Digital identity verification could become the norm in financial services as social distancing halts in-person identification, according to Andersen Cheng, CEO of Nomidio, a cloud-based identity as a service (IDaaS) provider and cybersecurity company Post-Quantum.
“This is really a paradigm shift,” says Cheng. “In the past, we were all working in our siloes … A lot of us were relying on our company’s defense mechanism, their boundary defense and firewall. But now we’re all on our own. No company is installing a firewall on our premises anymore, so we all have to cater to this going forward.
“There’s a mind shift as well. I think even after [the lockdown], a lot of people are used to remote working and at the same time, you have to think of cybersecurity and authorisation remotely.”
Bankers and asset managers are having to adapt to increased customer call volumes and a “significant risk” in ensuring identities are genuine, says Philip Black, commercial director, Nomidio. Hitachi Capital – the UK’s largest nonbank financial institution – has seen the number of customers completing asset finance loans digitally increase fourfold over the past month, said a Hitachi spokesperson in an email.
“It’s absolutely insane for them,” says Black. “Although they are a digital business and they are entirely digitally focused, they – still, in their old processes – rely on a face to face meeting to prove that someone’s actually who they say they are.”
On April 16 the FT reported that tens of thousands of UK firms still rely on manual ID checks – these firms are having to adjust verification processes quickly. In response to social distancing, the Financial Conduct Authority (FCA) has loosened its restrictions on ID checks, now accepting digital substitutes. Verifying identities remotely through digital checks has raised eyebrows from a cybersecurity point of view, with concerns over faking voices or faces still prevalent.
“If the technology had just been invented six weeks ago as a result of the virus, then [concern] would be valid. But the use of biometrics to prove identity is not bleeding edge – it’s well established, there are considerable reference points in the market if using biometric engines, their accuracy and their certainty levels are very high – so I don’t think it’s something that people are rushing into in that sense,” says Black.
“But I think there may be solution providers that might rush to market with something in a kind of reactive way.”
According to Black, most firms are approaching remote identification with caution.
“There may be some people who feel rushed into it, but my experience of talking to people at the moment is while they are madly taking on new ways of working, there’s a definite caution about running around making decisions on the fly.”
Black argues that onboarding an external personal identifiable information (PII) solution is a great risk-alleviator for firms.
“The benefits and motivations for starting to use that system and not just rushing to adopt technology for technology’s sake, there’s an efficiency there. As well as the benefits of the customer of a more secure, more confident experience with a business, which is all about increasing reputation and addressing reputational risk in the customer’s eye.
“Plus the whole compliance side of things … A lot of companies are starting to understand that there’s a significant risk to them as a business of holding and managing their customers PII, particularly sensitive PII with things like biometrics and security identity identifiers, there’s a risk to businesses having to hold that information, particularly under GDPR.”