What could possibly go wrong? Banks could provide ID assurance for Gov.UK – report
Personal data stored by financial institutions? Wow.
Personal data could be stored by banks and used to verify the identity of individuals that wish to use government digital services, according to a new report.
A pilot study undertaken by Lloyds Banking Group found that there is scope for banks to act as identity (ID) assurance providers for online government services (14-page/535KB PDF) because of the trust consumers would have in that arrangement.
However, a report on the study, published by the Open Identity Exchange, said that further testing and refinement to the way in which consumers are introduced to the concept of ID assurance, and the associated sharing of their personal data between service providers and banks acting as ID assurance providers, is needed.
"Banks have long been the holders and guardians of personal information relating to their millions of customers such as name, address, phone numbers, financial history, etc," the report said. "Moreover they go through rigorous verification processes to ensure this information is accurate and that their customers are who they say they are (in compliance with Anti Money Laundering (AML), and Know Your Customer (KYC) regulations)."
"As the digitisation of daily life continues to develop at a pace, including the growth of mobile banking, it seems natural for banks to examine ways in which they can help their customers to access a range of services in a way that is safe, secure and convenient for the individual, and provides accurate and trustworthy identity data for the relying party," it said.
During the pilot project, Lloyds issued some mobile banking app customers with digital identities developed by identity provider Callsign. The customers then simulated renewing their driving licence on the UK government's website. As part of the renewal process, customers were able to select an option that allowed the government to verify their digital identity with details stored by Lloyds and therefore permit the renewal process to be completed.
The report said that the test had outlined the possible role for banks in acting as ID assurance providers for some online transactions. It said, though, that personal data held by banks may not be "the most relevant or the most necessary information" that customers need when making certain transactions online.
"There is indeed a distinct possibility to create a circle of trust between a customer’s bank and their government held information," it said. "Overwhelmingly the customers reacted positively describing Lloyds with Callsign as an intuitive and convenient service. Customers found a link between their bank and government as providing additional security and were highly trusting of it. This coupled with the convenience and speed of the transactions was of benefit to all parties."
A spokesperson for Lloyds confirmed that the bank had "accepted the government’s invitation to take part in the identity assurance programme". They said: "As a bank, our customers’ security and verification is of paramount importance, and we’re keen to help our customers access digital services securely."
Copyright © 2014, Out-Law.com
Out-Law.com is part of international law firm Pinsent Masons.