Experts Explore the Future of Digital Identity in Canadian Financial Services
We regularly host webcasts on topics such as cybersecurity, biometrics, digital transformation, digital identity, security, and the best practices and technologies that have made our customers successful. If you missed our latest webcast, Digital Identity in Financial Services: Today and Tomorrow, here is the 5-minute summary. The full presentation is available on-demand.
A new normal of doing business is settling in as we continue to face public social distancing directives in response to COVID-19. Many of us are getting used to e-commerce, remote banking and contactless servicing. Changes to our habits as consumers will persist for some time and in response, financial institutions have shifted their digitization strategies to meet new customer needs.
But just like in the real world, financial entities are required to establish a high confidence in one’s identity prior to executing digital transactions. Trusted sources like banks, government services, insurers, credit bureaus, healthcare providers, telecommunications, etc., all have different identity obligations to perform on customers. Digital Identity brings digital records from multiple identity sources together under a trusted ID framework to provide much greater reliability at lower costs.
In Canada, the Digital ID & Authentication Council of Canada (DIACC) was created in 2012 to work with the public and private sectors on developing a national digital identification and authentication framework. In our recent webinar, Digital Identity in Financial Services: Today and Tomorrow, two DIACC experts joined OneSpan to uncover the state of digital identity, where it’s headed, and how Canadian financial institutions fit within this new national ID framework.
- Franklin Garrigues, VP Digital Channels, TD Bank (DIACC Board Vice-Chair)
- Eugenio (Gene) DiMira CAMS-Audit, Head of Global Compliance AMLATF Program, Manulife
- Michael Magrath, Director of Global Regulations & Standards, OneSpan (Moderator)
Regulatory Approaches to Digital Identity
Government-issued ID cards and passports are generally accepted worldwide when physically present, but proving one’s identity online presents a technical challenge. It involves the internet, an open network full of opportunities for attackers to impersonate someone. In Canada and abroad, regulatory bodies have been establishing new digital identity directives to strengthen the fight against financial crime.
Eugenio DiMira, Head of the Global Compliance AMLATF Program at Manulife, says that by allowing trusted organizations to exchange records within a digital identity framework, financial institutions can deliver broader value by reducing the risks and costs associated with ID verification, while also improving the overall customer experience. These innovations go hand-in-hand with new practices like Open Banking in Europe, which is also expected to be adopted in Canada in the coming years.
The Financial Action Task Force (FATF), a global money laundering and terrorist financing watchdog organization, issued guidance stressing the importance of taking a risk-based approach to using digital ID. Countries differ in their approaches, but the FATF recommends that regulatory bodies use an open-source framework to set the requirements for different levels of assurance along with their corresponding ID proofing methods.
As illustrated above, low-risk transactions understandably do not require many controls or devoted resources to digital identification. In contrast, high-risk transactions that involve underwriting or oversight of securities would demand far more identifiable information to be collected and verified by a trusted source.
Changes to Canadian Digital Identification
Canada’s financial intelligence body, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), currently indicates three accepted methods by which financial institutions can verify a person’s identity:
- Government-issued photo ID (i.e. a driver's license)
- Credit file
- Dual process
A requirement was recently amended in 2019 to permit that ID documents be “authentic” instead of strictly “original”. This small change laid the ground for popular technologies like photo ID capture and facial comparison, which do not need original documents to determine their authenticity. Methods like these are extremely difficult to compromise; however, many banking institutions do not yet have the right tools in place to validate their customers’ ID through similar technologies.
To deter in-branch visits during the pandemic, FINTRAC has provided temporary relief to reporting entities by allowing the use of human judgment when considering government ID as valid through digital channels. These transactions, however, will require re-identification later so banks and insurers that already meet the requirements for validation through technology can avoid this additional step for the customer.
For DiMira, the future of digital identity in Canada will be “about the customer having control over their information being used for the right purpose and having more than one option for identification.” It is all about customers having the control to allow third parties to only request personal information from a trusted source what they need to fulfill their level of assurance requirements.
Opportunity for Canadian Financial Institutions
For Franklin Garrigues, VP Digital Channels at TD Bank and DIACC Board Vice-Chair, 2020 is setting up to be a big year for digital ID in Canada, and not just because of stay-at-home directives. Digital identity represents a significant opportunity for banking institutions. Estimates indicate up to $100 billion in value creation in Canada by 2030 by simply getting rid of friction and lost value in government and business interactions.
Traditionally, banks and insurers are trusted institutions with a lot of experience validating identities and dealing with compliance requirements. Financial institutions are a natural fit as digital ID providers. In fact, TD Bank is already contributing to the Canadian digital ID framework as an active data provider.
While various ID networks are being launched in Canada (Verified.Me, VON, and others), DIACC is ensuring their interoperability as they are expected to largely contribute to establishing Open Banking in Canada in the years to come.