Will eIDAS really herald the age of the pan-European identity?
- Rene Hendrikse, Vice President & Managing Director EMEA at Mitek
- 01.02.2018 10:00 am undisclosed
Europe is getting serious about money laundering. AMLD 4 regulations are already here and AMLD 5 is on the way. These attempts to decrease the level of money laundering in Europe put demands on banks to not only have strict Know Your Customer (KYC) processes, but the scope and frequency of the checks will both increase.
The average UK bank is already wasting £5 million every year on KYC processes that could be improved. This is expected to risk to £10 million in three years thanks to this increased scope and frequency. However, the issues for financial institutions caused by AML rules aren’t just about cost.
Customers increasingly demand a digital-first or even all-digital approach to financial services, leading to the rise of challenger banks such as Starling and fintechs such as Transferwise. Incumbent financial services need to provide a similar level of service to their customers, but AML rules make this tricky. Requiring customers to prove their ID, usually by presenting the ID in person, won’t mean a good experience.
Could eIDAS solve identity?
The EU does, to its credit, recognise this issue and wants to help fix it as part of its plan for a digital single market. eIDAS, adopted by the EU in 2014, created a new legal structure for digital identity and signatures across the EU. The new rules are an attempt to solve the patchwork of laws and standards across Europe caused by governments deciding this on their own. It’s also designed to work across borders—a digital identity in one country should be just as valid in another.
In 2016, these rules replaced in-country laws across Europe. National eID schemes can be added to the eIDAS network through a notification process that makes sure that the eID scheme in question meets the security and quality requirements. Once connected, these eIDs can be used across Europe.
There are two small snags for financial services looking to eIDAS to help them solve ID issues. To date only Germany, the Netherlands and Austria have gone through the notification process and connected their ID and authentication infrastructure to eIDAS. The other big issue is that, currently, eIDAS can only be used for government services. So, for example, someone with an Austrian ID who needs to pay a traffic fine in the Netherlands can do so online. But financial services, or any other private business, cannot use this infrastructure.
eIDAS as it stands could potentially solve many issues for financial service providers who want to onboard their customers with digital ID, if it’s extended to non-government use, and more widely adopted.
The plans to use eIDAS beyond public services are vague, but the European Commission has stated that this is the long-term plan: “rolling out eIDAS means higher security and more convenience for
any online activity such as submitting tax declarations, enrolling in a foreign university, remotely opening a bank account, setting up a business in another Member State, authenticating for internet payments etc”, and describes the current setup as the right foundations for eID across Europe. It has also said the “ultimate goal” is for EU citizens to use their eID in other EU countries when accessing both public and private services online. But this is a goal that, at the moment, has no firm deadline.
Bridging the gap
2014 saw 29 businesses apply for banking licenses in the UK, after almost none doing so in the hundred years prior. The dramatic increase in the number of financial services, both licensed and not, can only mean fierce competition for customers, many of whom won’t accept substandard digital service.
Financial services providers cannot wait around for notifications from every country in the EU, and for the EU to open up eIDAS use for all businesses. While these providers will undoubtedly benefit from and should prepare for eIDAS, the simple fact is that digital ID is not ready for them and cannot yet be relied upon to provide a fast and easy onboarding process, outside of countries where digital ID is relatively mature, such as Norway. Research has found that of the 13 eID schemes in Europe, only three provide all of the attributes required for onboarding individuals.
eIDAS and digital identity will get there, but in the meantime financial services need to provide something that will bridge the gap, allowing their customers to scan their identity credentials remotely and allowing customers to complete KYC processes using their mobile devices. Providers also need to make sure that these will work across borders—people are happier than ever to move to new countries for work, and these cross-border customers can be the most valuable of all.
eIDAS will eventually be the standard that all financial services use to onboard their customers. Ironically, those that wait around for eIDAS to be available to all may not survive long enough to see it happen.