2020 was already shaping up to be a busy year and that was before the pandemic hit, OneSpan’s director of global regulations and standards Michael Magrath said.
Mr. Magrath said the COVID-19 pandemic impacted the financial services industry by forcing many institutions to immediately change their service models. While closing branches is nothing new, closing them all at once is. The banks who most successfully adapted tended to be the ones who were proactive in implementing their onboarding capabilities prior to the pandemic as they developed competitive advantages through streamlining various processes. Those who had not addressed these areas had to learn quickly if they hoped to retain business.
That has contributed to rapid growth in electronic signature capabilities, as many institutions rush to maintain service to their clientele. Some states had to enact temporary online notarization approvals and many of those changes could become permanent.
Those institutions looking for help in choosing the technology that takes them to the next level of service will soon have some help, Mr. Magrath said. The FIDO Alliance, which promotes the use of development and compliance with standards for device authentication and device attestation, is developing standards for vendors like OneSpan, who can achieve certification for the different services they offer. Companies can submit their technologies for independent audits.
Fraud patterns have changed since the pandemic’s onset, Mr. Magrath said. The Financial Crimes Enforcement Network (FinCen) reports since the pandemic’s onset the number of fraudulent attempts including identity theft, account takeovers and business email takeovers is averaging one billion per month.
The United States has been well-positioned for this transition to digital identities for a few years, Mr. Magrath said. FinCen’s Financial Action Task Force provided early guidance around digital identities and led the way for global adoption.
The outcome of the election will dictate the pace of regulation and decide the fate of many proposals related to data privacy and protection. The California Consumer Protection Act (CCPA) played a key role in promoting many of the proposals currently tabled.
“California was the first in the United States that had done this and created a wave of legislation,” Mr. Magrath said. “Most didn’t go anywhere.”
That could change for a couple of reasons. Other regions, notably the European Union, are enacting stronger protocols than the CCPA. That could encourage other jurisdictions to rise to the same level. Should the Democrats wind up with control of both the House of Representatives and the Senate, it would provide a more conducive environment for legislation than the Trump Administration, which has focused on deregulation.
“I think you are going to see a lot more legislation passed as it relates to consumer privacy and data protection,” Mr. Magrath said when asked of the difference should Democrats control both bodies.
Amendments to existing legislation also need to be watched, Mr. Magrath noted. In 2019 the Federal Trade Commission introduced amendments to the Gramm-Leach-Bliley (aka the Financial Services Modernization) Act around safeguarding and privacy rules that will impact not just financial institutions but any organization involved in credit provision, including universities offering financial aid and hospitals’ payment plans. They must encrypt all customer data and implement stringent access controls.
“That’s going to have tremendous impact on financial institutions,” Mr. Magrath said. “Many of them have already implemented some of these but not all.”
Different regions take different approaches to regulation, Mr. Magrath said. In the United States, each state does its own thing unless federal laws usurp a certain area. In Asia, Hong Kong and Sinagpore are very proactive. The Monetary Authority of Singapore regularly publishes guidance.
The European Union has also been a leader through PSD and PSD2, Mr. Magrath noted. The region is developing a next-generation digital ID through its Electronic identification and Trust Services initiative, which it describes as “key enablers for secure cross-border electronic transactions and central building blocks of the Digital Single Market”.
“What the EU is trying to do is to be the standard for interoperability through the member states for online ID solutions,” Mr. Magrath said.
In the United States, Congressman Bill Foster (D-IL), Congressman John Katko (R-NY), Congressman Jim Langevin (D-RI), and Congressman Barry Loudermilk (R-GA) introduced the bipartisan Improving Digital Identity Act of 2020. It seeks to modernize the country’s digital identity structure by establishing a task force including all levels of government to develop secure methods for government agencies to validate digital identity attributes. The proposal also calls for new standards to guide government agencies when providing digital identity services and would provide grants to help states upgrade their infrastructure.
“There’s no digital identity strategy in the United States and the pandemic’s exposed that,” Mr. Magrath said. “The bill would create a presidential task force to establish secure methods for federal, state and local government agencies to validate identity attributes and support digital identity verification for the public and private sectors.
“It’s a game changer.”
While voice printing is one area of biometrics gaining traction, it is facial biometrics which have policy makers’ attention, Mr. Magrath said. A Senate bill introduced earlier this year would have prohibited private sector businesses from collecting biometric data without consumer consent. While it did not proceed, there is momentum gaining towards such measures.
Facial biometrics face several challenges, Mr. Magrath explained. The industry has made good progress on properly assessing people with darker skin tones, but deep fakes are a real world problem and a big challenge for the industry.
Better education is needed so society can understand the different uses of facial biometrics and the safeguards already in place to protect consumers, Mr. Magrath said. While the media often lumps it all together and builds off science fiction and popular culture, existing technology keeps your information securely on your device without ever transferring it to the authenticating authority
“It’s very important for the industry to convey those differences so it doesn’t get lumped in that all biometrics are bad,” Mr. Magrath said. “That’s my fear, that policy makers wont see that distinction.”
Contributors
