Editor’s note: A version of this piece first appeared on Chris Skinner’s blog, The Finanser.
Processing Content
Last week, Equifax disclosed a data breach that may have compromised personal data of up to 143 million U.S. consumers. The compromised data includes customers’ Social Security numbers, names, addresses, dates of birth, driver’s license numbers and other sensitive info. In other words, all the information you need to open new accounts and access existing accounts were compromised in the breach.
As we have known for a long time now, it is no longer good enough to use customer’s personal information for account access. Scores of companies from Ashley Madison to JPMorgan Chase to the Federal Reserve have had data breaches.
It’s no wonder the system is no longer working. We’ve been using this identity system for almost two decades. True, some banks have added two-factor authentication to ID customers. However, many institutions still rely on personal information for when someone, say, calls a call center to access an account — a requirement that is just annoying. Yes, I may need to know my mother’s maiden name, first pet’s name and favorite rock band when I ring my bank. But when the agent inevitably says “we just need to ask a few more questions before we access your account,” my heart sinks. In particular, questions like “name a regular monthly payment set up on your account and the amount paid” or “name the last three transactions where your card was last used and for how much” leaves me irritated, as I’m sure they do for everyone else.
A monitor displays Equifax Inc. signage on the floor of the New York Stock Exchange (NYSE) in New York, U.S., on Friday, Sept. 8, 2017. The dollar fell to the weakest in more than two years, while stocks were mixed as natural disasters damped expectations for another U.S. rate increase this year. Photographer: Michael Nagle/Bloomberg
Michael Nagle/Bloomberg
Is there a solution to the broken system that is annoying at best and too easily hacked at worst? Of course. In fact, there are two options.
The first solution is biometrics technology — voice, eyes and other biometrics can easily be used by banks to authenticate their customers via their smartphones. Why banks aren’t incorporating these authentication methods into their onboarding and access mechanisms defies belief. Sure, banks would need modern core systems to use such newer authentication techniques, which is a big ask. But it sure beats relying on name, address, date of birth and all the information the hackers stole from Equifax to authenticate someone.
Nonetheless, I’m not a huge fan of biometrics if I’m being honest. If it is data, and biometric solutions are, the “solution” can still be compromised and replicated and mimicked. That’s why I am far more a fan of the second solution: a self-sovereign identity scheme, which is explained really well by Rhodri Davies, a program leader at the Charities Aid Foundation, in a blog. Davies writes:
“The basic idea behind self-sovereign identity is that rather than have our information held by third parties (often without us even knowing what that information is) and used to guarantee our identity and make decisions that affect us; we could turn the entire model on its head and give each individual control over their own digital identity.”
He then goes on to detail how people can record ID information on blockchain technology to rethink the identity model as an immutable record of transactions that is public — an idea I really like as it flips the ownership, verification and authentication process from third parties (trusted and untrusted) to me. In this model, I own my identity and I allow access to a persona of my identity on demand.
I have blogged about such concepts before and even wrote a long blog entry more than a year ago about digital identity ledger-based systems. Nevertheless, I am not advocating that blockchain solves everything, as illustrated by this proof of concept summary paper from Rabobank. However, the distributed ledger technology does get us along the way in solving identity issues.
All in all, it is pretty frustrating that time is passing by so fast and the industry is not moving to keep up with the needs for improved online authentication. Hopefully the banking industry will eventually catch up.
Chris Skinner is an author, expert and speaker on banking, finance and fintech. He is the author of the The Finanser blog and chairs the Financial... Read full bio
For reprint and licensing requests for this article, click here.
New questions about Fannie Mae and Freddie Mac's guarantee by experts who saw conservatorship start points to tensions in a stalled secondary offering.
The 30-year fixed mortgage has increased by 40 basis points since February, while the 15-year is 14 basis points lower than a year ago, Freddie Mac reported.
Affordability improved in February as rates dipped below 6%, but March's climb to 6.43% signals tougher months ahead. Lenders should act now on pockets of opportunity before rising rates erode recent gains.
VALT, a digital-oriented small-business lender founded by U.S. Bank veteran Matt Gediman, received approval for its denovo charter application from the Office of the Comptroller of the Currency 120 days after its application, clearing a key regulatory hurdle at a time when regulators are encouraging the formation of more startup banks.
The bank is pushing wealth managers to use artificial intelligence embedded in Salesforce and Zoom to plan, summarize and follow up on client meetings.
The systemic risks posed by stablecoins on public blockchains go further than deposit flight and market dislocation — there's also technology risk. But Noelle Acheson argues that these should be incorporated into guardrails rather than used to stop progress.
