About the author: Vadim Slavin is GlobaliD’s Director of the Credentials Platform. The Credentials Platform (CP) is a marketplace for verifiable credentials, which enables users of GlobaliD to discover, request, and share identity verification and other services offered by third-party issuers.
As many of you are already aware, regulators are working closely with industry participants to chart the future of digital identity. One venue to foster such interactions are sponsored tech springs designed to catalyze deep thinking and develop solutions for some of the industry’s toughest problems.
Last month, I was chosen to participate in the latest such tech sprint, sponsored by the Department of the Treasury/Financial Crimes Enforcement Network (FinCEN) and Federal Deposit Insurance Corporation (FDIC). Of the 200 people who applied, 60 were selected and placed in eight teams.
My team, ConfIDence Labs, included:
- Vadim Slavin, GlobaliD
- Dakota Clum, Bonifii
- Nancy Guglielmo, Bank Policy Institute
- Elizabeth Cronan, GeoComply
- Tracy Manning, LexisNexis Risk Solutions
- Michael Engle, 1Kosmos
- Candler Eve, MidFirst Bank”
Measuring digital identity effectiveness
This tech sprint was not about offering the best approaches to digital identity. (I must have missed that one.) Instead, the focus was on measuring the effectiveness of digital identity proofing.
According to Fincen and the FDIC, digital identity proofing is defined as “the process used to collect, validate, and verify information about a person.”
Here’s how they described the purpose of the sprint:
Digital identity proofing is a foundational element to enable digital financial services to function properly. This element is challenged by the proliferation of compromised personally identifiable information (PII), the increasing use of synthetic identities, and the presence of multiple, varied approaches to identity proofing. Simultaneously, technological developments are enabling dynamic identity evidence such as state mobile driver’s licenses (mDLs) or other identity credentials that are frequently updatable and interoperable, as well as behavioral analytics.
After three weeks of brainstorming and meeting with FDIC and FinCEN, eight participating teams developed solutions addressing the problem statement:
“What is a scalable, cost-efficient, risk-based solution to measure the effectiveness of digital identity proofing to ensure that individuals who remotely (i.e., not in person) present themselves for financial activities are who they claim to be?”
In short, the U.S. government wanted to know how to compare one solution, process, or program to another. For example, if we were to compare the sign-up process for Coinbase and Bank of America, we needed to determine which onboarding flow was “better.”
Everyone on team ConfIDence Labs had unique views on the subject, naturally bringing learnings from their own company’s approaches. We decided that we needed an objective scoring criteria that reflected adherence to principles of identity assurance levels such as the ones spelled out by NIST and risk scoring tactics such as the one suggested by the UK government.
Additionally, we wanted to bring to light other attributes of identity proofing that we felt were just as important — inclusion, compliance, adoptability, and, of course, security.
The end result was a worksheet — not unlike the one required for assessing SOC2 compliance — where each of the above 5 rubrics are scored independently and objectively.
An example of an assessment based on our proposed scoring rubrics
Of our proposed scoring rubrics, Assurance was the most fleshed out. We envisioned a scoring mechanism that would reward cross-referencing verifications of each attribute of a user’s profile. In other words, there is higher assurance in someone’s identity if multiple sources of evidence were used to verify the same information — such as a customer’s name, email, or government ID.
Taking all of this one step further, we pitched a sandbox environment where financial institutions could offer their identity proofing programs for objective evaluation using our scoring framework. Not only that, they would be able to mix and match different third-party verification service providers to get to a better score. You could imagine a future where multiple service providers compete based on their evaluation scores.
Our proposed sandbox environment
For our efforts, three awards were given across three categories — Creativity, Effectiveness / Impact, Market Readiness.
For the Creativity category, which Team ConfIDence Labs (my team) ultimately won, the U.S. government provided the following requirements:
- How substantively new or different is the Tech Sprint Team’s approach from those currently considered in the marketplace?
- To what degree does the approach introduce a potential paradigm shift in how financial institutions and regulators can measure the effectiveness of digital identity proofing?
- Does the approach present an innovative way of encouraging small to midsize financial institutions to deploy or more effectively deploy digital identity proofing technologies?
First, I’d like to thank all of my teammates. It was a pleasure learning from them and working together toward the common goal of improving digital identity systems.
As a team, we also applaud FinCEN and the FDIC for these continued engagement efforts with the industry. The purpose of this latest digital identity tech sprint was to get the conversation started, seed new ideas, and nudge us toward industry cooperation.
Mission accomplished, I’d say.
Martin Henning, FDIC’s Deputy Director Operational Risk, echoed these sentiments:
“We brought together a diverse collection of innovative and energetic minds to think deeply about how we can ensure bank customers are who they claim to be in our increasingly digital age. Helping financial institutions to stop identity fraud will help us to continue to have confidence in the safety and soundness of our banks and the integrity of the U.S. banking system.”
“We are grateful for the partnership of the FDIC and the participation of all the Tech Sprint teams. It is critical that financial institutions have reliable ways to identify their customers, particularly in our increasingly digital world,” said Him Das, the Acting Director of FinCEN. “Identity is a fundamental cornerstone of financial integrity, and identity proofing is precisely the type of complex issue that benefits from public–private collaborations like this Tech Sprint.”
We look forward to the next one!