Digital Identity as a tool for fighting financial crime & corruption

Abstract:

In the given context, Digital Identity is only a form that constitutes pieces of evidence of core identifiers or attributes of an Individual, primarily associated with usage in more organized set-ups such as National IDs. If the digital identity is created, developed, and sustained in a regulated environment under the governmental policy, then the same becomes an identifier for allowing (means identifying the genuineness & authenticating) a commercial/financial transaction to pass through. This essay is directed towards understanding the nuances of digital identity, digital identity system, an existing use case of digital identity, a proposed digital identity with possible technology features, and the kind of policy changes required for using digital identity as a tool for fighting crime & corruption. The essay also covers the need for digital identity systems to promote transparency and integrity in the financial sector.

KEYWORDS: Digital Identity, Digital Identity System/s, Financial Crime & Corruption

Good to know; as we begin – The entire essay is explained through six literal idiomatic expressions which encompass a journey from “Let’s check it” (1), to “Let’s know it” (2). In the process, as we prosper and achieve, we say “That’s done” (3) to highlight the use case scenario. We will go on exploring a new approach, so to say “Let’s do it” (4), and finally arrive at a formidable spot “That’s needed” (5). And, we conclude by saying “That’s it” (6)!

1. Let’s check it!

 Organizations, firms, and business units which are working in the financial services sector, which are described by the acronym “BFSI”[1], the full form of which means Banking, Financial Services & Insurance, are facing tougher financial crime & corruption risk than ever before. According to recent Javelin’s 2019 Identity Fraud Study (2019, Summary), “The losses increased from US$ 3 billion in 2017 to US$ 3.4 billion in 2018, on the count of New Account Fraud (NAF), where fraudsters open new accounts under victims’ names[i].”

In the Experian India Fraud Report 2018-19, among the trends of fraud, Identity Theft (28%) is the largest contributor to the overall fraud distribution. This is despite the fact that India is amongst the pioneer in implementing the Digital Identity program which to date covers over 1.24 billion Indians, enrolled in Aadhaar[2], representing about 90% of the total estimated population. This goes on to clearly indicate that financial crime is only going to increase considering the usage of new methods of crime including identity theft by fraud perpetrators. Off late, many fraud detection firms have reported preventing more than millions of fraud attempts using fake or stolen identity credentials targeting mainly financial sectors.

At the same time, the regulatory environment is becoming increasingly stringent. According to a report from IBM, the average cost of a data breach has increased to US$ 3.92 million, which is a 1.6% increase in costs in 2018 and a 12% rise over the last five years[ii]. The year 2019 has already seen organizations slammed with sizable fines and settlements for security incidents or misusing customers’ information including Personal Identity Information (PII). Ever since GDPR[3] was launched, data regulators are getting more serious about companies that are not cognizant of consumer data protection.

Given the rise in the instances of fraud and the increasingly heavy fines for compliance failures, it has never been more urgent for businesses to digitize and strengthen their digital fraud prevention methods, which would go a long way to reduce the cost of compliance and increase efficiency.

Notes:

[1] Banking, financial services, and insurance (BFSI) is an industry term for companies that provide a range of such financial products or services.

[1] Aadhaar is a 12-digit unique identity number that can be obtained voluntarily by residents or passport holders of India, based on their biometric and demographic data.

[1] General Data Protection Regulation, European Union (EU)

2. Let’s know it!

• Digital Identity

 Digital identity is data about individuals stored and accessible through computer systems that closely link to their civil and national identities[iii]. The information contained in a digital identity allows for assessment and authentication of a user interacting with a business system on the web, without the involvement of human operators. Digital identities allow access to computers and the services provided are automated and make it possible for computers to mediate relationships.

The term “digital identity” also denotes certain aspects of civil and personal identity that have resulted from the widespread use of identity information to represent people in an acceptable trusted digital format in computer systems.

• Digital Identity System/s[iv]

Digital ID systems (DIS) use electronic means to assert and prove an individual’s official identity in online (digital) and/or in-person environments at various levels of assurance. DIS covers the process of identity proofing/enrolment and authentication. DIS can involve different operational models and may rely on various entities and uses types of technology, processes, and architecture.

Not all elements of a DIS are necessarily digital. In a DIS, identity proofing and enrolment can be digital or physical (documentary), or a combination, but binding, credentialing, authentication, and portability/federation (where applicable) must be digital.

• Financial Crime & Corruption

Financial crime has increasingly become a concern to financial institutions over the last few decades. If we consider the definition which is most prevalent in the countries like The UK, Europe, or The USA, Financial crime includes offenses such as money laundering, terrorist financing, fraud, bribery and corruption, market abuse, and insider trading. A financial crime is an act or attempted act against institutions, governments, or individuals by internal or external agents to illegally appropriate, defraud, manipulate, or circumvent legislation. The act of financial crime may or may not result in a monetary loss.

In the recent, Emerging Financial Crime Threats for 2019, published in ACAMS Today (January 30, 2019)[v], it is highlighted that “not just “traditional” money laundering that has jumped by leaps and bounds; electronic money laundering, in which actors take advantage of the online financial system, is also on the uptick. Black Friday 2018 set all sorts of records for the biggest online sales ever, the most money spent online ever, etc. Given the ubiquity of online shopping, it is natural that bad actors would take advantage of any way they can. That could include hacking websites, stealing customer credit card data, or credential stuffing scams when sites are trolled for user information in order to gain access to online bank accounts and other sensitive data.”

One can easily make out that all the above three concepts are interlinked and interconnected. With the increasing rise in digital transactions especially digital payments which are growing at an estimated 12.7% annually, and are forecast to reach 726 billion transactions annually by 2020[vi], an estimated 60% of world GDP will be digitalized by 2020[vii], its corresponding effect would be a playing field for fraudsters to deploy techniques of committing the financial crime.

Hence, it is vital to note that interalia; the usage of digital ID to fight financial crime is gathering momentum, driven by inter-connected factors such as greater connectivity and participation from the government. Amongst the examples, such as India’s Aadhaar ID system and New Zealand’s RealMe system which not only authenticates digital transactions but going further allows the opening of bank accounts smoothly with zero fraud risk and the possibility of financial crime. It is fascinating to note that digital identity and digital identity system plays a pivotal role in putting a stop to fraud risk of all kinds.

3. That’s done!

 As we move ahead in this journey, it is time to project an existing use case of a digital identity program. While there are various such programs that are successfully implemented across the globe, I would cover the Aadhaar[4] program in India as an existing use case. The testimony of the program was made when, Mr Paul Romer, Chief Economist, The World Bank commented that “The (Aadhaar) system in India is the most sophisticated (ID system) …………………………….[viii]”.

 The use of biometric technology in Aadhaar has made a compelling impact as far as the reduction in financial crime is concerned. The primary aim of bringing this system was to digitize the cash economy and allow the smooth flow of government benefits and transfers to the end users. With the gaining momentum, the Aadhaar ID system has made to use for various other purposes which include usage by Banks for providing banking services such as customer onboarding, etc. Likewise, Telecom Operators used the Aadhaar authentication facility to reach the masses by enabling and connecting them to the world.

Under the Aadhaar ecosystem, UIDAI[5] was created with the objective to issue Unique Identification numbers (UID), named “Aadhaar”, to all residents of India. The UID is (a) robust enough to eliminate duplicate and fake identities, and (b) verifiable and authenticable in an easy, cost-effective way.

UIDAI is responsible for Aadhaar enrolment and authentication, including operation and management of all stages of the Aadhaar life cycle, developing the policy, procedure, and system for issuing Aadhaar numbers to individuals and performing authentication and the security of identity information and authentication records of individuals.

So far more than 1.24 billion Aadhaar numbers are issued to the residents of India.

4. Let’s do it!

 Proposed digital identity with possible technology features – In today’s scenario, worldwide, there are various digital ID programs that are running successfully and they have been created with a sense of commitment to ease the functioning of both public as well as private sector units. For instance, GOV.UKVerify is a secure way for UK residents to prove who they are online. Similarly, Realme is another secure way for New Zealand residents to prove their identity.

It is wise to envisage a digital identity system or a program that caters to the varied needs of the organization or the country at large. Any proposed program must fulfill the following contours viz., (A) Uniqueness – a digital identity platform that has unique features to distinguish every single enrolment, (B) Scalability –  to allow the possibilities of usage in all the fields/services including an extension to financial services sectors to authenticate and on-board the customers, (C) Effective – to act as countermeasure towards preventing financial crime & corruption including curbing the digital identity thefts, which are on the rise due to technological advancements. While there are a few challenges in implementing digital ID programs which are on account of risks such as impersonation risks and synthetic IDs (involving cyber-attacks, data protection, and/or security breaches), etc. Nonetheless, the advantages are overpowering as compared to the risks associated.

So, the ideal proposed digital identity system or program should comply with the “The Power of Thrice…” which means it should pass the test each time after meeting all the three parameters viz., (a) Static parameter, (b) Dynamic parameter, and (c) Sub-dynamic parameters.

 To explain, every time to records the identity, the system will match and measure the (a) Static parameters such as fingerprints, IRIS scan, face recognition, etc., and then it moves to the second stage which is (b) Dynamic parameters such as an OTP in the linked mobile device and finally (c) sub-dynamic parameters such as IMEI No. of the mobile handset of the user.

The above approach will go beyond the routine and use the specification of mobile handsets as an additional factor in the system. It is more about creating a third layer of authentication.

5. That’s needed!

 Now that we know, digital IDs play a paramount role in curbing the potentialities of fraud and corruption, it is all the more important that the following 4 Tier regime is implemented to reduce financial crime & corruption:

6. That’s it!

 Research by the McKinsey Global Institute[ix] found that countries implementing good digital ID could unlock economic value equivalent to 3-6 % of GDP on average by 2030, making digital ID a potential force for inclusive growth, especially in emerging economies. In order to promote transparency and integrity in the financial sector a digital ID system enables an efficient means of due diligence of its customers.

For example, in India, The Reserve Bank of India (RBI) has permitted the Entities regulated under it to accept an Aadhaar identification number issued by the Government of India as an officially valid document (OVD) to further act as proof of identity as well as address in order to meet the regulatory CDD requirements of opening accounts. With the introduction of a digital ID, it solves the issue of costs as well as the security and reliability concerns.

However, according to Transparency International’s Global Corruption Barometer[x], “57% of the world population thinks their government is doing badly in the fight against corruption. Further, the United Nations estimates that every year globally, US $3.6 trillion is paid in bribes or acquired by other corrupt means.”

Thus, in order to tackle fraud and financial crime effectively, individuals, governments, and organizations must have the necessary knowledge, systems, and processes in place to deal with delinquent behaviors. Digital ID and Digital ID system/s will be the most powerful tool for fighting financial crime & corruption.

References

[1] Banking, financial services, and insurance (BFSI) is an industry term for companies that provide a range of such financial products or services.

[2] Aadhaar is a 12-digit unique identity number that can be obtained voluntarily by residents or passport holders of India, based on their biometric and demographic data.

[3] General Data Protection Regulation, European Union (EU)

[4] Aadhaar – meaning “foundation” in several Indian languages – is the largest biometric identity programme in the world. (Launched in the year 2009). Each Aadhaar recipient receives a unique 12-digit ID number, and submits their photo and their biometric data in the form of fingerprints and iris scans.

[5] The Unique Identification Authority of India (UIDAI) is a statutory authority established under the provisions of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (“Aadhaar Act 2016”) on 12 July 2016 by the Government of India.

[i] Kyle Marchini, Al Pascual (2019), 2019 Identity Fraud Study: Fraudsters Seek New Targets and Victims Bear the Brunt (Report)

[ii] Rudra Srinivas, 2019, 6 Times Data Regulators Churned Out High Penalties in 2019 (Article)

[iii] “Digital identity,” Wikipedia, https://en.wikipedia.org/wiki/Digital_identity

[iv] FATF (p12, 2019), draft guidance on Digital Identity

[v] Ron Teicher, CEO, EverCompliant, New York, NY, USA, Emerging Financial Crime Threats for 2019 (Jan, 2019), ACAMS Today

[vi] Capgemini & BNP Paribas (2018), World Payments Report 2018, accessed online at: https://worldpaymentsreport.com/wp-content/uploads/sites/5/2018/10/World-Payments-Report-2018.pdf

[vii] International Data Corportation (IDC), IDC FutureScape: Worldwide IT Industry 2019 Predictions

[viii] Media & Resources Media Quote/Unquote (2020) https://uidai.gov.in/media-resources/media/quote-unquote.html

[ix] “Infographic: What is good digital ID?” McKinsey Digital, April 2019, https://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/ infographic-what-is-good-digital-id

[x] Les Dobie, Head of Counter Fraud Training, CIPFA (January 6, 2020), https://www.ifac.org/knowledge-gateway/building-trust-ethics/discussion/tackling-fraud-and-financial-crime-global-public-sector-through-training-and-education

Note: This research paper was first submitted to NBD, in Jan 2020. Re-produced by the Author –  Abhishek R. Sharma