18 October 2017
Elizabeth Lumley
Elizabeth Lumley

Elizabeth Lumley

Elizabeth Lumley - Girl, Disrupted

165Posts 689,979Views 173Comments
Finance 2.0

Finance 2.0

A community for discussing the application of Web 2.0 technologies to financial services.

Don't you know who I am?!

01 February 2012  |  4927 views  |  11

No, this isn't a blog about that jobsworth bouncer at a Toronto bar who tried to stop me entering the Misys party at last year's Sibos (However, I did say 'I'm sooo Tweeting this!', before my colleague intervened - oh the shame....)

Anyway, I attended the always entertaining CSFI/Visa Europe roundtable last Thursday on digital identity. The meetings are under the Chatham House Rule, so I can't offer you lovely readers any juicy direct quotes, but I can blog away about what went on (that is fully within the spirit of the Rule, which was never meant to make a meeting private-if you don't believe me look it up) 

The roundtable focused on digital identity, and more specifically, how you identify yourself legally - such as when dealing with government agencies and your bank. 

Of course we all talked about dongles, two-factor identification, those little, bank-issued, password generator calculator things, what is not exactly happening with Project Gaia in the UK, as well as chatted about biometrics and "brain-wave identification". (That will be fun to see happen. I wonder how the public will react to a request from the likes of HSBC and Barclays to hook up with your cerebral cortex?)

The most vocal part of the roundtable came when people started discussing using third party systems or 'social sign-in', such as signing in via Amazon, or *gasp* Facebook, to gain access to pension information or your bank. 

Seriously, voices were raised, fists were pounded on the table, literally, and people barked back and forth saying things like: "There is a difference between soft identity and hard legal identity!", "You have no idea how banking really works!”, “I lock down my Facebook to the highest degree!"

...and my personal favourite:

"A terrorist could log into my bank!"

Which was met with a chorus of "That's not what we are saying AT ALL!"

To be fair no one was arguing that banks should allow (or even could allow) clients to log into their bank via Facebook and then be immediately approved for £500k mortgage on a house in Wandsworth-I mean, it's not 2005 anymore, people. 

But I was intrigued by the bank-side folks getting so worked up about 'hard identification' and dismissing 'soft and fluffy' identification coming in from the likes of Amazon and Facebook. I'll tell you why. 

I'm not native to these sceptre isles. I arrived in London on a cold wintery January in 1997, with three suitcases, a full-time job, and no bank account. (My pre-move conversation with Chase Manhattan Bank in New York about what they could offer a customer who was moving to London for 'one or two years' was met with a 'huh?').

So after two weeks working in London, I had:

  • A national insurance number
  • A full-time job
  • An address
  • A zone 1-3 travel card 
  • A paycheck

What I didn't have was:

  • Two utility bills for an address I'd lived in for over three months

Which meant I couldn't get a:

  • Bank account

Which means I couldn't (see where I'm going with this?):

  • Get paid

I went to several different high street banks eager to open a bank account, which would issue me with cheques, a debit card, an overdraft etc... so I could start buying rounds in the pub and basically contributing to the British economy. I was met with the same response at EVERY SINGLE BANK. "If you can't produce two utility bills, you can't open a bank account." 

I'm sorry, how is that 'hard' identification? How can that be better than doing an initial sign-in with something like Facebook? 

In 1997, the US-based financial director of my company had to call up the bank manager of the UK bank they did business with to beg them to give me a bank account. Seriously. Now, 15 years later, I am in full possession of a checking/savings account, ISAs, credit cards, child's trust fund and a mortgage (and a mobile phone). I thought, 'Today, in the 21st Century, UK banks couldn't possibly throw a young girl, looking to make it big in the world of journalism, out on the pavement without so much as a free pen anymore?'

But just a few months ago, I was talking with an American woman who had just transferred from her company's Los Angeles office to the London office. Practically, the first words out of her mouth to me about her first month in London were "I don't seem to be able to open a bank account..." This was 2011 - at least Facebook exists now.

For the record, personally, I'm not a big fan of signing in with Facebook - I'm hoping the issue of digital identity is solved by a digital wrap that is unique, and controlled, by each person-sort of a digital passport. But my point remains; a Facebook or Amazon sign-in is practically on par with "produce two utility bills" (and more likely to identify a newly arrived ex-pat) - so why all the big fuss?

Issues around digital identity will become increasingly urgent as the years move on and our already digitalised society continues its forward march towards a utopia ruled by robot overlords. Given the social, technical and political issues around identity - YOUR identity - I predict we shall see a lot more barking and fist slamming in rooms for some time to come. 

TagsSecurityRetail banking

Comments: (12)

A Finextra member
A Finextra member | 01 February, 2012, 23:05

Interesting post. I actually believe the Facebook login API is more secure than any bank login.  I would rather rely on the development of a login from one of the most talented technology businesses in the world than a bank. When I travel overseas and try to log into Facebook, it recognises that this might be dodgy and in some cases even blocks access.  Most banks could only dream of doing this. 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 02 February, 2012, 08:55

Seriously? A quick round robin here (UK) produced about a third had had their facebook hacked, but not one their online bank accounts - and most people had more than one bank's account.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
John Dring
John Dring - Intel Network Services - Swindon | 02 February, 2012, 09:00

Great blog. Almost a rant, but with a purpose.  I also counted 4 direct quotes, unless they were there for artistic licence.  No organisation wants to trust identification to a third party which is why we all have so many passwords.  But Utility Bills are third party orgs, and they are no longer government ones either.  If you were to choose a third party to validate address - why not the Post Office.  Surely these days they could almost digitally know every name at every address for the past 5 years?  If they can scan post codes on every letter, why not the name.  Link it with some agreements with Billing organisations like your utilities, and it would be a great Trusted Third Party.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 02 February, 2012, 09:31

You would be surprised how many online banking accounts get hacked. That is why there is a multi-billion dollar industry around reducing it. UK bank fraud losses continue to rise so whatever they are doing now isn’t working.

The other interesting component is the number of people who contact the bank due to a forgotten passcode incident. This costs money and is frustrating for the user. Most banks have in excess of 50,000 requests a month. Re-setting a passcode is also one of the more prevalent ways for a fraudster to hack an account. It’s a vicious cycle.

I would not propose a Facebook login as the sole means of authentication. Just as a part of it. It should obviously be combined with some other factors.  I think it is worth going for and will be interesting to see how Movenbank go with it in the US.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 02 February, 2012, 10:02

Just a couple of thoughts.  What about those of us who care not a jot about Facebook or Paypal and can live happily without them?  Will we be forced to join these schemes?  Not likely.  I'd sooner revert to branch banking.   Now there's a thought, face to face banking with someone you know and trust.  Or isn't that the 21st century way of doing things?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 02 February, 2012, 10:30

That assumes you 'trust' your bank, which increasingly these days people do not.  And that's not just populist anti-bank sentiment - its based on getting screwed over by 'faceless' bank organisations who do not want, and think they cannot afford, for you to talk to real people.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
David Birch
David Birch - Tomorrow's Transactions - London | 02 February, 2012, 12:13

Thanks for these reflections Liz. Just for clarification, the Chatham House rule is that you can say what as said, but not who said it. It's perfectly OK to say that someone said "X Y Z" at the meeting.

Look forward to seeing you at the final meeting in the series which will be on February 21st.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 02 February, 2012, 13:31

Perhaps it's just UK banks?

Personally I've never had a problem is opening accounts in Germany, France or Switzerland a couple of weeks after arriving.

Someone else posted about using Facebook for authentication with the aim of doing online banking.  Interesting post, and interesting comments.

Personally I would not 'trust' Facebook, and in any case I do not have a FB login...

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Elizabeth Lumley
Elizabeth Lumley - Girl, Disrupted - Crayford | 02 February, 2012, 15:18

Wow, look at all the comments! I guess I was right, this topic can stir up a pasionate response. 

To be clear I not specifcally arguing *for* social sign in. But it instead it seems strange that so many within the banking world (OK, it may be UK only) who freak out when someone says 'Facebook sign in'. Especially since, 'produce two envolopes with someone's name and address' was a perfectly acceptable (and not very efficient for people in my sitiuation) form of identification. 

I've also never heard anyone in the 'pro-social sign in camp' argue that signing in to a bank via a third party site should be the only form of identification required. No one is arguing that.

And thanks Dave B for the clarification. Yes, I can use quotes from the CSFI/Visa Europe roundtable-I just can't attribute them to a specific person. See you on the 21st!  

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 02 February, 2012, 15:30

The point is that you can get a facebook identity with no requirements for any proof of ID at all. Using that to prove or log into anything is akin to writing on a piece of paper "my name is John Fraud at xxx address" and expecting the bank to accept it. With utility bills, you have actually to pay something to set them up, and this will be checked by the utility company who will know if an address is already using the utility - a disincentive for fraud - especially if you have to set up two of them.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 02 February, 2012, 17:17

Great blog Elizabeth, and yes a lively CSFI Round Table- and in its own way definitely about "Innovation". Hopefully in the final RT we can move the debate on from the pure Identity /Utiltiy Bills aspects blah blah blah (which can get quite torrid) toward some real world liability aspects- and maybe focus a bit on the corporate/business/public sector aspects of assurance- specifically what happens when it all goes wrong, what if one relies upon a credential which it turns out was wrongly issued, it was bogus,it had expired or been revoked- where does the buck stop, how is liability managed ? If we can crack the interplay between the technical and legal, the operational and the "policy" dimensions of trusted electronic credentials, then (albeit maybe with some kickin'and screamin' from a few quarters), we can actually make progress along the road.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 06 February, 2012, 13:50

Following up on the commentator who would be happy to go to his bank branch - I'm afraid that doesn't work in the 21st century - the staff in my branch change so often that they have no idea who I am. So when I go into my own branch to do something other than pay money in I still have to produce identification - passport or driving license, or - in the absence of those - the inevitable utility bill.

Is this just because the UK doesn't require identity cards? Do those European countries with ID cards (Germany, Portugal for example) avoid this problem?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Elizabeth

FinTech does not live in London - It is global

29 June 2016  |  8865 views  |  0 comments | recomends Recommends 0 TagsInnovationBrexit

Invest in dirty fingernails, not manicured hands

20 April 2016  |  3661 views  |  2 comments | recomends Recommends 1 TagsInnovationStart ups

Trust me, it's not a secret

17 February 2016  |  2874 views  |  2 comments | recomends Recommends 1 TagsInnovationStart upsGroupWomen in Technology

Fix the crumbling infrastructure or DIE!

06 January 2016  |  2587 views  |  3 comments | recomends Recommends 1 TagsRetail bankingInnovation

You can believe in unicorns, I’d rather plant seeds

09 November 2015  |  2869 views  |  2 comments | recomends Recommends 1 TagsInnovationStart ups

Elizabeth's profile

job title Global FinTech Commentator
location Crayford
member since 2009
Summary profile See full profile »
Global FinTech commentator. Author of the Girl, Disrupted blog

Elizabeth's expertise

Member since 2007
165 posts173 comments

Who's commenting on Elizabeth's posts