Armin Bauer, Managing Director Technology and Founder, IDnow GmbH
Paul Fisher, Senior Analyst, KuppingerCole
John Erik Setsaas, VP of Identity and Innovation, Signicat AS
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Maybe you should introduce yourself. Sorry. And just tell us a little bit about who you are and what, who you, what you do. Yes. So I'm donor Zo. I've worked with identities for probably 25 years now. I work for a company called CNA cat. We are dealing with trust helping organizations and established trust between them and their customers.
And yeah, I've been to conferences for number of years as well. So it's really great to be back here now in person. It's nice and see, you know, being able to see Some Real people again, see the people actually go all the way down to the floor.
I mean, you just see this part, right. And then three dimensions as well.
Yeah, I know. It's fascinating. So no news yet on Armin. So how important then is KYC or know your cus? I always think of it as KFC, but no it's know your customer K to well, particularly to financial and insurance institutions, but also other verticals in today's market. Right? So I mean the, the regulations demand, right? So you have regulation, you have that laundering directive that demands that you have to do a KYC process. You need to know who people are. You need to do the background check.
The, the challenge with that sort of process is that's often time consuming, asking too many questions. And I'd just like to re refer to, we've done a report called the battled onboard, where we asked consumers about their experiences with onboarding and 63% of people have abandoned. That's a large number. And one of the reason is asking for too much information.
So, so you have the challenge on one side, the financials have to get all this information on the other side, people are frustrated because they have to provide it. So there's sort of an educational part as well, I think, on, on the banks there. But I mean, they have to do it if you're not regulated.
Well, you need to look at the risk you're taking, right? Yeah. Thanks. Thanks. I is here with us. Sorry.
I mean, how are you? Hello? Just fine. Thank you. And yeah. Well thank well, we just, we just kicked off cuz we, we we're waiting for you to join us. So welcome to the panel. We have John Erics with us as well. So I was just asking John, you know, how important is Kate know your customer to financial insurance institutions? And he was just mentioning, like if we asked for too much information, people get fed up and if you haven't got enough, then it's not secure, et cetera.
But when, when you, what, what is the right balance in your, in your opinion? That's a, that's a good question. Of course. And what we definitely see is that, that know your customer of course are really important steps in the, in the customer journey and this becoming more and more important because we see that regulators are becoming more strict. And at the same time we see that fraud is becoming more sophisticated and the users today are of course expecting a great user experience and a smooth process.
And the challenge is really to, to balance that security, regulatory compliance, and, and great user experience. And we think that the, this challenge has become more difficult over time, simply because customers today expect that everything works mobile. And I think that they, they don't, they don't have no patience anymore for processes that are being interrupted. They will send offline. They are simply no patient for that anymore. At the same time, we do see that new technology allows to improve that balance.
So we see the, from offline identification methods to online methods now to AI based methods. And of course this new technology allows to improve this, this balance over time. And we think that the future will be stored identities. So where identities are then stored and, and reused and you don't have to re-identify each time you're opening a new bank account, for example. So would you recommend for convenience that people use their Facebook ID to log into the Yeah, sure. To the bank yeah. To their bank?
No, of course not. So, I mean, it's not validated, right. Anybody could create an account with any name and there's no validation in that. And I mean, you, you would think like in, in a country like Norway, we have bank ID, everybody use it and it's convenient. And so on that you could use that for onboarding and you would be done, but there was an interesting change to the financial directive last year that said, well, if I, if you receive my bank ID, you know, I'm the owner of that bank already, but do you know, I'm the one using it right now?
There's been some fraud situations on, you know, spouses or children or somebody uses somebody else's bank. I, so they have, you know, said if bank I is the only means of identification, well, the risk is on the bank. Sure. So how far is the technology then progressed to reduce, sorry, progress, not regress.
How, how far is technology progressed to reduce the gap between security and convenience or in first? So I think if you, if you look at the past, of course you Thumbware had to go physically and then Germany there be new methods like video identification. It still takes several minutes. Now we are down to a few minutes with AI based verifications and we think in the future, this will be coming down to a few seconds. So I think this is really slowing the, the extent that technology has progressed over time.
And just to give you one number, a typical onboarding a few years ago for German bank to 16 days. So from the time you opened an account to the time it was usable 16 days, I think this is unbelievable for the, for the 21st century. And now we're at least down to a few minutes, but of course it's not going to stop there. I think with the, with the progress that has been made. And for example, the, the two zero that has been published and the European digital identity wallet, I think we have on the horizon.
Now, the possibility to really bring this down to a few seconds while at the same time decreasing the security. Do you think we'll ever in, in the UK, at least there has been some attempts to join, join up one identity so that you can access different government departments or, you know, taxi your car, et cetera, but they haven't been too successful. And we still ended up with having to have multiple identities.
Do, are we, I mean, you mentioned other parts of Europe. Are we any closer to a secure, single identity for, for example, government departments?
I mean, that would be the goal. I mean, that would increase security if I had only one idea used for everything.
And I, I mentioned Norway where I come from, where we have bank idea and we all use it, you know, four to 10 times per week for all kind of different purposes. And it's very convenient and it is secure despite, you know, the fact that, you know, my spouse could technically use it and it provides a pretty strong identity. So of course it's a, it's a goal, but it's challenging because it requires corporation. And I mean, that's been a challenge in the UK. It's more competitive market and it requires trust.
I mean the north case, maybe we're trusted to the, almost to the Neve, but I mean, we have this national identifier that we use for everything and it's so convenient, but I mean, and, and UK, you don't have that national identification number also making more challenge, both the trust, the lack of the number and the lack of corporation makes it difficult. Well, they did.
I mean, I think Barclay's bank worked with the UK government on AED system and I, I signed up for it, but then of course I forgot my user ID and password. So cause you used it once per year, right? Yeah. I don't think I've ever used it since, but Exactly, But move, just changing this conversation slightly. And the last presentation mentioned it a little bit. We're talking about GDPR, et cetera. And so what, what, what other challenges from governance risk and compliance that make KYC and cm workflows difficult?
What, what is hard for people to, you know, on the one hand they wanna do this because it makes things easier, but then they might be, you know, in contravention of, of GDPR or, or, or other or legislation. I mean, sorry, I think you can see me, but obviously you can't. So I think one of the most difficult challenges right now is the fragmentation across Europe. So each country currently has its own rules. And as you just have mentioned, so Norway has different rules than, than the UK then in Germany. And it's really, really difficult to really navigate that, that environment.
And so what's really lacking right now is that there are simply no harmonization, especially regarding the allowed methods and the required level of assurance. So there are for governments like the German government is a very, very high level of security and others. There it's much less regulators. And what we also see is that right now the regulatory landscape is changing really fast. So there has been a lot of new laws introduced, which are quite complex. So who has written the, or has read the, either to the bureau, I think understands the challenges that will lie ahead.
And so this is something that we see a lot of challenges coming up to for the customers to really understand and correctly navigate this regulatory landscape. And, and this complexity simply increasing by in, in the past, we could use a few identification methods in the, in the future. You will use several identification methods because the, the users will want to pick the one that fits best their needs. And this is really driving this complexity.
John, do you like to comment on, Yeah, no, I, I definitely want to second that and, but, but also add on, I mean, when you're doing the KYC process, you also need to check all kind of background information. You need to look up in, in registries and these are different in different countries. They're different quality, different way of storing the attribute, naming the attributes so that that's challenging. And to take it one step further into the, the regulatory space.
For example, if you're onboarding an organization, you need to find a UBO to ultimate beneficiary owners and the rules for determining the UBIs is different in different countries. And what if one has owners in different countries? And how do I mean, it's almost impossible to know what is correct to do in that sense?
Well, also because we did have a European union, we had a Europe wide GDPR, but now the UK having said it was gonna honor that is now trying to fiddle around with it and say that we want to actually look at people's data, cuz it, we might be able to use it for competitive advantage so that that's not gonna help in the long, but let's not get into a Brexit discussion here. Do we have any questions from online? Yeah. Okay. Any from audience here that would like to question our panelists? No. Okay.
So we, when you talk about onboarding consumers or customers into an organization, it does sound a bit Orwellian or, or a little bit strange, the idea that you are almost making them employees. I mean, what's the difference between onboarding a consumer or a customer to a regular employee?
I mean, from a technical perspective, there's not really no difference, right? You still need to know who that individual are. And I mean, you have typical situation where you, your workforce is very distributed in transport. For example, truck drivers on you have to onboard them remote. And in that sense, it's not very different from onboarding a consumer from, from a technical perspective. But as soon as you get 'em into systems, well then of course you, you need to have different properties. You need to know who they are, different attributes, et cetera.
But the actual onboarding process doesn't really have to be different. Right. And any comment from you on that process? Yeah. I think the, I completely agree with that, but I, it may difference it's really the, the patient that someone has. So if you're onboarding an employee, of course, I mean, they know they have to go through this process and it's probably, they're not going to leave simply because this process takes some minutes longer for users. This is completely different. We continually see if this process takes a few minutes longer, the abandon rate simply decreased.
And so to have the right processes in place for, for online processes, really key. So, and to have a smooth process, tightly integrated, really the key to not there. Okay. So finally, just a quick, who do you think is, is leading in C I a M and consumer identities maybe nationally or any particular organization that you would wish to highlight?
So, well, I mean, banking in general is, is far ahead of this. I would say on doing that. But I also, again, maybe I'm naive again, coming from Norway, but I, I mean, I'm pretty proud of what we have been able to achieve in Norway with, you know, the bank ID, but also using that, for example, for the health service, I have one login to the health service with my, my bank ID where I can see my vaccines. That's where I got my Corona certificate, where I can see my prescriptions, my next appointments.
I mean, everything in, in the same, Porwal making it so convenient and the same with doing the taxes, including authorization models. So somebody else could authorize me in the system to do their taxes or look at their medical data.
So, I mean, that's, that's a pretty Neat system, extremely convenient for the user. Yeah.
I mean, that sounds a lot better than what we have where you still have to, it's all a bit of a patchwork of different systems. So I mean, what, who would you give an award to apart from yourself?
So, So a few years ago I would actually have said that the, the award would go to the, to the challenger banks because they have really stolen how a good onboarding process looks like. So really fast, really smooth and, and embracing new technologies and new possibilities nowadays, I would say the traditional banks have, have noticed and have caught up. So we can definitely see that the, the, the gap between the challenger banks and traditional banks have, have really closed. So I think it's, it's now not simp, not easy to point to a, to a single player in the markets nowadays in the future.
I think we will again see that those are heads that embrace new technologies, new possibilities, and really leverage those new technologies in the right way. Those the get ahead. Great. Okay.
Well, thank you, Armen. And thank you also, John, for our panel. That's the end of this section, right? So thank you. Thanks for having me on.