Digital Identity & Bank's KYC
As EIDAS was slowly approaching, banks in the EU started to think of potential new opportunities: Would they consume digital identities, or would they produce it?
We had the idea that banks could produce sound and secure, verified Digital Identities. It felt about right, as the Digital Identity Framework would be decentralized by design, through the banking network.
We went as far as designing what this digital identity would be like: proposing to reuse the PKI protocols, adding a couple of data to reflect the identity, without disclosing sensitive material. The format looked like our current JWT, except that this JWT format did not exist yet - so we're quite proud. We also took part in oAuth2 and OpenID frameworks, so that's cool.
If technology seemed ready to us, we understood very early in the "E3" project (a project launched by a large french bank) that it would need some convincing. So what we did was get together a few banks: ING and BNP Paribas for starters, and started to scope what KYC would look like if a bank was to use a Digital Identity delivered by another bank. Well, it looked great. Pricing was a challenge, though, and we proposed a time-based model where price would go down week after week, until it was eventually too old. This framework was compatible with the expiry of KYCs, though it did reduce the Business Case of Banks.
UK's initiative was just starting with Barclays, and the pain point for them was also the pricing: the initiative lasted only as long as the government's subsidy.
Not discouraged, we identified a French Electronic Signature provider, compliant with the toughest legislations in Europe, and capable of extending is current product to our "proto-JWT" concept. We created the meetings, pitches and business cases to frame our vision, and BNP Paribas nearly bought the start-up.
Unfortunately, Fédération Bancaire Française completely rejected the idea of banks providing Digital Identities, arguing it should remain a centralized, state service. And so the project ended, banks now are doomed to buy KYC verifications from pure-players such as PVID solutions or Facial Recognition tools.
But hey, we tried. And on the way, we contribted to design some of the good stuff of today, trying to keep this decentralized, as we think it should.