Alastair Johnson’s article does a decent job of identifying how current types of payment fraud would be reduced if a person’s identity is “merged” with payments, but doesn’t mention Hyperledger Indy project that has support from IBM and Microsoft, or 3D Secure 2 or that his blockchain company offers an identity & payment product. I’ll offer my thoughts inline to what Alastair wrote:
“The fact that fast online payments are becoming easier and easier is great for customers. However, for anyone working in the payments ecosystem, this efficient payment experience belies the fact that the storage and use of customers’ digital identity is in crisis.
Massive personal data breaches and identity fraud continue to occur on a regular basis. Users still have to deal with countless passwords and registration procedures, while governments suffer from poor online acceptance and merchants experience high fraud costs.
There are signs that some of the key players in the payments industry are starting to rethink this whole area and working on how to combine payments and ID. Late last year, Mastercard and Microsoft announced a partnership to advance digital identity innovations and improve how people use and manage their digital identities. This is encouraging, even if it is occurring in a gated scheme when solutions should be agnostic across brands and payment rails.
This may be a reference to 3D Secure and Microsoft’s Digital Identity efforts, but it overlooks that Microsoft has committed itself to Hyperledger Indy, an open project designed to give every individual control of their identity Information. IBM is also fully committed to this Open Source project as are several financial institutions. I am not sure if Nuggets, Alastair’s blockchain company, is also committed to project Indy or even open source or self-sovereign identity in general or project Indy specifically as none of these are mentioned on the Nuggets web site, so it appears Nuggets is also a gated scheme. Let’s continue:
By merging payments and ID in a comprehensive way, we can solve a number of key issues that are holding the industry back, as well as opening up the doors to a major new wave of innovation.
1 – Fighting payment fraud is a priority
At the moment, many payment providers are giving consumers quick and easy ways to pay and are accepting the fraud and loss of income that comes with it.
Venmo, the mobile payment service that is owned by PayPal, is a case in point. During the first quarter of 2018, the company lost $40 million to payment fraud. It isn’t clear yet whether this was as a result of stolen credit cards, hacked accounts or other forms of fraud, but what is clear is that the company’s policy of reimbursing affected customers is having a major effect on its bottom line.
Payment providers like Venmo that experience fraud on this scale are choosing to absorb the hit from payment fraud in order to keep their customers happy. At the same time though, they are reining in features such as sending and receiving money through its website in order to combat the fraudsters.
By merging payments with ID and removing the abilities of fraudsters to steal people’s identity online, payment providers can not only combat the fraud that loses them money but also continue to offer the full range of payment solutions that customers enjoy.
2 – Contactless problems must be resolved
Contactless payment technology has made small, frequent payments easier than ever, with this method surpassing Chip and PIN as the most common type of payment.
However, with its use of Near Field Communication (NFC) technology to send payment information during transactions, it has also opened up a new channel for fraudsters to exploit. This is a growing problem that needs a solution.
In the UK, the amount stolen by fraudsters from contactless users in 2018 was £1.18m, a rise of over 65% on the previous year. These crimes generally occur as a result of fraudsters being able to steal and use a card for payment before it is reported or blocked, or because the people involved have managed to intercept the information being sent from the card.
Additionally, new regulations taking effect in 2019, notably PSD2 could potentially add a new layer of friction to the payment process, another reason why the combination of payments with ID into a funded decentralized digital identity provides the perfect frictionless solution.
Payments via wearables are already on the increase and this new solution makes plastic payment cards totally unnecessary because an individual holds their digital ID on their phone or device already. Not only that, it removes the opportunity for fraudsters to intercept payment information because no personal information is shared in order to transact, only the proof that this information exists.
Let me just point out that a fraud loss of .003065%, or just over 3 basis points, would make any financial institution happy. Sure lower is better but, by any measure of existing payment types, 3 basis points is pretty darn good!
The gratuitous discussion of PSD2 and lack of mentioning the global payment networks efforts to nail down identity utilizing 3D Secure 2 is a noticeable oversight. This standard from EMVCo is not a panacea but goes a long way towards linking the identity of the bank account owner to a specific payment transaction that meets the requirements of PSD2’s Secure Customer Authentication requirements. The expectation is that this standard will greatly reduce the need for the user to be challenged by password, OTP or other mechanism and paves the way for the mobile handset to become tightly coupled to the user as “something they have” and “something they are,” that latter being some form of biometric (all of which are discussed in Mercator’s upcoming report Securing E-Commerce: Competing Technology Crowds The Market.” While this is a “gated scheme” it does present the opportunity to do what Alastair requests, which is linking payments and identity.
3 – Digital IDs solve many ongoing payment issues
On top of the problems that have already been mentioned, the payments industry has struggled to get to grips with a number of others that have dogged it for some time.
Chargebacks, false positives and card-not-present fraud are just some of the big problems that payment providers continue to struggle with. This sorry situation is confirmed by the fact that global cross channel payment fraud increased by 13% during the peak holiday season of 2018. On top of this, there are the data hacks that continue to be headline news, including the hacking of 500 million Marriott accounts and 150 million Under Armour accounts, which both occurred in 2018.
Even if payment providers don’t have to contend with the issues of payment fraud that can be combated through an identity-led verification and authentication process, digital IDs also provide a solution for those struggling to scale up their operations. Ideally, the provider you work with has services that can support the compliance and customisation requirements of global, regional and local operations.
However, the cards and payments industry is full of local service providers who deliver services to local geographies. All too often these providers struggle to scale, can’t access new markets and don’t have operating models or price points amenable to global operations. For those companies that want to operate globally, merging payments with ID will be vital in allowing them to achieve this.
4 – More services need payment functionality
While wearables payments are on the rise, the addition of payment functionality to a whole range of apps and services opens up huge opportunities for new collaborations.
We’ve already seen how this would work in practice too, through services such as Ringo. The mobile parking app has responded to the proliferation of other parking apps and has started to accept payments via these other ones as well.
Outside of payments, there are also connected services that could benefit from payments and ID being merged. Two step verification, where a secondary SMS or email verification is used, will no longer be necessary. Rewards could also be attached to an individual rather than a card, removing the need for plastic. There might also be opportunities to change the way post-purchase communications work, such as those involving receipts, returns and repairs.
With the foundation of payments and digital IDs combined into a funded decentralized digital identity, new non-bank players would also be able to expand their banking services, including KYC and AML, lending, foreign exchange and money market funds.
I agree these are benefits associated with converging identity with payments in a self-sovereign identity platform, however, I would suggest that while this is easily achieved in a country such as China (as Alastair mentions next) it might make consumers, who shudder at the idea of a national ID program, nervous. This discussion makes it appear easy to safely and securely pass identity information, which really isn’t so easy when done in an open source way. It strikes me that if ever there was a point where there might be a discussion of FIDO or Zero-Knowledge-Proofs, this was likely the place for it!
5 – A new wave of innovation would be unleashed
One of the biggest reasons for merging payments and ID though would not be to solve existing issues. It would be to speed up a new wave of technology-enabled innovation that would be possible as a result of the secure and efficient ecosystem it provides.
If we look to China, the largest ecommerce market by some margin, we can see what the future might look like for payment providers that get their strategies right. WeChat and Alipay are the two smartphone apps used by pretty much everyone to buy pretty much everything. Much more than just payment apps, these are ecosystems that every part of the ecommerce economy interacts with.
Both platforms are in the process of incorporating digital ID into their payment systems, opening up the possibility of getting rid of the ID cards that are necessary for so many parts of Chinese society, not just ecommerce.
Of course China is a unique test case, but perhaps one of the best 21st-century examples of how integrating payment and ID can provide a wealth of opportunity for payment providers. By merging ID into their existing payment rails, they can also become the ubiquitous option for a whole range of consumer services – from taking mass transit, checking into hotels and accessing pension services.
I am founder and CEO of Nuggets, a blockchain ecommerce payments and ID platform that is redefining online security and privacy.”
I hope China’s implementation is also a “gated scheme” and just mentioning it should remind us of the dangers associated with putting too many eggs in one basket. Also, WeChat and Alipay are hardly a shining example of how payment fraud should be managed, unless these payment mechanisms are also tied to China’s program of public shaming and lack of human rights.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group