The Open Digital Trust Initiative
Trust is the biggest unsolved problem with the Internet today. It is a fundamental problem that permeates all aspects of interaction of the Internet. SPAM, Phishing, Fraud, Weaponized Anonymity, Misinformation. HSBC says that “financial crime is a global problem that costs the global economy as much as USD2.1 trillion a year.” McKinsey says that if we solve the problem of Digital Identity, we can add 3% to GDP by 2030.
Why do we have this problem? Simply put, we do not know who is at the other end of the digital connection.
When trying to solve the problem of Digital Trust, collectively, many companies create a second problem. People are often forced to share personal and private information in order to establish trust over the Internet. This puts users at risk of losing control over their private data.
There are new “passwordless” solutions like Webauthn.io, recently described at a #FIDO event by Ashish Jain. Webauthn does an excellent great job of improving security once we know who the person is at the other end of the digital connection. The challenge of connecting a digital user with a real-world identity credential is especially obvious at the time of registering a new user. But it can continue throughout the lifetime of a digital relationship. For example imagine a digital session with a user claiming to be Cindy. In this digital session, Cindy is trying to use a mobile device to check in with an airline. From the airline’s perspective, this may be someone who has Cindy’s phone, but is it really the Cindy mentioned in, say, a specific digital passport?
Across industries, banks do the best job of solving this problem. Banks put a lot of work and effort into knowing who their customers are. “Know Your Customer” or KYC regulations require banks to do a good job. They accomplish this through an extensive and expensive on-boarding process. Many countries even require that it be done in person. Once banks get the personal information to confirm identity, banks keep that data private. Regulations require banks to respect their customers privacy. Big tech companies monetize customer data and resell it. Banks monetize their customer privacy. Banks also do the best job of re-authenticating their customers during a digital login.
The Institute of International Finance and the OpenID Foundation have brought together a large team to consider how banks could take their Electronic Know Your Customer (eKYC) assets and their strong customer identification capabilities and offer them as Digital Trust services via APIs. The effort is called the Open Digital Trust Initiative.
With leadership, input and guidance from Brad Carr, Don Thibeau, myself(Rod Boothby), Laurence White, Gene DiMira, Nick Mothershaw, Scott David, Angus McFadyen, David R. Hardoon, Wendy Callaghan, Stéphane Mouy, Conan French, Dakota Gruener, Camilla Bullock, Tara Rice, Jon Frost, Alex Stervinou, Daniel Pujazon, Mina Loldj, Tom Smedinghoff, Greg Wolfond, Grace Lykins, Ian Manovel, Deborah Young, Greg Medcraft, Caroline Malcolm, Jesus Ruiz, Paula Pascual Cortes, and Maria Concepcion (Coty) de Monteverde, and with technical leadership from Alberto Pullido, a large group representing dozens of financial institutions have spent months developing guidelines for a Digital Trust Marketplace.
The work has considered questions like:
- How do we protect the client privacy?
- How do we build insurance solutions into the Digital Trust Marketplace so that reliant parties can better manage online risk?
- How do create a level playing field that solves existing problems without creating new ones?
To help address the last challenge, Santander has contributed its Digital Trust Protocol to the OpenID foundation in the hopes of creating a new standard that facilitates the creation of this new market.
The IIF’s Laurence White has published Draft Principles for Digital Trust Networks. “The Principles are open for public feedback, which is invited by April 30th, 2021, through the link below. The aim is to release a finalized version 1.0 of the Principles in 2021.” https://www.iif.com/Publications/ID/4276/Draft-Principles-for-Digital-Trust-Networks
