The converse of KYC and AML is identity management.
If we had effective identity management where everyone could be identified as a unique person with certainty and securely, we would not have the issue of AML and KYC given to the banking system.
The issue with identity is that no-one wants to own the problem.
Governments give us passports and driving licences; banks give us accounts based upon these identifiers PLUS utility bills; and these are the two key identifiers in our lives.
But they are not sufficient, as both can be easily compromised.
Passports can be copied and bank accounts can be hacked.
It’s not as easy as it used to be – it used to be just a clever forger who could copy your identifiers, but chips and biometrics are changing the passport game – but it is still relatively simple to compromise identities, particularly when people are so loose with their information online.
For example, there are many people who were early adopters of Facebook.
They friended everyone and felt the more friends they had, the more important they were.
They post all their personal information online – their location, relationships, email addresses, birth date and more.
This information can be made private – look at Facebook’s latest privacy settings.
It used to be that you could only set privacy at the overall account level to visible or invisible.
Then it became privacy at all levels, and delineated into friends, friends of friends or everyone.
Even so, it still does not mean that users have retrospectively gone back and changed their privacy settings.
Nor does it mean that Facebook’s evolution has not already compromised some people’s privacy, including Mark Zuckerberg’s:
Neverthelesss, it’s pretty worrying when such a leaky service that compromises people’s identity secrets is now being touted as the next identity management system.
This is not the way things should be, but it is the way things might be and could be.
We have multiple identities and identity owners – governments and financial institutions – which should be working together, but don’t work together effectively to manage them.
Sometimes we think that the solution would be to have a single identity management system all governments and financiers use.
The only trouble with that is that it might get compromised and then what would you do.
If you have multiple identities and one gets compromised, you can change it and move on whilst using your other identities.
If you only ever had one and that was compromised, then you have an issue as you cannot recreate your single identity so simply.
Or so I’m told, although I don’t accept that assertion.
There should be a way to create a simple identity system, and yet I’ve now seen so many companies created in the technology space to offer identity management with none of them succeeding, that maybe this will never happen.
Whilst this is the case, the latest of the firm’s to tackle this issue – miicard – have made a lovely little video to illustrate the issue.