"Digital identity. Is a bank really sure that I am who I am?" - Summary of the Asseco Banking Forum 2019
The development of modern technologies and the progressive computerization of processes shed new light on the issue of digital identity of citizens. For years, banks have been trusted institutions processing sensitive data. They are therefore largely responsible for ensuring an adequate level of safety. How should the correct verification of customer identity be carried out? How far should the state's cooperation with banks go with regard to the provision of information? Where are the boundaries of responsibility between both parties - these were the main topics of the Asseco Banking Forum 2019. This year's fifth edition of the event took place on October 10 in Warsaw and gathered nearly 270 representatives of the financial and IT sectors.
Adam Góral, President of the Management Board of Asseco Poland, opened the conference with a speech. He welcomed the participants and emphasized the importance of the banking sector.
The banking sector is undoubtedly the leader of all sectors. We set trends and we should be proud of that, said Asseco's President.
Adam Góral also pointed out that the participation of the Minister of Digitization in the Asseco Banking Forum proved that the banking sector had been recognized by the state administration as a leader in the field of new technologies.
The panel discussion was preceded by the presentation "Personal Identity and Digital Identity" by Marian Giersz, Lawyer at PwCLegal, who talked about when we began to build digital identity and how it differed from personal identity. He also asked important questions about whether citizens had agreed that banks could provide their identity to the state and whether banks wanted to provide such services when they were free of charge.
Sweden has approached this issue in a market-based manner. It is a federal model, where private entities can provide identity, they can join the system, of course after meeting the relevant requirements and regulations. It was very successful, because 9.5 million citizens generate over 300 million transactions a year, said Marian Giersz. In Poland we have the beginnings of the Swedish model, because we have private centers that provide electronic signatures, such as Asseco or banks that allow us to open an ePuap account, he added.
In turn, according to Marek Zagórski, the Minister of Digitization, who participated in the debate "Is a bank really sure that I am who I am?", the Swedish model was already in place.
We have built what I call the digital identity ecosystem. This ecosystem consists of several elements, including, apart from ID with an electronic layer, a national node, which connects not only administrative portals, but also the first electronic identification scheme issued by banks, said the minister. The trusted profile alone is currently used by 4.2 million citizens. Adding to this means of identification based on identity and bank credentials will result in tens of millions of operations per day, but most of all we will have several million users with means of identification, he added.
Electronic identity is the element that will materialize anyway. The point is to do this in a coordinated and absolutely safe way, and I think that every bank can automatically ensure it. The essence of our functioning is to confirm the identity of the client, continued Brunon Bartkiewicz, President of the Management Board of ING Bank Śląski. At the same time, he stated that banks did not have to be the only providers of identity.
In turn, Zbigniew Pomianek, Vice President of the Management Board of Asseco Poland, pointed out that banks did not have much competition in this respect.
Banks have a natural advantage in terms of how they are audited and regulated. Generally speaking, the certainty of verification of data held by a bank is much greater than in other institutions. I think this gives banks a very big advantage when it comes to the credibility of identity, said the member of the Management Board of Asseco. However, he added that there were also certain risks.
The threat is unknown customer behavior or clients' actions that we can predict, but cannot do much about them. The banks are at a very high level in terms of safeguards, both technical and procedural, which are to ensure that the mistake of an individual person does not lead to the opening up of a bank access in a dangerous way. The most difficult part to deliver are the solutions that are on the user side. Firstly, there is the problem of educating a client, and secondly, where the responsibility for his behaviour lies, Zbigniew Pomianek summed up.
One cannot eliminate all the risks. The cost of providing such a solution would be astronomical. This technology and learning algorithms, which, by observing the behavior of customers, anticipate certain events, i.e. are a must. However, we will not escape from the issue of customer education, said Mirosław Skiba, President of the Management Board of SGB-Bank.
Responding to customer needs, we want processes to be simple, fast and ergonomic. For these processes to be safe, customer experience will be at a lower level, said Jacek Obłękowski, Chairman of the Supervisory Board of Horum. In several countries we have surveyed customer preferences. We asked clients which physiological elements of the biometric process would be the most appropriate. Two features were pointed to most often - face recognition and fingerprint, he added.
The results of this research are consistent with the data presented by Tomasz Lesio, Senior Product Portfolio Manager at Asseco Poland, who, during his speech, talked about how effective digital identity verification should have been carried out and what solutions were offered in this area by the market of new technologies.
From the perspective of using biometric methods, it can be observed that the fingerprint is the most frequently used (57%) method, followed by facial recognition (14%), said Asseco's expert. He also presented the types of biometry, within which one could distinguish physiological factors unique to each human being: face, fingerprints, blood vessel system, hands, eyes, ears, DNA and those related to behavior: voice intonation, handwritten signature, type of walk.
Tomasz Leś ended his presentation with a question whether we were able to cope with the recognition of a person without artificial intelligence? It served as a prelude to the debate "Should the AI replace a man in confirming his identity?"
Artificial intelligence can somehow replace humans, but under certain conditions, said Krzysztof Polcyn, Innovation Director, EFL Group. It all depends on how we define artificial intelligence. If we assume a very broad definition, that this is any algorithm that converts something into a result, I can confidently say that in all Polish banks such basic algorithms work and that they have artificial intelligence. And maybe it has not replaced man yet, but it certainly supports him, he explained.
Artificial intelligence will not replace man, because he has to decide about similarity parameters, about which elements and at what level should be used, added Tomasz Leś, Senior Product Portfolio Manager, Asseco Poland. On the other hand, it would be difficult for a man to act alone, especially when it comes to the accuracy of verifications. Artificial intelligence will certainly strongly support this process, while man, even if only for legal reasons, will certainly not be eliminated from it, he added.
What is simple and quick can be done without human intervention. I think that in a few years' time in the banking sector, artificial intelligence will be used on a massive scale, but in very simple processes, for example as a call center support. In most banks it has been already in use, said Robert Tórz, Director of the Department of Individual Customer and Mobile Banking, SGB-Bank. The business logic of banks now focuses primarily on customer service. All the new technologies, system automation, robotization - all this is aimed primarily at the frontend, i.e. easy customer service, he added.
Tomasz Chmielewski, Chief Expert of Digital Ecosystem, ING Bank Śląski S.A. answered the question asked by Tomasz Bitner, Editor-in-Chief of Computerworld, who conducted the debate, whether banks were not afraid that their customers would have a feeling of a lower standard of services.
We are afraid of poor customer service, regardless of whether an employee or a bot is responsible for it, said the representative of Digital Ecosystem, ING Bank Śląski S.A. I assume that a customer primarily wants to be served well, the tool is of secondary importance. I believe that if these mechanisms work well, they will not reduce quality. It is true that there are studies that show that customers do not particularly like to use automatic machines, but most often because these machines are at a low level, while a well-functioning machine should serve the customer efficiently. We already have research that shows that there are certain areas where a customer willingly uses them, e.g. in debt collection, he added.
In the next part of the conference, Joan ManelCastells, Sales Director, Mitek Systems, explained what onboarding of a customer in a bank was and what he paid attention to during this process.
27% of customers resign from onboarding if they think it is not safe enough, and 60% if it lasts too long, said Joan Manel Castells. On the other hand, identity theft in 2018 cost half a billion euros in the European Union alone, he added.
At the end of this panel Wojciech Nowak, Director of the Production Department, Asseco Poland presented the process of onboarding a bank customer with the use of the Asseco system.
In turn, experts from Asseco and Santander Leasing talked about how to implement the paperless process and whether it was safe.
How much paper did we use to produce contracts for 300-billion-portfolio?, wondered Mariusz Włodarczyk, Managing Director of the legal area, after-sales service and insurance, Santander Leasing. We must all remember that the activities we perform on a daily basis, the contracts we sign require paper only because sometimes we have unreflectively written that the contract requires a written form for its validity, he added.
We broadly look at issues related to banking and leasing processes. We have successfully introduced signatures at the Santander bank itself, including those for signing specific documents or even those that are important from the point of view of identity, said Artur Miękina, Director of the Security and Trust Services Division at Asseco Data Systems. We often get, for example by e-mail, some statements from different institutions and we do not know if they are really from that institution, because these pdf files are often unsecured. We must therefore take into account that identity is not only a physical identity, it is also a legal identity and there are also certain legal consequences behind this identity, he added.
At the end of the forum, the participants saw how digital identity could be stolen and how it could be used. Marcin Maj, an expert in cyber security from the service Niebezpiecznik.pl, spoke on this subject.He also provided data on the banking sector.
We have "good news" from the Polish Bank Association: in 2019, there were "only" over 7,800 cases of using another person's document, and the total number of thwarted attempts to defraud loans amounted to "only" 2,239, said Marcin Maj.