-
From the brain drain to cyber threats, the revenue squeeze to regulatory pressure, the challenges banks face are absolutely daunting. But we're here to help with some interesting ideas for thwarting hackers, winning new customers and making more money. Get ready for a busy year.
December 29 -
Digital currency startups are trying to reframe the debate surrounding customer privacy, anti-money-laundering compliance and data security by backing a new set of guidelines for managing consumers' online identities.
October 20 -
Retailers will no longer be easy pickings for cybercriminals once chip-and-PIN technology is widely adopted. All well and good, but bankers fear hackers will redirect their energies to infiltrating banks.
December 24 -
No amount of diligence on the part of financial institutions will help prevent future data breaches until retailers are subject to the same national data security standards that apply to banks and credit unions
December 19
The Internet term "
In addition to compromising individuals' data, the system places a huge burden on retailers and other businesses that lack cybersecurity expertise. Meanwhile, customers must provide the same information over and over again each time they start a relationship with a different business. Identity is fragmented in one sense and bundled in another, resulting in the worst of both worlds redundant paperwork and endless targets for hackers.
"The flow of information is backwards in a way," says Stan Stalnaker, founder and CEO of Hub Culture, a London-based social network and digital currency company. "I have to go to all these different websites and log in and they store my data, instead of me having data I own and I can take with me."
Stalnacker's firm is among a handful of organizations, mostly in the tech and digital-currency fields, that are calling for an overhaul of the way identity is managed. In their vision, outlined this year in a
Here's one way it might work: a young person opening her first financial account say, with PayPal would create an identity file, stored in a secure digital vault. She would need to provide certain information for PayPal to validate her identity, but that information would reside in the file, not with PayPal.
Later on, if this consumer wanted to apply for a car loan or a mortgage, she might need to add more information to the file to prove her creditworthiness, but she wouldn't have to start from scratch. She would give the lender a passcode temporarily authorizing it to view only the parts of the file it needed to evaluate her application. (Think of a car key that allows the parking valet to open the door and start the ignition, but can't access the glove compartment or trunk.)
The customer "wouldn't need to go around revealing [personal details] to everyone," says Karen Gifford, the chief compliance officer at Ripple Labs, a digital-money startup that, like Hub Culture, endorses the Windhover Principles.
In this scenario, "not everyone needs your Social Security number. They just need a username that shows you were validated by someone else." Importantly, "the people securing your details would be in that business," Gifford adds. "You wouldn't be forcing a lot of vendors who aren't in information security to be providing information security to you."
One potential objection to the concept is that the keepers of the vaults would have to excel at information security, and would themselves be popular targets for hackers.
Similar
Another problem with unbundling identity is that taking banks and other companies out of the information storage business might prevent them from mining data for insights such as sales leads. If you really think that's a problem.
"The reality is all these large companies, whether you're a Walmart or an Apple or anyone, they all believe right now they're aggregating data and they can monetize it," said Stuart Lacey, founder and CEO of Trunomi, an identity-management startup based in Bermuda. "Well, I would posit, who's the right person to monetize your data? You."
