Identity management and trust in the online world may be the new business of banking.
How do you verify someone is who he or she claims to be, for example, when signing a contract? Or making sure somebody is of legal age to transact?
You will probably rely on some form of government- or bank-issued credentials an identity card, a passport, a driver's license, a debit card, or something that an institution you trust (the local public library, for example) has issued. And, for sure, you will attach varying degrees of trust to each of these tokens of identity. A debit card, with its PIN, is a good proxy in many day-to-day financial transactions. A passport is probably the token you will trust most in travel or real estate transactions.
Once someone's identity is clear, how do you establish whether you can trust him to perform the agreed action such as paying the bill, delivering the goods, etc.? In the real world, this is one's reputation is she paying her bills regularly? Is the company you're dealing with healthy and reputable? There are many possible ways to establish trust, ranging from personal opinions to rating agencies.
This gets more complicated in the online world. One immediate and major difference is that the Internet is, by design, global. The person you are dealing with may be in your neighborhood or may be on the other side of the planet. Establishing the identity, and the associated trust, is made very difficult because there are no central and inter-operable agencies or bodies, as we have in the real world.
A good example of this is the eBay reputation. As a regular user of eBay, I'm very conscious of my reputation there. On eBay, one's reputation is gradually built by the people one transacts with. Buyers will hopefully recognize a good seller (goods corresponding to description, fast shipping) or sellers will recognize a good buyer (fast payment). In my case, the reputation of a seller of something I'm interested in is a key factor on whether I will bid for the item or not.
In other words, the eBay reputation is an asset with a lot of value, even if is not expressed in monetary terms. This is fine if you only deal with eBay. However, looking at this more broadly brings the following issues:
- There is no interoperability. The eBay reputation is not something that can be easily used on, say, Amazon.com. The same can be said of the endorsements on LinkedIn. So, people have to build these relationships all over again in many contexts. It's the same with Twitter and Google Plus. When Google Plus launched, many people went through the pain of rebuilding their Twitter relationships on Google Plus. Many people didn't bother, as it can be a lot of work and time to do that.
- Privacy is put at risk. An individual's assets end up residing in many places, and the more places, the more risk there is for these assets to be compromised.
- There is a lack of control and a missed opportunity. What do the companies that store your assets do with them? Some of them are actively selling your assets for various commercial purposes, and, as far as I know, you as the owner never see any of that money.
So, how can we establish trust on the Internet? There's a constellation of companies trying to solve this problem, including banks.
Trust on the Internet is the focus of Open Identity Exchange, a nonprofit founded by Google, PayPal, AT&T and others. OIX's mission is to establish, standardize and manage "trust frameworks" legal, business and social rules that enable parties unknown to one another to trust their respective digital identities. The trust frameworks are designed to be public, standardized and interoperable, so that people and companies can play various roles in the framework and still manage trusted relationships.
Among the trust frameworks currently available, an intriguing one is the "Respect Trust Framework." The idea of this framework is to not only establish a digital identity, but also to provide individuals control over ownership and sharing of their data on the Internet. The key to the framework is the use of a crowdsourced, peer-to-peer reputation system. It's really very simple people can vouch for you (for example, say "I have witnessed firsthand John Smith's innovativeness"), or complain about you ("I have had it up to here with John Smith's stubbornness"). Similarly to eBay's or LinkedIn's reputation system, the peer-to-peer reputation system grows over time, and the more vouches and complaints about a particular person, the more precise the information is and therefore the trust level in this person increases or decreases.
Respect Network is a project run by Respect Network Corp. which uses OIX's Respect Trust Framework to implement the first trusted personal data network. Notable founding partners include Neustar and Swisscom. Innotribe, the innovation arm of the Society for Worldwide Interbank Financial Telecommunication, has been working with Respect Network Corp. to incubate ideas of how these trusted frameworks may be relevant to banking.
Users of this network own their data (unlike in centralized social networks such as Facebook and eBay). Users then establish secure channels between their personal data clouds, under very strong privacy and security rules. All the software and protocols are open to encourage interoperability and to prevent any single company taking control.
Respect Network also runs a crowdsourced peer-to-peer reputation system, implemented through a service called Connect.me.
The peer-to-peer reputation network establishes naturally a chain of trust. The chains begin with a number of known people, called Founding Trust Anchors, who provide credibility. These are people whose identity is publicly verifiable members of the Internet identity, security and privacy communities who believe in the power of a peer-to-peer, socially-verified reputation network. Others are early users of Connect.Me. Others still (you?) will emerge over time.
My colleague Peter Vander Auwera and I have been extensively involved over the last couple years with many of the above companies, organizations and people. Peter and I have the honor to have been elected Distinguished Trust Anchors nominated by other people and trust anchors as individuals that "exemplify the spirit and principles of the Respect Trust Network."
The lack of an open and standard way to establish trust on the Internet is a big problem today. The Respect Network aims to solve this problem with a crowdsourced solution. I believe they are right, and setting a solid foundation for the digital economy. Moreover, I believe that trust is the new service to be provided for the online world, opening new business models for banks.
Kosta Peric is a technologist and a co-founder of Innotribe, a team that promotes innovation at the Society for Worldwide Interbank Financial Telecommunication. He is the author of The Castle and the Sandbox, a book on how to innovate in conservative companies.