The recent Gartner’s 2018 CIO Agenda Survey found that digital transformation is more important for banking than any other industry sector. The CIOs talked about enabling technologies such as AI, APIs and analytics. However, the discussion didn’t cover identity management and that’s an area that needs to be urgently addressed if Financial Service companies are to achieve their digital transformation ambitions. In this article I’ll cover what’s required for today’s digital identity management.

The Financial Services industry has probably invested more in identity management than any other. Companies have long understood both the risks involved in poor digital security and the need to build trust with customers accessing products and services digitally. They are investing appropriately. IDC suggests that security-related expenditures grow by 8.3% each year – surpassing $US100 billion by 2020. Some estimates suggest identity and access management now represents over 30% of the information security budget for large financial firms.

Yet, for all this expenditure, high profile data breaches are still commonplace. When hackers stole 143 million customer records from Equifax, a major credit reporting agency, it sent shockwaves around the world. According to Accenture this type of information loss is the most expensive aspect of cybercrime – rising from 35% in 2015 to 43% in 2017.

The traditional response of the Financial Services sector to this threat has been to build ever higher walls around the company’s and its customers’ assets. This is no longer sustainable in the digital world. Companies can’t afford to be trapped in an ‘arms race’ with hackers and cyber criminals that they can’t win. At the same time, customers and partners increasingly require anytime, anywhere, any device access.

Defining modern identity management

I like the definition of SC Magazine when it says: “ The essence of Identity and Access Management is ensuring that the right people have the right access to the right resources in the right ways and that you can prove all those ‘rights’ to the people that need to know ”.

That sums things up pretty succinctly. It also underlines why traditional identity management approaches are proving inadequate for modern Financial Services business. The industry has instituted multi-factor authentication but many services are still accessed with the standard user name and password. Without dwelling on the security weaknesses of this approach, there is a much wider issue for digitally transforming financial services business.

A customer – or employee – is likely to access different products and services that are currently held in legacy silos. Experience has shown that a cybercriminal need only gain access to one silo to be able to penetrate others – especially when people are prone to use the same password for more than one service.

There will always be inherent tensions between improving customer experience and managing security and risk. All Financial Services firms value, and aggressively guard, privacy and are now having to square this within increased transparency and access for both customers and partners. Information management, sharing and collaboration have to be set in the context of stringent regulations and legislation.

We are seeing the vast growth in digital data and Financial Services companies are increasingly adopting Cloud services. There’s a spreading pervasiveness of mobile devices and applications with customers and employees alike. Combine this with changing customer expectations and demographics and identity management has to evolve to meet the rapidly evolving nature of digital business.

Who you are, where you are, what you’re doing

While digital transformation raises the challenge to identity management, it also provides new weapons into the armoury. Authentication doesn’t just have to rely on user name, password, or some randomly generated key. In fact, there is no need to have two or three part authentication. Financial Services can build identity management strategies and solutions based on:

• The person’s security information such as PIN number, user name, passwords and security code.
• The person’s personal information such as behavioural features or physical features using biometrics.
• Where the person is based on cell number, geo-location, IP address or social network connection.
• Physical items owned by the person such as bank cards, identity cards, wearables and Internet of Things (IoT) devices.

With so many input sources available, identity management can become multi-layered without placing a great overhead of the speed and responsiveness of the IT system. As new technologies such as IoT devices become more widely adopted in the industry, they become another data source to aid in the identity and access process.

Creating a ‘single source of the truth’

Modern identity management requires that you create a single identity for each individual accessing your systems. Customers shouldn’t have to deal with multiple authentication approaches to access different services. A single multi-layered identity is inherently more secure, easier and more responsive for the customer and much more efficient and less costly for the company.

Accenture has termed this the ‘unique identity’ – a means of delivering a ‘single source of the truth’ that is secure and convenient for everyone involved. In fact, major regulatory changes such as the EU General Data Protection Regulations (GDPR) and PSD2 may drive companies towards this approach to ensure that firms know exactly where all personal data is, who’s using it and how it’s being used. Taking a new, multi-layered approach to identity management can pay dividends for both your digital transformation and your compliance strategies.

Sound identity management will only become more important to the Financial Services sector. The traditional approach can’t cope with the requirements of digital transformation. Managing electronic identities now takes multiple layers and factors to ensure security and build trust. Modern identity management solutions must be able take information from a wide range of sources to build a unique picture of everyone accessing your systems. In this way, financial firms can continue to deliver highly personalized customer experience while enhancing security and compliance.

Gerry Gibney is OpenText Senior Industry Strategist for the financial services industry, with over 25 years' experience in banking and investment management. Before OpenText, he worked at Fiserv Investment Services Group and Microsoft. He is a Certified Financial Planner (CFP).