Identity verification. Two small words that can throw up some big barriers. Justifiably so, given that the purpose of checking ID is to make sure that the right people get access to the right things. And that the wrong people, don’t.
But what if the right people are denied access? What if a person is in real need of a loan to make their business plan happen, desperate to open a bank account, or needs a mortgage to get on the property ladder? And they are refused access to these
services because they can’t meet the ID verification process in place.
When barriers become discriminatory rather than preventative, that’s a problem.
It’s a problem that’s all too real. Recent estimates by the Open Identity Exchange (OIX) suggest that as many as 5.9 million people in the UK are “ID challenged”. They are who they say they are but, for a variety of reasons, can’t pass ID verification processes
in place and are therefore potentially excluded from accessing the financial services they need.
As well as being bad news for the individuals concerned, the situation is clearly frustrating for FSPs. ID verification is vital to KYC, risk mitigation, fraud prevention and regulatory compliance, whilst the acquisition of new customers is a significant
driver of new revenues. Excluding customers unnecessarily is not exactly a desirable outcome.
Which is why recent developments regarding the UK’s mission to successfully introduce and mainstream the use of Digital Identity processes – perfectly highlighted by the government’s
recent review of the Anti-Money Laundering and Counter Terrorist Financing regulatory and supervisory regime – should be causing more of a stir in the Financial Services sector.
There’s now more than one route to confidence
ID challenged individuals fail checks largely due to the binary yes/no nature of traditional ID verification.
No passport or driving license = no. No real previous use of financial services = thin credit footprint = no. 24% of the electorate has neither a passport nor a photographic driving license. Over 5 million have insufficient credit history to pass a credit
reference agency check, which is further dependent on which credit reference agency each lender uses. When there’s only one route to confidence, inclusive, friction-free onboarding of new customers is a challenge.
But things are changing. New government standards - evolving from GPG45 - that have been introduced in line with the UK Digital Identity and Attributes Trust Framework mean that multiple routes are now available. Without compromising the threat of fraud
or regulatory non-compliance.
The combination of two changes in particular, the introduction of Identity Profiles and the permitted use of
Authoritative Sources, has huge transformative potential for the sector.
The current version of GPG45 sets out a 5-part process for verifying an individual’s identity:
- Get evidence of the claimed identity
- Check the evidence is genuine or valid
- Check the claimed identity has existed over time
- Check if the claimed identity is at high risk of identity fraud
- Check that the identity belongs to the person who’s claiming it
Using the guidance, FSPs will be able to get a specific score for each part of the process. These scores can be combined in a number of different ways to achieve a low, medium, high or very high level of confidence (LOC) in an individual’s identity.
The different ways the scores can be combined are known as Identity Profiles. It’s a completely new approach which means FSPs can ‘do the math’ differently to reach the desired outcome. Whether that is a confident “yes”, or a legitimate “no”.
The significance of this is further magnified by the fact that revised government guidance (and guidance from industry bodies such as the JMLSG) also now supports the use of both physical
and digital evidence provided by a broader range of authoritative sources - including Identity Service Providers (ISPs), and Attribute Service Providers (ASPs) such as ourselves, who offer ID-corroborating information from a wider pool of sources.
With the government recently confirming that the Trust Framework will legally enshrine the status of digital identities, and that ISPs and ASPs will be certified by the UK Accreditation Service (UKAS), FSPs certainly have a lot more choice ahead in terms
of fine tuning their verification process.
De-risking that goes ‘deeper’
Being able to use Identity Profiles that leverage more data from more authoritative sources isn’t just great news for de-risking more inclusive on-boarding. It also helps mitigate fraud risk in general by decreasing over-reliance ‘single route’ verification
processes that place too many eggs in one basket.
Passports and photo ID driving licenses can be faked. Convincingly so. There’s also no way to legitimately authenticate traditional corroborating documents such as bank statements and utility bills. Similarly, Synthetic ID fraud – where identities are deeply
fabricated (often blending a mix of real and fake data) to appear as ‘real’ customers with good credit scores – is on the rise.
What’s much harder for fraudsters to do, is to ensure that these scams convincingly ‘stretch’ across wider contextual data. More holistic attribute verification processes that cover and cross-reference multiple information sources, can therefore help differentiate
between ‘real’ potential customers and ‘really good’ fraudsters.
There’s still a long way to go when it comes to the Trust Framework and implementing robust digital identity solutions that work for everyone. There is a lot more industry collaboration needed as we all take steps forward in this area. As an ASP we’re certainly
excited to support the Beta Trust Framework in this regard, and welcome developments that support progress – the focus on Digital ID in the HMT’s AML review included.
But the changes we’re seeing, like the introduction of Identity Profiles and the supported use of authoritative sources, are not minor tweaks. They are major developments that present a huge opportunity for the financial services sector to improve and de-risk
the onboarding experience for a wider range of customers.
What does this mean for the sector? It means now’s the time to get involved, start exploring the possibilities on the horizon, and be part of an evolution that