Imagine if it were possible for your identity to be available at any time, where third parties could only access it with your consent. The discourse that everyone has the right to own their digital identity has been gaining momentum around the world. And the path to this is the development of “decentralized digital identity” solutions.
What is a self-sovereign identity?
Here, it is important to clarify that according to the concept of self-sovereign digital identity, owners (holders) of the digital identity are responsible for the control and management of their data. And that not only includes basic personal data but also information about your relationships with other people, companies and even things.
It is users who control their data, which is in line with the objective of data protection laws such as General Data Protection Regulation, or GDPR, and the General Law for the Protection of Personal Data in Brazil, commonly known as LGPD, which comes into force in August 2020. Decentralized digital identity consists of several electronic credentials issued by different participating identifiers (also called agents) that are part of a blockchain network.
The SSI concept applied to financial identity management
FinID is a project developed through CPqD — one of the largest telecommunications research and development centers in Latin America — which uses the concept of decentralized digital identity.
In Brazil, the intention is to use the FinID in other projects coordinated by the national central bank, such as open banking, which involves the exchange of user information between banks and the new instant payment platform. FinID makes it possible to implement these projects, as it gives users control and management of access to their data.
With decentralized digital identity, this credential, formed by personal data and various identifiers, is in the user’s possession, who can present it to other financial institutions with which they do not relate, but which have an offer of interest. So, FinID basically works like a passport that a person can use at several banks. Let’s take a look at what it is in more detail.
How Brazil seeks to protect and ensure customer data portability in financial operations
According to a FinID report published at LIFT, a virtual laboratory that promotes prototypes of financial and technological innovation with support from the Central Bank of Brazil, the implementation of the open financial system and the new instant payment platform, known as PIX, will be an evolution of the Brazilian financial sector that will happen in the short or medium term.
A major challenge associated with this evolution is the protection and portability of customers’ personal data, from registration information to data relating to deposit accounts and credit operations. Thus, it appears in the report that the FinID project aims to create a unique, portable and secure identity for financial institutions, with clients in control of their own personal data and enabling easy access to contract financial services.
The solution will also allow customers, through this financial identification and their connections, to initiate transactions such as bank transfers and payments to other users or institutions in the FinID solution network. The FinID project aims to develop a decentralized financial identity management solution, comprising: identity creation and management; digital account accreditation (called onboarding); and authentication of identities and information.
To meet the proposed objectives, the main FinID goals pointed out in the report are:
- Make the identification process less bureaucratic for the final borrower. This allows the use of a unique financial credential for the identification and access to financial services.
- Empower the final borrower to control the use of their financial data. The intention here is to allow the final borrower to manage which financial institutions they wish to share their data with, what data and for what purposes that data will be used through notifications and consent requests to access to the information managed by the solution.
- Facilitate and automate the process of admitting new customers to financial institutions, also known as onboarding, through the decentralized management of keys and the use of unique credentials for different sectors. This will mainly assist the onboarding process for new startups in the financial sector (the so-called fintech) because they emerge without a customer portfolio. The fintech that participates in the FinID network can consider all service providers that have a valid credential as potential customers.
- Enable the implementation of the Know Your Customer concept. Since financial institutions will be able to directly request verifiable credentials issued by other institutions through the FinID solutions — be they financial or not — they will also be able to assess the ownership, the issuer and the authenticity of the information by having access to the pertinent information from each of your customers. This will allow a greater and better-defined understanding of users’ profiles, thus enabling the creation of specific or customized services for the borrower of financial services and improving the relationships in the Brazilian National Financial System.
- Transforming the means of accreditation and authentication in the financial sector. The development of a decentralized solution based on blockchain technology generates a reliable mechanism for issuing verifiable credentials to the final borrowers of the National Financial System, enabling the automation of authentication and authorization processes with the use of such credentials without the need for a third service or central authority. In addition, the solution aims to facilitate and automate the digital onboarding process of consumers with financial institutions, allowing these institutions to focus on developing new digital services for their consumers instead of spending time and resources on developing these technologies and delivering a new form of accreditation for borrowers of financial services, thus obtaining red tape and alternatives for the relationship between these parties in the financial sector.
What is the role of the Central Bank of Brazil in this new way of managing FinID?
According to the report, the role of the Central Bank of Brazil in relation to FinID is:
- Carry out the governance of the blockchain network, along with the other financial and regulatory institutions, in order to regulate the management and use of these digital financial identities with the objective of protecting the financial market, bringing gains to Brazilian consumers.
- Being a protagonist in the financial market by bringing the rules for disintermediation and for the use of decentralized control of these identities, creating greater competitiveness in the financial market.
- Provide greater agility in the traceability of values and assets between institutions and consumers, thus bringing greater efficiency, confidence and transparency to the financial sector.
Decentralized digital identity as the theoretical basis of the FinID project
The theoretical foundation of the FinID solution is a decentralized digital identity, also known as a self-sovereign digital identity. It is an evolution of the federated digital identity, and its main characteristics are:
- The lack of a central authority like previous digital identity solutions.
- Be based on distributed ledger technology.
- Be user-centered, as it defines which, how and where users’ data will be used.
- Provide high levels of security and privacy.
- Be compatible with the GDPR of the European Union and the General Personal Data Protection Law — the Brazilian version of the GDPR.
- Present itself as an internet identity layer that was not designed in its origin.
One of the pillars of the operation of current solutions for decentralized digital identity is distributed ledger technology.
FinID classification and the controversy over the terms “blockchain” and “DLT”
It is important to remember that private blockchains are where users must be authorized by a central authority to participate in the network as a service user. Note that private protocols are centrally managed and do not achieve “trust through mathematics.” They achieve trust “through a legal contract” or “by reputation.”
Public blockchains are where anyone can join the network as a service user. Public protocols create trust through mathematics, with a consensus mechanism that encourages individual behavior to achieve a collective goal.
As for participation in the network, blockchains can also be classified as permissioned blockchains, which require some type of authorization for the individual or legal entity to become a blockchain network node, and on a permissionless blockchain, anyone can become a node.
Many people question whether a permissioned ledger and/or a private ledger in which you trust an authority should be considered a blockchain. For them, these ledgers are DLTs and not blockchains.
Supporters of blockchains with a private protocol or permissioned access to the network argue that the term “blockchain” can be applied to any data structure that groups data into hashed transaction blocks.
Whether the protocol is public or private, it can be seen, however, that: The least common denominator for public and private blockchains lies in the principle of distributed storage and data verification.
Once the controversy has been clarified, the FinID report is categorical in stating that access to the network will be permissioned and may eventually run its applications on the Sovrin network (depending on the business model). Regarding access to the service, it will most likely be, at least initially, private access.
The FinID concept, objectives and fundamentals are really interesting. And it seems that the FinID solution seeks to follow the guidelines of the Platform for Good Digital Identity of the World Economic Forum.
But for now, it is difficult to say how decentralized FinID’s new identity system will be or how personally identifiable data will be kept separate from financial transactions, as some details have yet to be revealed.
Let’s follow how its implementation will develop and hope that this solution will really be able to guarantee portability and the protection of consumers’ financial data.
The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.