It was announced in November that Lexis Nexis Risk Solutions had partnered with self-sovereign identity (SSI) firm Nuggets. SSI is still considered immature in terms of deployment, but the two firms outlined how it can be useful now. That’s before we reach the stage where government departments issue verifiable credentials like driver’s licenses, as is happening already in South Korea.
Lexis Nexis Risk Solutions (LNRS) has more than 8,700 employees. Banks are an important sector where the firm helps with identity, know your customer (KYC) and other solutions.
“All financial services are interested in how do they stop this scourge of financial crime whether it be push payment fraud or whatever,” Matthew Fitzgerald, Senior Product Leader at Lexis Nexis Risk told Ledger Insights in an interview. Push payment involves a seemingly legitimate invoice being sent for payment, but the money goes to the fraudster’s bank account.
“With COVID pushing these rates through the roof, it’s astonishing how much it’s increased in the last six months or so. It’s about solving a problem and we see this (SSI) as an enabler. And Lexis Nexis is looking to be an enabler.”
Before it got really bad, in the first six months of the year, £207.8 million ($277 million) was lost through push payment in the UK alone.
The firms are looking to integrate Nuggets into some of Lexis Nexis Risk Solutions offerings. The Nuggets solution includes login, payment and identity verification secured with biometrics via a mobile app. Users get to choose with whom they share information, and there’s no single database to be hacked.
We were curious about how it complies with regulations.
Under the hood
Suppose a user needs to provide a document. In that case, it gets digitized, encrypted and stored on IPFS decentralized storage as a ‘nugget’, with a hash or digital fingerprint on a permissioned version of the Ethereum blockchain. “The reason why we’re permissioned is for faster transaction rate, and for fixed costs. We’re not speculating with gas costs,” said Nuggets CEO Alastair Johnson.
When the user chooses to share the document, they grant access to the bank. “The guidance is that they need to have access to it,” said Johnson. “It’s not defined where that access is, as in it’s not in your basement or the bank’s basement. And that’s the important point working with people like the FCA (finance regulator) and the ICO (for data protection).”
But the banks need to retain that access for six years. And it’s not just for compliance. They also need to be sure that the same person isn’t repeatedly applying for a mortgage.
By storing the data on IPFS, if a person mislays their phone, all is not lost and the data can be reassembled on a new phone.
Are banks keen?
Self-sovereign identity offers definite advantages to users. The question is, how keen are banks?
“Broadly speaking, it’s been very well received,” said Fitzgerald from Lexis Nexis Risk Solutions. “It’s about finding the customers who are more willing to look at this sort of horizon two or horizon three initiative as it comes up.”
He continued, “There’s genuinely a lot of interest around what it can bring to the market. So the larger firms are all looking into this in some way or another. You’ll see there are numerous working groups, whether that’s TISA, the Open Identity Exchange, or ID2020.”
Of all the standards bodies, perhaps the W3C DID standards are the key ones and Nuggets is compliant. CEO Johnson noted that you could only talk to people on the same network when mobile networks first launched. Only once you could call across networks did it really take off. Likewise, digital identity can’t be an island. It needs to interact with other services, such as Lexis Nexis Risk Solutions.
The Nuggets CEO was keen to emphasize that the “utopia” of verifiable government credentials may not be here yet. Still, there are significant advantages today based on what someone has in their wallet. Together the companies plan to roll out beta trials in the near future.
But when will that utopia be reached? Johnson suspects maybe two years’ time. On the Lexis Nexis Risk side, Fitzgerald noted that bring your own identity is on Gartner’s forecasts as two or three years to mass adoption, but he wouldn’t make his own prediction.
“Today, there’s something there which solves real-world problems right now that doesn’t need mass adoption for this to be useful. It’s useful right now,” said Fitzgerald.