Many transactions do not need to establish the identity of involved parties. In fact, some may even demand anonymity. However, establishing identities is necessary for delivering and accessing most financial products and services.
The basis of identity
For the execution of several financial transactions with information requirements about involved parties – age or permanent address – systems have to be in place to ascertain the veracity of available information. Current identity systems limit innovation as well as efficient and secure delivery of financial services. Many fintech firms attempt to provide a purely digital experience to their customers, but the step of identifying customers invariably forces them to use physical channels.
In September 2018, the Supreme Court upheld the constitutional validity and legitimacy of the Aadhaar programme but diluted the mandatory and pervasive nature of the largest biometric-linked national ID system in the world. While Aadhaar can be linked with the delivery of benefits and services under government-aided welfare schemes, the use of Aadhaar details by private companies was declared unconstitutional unless a privatised use has clear sanction of law and passes judicial scrutiny.
A major highlight of the landmark ruling was that section 57 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act 2016, (which dealt with the use of data from biometric authentication in Aadhaar by private companies or corporate bodies) was quashed. While compulsory linking of Aadhaar to PAN cards was held valid, private companies demanding Aadhaar details to link it with mobile numbers and bank accounts of consumers was held unconstitutional. The Aadhar ruling recognised the urgent need for a comprehensive data protection framework for the next billion users of the Internet, many of whom will be connected with formal banking systems for the first time. However, many areas of concerns still remain and certain gaps in India’s digital identity landscape have widened.
Fintech companies have been raising concerns of adverse effects of this ruling. These companies, especially startups, are convinced that establishing the identity of new or existing customers through physical channels will not only increase operational difficulties, it will make the verification process error-prone, expensive (`200-300 per customer) and timeconsuming. Even though concerns of data privacy and security have partly been addressed, the overall pace of digitalisation of banking in India will suffer since the fintech industry cannot rely on quick Aadhaar-based e-KYC to establish the identity of new customers.
Address the risk
There are five factors that drive the need to access and verify identity digitally – growth in transaction volume and complexity, expectation of efficiency in service delivery, and regulatory stringency. Documents can be modified, falsified, lost or stolen. Identity establishment process that is based on physical document doesn’t need to demonstrate the link between the individual and the document leading to the possibility of identity frauds. Innovative firms in the digital payments industry require users to establish identity through physical channels or semi-digital channels, for example uploading a scanned picture or copy of driving licence/PAN/passport, or rely on the KYC process undertaken by some other financial institution.
At the heart of the business model of digital lenders and insurers is understanding borrower risk. For this, validation of basic borrower information, based on physical or semi-digital channels, is critical. Ability to verify identity of customers digitally has the potential to offer customised and seamless financial products and services. However, digital identity systems have their pitfalls. Users may not adopt them because of lack of trust in a system’s purpose.
Additionally, inadequate data protection and poor technological platform and design pose major challenges. A robust identity system should have the characteristic of being able to operate effectively, based on wide scope and scale and yet not allow pervasive use of digital identity by providing more control to the consumers about when and what identity attributes could be shared.
Private firms can help
Since the use of Aadhaar by private bodies for establishing user identity is not allowed anymore, what alternative digital systems can we have? And who can build that? There is a strong case for a consortium of financial institutions to build a system that is secure, which is not overarching in its use, which furnishes user information to right entities under the right circumstances, and furthermore provides users more control over their information. Financial institutions have several structural advantages in building a new identity system. Establishing user identity is a critical part of their operations and they already spend substantial amount of time and money in establishing identities. Financial institutions are not only connected to individuals but also to various other stakeholders – companies, regulators, and people. An efficient digital identity system can make their KYC compliance easier and more accurate. Bank passbooks have long served as a way of establishing identities by private parties, a digital identity system may open a new revenue stream through wider usage.
Financial institutions have more experience and sophistication in data privacy and security. Quicker and more reliable access to user information will enable financial institutions to structure improved product and services pricing insurance services, advisory, and loan disbursement. Financial institutions can access better information, after securing user consent. They have a vested interest in building an identity system that follows global standards around data protection to mitigate the possibility of misuse, malpractice and fraud.