As driver licenses, passports and bank cards enable the virtual, is secure identity within reach?
Could banks be key to online ID?
While the driver license may be the standard identity document in the U.S., there are also payment cards. While individuals aren’t normally asked to present a payment card as proof of identification, financial institutions must perform “know your customer” verification before enabling a customer to open a bank account.
In Canada, banks have been enabling customers to use that login for access to government sites. This gives the government a high assurance of whom they are dealing with without having to vet and issue identities.
The system has been running for three years with three separate financial institutions, says Charles Walton, CEO at SecureKey. One of the main applications is enabling citizens to use the bank login for access to the Canadian IRS, but other applications are rolling out in the provinces. “In the first six months of the year – peak times – we generally see about 2 million transactions per month,” Walton explains.
This basically takes the idea of a social login – that normally relies on a self-asserted Google, Facebook or LinkedIn user name and password combination – and adds a high level of assurance thanks to the vetting the bank has previously performed.
“This is social login with privacy and trust,” says Stuart Vaeth, senior vice president of business development at SecureKey.
The company is extending the service beyond Canada, launching SecureKey Concierge with US Bank in the U.S. This will enable US Bank customers to use the login information for their financial accounts to access other services in a secure and privacy enhancing way, Vaeth says. “It solves two issues: password proliferation and how a service provider verifies who the user is online,” he adds.
SecureKey is in talks with other financial institutions about using the system in the U.S. and the company is focusing on health care for initial use cases, Vaeth says. Instead of relying on knowledge-based authentication for access to a health care provider or insurer, the Concierge service would use the bank credential to verify identity.
When accessing the site the user would be given the option of using a banking credential for access, Vaeth says. Instead of answering the knowledge-based quiz or undergoing another verification step, the user would enter the banking credential, consent to share the information and then US Bank would pass along an anonymous identifier. “This leverages the identity proofing that the banks have already done,” he explains.