skip to content
Banks & SSI

Self-sovereign identity: The key role of banks

Legislation requires financial institutions to verify customer data and keep it up to date. Since authentication procedures are an integral part of banks’ daily business, they will play a key role in the creation of decentralised identities in the coming years. Self-sovereign identity (SSI) is only more secure if the data is verified beforehand. Banks can perform the task with little effort and draw from their existing structures.

Weaknesses of the current Single Sign-On

Every internet user has numerous identities. From online shopping to social media channels to online banking: customers have to register with a personal login on the service provider’s website in order to use a certain offer. To make such processes more user-friendly, large tech groups such as Google, Facebook or Apple already offer single sign-on (SSO). If service providers implement the corresponding interface in their website or app, users can log in with their Google or Apple ID, for example, without having to go through a registration process. Those large tech corporations are also creating huge data silos. Internet giants do not have to verify the respective personal data stored in the ID. Users can therefore set up a fake ID with a false name and contact details and use third-party services. SSO as it is used today is therefore not suitable for interactions between companies and customers that require a digital signature or at least a doubtless identification.

Physical ID documents are unnecessary with the SSI

A digital identity should be capable of identifying the user beyond doubt. At the same time, however, this requires that the personal data that make it possible to identify the user remain in his or her possession. The NemID introduced in Denmark a few years ago is a digital identity that fulfils these requirements to a large extent. 90% of the citizens in Denmark use the NemID. The system was developed under the leadership of the Danish government in close cooperation with banks and other private companies.

The criticism of the system primarily concerns cryptographic security. However, due to the success of the NemID, those responsible have already presented the public with a successor, the MitID. This should also eliminate this problem. In practice, the Danish digital identity already replaces physical identity documents as well as the personal signature under a document. In contrast to the electronic identity card used in Germany, which only has rudimentary functions of a digital identity, the system is easy to use, which leads to significantly more acceptance in society.

Banks play an important role in the introduction of SSI

The Danish path is going in the right direction. However, this path illustrates above all that the legislature and the private sector must pull together to establish a digital identity. Banks in particular will have to fulfil important tasks. Self-sovereign identity requires the verification of attributes before subsequently depositing encrypted certificates in the blockchain. Since banks are already legally obliged to verify customer information, they are predestined to feed the corresponding proofs into the open ecosystem. For banks, this offers a new business field that is easy to tap into. Supervisory authorities monitor financial institutions that are subject to strict legal regulations. This creates trust among citizens. At the same time, banks have the necessary infrastructure to transmit data securely.

An ecosystem of decentralised identities must be openly designed

There are still some hurdles. First of all, a digital identity established on an exclusively nation-state level is not expedient. In particular, the networking of European states requires the creation of open structures. With the EUid, initial efforts are already being made on the political side to meet this requirement, but it is important that companies are more closely involved in this process. Furthermore, cross-industry standards for the identification of persons and the exchange of personal data must be created and be internationally valid. In the end, citizens and (financial) companies alike will benefit from greater data security and simplified processes.