Digital identification, or “digital ID,” provides a new frontier in value creation for individuals and institutions around the world. Nearly one billion people globally lack a legally recognized form of identification, and can be denied access to government aid, health care, financial services, the labor market, the ability to secure property rights and register a business. And digital ID can also help the rest of the world’s inhabitants, about 6.6 billion people, who either have some form of ID but limited access to online services, or are active online but struggle to keep track of their digital footprint securely and efficiently.
For all these individuals, “good” digital ID can unlock access to a safe and secure digital world in the economic, social, and political realms. Good digital ID provides verification and authentication to a high degree of assurance, uniqueness, individual consent, protection of user privacy, and control over personal data. This can be a boon for individuals and societies as a whole if implemented correctly. According to research from the McKinsey Global Institute, countries implementing digital ID could unlock value equivalent to 3 to 13 percent of GDP by 2030. Already, digital ID systems have been implemented with some success in a few countries, spearheaded by government agencies (such as eID in Estonia and Aadhaar in India), or consortia of institutions (such as the financial institution-led digital ID systems of SecureKey Concierge in Canada and BankID in Sweden).
For banks, digital ID can improve customer experience and boost productivity, while improving risk management. In the United Kingdom, for example, nearly 25 percent of all financial applications are abandoned due to difficulties in the registration process,[1] which digital ID could help smooth by enabling streamlined authentication. Digital ID can also improve the quality and lower the cost of ongoing customer service–one study found that about 30 percent of calls to banks’ call centers were requests for account access due to misplaced or forgotten passwords. Moreover, as employers, banks can use digital ID to extend and improve talent matching and streamline employee authentication, thereby filling open positions more rapidly with better qualified candidates.
At the same time, digital ID can help banks improve risk management, including through streamlined know your customer (KYC) processes, better fraud management, and improved protection of customer data against cyber threats.
KYC rules require banks to verify the identity of individuals opening an account. Institutions can use digital ID to expand their customer base rapidly and cost-effectively by using digital ID to comply with these requirements. This would mean eliminating manual processing of paper documentation and the need for in-person verification of the account holder’s identity. For example, in India, the use of Aadhaar-enabled e-KYC for registration accompanied an increase in financial accounts from 48 million in 2016–17 to 138 million in 2017–18.[2] At the same time, Aadhar reportedly reduced the cost of KYC verification for financial institutions from approximately $5 to approximately $0.70 per customer.[3] In other markets, we anticipate that moving from paper to digital ID-based KYC will yield similar cost reductions, while also reducing error.
McKinsey estimates that synthetic identity fraud–in which criminals use fictitious IDs to secure credit–is the fastest-growing type of financial crime in the United States, and that in 2016 it was responsible for up to 20 percent of defaulted credit card debt, costing lenders worldwide an estimated $6 billion. Financial institutions can reduce such forms of theft and fraud through the use of high assurance method of identity verification enabled by digital ID.
Low-assurance interactions also contribute to the potential of cybersecurity breaches, which pose increasing risk for the digital economy, including to banks and their customers. Digital ID can help assure online transactions in a way that is safer and easier to manage than having a multitude of online accounts, as is common for people in many developed economies today.
Despite the significant promise, digital ID presents risks of its own that need proper controls. To start with, there is the potential for misuse: digital ID technologies are akin to “dual use” technologies—such as social media, GPS, or even nuclear energy—that can be used both to benefit society and for undesirable purposes by governments, institutions, or individual actors. History provides ugly examples of misuse of traditional identification programs, including tracking or persecuting ethnic and religious groups. If improperly designed, digital ID could be used in targeted ways against the interests of individuals or groups by governments or the private sector. To guard against such misuse, the individual consent and protection of user privacy and control over personal data components of “good” digital ID are critical.
But even when digital ID is used with good intent, risks of two sorts must be addressed. First, digital ID is inherently exposed to risks already present in other digital technologies with large-scale population-level usage. Indeed, the connectivity and information sharing that create the value of digital ID also contribute to potential dangers. Whether it is data breaches and cyber-intrusions, failure of technical systems, or concerns over the control and misuse of personal data, policy makers around the world today are grappling with a host of potential new dangers related to the digital ecosystem.
Second, some risks associated with conventional ID programs also pertain in some measure to digital ID. They include human execution error, unauthorized credential use, and the exclusion of individuals. In addition, some risks associated with conventional IDs may manifest in new ways as individuals newly use digital interfaces. Digital ID could meaningfully reduce many such risks by minimizing opportunity for manual error or breaches of conduct.
Capturing the value of good digital ID is by no means certain or automatic. However, the magnitude of the opportunity heightens the imperative for understanding and addressing the very real risks and potential for misuse of digital ID. Careful system design and well-considered government policies are needed to promote adoption and manage associated risks. When in place banks, together with individuals and society at large, stand to gain.
[1] Private sector economic impacts from identification systems, World Bank, 2018.
[2] Ronald Abraham et al., State of Aadhaar report, 2017–18, IDinsight, May 2018.
[3] Alan Gelb and Anna Diofasi Metz, “Identification revolution: Can digital ID be harnessed for development?” Center for Global Development, October 2017.