The converse of KYC and AML is identity management.
If we had effective identity management where everyone could be identified as a unique person with certainty and securely, we would not have the issue of AML and KYC given to the banking system.
The issue with identity is that no-one wants to own the problem.
Governments give us passports and driving licences; banks give us accounts based upon these identifiers PLUS utility bills; and these are the two key identifiers in our lives.
But they are not sufficient, as both can be easily compromised.
Passports can be copied and bank accounts can be hacked.
It’s not as easy as it used to be – it used to be just a clever forger who could copy your identifiers, but chips and biometrics are changing the passport game – but it is still relatively simple to compromise identities, particularly when people are so loose with their information online.
For example, there are many people who were early adopters of Facebook.
They friended everyone and felt the more friends they had, the more important they were.
They post all their personal information online – their location, relationships, email addresses, birth date and more.
This information can be made private – look at Facebook’s latest privacy settings.
It used to be that you could only set privacy at the overall account level to visible or invisible.
Then it became privacy at all levels, and delineated into friends, friends of friends or everyone.
Even so, it still does not mean that users have retrospectively gone back and changed their privacy settings.
Nor does it mean that Facebook’s evolution has not already compromised some people’s privacy, including Mark Zuckerberg’s:
This is not the first time his privacy has been compromised. In fact, it seems to happy pretty regularly, although he is obviously a target.
Neverthelesss, it’s pretty worrying when such a leaky service that compromises people’s identity secrets is now being touted as the next identity management system.
This is not the way things should be, but it is the way things might be and could be.
We have multiple identities and identity owners – governments and financial institutions – which should be working together, but don’t work together effectively to manage them.
Sometimes we think that the solution would be to have a single identity management system all governments and financiers use.
The only trouble with that is that it might get compromised and then what would you do.
If you have multiple identities and one gets compromised, you can change it and move on whilst using your other identities.
If you only ever had one and that was compromised, then you have an issue as you cannot recreate your single identity so simply.
Or so I’m told, although I don’t accept that assertion.
There should be a way to create a simple identity system, and yet I’ve now seen so many companies created in the technology space to offer identity management with none of them succeeding, that maybe this will never happen.
Whilst this is the case, the latest of the firm’s to tackle this issue – miicard – have made a lovely little video to illustrate the issue.
Enjoy …
The problem is two-fold. Firstly your absolutely right - no one has been interested in owning the problem. The second is that traditionally its been too hard. To provide Identity Proofing you have always had to go offline to do so which doesn't address the issues - until now.
Consumers at the end of the day want convenience, trust and control. Putting consumers back in control of their online idenitities is what we do at miiCard - this is why you want it.
For the business the benefit is even more - we can provide the verification required for that KYC / AML compliance, reduce that fraud, lower those costs and change the way financial services are sold online.
But its not just about what we are doing - the industry needs to change. We need to work together to create the solutions of tomorrow that will let us do more online. Its great to see the NSTIC, TDL, OIX and even the UK's ID Assurance program start to pick up momentum. We would all be better off if we could address these problems. Just think about the difference in laundering, fraud, eCrime, etc that it would make.
p.s. thanks for posting the video - hope you like it!
Posted by: James Varga | October 17, 2012 at 08:51 AM
Perhaps the UK could look at what other European countries are doing regarding identity, particularly Germany. They might learn a lot.
Funny that it never crosses anyone's mind in the UK that one reason so many immigrants want to come here, and not an insignificant one, is that it is so easy to set up an anonymous identity.
Posted by: Brigitte | October 17, 2012 at 09:00 AM
But the irony of the miiCard is that one of the cornerstones of its application and associated security checks is based on.... a Bank Account!
Surely that defeats the object of how a Bank can be truely online (without branches supporting the need for would-be customers appearing in person with the Passport/Driving Licence/Utility Bill)?
Posted by: Steve | October 17, 2012 at 09:20 AM
Sorry, but I disagree. AML is more than just identity managemnt. If if my bank has identified me with absulte security it will have to check that I have the economic background to support the business I am doing with them.
Posted by: Fritz Thomas Klein | October 17, 2012 at 01:43 PM