Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Identity Assurance – Simplifying customer on-boarding - John Erik Setsaas

452 views

Published on

Digital on-boarding must be simple for the user, while at the same time give the business enough information to ensure trust, by establishing certainty and proof of the user’s identity. Many organizations have complex on-boarding processes, which puts a high demand on the user. A survey we did, showed that 40% of financial customers don't go through with the process. It is important to balance convenience for the user with risk and regulatory requirements, to achieve reasonable assurance. The eIDAS regulation, defines assurance levels, which are in the process of being incorporated in the local laws throughout Europe.

Published in: Marketing
  • Be the first to comment

  • Be the first to like this

Identity Assurance – Simplifying customer on-boarding - John Erik Setsaas

  1. 1. Identity Assurance The art of knowing your customers John Erik Setsaas 2017-03-07 V 1.12 - 2017-03-06
  2. 2. Disclaimer Please note that this presentation is for information purposes only, and that Signicat has no obligation to pursue any course of business outlined in this presentation or to develop or release any functionality mentioned in this presentation. The future strategy and possible future developments by Signicat are subject to change and may be changed by Signicat at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non- infringement. Signicat assumes no responsibility for errors or omissions in this document.
  3. 3. About Signicat
  4. 4. Signicat's vision is to be the most comprehensive provider of electronic identity services to customers in regulated industries across the world
  5. 5. What does Signicat do? 5 Identity Assurance SCA Strong Customer Authentication Electronic signatures and seals Preservation of identities and signatures
  6. 6. Signicat’s reputation • Winner of the Norwegian Fintech Achievement Award – 2017 – Norway • Nominated for European Fintech Award – 2016 – The Netherlands • Winner of the Future Payments 2013 and Cards & Payments Europe “Best innovation” award – 2013 - UK • Winner of the International Identity Deployment of the Year Awards – 2009 - Las Vegas • Winner of the Security Award, IT- sikkerhetsprisen – 2009 - Norway 6
  7. 7. Identity assurance background
  8. 8. Traditional assurance • Physical meeting • Bring ID papers • Verification done by a person 8
  9. 9. User expectation • Digital registration • Everything can be done from home • Using any type of device • No human interaction 9
  10. 10. 40% have abandoned some kind of application form for financial services in the past 12 month What the user meets • Difficult to become a financial customer • Do not understand why – I have to provide so much info? – I have to upload my passport? – It is so easy to sign up at web stores • Using social media 10
  11. 11. • Time consuming • Costly • Complex • Losing potential customers • Losing money What the business sees 11 3.000.000 1.000.000 2.000.000 0
  12. 12. On-boarding challenges • Digital on-boarding is a complex process – How to verify that the person is who he or she claims to be? – What about KYC (Know Your Customer) requirements? • Digital on-boarding is costly – Often requires manual steps (both for the consumer and the organization) • Digital maturity of the population • Trust – People are reluctant to use digital identity – Surveillance (Ref. Snowden) 12 A good solution should empower the user to overcome fear of surveillance
  13. 13. 13 Identity assurance must be simplified!
  14. 14. Identity assurance
  15. 15. Business motivation • Risk – Will you get paid for your services? • Consequence – Loss of money 15 • Regulations – KYC – AML • Consequence – Loss of money – Loss of reputation $ $ $
  16. 16. KYC – Establish trust in the identity • Collect and analyze information • Name matching against lists of known parties – such as PEP (Politically Exposed Person) • Determine risk – Money laundering, terrorist finance, or identity theft • Create transactional behavior profile • Monitor against expected behavior – Including behavior of customer’s peers 16 Identity Assuranc e
  17. 17. Reasonable assurance • Establish a reasonable assurance that the user is who he or she claims to be • What is reasonable depends upon factors including – Jurisdiction – Risk vs consequences – Resources – Technology state of the art 17
  18. 18. eIDAS assurance levels (EU regulation 2014/910) 18 The requirements established should be technology- neutral. It should be possible to achieve the necessary security requirements through different technologies Low Substantial High Assurance levels should characterise the degree of confidence in electronic identification means in establishing the identity of a person
  19. 19. What can a user use to prove his or her identity? 19 Physical or virtual meeting Commerical identity Proof of address Self portrait Possession of phone Derived identity ID paper
  20. 20. What can the bank do, to verify the identity? • Automatic checks – Social media attributes • Name, phone etc – Social media ratings • Recommendations – ID paper OCR – Registries • PEP/OFAC • Credit rating • Business roles – Web searching 20 • Manual checks – Visual check of information • ID paper vs photo etc – Phone call – Video conference
  21. 21. User motivation vs business risk 21 I want to buy a houseI want to check out your banking app User motivation Simple assurance Full KYC compliance
  22. 22. The gradual approach example 1
  23. 23. Assurance John Bank 23 Assurance John wants to sign up with the bank The bank needs a reasonable degree of assurance Assurance threshold 1 Limited functionality Assurance threshold 2 Full functionality
  24. 24. Assurance John Bank 24 Assurance John provides basic information John Doe 555-1234 1970-04-05 John Doe 555-1234 1970-04-05
  25. 25. Assurance John Bank 25 John responds to OTP (One Time Password) 1234 1234 John Doe 555-1234 (verified) 1970-04-05
  26. 26. Assurance John Bank 26 Assurance Upload self-portrait John Doe 555-1234 (verified) 1970-04-05
  27. 27. Assurance John Bank 27 Assurance Upload self-portrait with OTP John Doe 555-1234 (verified) 1970-04-05 3655 1234 3655 (verified)
  28. 28. Assurance John Bank 28 Upload passport John Doe (verified) 555-1234 (verified) 1970-04-05 (verified) 3655 (verified)
  29. 29. Assurance John Bank 29 Manual check John Doe 555-1234 (verified) 1970-04-05 3655 (verified)
  30. 30. Assurance John Bank 30 Video conference John Doe 555-1234 (verified) 1970-04-05 3655 (verified)
  31. 31. The gradual approach example 2
  32. 32. Assurance John Bank 32 Log on to commercial identity John Doe 555-1234 1970-04-05
  33. 33. Assurance John Bank 33 John responds to OTP (One Time Password) 1234 1234 John Doe 555-1234 (verified) 1970-04-05
  34. 34. Assurance John Bank 34 John Doe 555-1234 (verified) 1970-04-05 PEP OFAC Web verification
  35. 35. Conclusion
  36. 36. Summary • Decide what reasonable assurance means for your organization • Define several levels • Decide which means of assurance – And how to combine them • Make it simple for the end-user
  37. 37. End of presentation John Erik Setsaas @jsetsaa s John.Erik.Setsaas@signicat.c om

×