Event Recording

A Digital Society Needs a Digital ID


Log in and watch the full video!

Our world is becoming more digital and more mobile every day. The sensitivity of information being exchanged online grows rapidly and data privacy is a real concern to many people.
How are we facing new challenges to keep pace with today's digital transformation?
Getting rid of all paper flows, taking KYC-process to the next level, improve customers’ experience, introduce a safer way to login and confirm transactions, be compliant with EU regulations and PSD2.
Creating a digital ID in a country is one of the solution, but it requires more then just technology.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
Digital transformation. In fact was a buzzword for quite some years. A lot of private companies and public services translated all their paper flows into digital processes. But now it's time to, to take a next step and to be able to achieve this next step and creating a digital society. Digital ID is really crucial today. You hear everybody telling you that data is the new gold, but actually accurate and verified data is the, the holy grail before we start. Yeah, let's just define the different types of identities simply puts, and ID is a representation of who you claim to be and, and who you are. And a digital identity is an electronic representation of that claim. Now a trusted digital identity is a representation of, of you that can be relied upon with confidence for high value transactions, just such as signing a contract or applying for a passport. And which has been verified by third party. So identity is at the core of the authenticity of, of social interactions and the integrity of business processes. Identity is the starting point for any relationship, trust and confidence in ongoing transactions between individuals and organizations and governments.
Now let's have a, a 360 view on what digital identities are in the center. You have a digital identity with a strong trust, which has been verified by an authentic source and an identifier of that could be your name, your first name, your last name, your legal address, or like unique number, which is known by the state like a national security number or a national register number. And around that, we have attributes which are mostly shared by, by different people like attributes can be of profession or your affiliation to certain companies could be self-declared data or even data that somebody else has declared for you. And for instance, just leaning back to the, the previous discussion blockchain could be used to collect all these attributes and validate them and add them to your digital data. Then there's a layer of, of data, and that's mostly that's data, which we have and which, which we con consciously do in fact, and an example of that is all the data that we store in our social media accounts.
And then around that we attracts, and that's all the information which goes around, which is which, which is non-consciously stored due to our behavior online and to interaction with connected objects. Now, artificial intelligence is evolving and might help us to in the future to get more out of these tracks, but to have a consistent digital identity, the core really needs a verified digital identity. So it's time for taking this digital identity to a next level. Now, while while blockchain is becoming part of, of mass consciousness and, and might be a big hype biometrics are now part of, of the mass experience and, and is really a must users require a per perfect user experience with full transparency. And they like single sign on solutions with no hassle. And by creating a unique identity system with a unique user experience, we can give back control of the data to the owner of the data and giving back the control of one's data means that creation of a user centric solution, an inclusive solution as everybody has the right to identity and privacy by designs means that authentication without revealing ID data is possible because different level of, of assurance are needed and all the data doesn't need to be shared every time on every transaction now and reducing the number of data that you are sharing and reducing the number of authentication methods will also reduce the risk next to that.
We do need to create secure solutions today because 60% of consumers that we, that we talk to express doubts about security and convenience of user names and passwords. So new and safer solutions are definitely needed. Now, the value of a digital ID is only fully realized when it can be used seamlessly across platforms and industries and use cases. And so the corporation between private and public sectors is really a key factor in this story. And that's also what we've seen with our implementation in Belgium, where the private and the public sector have joined forces to, to launch this project and to reach its full potential. So the private sector can create a solution, but requires the support of the government will has to create laws and regulation for verified digital identities. And with these elements, we can go from identity access management to identity, relationship management, and increase user experience and businesses.
Now the European union is in fact, a good playground in fact, to start this kind of digital identities, because they have led a lot of frameworks. In fact, that enable this kind of business, we have ADA, which has regulated in fact, digital identities and regulates mutual acceptance of these identities. We have the GDPR legislation, which helps us and also the end user giving him his privacy. In, in this part, we have PC two in the, in the financial industry, which makes that we ensure strong authentication into financial transactions. And so in fact, the Europe is, is really leading. If we look to the, to the world in terms of digital identity, if I go to, to meetings, like for instance, the F ADF, the, if I look to the other regions, they're really looking to Europe as like reference in terms of the frameworks needed for digital identity.
Now, how did we do the implementation in Belgium? So Belgium mobile ID has set up a unique collaboration between banks, the major banks in Belgium and the three telco groups. And we work closely together with, with the government. We have created an identity scheme, just like a payment scheme. It's an open ecosystem with the ambition to become a European reference for a mobile identity and digital privacy. It's me has been developing view of all the new re the European regulatory frameworks. And as you see on top, so we have been working as, from the start with GDPR in mind, we have been a certified at the highest level of assurance by the Belgian state. We are close to launching qualified signatures. And as a trust service provider, we are PSD two compliant for strong authentication in the financial world. We are AML compliant. The national bank in Belgium has made a link towards aid, us certifying effect that a digital ID like the, the solution that we provide is an equivalent for a full KYC for financial institutions.
And in terms of security, where ISO 27,000 certified, and it can be used in, in the public sector and in private, in the private industries. And due to all these, these let's say frameworks, we are able to deploy this in, in different regions. Now, what are the services that we provide? It's me provides four basic services, which enable you to digitalize every, every pro every paper process. So we have a function which is shared data, which allows the end user to share identity information on a need to know basis, for instance, for onboarding in a KYC process. And he has control of what kind of information is shared with the service provider. We have a login function where you can just log into websites into apps, but it can also be into internet of things. Then we have a confirmed function, which allows you to confirm, to give you consent for financial transactions, which is the easiest and most common use case that we have today, but also for transferring information from one person to another, for instance, for transferring your medical files from your doctor to your hospital.
And soon we will be launching the qualified signature in a few weeks, which gives you in fact, a digital signature, which, which has the same legal value as a handwritten signature. So the, the use cases that we, that we see being implemented are really almost endless. So as from KYC opening a bank account, as I said, we are email compliant here. So banks can use our identification methods for opening a full cap on, on a bank account, booking your holiday tickets. If you go to the websites of the flight companies, they always mention, make sure you enter your name correctly. Otherwise you will have problems at the gate. Well with its me. In fact, you will be sure that the data will be correct login. As I said, you can log into websites. You can log into apps, but we also can use its me effect to open up delivery boxes, open up cars in, in a rental scenario.
So there's quite some, some use cases that we are working on there. Confirmations also there, the, the first one which has been launched was mainly by the banks to confirm financial transactions without your traditional car tweet or, or tokens, which you always forget when you were brought. And so with your app, you can just confirm payments from, from your mobile phone. Also the help desk scenario is a, is a huge, there's a huge opportunities over there today. Typically you call to a help desk. If you want to have a loan or a credit line, or you want to swap, for instance, from one operator to another, in the mobile space, they will tell you, okay, I will send you this document. You will sign it and then you send it back and I will scan it for you. So you still end up in a paper process here with the confirmed function.
You can just do it remotely because you, they have your mobile phone number. You are on the line and they can send you that request immediately on your mobile phone and last, so the, the sign function, which we will launch in in a few weeks. So there, this is legally the same value as a handwritten signature. So not risk can use it to sign acts. If you want to open up a loan statement or sign an insurance contract, also in the customer due diligence process of the banks, they can use this legally as a signature for, for a document. So today we, as I said, we, we are set up an open ecosystem, just like a payment scheme with two different and important roles. First one on the top, which you see is the ID registers, which is in fact, which are the parties that deliver us verified identity in Belgium today, these are fulfilled by for major banks who have a strong KYC process, which is audited by us.
And a second option for the end user is using his Bel ID card, which is a chip cart with a pin, which is a proxy in fact of the KYC, which he did at the state when he got his identity card. But the, the system is open. So even notaries or the government could play that role of identity provider. And then on the bottom part, you see the telecom operators. So this was a very important part for us to get access to the financial industry. The financial industry traditionally is using hardware security. And lot of the solutions on the market are only based on software security. So in Belgium, we use cart readers, we use tokens. And so they wanted to have a hardware component into the solution. And then you have two options. If you're talking about a mobile phone, you can either use the secure element of the apples and the Samsungs, and try to get a, a deal with these guys, but then good luck.
I, you can use the SIM card, which is another secure element. And we took the SIM card because, well, we had the telecom operators in our consortium, but it also is a global standard. G Asma has standardized the specifications of SIM cards. We worked with all the major vendors like Edem and Gemalto and G and D. So our, our solution works with practically every SIM card in the world. And we also anticipated for instance, the evolution to the EIM. And so it provides hardware, software security, and binds your identity to your app, but not only to your app, also to your phone and SIM card, to make sure that only you from your phone can in fact use your identity. And so we expose those first services to all of these industry pillars from government telecom, finance and all the ones that you see here on the slide.
So we, as I said, we just launched one and a half year ago in may, 2017 with a few early adopters. The banks joined in as, from October and then the government in Belgium certified is by the end of 2017 and started in January in Belgium. We are lucky that all the governmental applications, which are about 800 applications are sitting behind a federal gateway. And so since we are on that gateway, we immediately got access to all 800 applications. So since then we see an exponential growth. We are at about 650,000 users today. If you look to the Belgium population, you have about 6 million digital active people. So that means that we are already at about 10% in one year time. And in terms of transactions, while it states one and a half million, just at the look this morning, we just crossed 2 million this month. So it's growing rapidly. And so in Belgium, it's quite a success at this moment. And you see that also in terms of usage. So people use it on average, more than three times a month for governmental usage, more than six times a month for banking and insurances. And for the other use cases about two times a month. So, and for, for us, this was a success story in Belgium. And the next step for us is, as we announced a few months ago is going abroad. So we are launching next year in Luxembourg. So
Yeah,
That's it.
Do you have any questions?
Thank you very much Remy. Yeah. Are there any questions? Yeah. Okay. I'd have to run around.
Hi, it's Greg from Switzerland. We in Switzerland, we have two ways similar. So mobile ID from Swisscom and Swiss ID, but it's not taking off because of financial concerns. So it's like, there's not a clear financial model. Is that something that you, you found an agreement with your users?
Yeah. If you look to our commercial model, in fact, for the end users, it's free, so they don't pay anything. It's the service provider. So the industry, in fact, that users, our solution that is, is paying for the different services. So, but yeah, if you look to other solutions, a lot of solutions only do a part of, of the job. So you have authenticators, which just do log in and authentication, which is a high volume, but low margin business. You have platforms that only do qualified or signature platforms, which is low volume, but high value business. And we have the full scale. So that gives us also leverage to, to be in, in, in different types of markets. And that helps us in the business model.
Any further questions? Yes.
Hi, my name's Keith Huber in, in Scandinavia, a lot of banks operate as IDPs or identity providers. The big question that comes up is around the liability. They send incorrect information. How do you deal with the, the liability question? How do you limit the liability in the event that at some point you send something wrong?
Yeah. If you look to, so we have an ecosystem with a rule book, just like a payment scheme. So there's a rule book for the IDPs to provide identity. And indeed they have a liability on, on the, the correctness of the identity. And we, we put the standard pretty high because we have been certified at the highest level on either. So that means that it has to be on, on a qualitative basis, but indeed, if something goes wrong, the, the IVPs will have the liability on the identity. Now, if you look to Bel law, in terms of identity fraud, there are some laws which kept the liability, but in other countries it might not be the case. So that's depending on also the regulation. Also, if you look to, to different countries, the let's say the standards on KYC are different. So in Belgium, they're quite strict in other countries, they're, they're less strict. So that's a case by case that we have to look at.
Thank
You. Any further questions to Remi?
Okay.
My name is Mo I have two questions. Actually. You said you don't need the card reader for authentication. What, what type of device or process or motor better the intend to use with Acme?
Yeah. So AME is, is a mobile application. So on your phone, you have an app and it's always the same user experience for any of the four services. So it can be triggered from the web. It can be triggered from an app or even from a backend system. And you will get a notification in the app where you see what we call or what you see is what you sign screen, which is always the same, telling it from whom the request come, came from, whether it's login on confirm or a sign, the full context, and then the user either can use touch ID or the pin code. And that depends on the service provider. So he defines the level of security that he wants and the user will then have to, to tap in his credentials. And then the transaction gets confirmed. So you don't need card readers or anything else with you, just your mobile firm.
Thank you. Any further questions? Otherwise we would. Okay.
Hello. My name is swim. I was wondering if you, if there were also plans to expend this to other countries, so if I'm on holiday that I could also use my it's me ID.
Yeah. Well, there's two different things that you're saying. So it means not only usable in Belgium, it's only usable by Belgium at the moment. So if I'm in the us, I can still do my financial transactions over there. So that doesn't matter. So any Belgium citizen can use it anywhere in the world. It's not depending on the mobile networks in Belgium, we use the stem card, but it's, it's doing home routing. So it doesn't matter where you are, but we do have expansion plans. So as I said, we have already signed up for the end of the year for Luxembourg. And we have active talks for different other countries, which I cannot exposed today, but no Germany is quite a, a different market. That, and there's also quite some solutions there. No, but we, we have quite some interest from, from different countries to, to use it to me. Yeah, it's, it's also because there, as I said, we, we, we cover quite some scope in terms of the different services and we combine that software and hardware security altogether, which makes it quite a unique solution. And the user experience is quite easy for, for the end user. So it, it hides all the complexity behind it.
Okay. Thank you very much. Again, Remy.

Stay Connected

KuppingerCole on social media

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00