Bankers are increasingly flirting with the blockchain model to verify the identity of customers who apply for services digitally rather than in person. A startup named Spring Labs could help them with that task.
The Los Angeles company, with $14.75 million in seed funding, just launched the Spring Network, a blockchain-based network designed to let lenders and data providers exchange data with one another securely and efficiently.
“We’ve seen the issues within the credit and identity ecosystem firsthand,” said Adam Jiwan, Spring Labs' CEO.
Spring Labs, which was rolled out Tuesday, was started by members of the founding team and board of the online lender Avant. Avant develops technology to assess applicants' credit histories, generate immediate credit decisions and provide automated verification steps for final approval, and has partnerships with some banks that use its technology.
Initially, Spring Labs aims to launch a data partnership with Avant. It is now in discussions with banks about adopting the Spring Network for use alongside Avant’s bank-focused products.
Jiwan said distributed ledger technology — which is by nature decentralized — is the ideal medium to exchange information between financial institutions.
The current system of managing identity and authenticating customers "is based on the notion of centralized data, which can be a huge risk because a single point of failure can be catastrophic,” he added.
Jiwan pointed to the Equifax breach last year and the resulting fallout as the type of disaster that could result when a single storer of large amounts of data can be hacked.
Instead, in the Spring Network, the source data is not shared, so the data is effectively anonymized and no personally identifiable information is shared, Jiwan said.
It works this way: Bank X has already authenticated a customer for a checking account. That same customer then goes to Bank Y or a fintech firm seeking a different financial product, say a loan. Instead of reauthenticating that customer all over again, Bank Y can request from Bank X information that it already used in authenticating that customer, which is sent through the distributed ledger network. The system can also be sued to share information about creditworthiness so banks and lenders can make quicker lending decisions.
Jiwan said this method will also save banks time and money, as they typically spend money requesting dozens of credit and data reports in the authentication and credit evaluation process.
“Banks don’t typically share this information, because of regulatory concerns and because of competitive reasons,” he said. “We are creating something secure and that allows institutions the benefit of sharing information in an anonymized and regulatory compliant way. It’s a Zelle-like network for information sharing.”
Spring Network isn't the only fintech chasing this idea. Gem, a startup in Venice, Calif., is focused on getting companies within the same industry to share information via blockchain technology. Another is the CULedger project, an initiative by the Credit Union National Association to study the benefits of creating a distributed ledger that employs credit unions as nodes.
Digital identity is top of mind for banks facing cybersecurity threats.
“One of the terms often thrown around is, ‘Identity is the new perimeter,’ ” said Ely Pinto, the chief information security officer for Bank Leumi’s U.S. operations. “As banks interact with customers digitally on a more frequent basis, you need strong assurance that people are who they say they are.”
Banks walk a fine line between offering customers convenience in the digital space and making sure security is rigorous. They need to minimize fraud without putting onerous burdens on customers.
“Banks could do something like move to issuing RSA-type tokens, for example, but," Pinto asked, "is the extra burden of carrying a physical device and inputting a six-digit code too much" for customers? “The difficulty is maintaining the balance; there’s a fine line between increasing security, while not decreasing usability.”
Blockchain-based information-sharing schemes such as Spring Network's could be one answer, but whatever the future holds for digital identity, Pinto said it will likely result from a combination of regulatory and industry changes.
“We’ve seen regulatory bodies like the New York DFS be much more aggressive about this — and there’s pluses and minuses to that — but overall they are trying to do the right thing,” Pinto said, referring to the New York State Department of Financial Services. “At the same time, we’ll also start to see some industry-created requirements. For example, Swift has done a good job laying out what some of the requirements should be” as it has urged banks to bolster security after the 2016 hack of the network.
Such industry solutions may become more likely as banks think more and more about how to manage digital identity.
“If we talk about the top five [cybersecurity] challenges for banks in 2018, I think digital identity is at the top of that list,” said Mary Ann Miller, senior director, fraud executive adviser and industry relations for the technology and consulting firm NICE Actimize. “In general, the threat landscape is moving fast and banks have to try and keep up."
Issues such as cybersecurity and digital identity are “now board-level topics,” Miller said.
She noted that some governments have begun to tackle the issue themselves. For example, there are national digital identity programs in India and Estonia, and a recent pilot program between banks and the U.K. government allows French citizens living in the U.K. to open a bank account there using a digital identity.
“There’s more discussion on these issues at the government level, but I think banks would prefer to self-regulate and create their own solutions,” Miller said.