Eduardo Azanza, Veridas’ CEO, along with top players in the industry discussed over “What’s the least number of times you can have a customer prove their identity?” at Money 20/20 Europe, the top fintech conference held in Amsterdam last june 2021. The conclusions of the discussion have now been released in a 18-page report.
Customers are demanded to prove their identity every time they want to interact with a company. How can companies make this as frictionless as possible for the user while maintaining security?
This topic was undertaken by biometrics’ industry leaders who answered relevant questions such as what technologies and partnerships businesses should be created and used so that customers can be recognized passively and effortlessly.
Verifying once... Is that enough?
The problem does not lie on the initial identification, but rather on the subsequent, continuous verifications, which could be costly and intrusive for clients, consequently diminishing their user experience.
Reverification is where the market wants to move. Not just because companies are increasingly starting to get aware of the benefits of the former, but also because regulators are pushing businesses to do so.
Four main issues arise whenever this topic is considered: Firstly, the solution lies on the properness of identification; a proper identification completed once could be reused throughout the customer lifecycle without needing to continuously ask the clients to authenticate themselves again; you don’t have to show documents when we know it’s you. Secondly, we should aim for a process where authentication happens every time the user gives his/her consent and wants to be identified. Thirdly, cultural and regulatory values should be taken into account. To simplify the authentication process, we need locally compliant flows in different countries to accommodate different regulatory frameworks or user preferences. And lastly, we need to consider the different definitions of strong IDs and security across countries in order to find ways to help governments improve the strength of their identity systems.
We are clearly moving towards a future where high-value transactions could be approved just with our face. But how to offer that in the best possible way?
What are the obstacles?
A first obstacle is to solve the countries regulatory differences; there is a need for one solution that could work for multiple countries.
However, the hurdles do not come only from laws, like GDPR, but sometimes the obstacles are the local authorities’ understanding of the law, especially around the data and how to authenticate it. It is important to realize that, rather than being humans solvers of the flackness of technology, they can act as noise of the equation. Nevertheless, the solution does not lie in removing all human involvement, but rather educating regulators so that they can learn and we can move the industry forward faster. Getting to the point where automation increases quality.
Biometrics: The solution
Verifiable Credentials and zero-knowledge proofs are technologically quite interesting but their usefulness and security is still doubtful. In less than 10 years, businesses will be onboarding people to their verifiable credentials and then authenticate them to those.
Biometrics is a means to make subsequent authentications more frictionless. We find a clear example in the recently created Covid health certificates, where it has been proved that even though they are required in many places, the person asking for it still requires a passport or other strong ID to confirm the user’s identity and ensure security, something that could be removed with a Biometric-based-Covid passport.
However, it shouldn’t come at the expense of privacy and security; we want to authenticate without storing data. Being the aforementioned a concern for companies and Governments, biometric firms need to do more public education; we have a responsibility to talk to regulators about the opportunities and risks of biometrics as the best way to demonstrate identity.
What should EIDAS become?
ID verification should be as strong as a physical ID. And the path for it lies in Governments; who should create the infrastructure and framework, and then, trust in the market to attract customers by solving problems.
Moreover, due to the fact that assessment of what constitutes strong verification in each country follows different criteria; the European Commission should define those conditions and not allow auditors to operate differently.
Who will pay for the infrastructure of self-serve IDs? Consumers may be willing to pay for it as it will be cheaper than the inefficiency of re-authenticating each transaction; but banks could also be willing to pay for it due to the cost savings coming from reusing the information.
Veridas: recognizing real identities in the digital and physical world
Veridas is a SaaS company that offers solutions to verify people’s real identity in the digital space and in the physical world. We have the vision of a future without passwords and without keys where people are recognized, privately, securely and voluntarily, for who they are.
We achieve the former by developing proprietary technologies for facial biometrics, voice biometrics and global document verification. We have operated globally since 2017 in demanding sectors, including Banking.
Moreover, we have a deep commitment to quality, regulation and regulatory compliance, submitting our technologies to the highest international standards such as NIST for facial and voice biometric verification, proof of life according to ISO 30.107 iBeta level 1 PAD, ISO 27.001 in information security systems, RGPD or CCPA in California.