Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories ยป
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Banks really know their customers

A few months ago, the Australian banking consortium BPAY announced the cancellation of its promising and well funded account portabilty MAMBO. What does this mean for the even more audacious plans for federated identity in banking?  The US government's National Strategy for Trusted Identities in Cyberspace (NSTIC) envisions using university student cards to log onto banks; on Finextra's pages, Brett King argues that social logon is inevitable in banking.  The MAMBO experience suggests otherwise.

Project MAMBO ran for four years from 2007 and strived to leverage the hugely successful BPAY online billing infrastructure.  With BPAY, tens of thousands of Australian businesses have unique Biller Numbers that are recognised by all institutions; it was thought that individual customers could equally be given Biller Numbers independent from their home banks and through which they could receive funds from any other account.  This would break the back of the account portability problem, providing life-long account identifiers.

Bank account numbers are classic examples of digital identities. They might look like simple numbers, but they're really proxies for the relationships that different customers have with their institution. If it seems intuitive that a number should be portable, the intuition is simply wrong, for the relationships that stand behind each account are complex, amorphous, context-dependent and not intrinsically interoperable.

The real reason banks are uncomfortable allowing others to leverage their customer identification is that it would require them to warrant customer identity in transactions over which the bank has no control. This is an untenable risk management situation. Existing identification protocols and contracts do not contemplate customers asserting their bona fides to third parties unrelated to the bank. To fill in the gaps, federated identity contracts have to join these extra parties somehow to the bank, and put limits on exactly what the customers can do with the extended identities. The contracts become unusually complex compared with regular banking agreements.

So there is no theoretical barrier to federating identities but the legal arrangements become utterly unwieldy, as MAMBO evidently discovered.

Account portability and federating identities across governments, universities and social networks sounds straightforward but it actually entails re-engineering the ways that banks relate to their customers. The cost of creating a whole new customer management paradigm is just not worth it. 

4459
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (1)

A Finextra member
A Finextra member 22 December, 2011, 10:00Be the first to give this comment the thumbs up 0 likes

Great post.  Having universal bank account IDs sounds great in theory, at least for the customer and portable mobile phone numbers are a given in many countries now.

But there's more to it, as you explain.

For the record I have yet to change bank ever (having lived in four countries).

Report abuse
Join the discussion
Stephen Wilson

Stephen Wilson

Managing Director

Lockstep Consulting

Member since

24 Apr 2008

Location

Sydney

Blog posts

34

Comments

183

More from Stephen

Blog post

Now is not the time to go soft

Blog post

How much worse can CNP fraud get?

Blog post

Credit card numbers are like nitroglycerine

Blog post

Banks really know their customers

Now hiring

See more