down.

The Ownership and Control of Identity Will Be a Major Topic of Discussion

There is definitely consensus in the industry that identity attributes should belong to and be controlled by the people who own them. Citizens.

Organisations shouldn’t have to issue digital identities. Instead, each person should bring their own identity, choose which information they share with the company and an independent authority would verify this data before a digital information exchange takes place.

When it comes to advantages to using blockchain to store identities, the list is endless. The control of data is with the person who owns it, they can revoke access to data by third-party companies, update the data themselves and delete information they don’t want. Everything that GDPR regulators would die for.

Since Satoshi Nakamoto released his white paper on Bitcoin in 2008 we still haven’t seen widespread adoption for it in digital identity, why?

There are a few answers to this question. The first is that there is still a lot of debate about what we would use to authenticate ourselves online. Right now, we typically use a password and username and in higher level situations we have to identify ourselves with a bank account, address, passport or driver’s license. Some experts say that we could use identity attributes like proof of bank account ownership, library memberships, government accounts online etc. Some argue that we should use biometrics like facial recognition or fingerprints but both have already been successfully hacked. Others say that we could move towards a model where we use identity attributes based on our behaviour but most consumers find this terrifyingly dystopian. And many experts say the answer is a mix of all the above.

“Whenever things as sensitive as biometric templates are written to an immutable ledger, you don’t know what’s going to happen with that data years into the future.” Says Ed Eykholt, VP of Engineering for non-profit biometric service provider iRespond in an interview for Biometric Update.

But what counts as an identity attribute? How do you regulate this and stop sensitive data being accessible to hackers? These questions are still up for grabs and W3 org has a working group which has been making a good start.

The industry has already put to bed ideas of using blockchain for identity because running sensitive identity data in the blockchain would be tricky to do in a secure way. A centralised identity service on a decentralised data exchange platform appears to be the way forward but who becomes responsible for this data? Would you trust the government with it? Or your bank?

We’ve already seen what security issues a nationwide identity database can create thanks to India’s Aadhar hacking incidents. The fact is, there are still a lot of questions to be answered and a lot of collaboration between private and public companies all over the world to make this work.

The Banking Industry Will Be Focused on Trust

2020 will be a busy year for banks. Banks were traditionally trusted with safeguarding the gold bullion but today, banks have a much larger responsibility to safeguard our data. There has been significant challenges in doing so, especially as Open Banking encourages the sharing of data via APIs with third-party providers and FinTech’s.

The move is one that will bring about significant benefits for consumers and allow greater market competition but does create more layers for data to leak or be exploited. One that banks and financial technology companies alike will have to work hard to close.

Banks are also having to think about Know Your Customer (KYC) checks and what they can do to improve a system which is already being exploited. According to UK Finance:

“Unauthorised financial fraud losses across payment cards, remote banking and cheques totalled £844.8 million in 2018, an increase of 16 per cent compared to 2017.”

Anti-Money Laundering (AML) and KYC checks are clearly not sufficient enough. While Legal Entity Identifiers have the potential to greatly reduce fraud, improve KYC and shorten onboarding times on the side of B2B, there’s still a gap when it comes to B2C transactions. Could LEIs also be the answer to B2C? We’ll have to wait to find out that answer!