Identity verification (IDV) is required during the customer onboarding process, when a core banking system needs to create and store an identity for the prospect. Providing a great user experience during identity verification is important, and reducing the time it takes to correctly verify a prospect’s identity is a key part of the value proposition of banks that offer quick account opening (for example, Tide).
IDV has two main objectives. The first is verifying that the identity information presented by the person is actually authentic. The second is verifying that the person claiming the identity is its true owner. Identity verification enables financial institutions reduce fraud, mitigate risk and meet regulatory requirements such as Know Your Customer (KYC), Anti-Money Laundering (AML) and The Second Payment Services Directive (PSD2).
It is important for organisations to offer a fast, easy to use and frictionless end-user experience in digital identity verification. For digital banks this means using a remote digital channel (such as smartphone or webcam) to capture “something only the person is” (inherence) and “something only the person has” (ownership). Usually this involves capturing an identity document (for example a government issued document like a driving license or a passport) to prove ownership, and biometric information (like a selfie, fingerprints or voice recordings) to prove inherence. IDV solutions can use this information to prove and authenticate identity. Solutions that require identity documents are sometimes referred to as document-centric IDV. Examples of document-centric IDV solutions include Mitek’s Mobile Verify, Onfido’s Document Verification, and Jumio’s Identity Verification. Other providers include Acuant, AuthenticID, Daon, IDEMIA, IDMission, Intellicheck, and Veriff.
Core Banking Systems and integration with Document-Centric IDV Providers
Document-centric IDV solutions usually have 2 main operations or API calls. The first initiates the verification request, providing the required identification documents and biometric images or data. The second is to check on the status of the verification and to receive the verification results. In the verification processing, these IDV solutions run complex algorithms and use artificial intelligence to do checks on the the supplied documents and biometrics. These include document fraud checks (checking for forged, counterfeit, stolen, impostor and compromised documents), biometric checks (for example facial comparison against supplied documents, passive and active anti-spoofing to verify the selfie image or video is from a real person not a computer generated image, picture of a picture or a 3D mask).
Core banking systems have to integrate with many different IDV solutions based on their client requirements. They may provide a marketplace that present pre-configured integrations (for e.g Mitek on Temenos and Onfido on Mambu). The challenge in designing core banking systems is to build a system that can integrate (or is integrated) with a wide range of solution providers, yet is easy to configure for the needs of a particular client.
Core Banking Systems and integration with ‘Bring Your Own Identity’
So far, we have talked about how identity verification needs to be performed before a fully provisioned customer identity is created in a core banking system. But what if we can skip this process by importing a customer’s already verified identity from an external system such as a government electronic id system, or an identity that has already been verified by another trusted bank ?
This is the concept of ‘Bring Your Own Identity’ (BYOI). BYOI allows a prospect import a digital identity that has already been verified by a third party into the core banking system. The degree of verification provides the degree of assurance. Thus we have the strongest-level of assurance from government issued electronic identities, higher-assurance from identities provided by trusted banks, and identities provided by mobile network operators and social networks having a lower level of assurance depending on the verification checks those parties do.
Let’s take a look at bank issued identities. Examples of these higher-assurance identities (based on Strong Customer Authentication) include Sweden’s BankID, Norway’s BankID, Denmark’s NemID, Finland’s BankId and Canada’s Verified.Me. The BankId solutions offered by the Nordic countries offer similar functionality. To obtain a BankId, a user would need to verify their identity with one bank, and as part of that process an identity is created on the BankId system. That identity can be used by most or all of the banks in that country and also by other organisations. The identity can also be used to make a digital signature. Banks can trust this digital identity for authentication and access to digital banking services making for a smooth onboarding process.
Modern core banking systems need to support integration with document-centric identity verification solutions, other-bank-issued and government-issued electronic identities. This poses an integration challenge with core banking systems which need to make a variety of these integrations available, make it easy to add more integrations, but also make the integrations easy to configure for clients.
- Market Guide for Identity Proofing and Affirmation – Gartner, 11 September 2020