The new digital economy, brought about by technological, social and regulatory forces of change, entails new challenges and opportunities in the banking and financial sector. These forces are undeniable, and banks and other traditional financial entities must adapt or be left behind by the new species sprouting rapidly in the digital ecosystem.
Banking Regulation and Recommendations
A number of regulations and recommendations affect electronic banking services. As part of their obligations, financial entities must compile reliable information on the identities of their clients (know your customer), especially in the online procedures for opening accounts and transferring funds. This requires setting up registration processes and using trusted information sources that allow verifying identities.
Once the client is known, they must be strongly authenticated in all online electronic processes using multiple security factors that jointly provide a high level of assurance.
And while until now banks treated the financial information of users as if it were their exclusive property, the new regulations require them to consider this information as belonging to the account holders who, as owners, have the right to give online access to this information to third-party entities. All of which must take place while respecting the customer's privacy, protecting their data and guaranteeing that the account holder gives their consent to disclose data to a third-party, either physically or online.
The New Digital Economy
The forces bringing about and giving form to the digital economy — and that are having a major impact in all sectors — are the social, mobile, analytics and cloud technologies. And what makes it possible for hundreds of thousands of users and millions of applications and services to be connected and cooperate in the new digital economy? Three things: the World Wide Web, the user-centric paradigm and the existence of an unparalleled new model of economies of scale and value creation: the API economy. The API economy’s value model is based on the data an organization possesses being exploited by external organizations via the publication of APIs that allow the structured and controlled access to the data.
The users go where the value is (the applications) and the application developers go where the users are. And so a self-perpetuating system is created with an infinite growth potential. From this point of view, existing banking users concentrations are potential hubs for application communities that will attract new value.
Either owing to regulatory requirements or competitive pressure from the new digital economy, user data, an important asset of organizations, must be made accessible to third parties in a controlled and secure manner.
The obligation to maintain client data updated and verified entails certain costs. However, this information can turn out to be very useful for the new electronic services that provide innovative value to clients. The generation of new services and value by third parties based on the consumption of verified identity data automatically entails extending the range of banking services, which translates into a more competitive range of products and services for attracting new clients.
And there is a complementary case that is also of interest to financial entities: being able to offer certain basic services to third party clients, such as Internet service providers’ and social networks’. Thus, entities can set up streamlined onboarding processes, registering the user with the data the user gives in their social network and applying more appropriate identification methods when the user wants to perform more sensitive financial operations.
Security and trust in accessing and sharing identity data, like convenience and user experience, will have a major impact on the differentiation of entities. In this aspect, mobile devices are vital as users are using them increasingly to access the network and consume digital services and content. Therefore, high-security identification, authentication and electronic signature services conveniently integrated in the user's mobile will be fundamental in the new digital economy.
Safelayer’s eIDAS Platform and Mobile ID
The identification, authentication and electronic signature technologies (eIDAS) form the base of the identity services and will be vital for successfully deploying these services. Safelayer's eIDAS Platform and its eID mobility solution, Mobile ID, are the response to all these challenges and opportunities.
The architecture of the identity services is based on OAuth 2.0, OpenID Connect and SAML 2.0 standards, which guarantee to the financial entities the publication of widely accepted universal identity APIs. The OAuth 2.0 characteristics, designed to take into account the user's privacy, provide the best way for complying with the regulatory framework. In this sense, integration with mobile devices, social networks and cloud services is guaranteed.
The eIDAS Platform incorporates PKI technology to provide the highest levels of security, trust, and regulation and legal compliance. What’s more, it does so in a way that is user-friendly, completely breaking away from the poor-usability stigma often associated to the PKI.
Try out our platform at demo.safelayer.com
Safelayer’s eIDAS technological framework basic architecture