Digital ID providers will become a major part of the European payments landscape in 2017 as a response to stronger EU regulatory requirements.
As consumers become more familiar with digital channels, financial institutions increasingly need natively digital means of customer identification in order to be able to remotely on-board and authenticate consumers while complying with regulatory requirements.
Furthermore, the storage of valuable information online has led to a large number of data breaches by fraudsters attempting to steal this information. While the highest-profile of these breaches have occurred in the United States, the recent Tesco Bank breach demonstrates the vulnerability of the European market to fraud, necessitating better means of protecting customer data and identifying customers.
Know Your Customer (KYC) requirements have become more stringent in the European Union with the advent of the Fourth Anti-Money Laundering Directive (4AMLD) and the Second Payment Services Directive (PSD2). The 4AMLD requires that businesses continually make efforts to check the veracity of their customers’ information and to monitor transactions, while PSD2 requires ‘strong customer authentication’ from all payment services providers accepting card or digital wallet payments online. In both cases, the requirements placed on industry participants are increased relative to the previous piece of legislation.
Faced with this increased regulatory burden, financial institutions and payment providers wishing to continue to offer online services to their customers must either develop new products and services, or partner with a digital ID provider.
Given the stretched resources and heavy pre-existing compliance requirements incumbent on banks in particular, it is likely that most if not all will opt to enter a partnership. Indeed, most digital ID providers specifically market themselves as partners for financial institutions offering solutions to the problem of regulatory compliance.
Companies such as Signicat, Veridu, and iSignThis have risen to prominence in the last few years as providers of digital ID services designed to comply with European KYC requirements. Digital ID involves building a verifiable extensive digital identity for customers, created at the on-boarding stage from a combination of scanned ID documents, biometric information, and social media presence. This digital ID is used to authenticate customers at future transactions, with the individual identifiers used to authenticate varying depending on the bank or payment provider’s appetite for risk in the context of the transaction.
The existence of the digital ID makes it difficult to commit fraud, since there are so many factors that need to match up for a fraudster to successfully pass as a given customer if challenged. Additionally, the identity information is generally stored by the digital ID provider rather than the partner financial institution, making it more difficult for data breaches (which typically target banks and merchants) to steal valuable customer information.
The market as a whole will hopefully benefit from reduced fraud rates and increased customer convenience as a result of the new regulations, but the biggest winners will be the digital ID providers.