Trust, identity and digital banking

There has been a surge in digital banking, accelerated by the pandemic. Traditional banks are leveraging online platforms to provide a variety of services, including account management, bill payments and loan applications, all with the convenience of 24/7 access from any location. As a result, over 90 per cent of UK consumers are now using online banking. This trend provides consumers with enormous convenience, while at the same time offering banks the opportunity to sell innovative services to their customers. 

However, online banking comes with a large constraint: because consumers are not in branch and cannot be identified face to face, online services need to have a rigorous way of identifying individual customers securely and accurately if they are to be trusted. But if identification processes are too rigorous, too time-consuming and too difficult, the convenience of online banking is eroded, leading to unhappy customers and lost sales opportunities. Getting the right balance between trust and convenience is essential.

Trusted identities in online banking

Strong digital identities have many roles to play in banking. First and foremost they are critical for preventing theft, fraud and other financial crimes. They also safeguard against unauthorised access to personal financial data, ensuring that only legitimate users have access to it. This helps to mitigate cyber-risks that can lead to crimes, such as identity theft and phishing. Regulatory bodies such as the FCA and the ICO impose stringent requirements on financial institutions to ensure customer security and privacy; any trusted digital identity scheme will comply with these requirements.

By providing a defence against cyber-criminals, a seamless and secure online banking experience will enhance customer trust and satisfaction. A strong digital identity system will not only protect customers’ sensitive information but also reinforce confidence in the banking system and help banks to establish lasting relationships with their customers.

Trust is essential for a well-functioning digital economy, as it allows individuals and organsations to interact with each other online with confidence. Because of this, trusted digital identities are at the very centre of any successful online banking operation. 

A trusted digital identity is created when information provided by a customer to prove their identity is verified for authenticity. There are a number of ways this can be done, providing varying levels of confidence. 

A low level of confidence, appropriate for low levels of risk such as signing up to a newsletter, can be provided by a simple verification of an email address or a check against a database such as a credit reference agency or utility company database. However, for higher levels of risk, such as allowing access to funds, more rigorous techniques are needed such as downloading an official form of photo ID such as a passport and then verifying that the photo is genuine using biometric techniques. 

No form of identity verification is ever 100 per cent reliable, however. For example, passports can be stolen or forged. And, increasingly, AI enables the creation of deep fakes that can subvert current biometric ID verification techniques. Therefore, it may also be appropriate to implement some form of continuous monitoring, something which can be intrusive and unwelcome but which is still necessary to manage risk.

The UK government is developing a digital identity and attributes trust framework to help establish trust in digital identities. This may prove difficult given the scepticism, and often hostility, that ID schemes generally receive in the UK. The framework sets out standards and best practices for the creation and use of digital identities. And there are no doubt strong reasons for the government to promote the idea of digital IDs, given the success of the e-Identity system in Estonia, where all citizens have a state-issued digital identity.

What consumers want from digital identities

There is a balance to be struck between security on one hand and privacy and convenience on the other. This can be difficult for banks to get right. Most consumers are happy with some security checks taking place but may become irritated (and may even close an account) if those checks are seen as unnecessarily rigorous. Therefore it is important for banks to understand what customers want and how they perceive the checks that take place.

Of course, from the consumer’s perspective, security must be privacy enhancing (no unnecessarily intrusive questions) and secure (so their money is safe). But it must also be convenient. This means that it should be consistent and equally easy to use across different channels – mobile, web or phone. And the customer should feel in control of the process, knowing what to expect at all times and with an easy route for questions or complaints resolution.

Banks also need to accept that different customers have different requirements. If they treat everyone in the same way they will disadvantage many customers and potential customers. A focus on providing a universal service and promoting financial inclusivity is important, including testing the degree to which online banking services are usable and convenient for everyone irrespective of their physical or cognitive abilities.

Another key requirement is accountability. The banking industry has traditionally been very fair with customers who get scammed. But nearly a quarter of customers feel that banks have a way to go in this area. It can be argued that banks need to communicate better with their customers over how individuals should keep themselves safe, although messages such as “we will never ask you for a PIN” are beginning to gain traction.

Building trust

Building trust isn’t simple. The way you view your bank’s trustworthiness may well in part depend on who you are (a student, a disabled person, someone who dislikes technology) or what you want (convenience, a loan, a higher interest rate). So how can banks build trust in their digital identity processes?

Much will depend on the bank’s overall perceived trustworthiness. Most consumers will be unaware of things such as the bank’s credit rating or its ability to pass stress tests (unless the bank is receiving unwelcome publicity about a problem). But they will be aware of how transparent they are about fees and how welcoming they are seen as an organisation. Other issues such as their ethical approach to issues such as sustainability or dealing with undemocratic governments will, at least for some consumers, also be important.

But for most, though, trust is simple. Consumers will trust an online bank that delivers an appropriate level of security – enough to make them feel safe, but not too much to frustrate them or make them feel their privacy is being invaded. It’s a tricky balance.

Providing federated identity services

Digital identities established by banks have the potential to be used beyond the financial sector, and serving as a new business opportunity for banks while strengthening their brands. 

Banks operate in a highly regulated environment that requires significant safeguards for protecting financial assets and personal data. As a result, they are well placed to facilitate digital, so-called federated identity schemes, that other organisations can use. However, for these to succeed considerable attention will need to be paid to the diverse needs of different user demographics.

The role of trusted identities in online banking extends beyond authentication: they are central to a secure and reliable financial ecosystem. Embracing robust identity verification measures not only protects customers but also fortifies the credibility of the banking sector in the digital realm. 

The assurance of trusted identities is pivotal for the continued evolution of digital banking. It’s not merely about authentication, it’s about establishing and sustaining trust, compliance and fostering an inclusive and secure financial ecosystem.