#HowTo: Prepare for the Future of Electronic Identities

Digital-first initiatives have been a priority for the government, financial institutions (FIs) and beyond for at least the past decade. However, the rate of innovation has accelerated significantly in the last couple of years. In 2021, there were major developments, especially in the world of financial services, as we adapted to a more digital banking landscape. Many of these developments were around the momentum of electronic identities (eIDs). Several EU member states have begun preparing for the EU’s eID framework, and it is predicted that by 2030, 80% of Europeans will be using this technology. 

Meanwhile, in the UK, regulators have made headway with their own digital identity and trust framework – the Financial Conduct Authority (the FCA) has supported 14 digital ID models with its ‘Regulatory Sandbox’ since 2016, and it recently completed its pilot ‘Digital Sandbox’ providing a digital testing environment for different eID models. The government launched an alpha version of a UK digital identity and attributes trust framework in 2021 to bring greater clarity and consistency to the development of digital ID. It’s safe to say that we’ve reached a turning point. 

Notwithstanding, as with any major legislative development, there is a lot that FIs will have to do to ensure they are ready and don’t get left behind. Not everyone is prepared to take the leap, and there is still some hesitancy around eID. 

Here are three of the key steps organizations will need to take to prepare for eID: 

1) Identify Barriers to Adoption

One of the most significant challenges for banks and FIs is assessing the best way to integrate new technologies into their products and services – especially those with a regulatory mandate. As with any new technology, while it may sound simple, we simply don’t know what we don’t know, so there will be a major adjustment period while banks and other FIs scope out the implementation. The first step FIs should take when preparing to adopt digital identity applications is to carry out a rigorous self-assessment to identify potential barriers to adoption. They must understand how eIDs will work for them and their customers and how they will fit in with existing products and services. 

One of the biggest areas of concern is going to be security and the perceived risk of an increase in fraud attacks. FIs will need to work closely with their security teams to ensure they have the right security systems and technologies in place to mitigate this and protect customers.  

Once FIs have established the barriers to adoption and have the relevant information, they can start developing a roadmap and prioritizing where to put resources and budget according to their needs. 

2) New Technology Means New Questions: Educating Staff and Customers

As with any new framework, like open banking in the UK or PSD2 across Europe, staff and customers will have to overcome a learning curve to make the most of the new capabilities that eID will bring. For eID adoption to be successful, FIs will need to take a two-pronged approach. Internally, they will have to implement extensive education programs on the technology to equip staff with the necessary information to ensure smooth integration. 

Externally, to start the adoption process, customers will need to feel comfortable with the technology and need clarity on ‘good’ digital identity practices. Building an FAQ page dedicated to eID and short informative videos that address some of the main questions and concerns from a customer perspective will also be invaluable. This will need to be an ongoing process, as questions and issues will arise along the way and staff and customers will look to their bank or employer to provide answers and clarity. It is imperative in jurisdictions without robust data protection laws to protect consumer privacy and educate consumers on the implemented measures to protect their data.

3) Trust and Collaboration Are Key

When tackling innovative technology projects, it is highly beneficial to engage and collaborate with experts in the field. Governments worldwide are working on trust frameworks to cultivate trust between users and providers of digital identity services. There are many ways to get involved; for example, there is the opportunity to participate in the testing phases of the trust frameworks to help shape how eID can work successfully for banks and FIs and prepare for full certification in the future. 

Organizations need to become familiar with these frameworks to ensure they have all the answers they need regarding security, verification, certification, portability of digital identities and liability. It is vital that FIs dedicate the resources and energy to both fully understand and implement eID within their business; not doing so would present a major but otherwise fully avoidable risk.

With the momentum behind eIDs showing no sign of slowing down, banks and FIs must start to put necessary measures and resources in place now to ensure that they can seamlessly integrate eIDs into their existing products and solutions. Failure to prepare and support eID could hurt certain banks and FIs as existing identity verification mechanisms become obsolete and potentially pose unnecessary security and privacy risks in the eyes of their customers. 

What’s Hot on Infosecurity Magazine?