At least for the foreseeable future, the big players in banking aren’t going anywhere and they remain some of the most trusted institutions in our society, despite what people might say (very much a case of put your money where your mouth is). Despite a
massive rise in purely online banks, mobile banks, and the multitude of fintechs appearing on the market, when it comes to savings, mortgages, car loans, and debit cards, the incumbents are still sitting pretty. Open Banking is supposed to come in and open
up this world for the new kids on the block, but could PSD2’s new SCA (Strong Customer Authentication) requirements add a difficult to compete with advantage to the incumbents?
SCA doesn’t just mean banks will be able to cut down on fraud when their customers log in, buy products online, or pay bills, it will mean they will improve the level of assurance connected to activities carried out remotely by their customers. This means
high value products and services that previously required in-person document presentation and hand-written signatures, can be offered remotely, 24/7, using highly trusted digital identities. The concern that a mortgage or car loan might be applied for without
the consent of the account holder can be removed if truly strong authentication is in place.
But strong customer authentication can lead to even more, and banks in Northern Europe can attest to this. Massive savings have been achieved by these banks, from the above products being offered online, to reduced in-person customer service requirements,
which both meant huge reductions in physical branches. Scandinavia is a great example of this, with up to 40% drops in bank branches over 10 years, and well over €100M saved each year across banking sectors.
Even if SCA forces banks in Europe to make the changes that will lead to them being in the awful position of being able to cut physical branches and offer customers a better purchasing experience, while cutting costs in the processes, it could lead to more
again. These Northern European banks have been at the centre of the world’s most successful, high population-penetrating, long term digital identity services. Because banks aren’t the only businesses that involve high assurance transactions, a digital identity
that was trusted by long standing banks was of value to others in the market, and suddenly, banks had another revenue stream.
Large banks also solve the two-sided market issue, or the classic chicken and egg conundrum. For citizens to be interested in a digital identity, there must be value associated with it. That is to say, there must be services that require it, without another
option, that’s used on a regular basis, that also make life easier. For services to create something like this, there must be users already using the digital identity. This is where the large banks come in. Large banks understandably require a certain level
of security, and involve high assurance enrolment procedures, and actually create digital identities for their customers in order to offer certain services online, used several times a week by the customers. Another advantage is that the big players also boast
large swathes of the population. It’s hard to think of another service, public or private, that can offer the same.
So, we look again at Scandinavia and Estonia that have long standing digital identities used by their citizens with 75%-95% penetration rates. Banks have either created the service and platform, heavily invested in them, or have been early adopters, leading
to their success. And it’s not just banks that benefit. It’s been seen that businesses that make use of these widely used digital identities save tens of millions a year as well. So now, customers of these banks have, by default, a digital identity that’s
trusted by other services they use like insurance, rentals, utilities and more. They no longer have to print and fill out forms, sign them, and then mail them in, they no longer have to scan leasing agreements, or get notaries involved to prove who they are
when they can’t reach a bricks and mortar location for these services. They just give the bank permission to share the necessary details such as address, full name, age, etc. and what used to be hassle to apply for is done while the kettle boils.
New business customers of the bank that want to use this digital identity service need not worry about the information shared by the bank, because they can be confident in the knowledge the bank, due to strict industry regulations, has done its due diligence
and really does know their customer. For the end-user, banks don’t pose so much concern when it comes to privacy, as they are often already involved. So, “letting” them know you’ve just tried to buy car insurance or rent a van by using their digital identity
service doesn’t really give them any more data than they were going to have, as the transaction was going to go through them anyway.
The largest mobile banks still pale in comparison to the largest traditional banks with regards to customers. If the top three UK banks each decided to offer a digital identity service to other businesses looking to offer more of their high assurance services
online, they’d cover a majority of the population and it would take very little for those other online services to use APIs to offer digital signing and verification to the customers of those top banks. It would be an attractive service to take advantage of,
and one, that could be difficult to compete with for smaller banks, or new to the market banks.
If banks take SCA seriously and choose truly strong authentication solutions, they might find themselves in the digital identity business with a much wider variety of online offerings than previously thought possible.