Real world identities online: Why and how?
The internet is used by a sea of people, bots, and devices. The people are all real, flesh and blood individuals, and they’re all uniquely identifiable out there in the physical world. But online, they will more often than not be basically anonymous from a legal perspective.
In many scenarios, and in many businesses, this is not good enough.
Various government and bank-provided solutions offer online identification of what is referred to as a legal person. These solutions may be integrated directly into your web and mobile applications at considerable effort, or they may be empoyed more simply through the uniform and standardized interface of Grean’s easyID service.
The need for real identity
As a provider of web and mobile applications, you may find that it’s just fine to have a user concept that uniquely identifies the same user each time, without any need for knowing the real-world identity of the actual person behind the screen.
But in other scenarios - and certainly in the broader field of financial services, including the many new Fintech companies - it does matter who is at the other end of the relationship. Today’s Anti Money Laundering (AML) regulation comes with firm requirements to Know Your Customer (KYC). In these situations, you need the online equivalent of customers showing up in person with their passport in hand.
And that’s precisely what is being offered by the various bank and national identity schemes, typically confined to work within a group of banks or within a country.
Examples include the BankID solutions offered jointly by the Swedish banks in Sweden, the Norwegian Banks in Norway, and, in Denmark, through the secure login solution known as NemID. These, and equivalent offerings, all leverage the respective government’s firm identification of their citizens and/or the KYC processes of the involved banks.
The complexity of online real identity
Firstly, a formal process must be completed to legally verify and document that your organization is in fact the organization it claims to be. This ensures that the people volunteering their real-world identity to you can do so in full confidence that it is actually you getting the information. The end result of this process will typically be some sort of cryptographic proof of your organization’s identity.
Secondly, this sort of legally binding identification comes at a monetary price. You will enter into a commercial agreement - in its simplest form, you’ll be charged a set fee per successful identification attempt.
Thirdly, most of the current solutions used to establish an online representation of a legal person are technically complicated by nature. Integrating these bank or national identity schemes into your applications usually requires anywhere from a couple of weeks to several months of complicated technical work. With offerings such as Grean’s easyID, this process is simplified and cut dramatically shorter.
What’s on the horizon?
The identification solutions outlined here are provided by banks and governments, either by themselves or in collaboration. In any case, these solutions are currently confined by national boundaries; that is, none of these identity schemes can be used in an international context.
Contrast this to pen-and-paper signatures. Although easily forged, they work smoothly across borders.
Initiatives to remedy this have started to appear most notably within the EU, where member nations work together to tie their identity schemes into one cross-border trust fabric. Apart from the inherent legal complexity involved in this, establishing and managing cross-border trusts and allowing for end-to-end verification of identities and signatures is a technically complicated exercise. Even so, this is what is attempted by eIDAS - the EU’s answer to electronic identification and trust services for electronic transactions.
Still, it’s important to keep in mind that the majority of the world’s nations and people do not have a robust and accepted online representation of real-world identities, or legal persons.
The big opportunity
Herein lies an enormous opportunity which may play out in the same way as the introduction of mobile telephony. In developing countries, the introduction of mobile phone technology made landline-based telephony all but obsolete. Similarly, as far as the technical implementation of identity goes, these countries, along with their financial sector, may simply go straight to standardized solutions - which are inherently interoperable - as opposed to the highly expensive and completely custom-build solutions used in the EU.
This is likely to be the next big opportunity in online identification of real people, with standardization efforts ultimately pushing the technology and its delivery into the cloud.
Go to grean.com to sign up today to enable your applications to accept real people’s real identities.
RECENT POSTSJune 15, 2017
OpenID Connect from ASP.NET Core with Visual Studio 2017March 24, 2017
Sign text with BankID, NemID, right in your front-endFebruary 25, 2017
OpenID Connect from ASP.NET Core - on Mac OSXFebruary 14, 2017
Use BankID and NemID from a Node.js applicationJanuary 10, 2017
Security considerations when building an identity serviceDecember 15, 2016
Real world identities online: Why and how?December 07, 2016
Grean easyID connects Auth0 to Scandinavian national and bank identitiesDecember 04, 2015
Grean extends Auth0 with B2B onboarding and authorizationAugust 31, 2015
Are security concerns holding back your B2B integration?