Credit union blockchain ID pilot could benefit small banks too
One credit union-focused effort shows how even small banks could use blockchain to protect members from fraudsters.
Unify Credit Union in Torrance, Calif., is one of the first credit unions in the nation to test a digital identity system called MyCUID, which relies on distributed ledger tech and biometrics to verify identities.
Gordon Howe, president and CEO of the $3 billion-asset credit union, said it is currently using MyCUID for identity verification in its call center as an alternative to asking for the last four digits of a social security number, or a member’s home address — information a fraudster can easily obtain on the dark web. The need for members to remember a username and password would also be unnecessary with MyCUID, Howe said.
“This eliminates the need for all these different systems,” Howe said. “I wanted to get to a position where we have one way to authenticate our members.”
The innovation comes as a handful of industry studies reveal call center fraud is at an all-time high. Criminals are shifting their focus to duping automated service systems that credit unions and banks rely on as a way to circumvent digital authentication methods such as two-factor authentication.
A recent Aite Group study found that 61% of fraud for financial institutions can be traced back to a call center. Another study by Aite found that of all identify verification methods, biometrics proved the most effective at preventing fraud.
MyCUID was developed by the consortium CULedger as a way to help authenticate financial transactions remotely, or within a credit union network, via biometric authentication. How that authentication happens with MyCUID is fairly straightforward.
For example, if a member contacts their credit union’s call center, they would receive a notification during the call via the institution’s mobile app to verify their identity using either fingerprint authentication, facial or voice recognition.
That process is made possible when the member agrees to create a digital identity token as part of an initial setup with MyCUID through a participating credit union. That token is stored on CULedger’s blockchain.
Howe said new members will automatically be enrolled for MyCUID as Unify seeks to implement the system for more than just call center transactions.
Earlier this year, CULedger entered into an IBM partnership that will enable the companies to develop new blockchain-based services that are intended to help credit unions provide better service to their members. It will also work to create new products and improve existing ones, with the digital identity verification system at the center.
To date, CULedger has made MyCUID the central thrust of its blockchain service efforts. CULedger’s initial focus for MyCUID is know-your-customer measures, a common use case for financial institutions embracing blockchain technology.
Some banks have been working with startups on their own efforts to implement blockchain-based identity verification. But most small institutions don’t have the resources for such experimentation.
Enrico Camerinelli, an Italy-based senior analyst of wholesale banking for Aite Group, said CULedger’s approach to blockchain with identity strips away the complexity of the technology for this specific use case.
“Purists would disdain a solution like this because it’s not a permissionless, Satoshi-like blockchain,” Camerinelli said. “This is distributed ledger technology using components of blockchain. But this works considering the limitations of a pure blockchain such as latency and proof-of-work consensus.”
CULedger and credit unions like Unify also want to integrate MyCUID for high-risk transactions such as wire transfers.
“When we first talked about MyCUID, distributed ledger and blockchain were starting to make some noise in the credit union space with what we were doing,” said Julie Esser, CULedger’s chief experience officer. “The conversation has moved away from distributed ledger and blockchain to more of the use case applications.”
“Decentralized identity is one of the core use cases that is having some real benefits to being able to leverage this type of technology, not only in credit unions, but other markets as well," she said.
Desert Financial Credit Union and TruWest Credit Union also are testing MyCUID in their call centers.
TruWest, of Tempe, Ariz., has rebranded MyCUID as MemberPass, and is exploring ways to integrate the system into its mobile banking app after testing the technology with a “few dozen employees” who are also members of the $1.1 billion-asset credit union.
“We believe members are more likely to adopt the new technology when it is connected to a service they already have,” said Chris Kearny, senior vice president and chief information officer at TruWest.
Esser said the pilot is initially focused on call centers because those transactions are especially susceptible to fraud.
“From a fraudster standpoint, it is the most vulnerable channel that can be penetrated,” she said. “They take advantage of the challenge-based security questions, which the answers to are unfortunately all over the web.”
CULedger cites that every dollar of fraud costs a credit union $2.92.
Howe did not share exact details about Unify’s pilot other than to say it’s been effective. But member enrollment for MyCUID has been “hit or miss.”
“Some embrace it, some don’t,” Howe said. “Some members just want to know what it’s all about and understand what a digital credential is.”
Howe said Unify’s ability to bake in MyCUID for new member onboarding will help the credit union more easily integrate the system into more products.
“When credit unions see it from that perspective, they’ll jump on board,” he said. “That’s when they can see how it can be used from an entire organization standpoint.”