Yeah, thank you for for being here and Franklin, thank you for getting up early. What time is it? 6 a.m and so I'm doing great. The sun is rising and it's all good here. Thank you. Thank you very much for joining us. We want to talk about bridging borders. Maybe we start with a brief round of introductions.
Marie, can I start with you? Of course, and hopefully you can hear me, yes. My name is Marie Austenaa. I'm leading digital identity at Visa here in Europe and we definitely do crossing borders, starting with payment. And of course, I'm looking at how can we add identity as a trust anchor to payments in addition to what else we have. So we have to explore the intersection between identity and payments, which is very much cross-border. So it's a nice topic.
Suprit, you're from Bhutan. The Kingdom of Bhutan was the very first country to join the Open Wallet Governmental Advisory Council, so thank you very much for that. Thank you.
Yeah, I think good noon to everyone. So just to give a brief introduction about myself, so I'm Suprit Pradhan. I'm working as a project manager for the National Identity Project of Bhutan. So NDI in Bhutan was launched last year in 2023. We are eight months old, so we have around 100,000 citizens onboarded now on the platform and we have covered around 15 use cases. And I think one of the priority of use cases, what we're looking forward was also to have this cross-border interoperability so that the credentials which are issued in Bhutan is also recognized elsewhere.
And we are all keeping a close eye into the developments, what's happening in EU, especially with the IDS 2.0. I'm really happy that I think we are moving towards the same directions and I think ultimately, I think one day we will converge into the same path. So thank you.
Didier, people may not recognize the company name, but they do recognize the products. No, thank you. I'm Didier Serra. I'm working for Gen Digital. You probably don't know Gen Digital, but we are the largest consumer cybersecurity company in the world since the merger between Norton and Avast. And with regard to my personal experience, I came into Gen following acquisition by Avast of SecureKey.
And in fact, SecureKey was a leading developer in the forefront of providing digital identity, actually working with Banking Canada, so one of the leading identity networks in private-public partnership with Banking in Canada. So what we are looking for in this evolution where we empower more and more end-users and being a leading consumer cybersecurity company is to empower more and more users, not only when they do transactions online, but helping them with managing their identity, having more agency over their identity data and be able to use that regardless of the use case.
And obviously, 80% of the time, if not more, when you do a use case, it ends up with a payment transaction somehow. So I think bridging border between identity verification, consumer centricity and payment is absolutely essential to develop the digital economy more broadly.
Ramesh, we just had Pramod here. I think it was Pramod who introduced us originally. I'm really glad you're here. Can you tell us a little bit about you and MOSIP?
Yeah, thank you, Daniel, and thank you for having us here. And I work for MOSIP. It's an open-source platform for identity issuance, and we have been building this and making it available for countries in the global south. We have live deployments in four countries and active engagement with another 17 which are going on, and we have issued more than 100 million identity credentials so far.
We also are building an open-source wallet that can be used in these countries, hopefully, and some of the problems that we deal with are very different from the first world where we're having this discussion, and I hope to be able to bring the same kind of interoperability and flexibility to the people of the global south whenever they travel there or when people from here travel to those countries. And frankly, you work for a large bank, but I think you're wearing two hats. You also have some history with one of our panelists in a pan-Canadian venture. Exactly. Very nice to see you.
Thank you for having me. Very nice to see you, Daniel, Marie. Very nice to see you, Eric. I'm part of TD Bank. TD Bank is a large Canadian bank, 25 million customers present in both US and Canada, and we've been very active in digital identity. So we've been one of the founding members of Verify Me that Eric just referred to, so that's an exciting development. I'm also actively involved in open banking, both in the US and in Canada, and TD also has been very actively developing the industry.
We're part of one of the early members of Financial Data Exchange, FDX, the standard that both US and Canada have developed, and that is both countries in the process of hoping to become the official government-anointed standard. And so lots of exciting things, lots of cross-border dialogues. I look forward to this panel. I have noticed we're talking about regulatory, technology, geography.
I'd like to add, and I'll speak to it as we go, yes, we're very differentiated in regulatory, technology, geographic environment, but also consumer, and consumer preferences and consumer psyche is actually quite different, and so I'd like to touch on that as well as we go. Thank you for having me. So when we discussed a little bit before this panel, my first suggestion was to start with the challenges, and I think, Didier, it was you who said, wow, yeah, we talked about challenges so long, we should really talk about solutions and not just get stuck with the challenges.
So very briefly, I think we are facing a couple of obstacles. We need to find, if we want to bridge borders, we need to ensure that we do that in a technical fashion, we do that in a regulatory fashion, we need to have business models that are compatible. If I may start with you, Marie, it seems that in the credit card world we have done that. I can use my, in our case, Visa card pretty much anywhere in the world, and we have overcome those obstacles. Is that a good role model for the identity space and for what we want to do with wallets?
Yeah, I think that's actually a really interesting perspective, but it's not easy. In order for payments to work, there's, of course, regulations to, as anchoring, you can, you know, you need to be a bank to give a card. There are agreements around open standards, there are agreements around processes and rules, and there's a bunch of people, thousands of people around the world making sure that those rules are being followed, the technology is being implemented according to the specifications, we have interoperability, there is certification, there is testing.
So it's a huge amount of effort being put in to make it work, but then it works, you know, at scale and it works predictably. So I think in order to, we can use that as an example of, and to give us hope that it will be possible, that we shouldn't underestimate the work that's needed. And this is also where the importance of private sector, public sector, academia, you know, governments, everyone coming together to create those standards, the processes, and let the best entities do what they are really good at. But I'm sure we can come back to that as well.
So yes, that's an interesting perspective. We can look at that as a way where we have succeeded, it gives us hope, but there's a lot of work. Mr.
Preet, I read somewhere that Bhutan is the happiest country on earth, and in this article it was said that Bhutan is an island of happiness. If I understood you correctly, you don't want Bhutan to be an island of verifiable credentials, but you do look outside of Bhutan and you are looking for solutions that work outside.
Yes, yes, yes, Daniel. Thank you for the kind of compliment with regards to the happiness.
Of course, Bhutan is known for gross national happiness, so we measure our development using the Gross National Happiness Index. Now, coming back to verifiable credentials, of course, of course, when we looked at it, for me, how do I look at it is that the problem and the solution might, I would like to correlate to the story of David and Goliath.
So, Goliath is a very strong person, and then David is a very tiny person, but then it might look that David will never win over Goliath, but then what we try to do is we don't look at the bigger problem, we're trying to find the solutions which is right for the citizens. So, for now, of course, we understand that we might be the first country to implement a decentralized ID, and we might be just the only sovereign nation having VCs in our wallet.
When it comes to interoperability, we do want to look into nations who is planning to implement that or who has already implemented that so that we can test out the interoperability. So, that's why I'm very keen in the developments that's happening in the EU, also to have discussions and see the possibilities, how the Bhutanese-issued credentials are also recognized here in the EU and elsewhere.
So, we're also talking with the Pan-Canadian government and trying to see, but then I think since this is a very new topic and a new technology, not many people are aware, especially in the APEC region, they're mostly happy with the centralized version of the identity which is maintained by the government. I think it will take some time, so we're just waiting and trying to see how it goes. But for now, I think we're very flexible, we're very open, and we're very open to also discuss with anyone, any governments and institutions who want to come and try out the interoperability with us.
I think we're very happy to discuss that. Didier, you really brought this can-do attitude to the topic, and I'm not sure if we will be able to bridge borders, but if we do, then I think only with this kind of attitude.
Yeah, and also, we have been at it for quite some time, and the comment I made about let's look at the opportunity more than the challenges, and then the analogy to the payment network, which is, the learning is that you take a village and you need more than technology, you need governance framework, you need to create a lot of check and balance for the payment networks to work at scale the way they are working today.
Having said that, and again, being always hopeful on my side, I believe that as we are moving into decentralized identity, and we empower users, and they have agency over their data, then the user becomes the point of interaction.
And when the user is the point of interaction, it removes a lot of risk, or I would say, things that you have to do behind the scenes to protect the user being blinded somehow, but if the user is the point of interaction, having agency over their data, you can focus more on user experience, you can focus more on interoperability, when I bring myself as a user into an experience, versus focusing that everybody enabling the experience is actually not doing the bad thing.
So I'm very hopeful that these decentralized trends, and giving agency over their data to the user, and empowering users, is going to make it easier to enable use cases at scale, and minimize the overhead needed around it, that has been needed implementing payment networks and other networks to make it work at scale. So I'm bullish, I've been at it for quite some time, and will continue to make it happen, and I think as well that the focusing on the users is absolutely important. If you have a very good and sleek user experience, then it works.
If it's hard to do, and you're trying to make too much friction, then this is where things start to go sideways, because users or service providers will find a way to deliver the services, or the user to access it, by taking some work around, and this is where the risks are happening. So let's not forget about the user experience, put the user at the center, and make sure it's a delightful experience.
Ramesh, we have heard in the previous panel about Aadhaar, and what has happened in India, and India I think is probably the country that is credited to have invented digital public infrastructure. MOSFIP is trying to bring that fire to other countries outside of India. Are you quote-unquote just looking to enable countries to develop their own national solutions? Are you also interested to ensure that countries will be able to work, you know, bridging borders and doing this on an international basis? That's very much on the agenda.
In fact, interestingly in Africa, there is a free trade agreement across the entire African Union. In West Africa, where we have a lot of our customers, we have ECOVAS, which is all about free trade and free movement. They want to use their national ID card issued in their country to be able to cross borders, access services in other countries, and so on. And similar conversations are there in the Caribbean islands also, where we are working. So it is very much a part of what we are trying to do. Interoperability working across borders is important.
What we are trying to do is bring through the platform a consistent user experience, as well as the underlying trust that is required for actual transactions to really happen. And establishing that I think is very important. I also agree with Marie when she said we need the standards and the laws and the processes in place. And I think that's going to be one of the areas that we all have to work together. The developing world does not have the luxury of doing what the European Union is doing, doing a three-year or five-year exercise and then doing it. So they don't have the kind of budget.
So they have to be very opinionated, make some choices, implement, and start reaping the benefits. So in that process, we are trying to make sure that they are not making choices which are going to lock them out eventually. So that's why there's a huge push on working with standards from our side. Yeah.
You know, I really recommend having a conversation if you can grab Ramesh afterwards, because he and his colleagues at Mosey Barras are keeping us honest at the Open Wallet Foundation also. You know, when we are having conversations about zero-knowledge proofs and advanced biometrics, and then Ramesh would say something like, well, what do you do if the only thing you have is a piece of paper with a QR code or a feature phone that is shared by a family of 12? So I really appreciate that.
Franklin, you are not just at TD Bank, but also at Interact. You're working on a national scheme.
I think, I remember a video conference that we had and we discussed our battle scars in trying to put consortia together. And Matthias actually told me that you might have a more glass-half-empty view today for us. What's your view on cross-border interoperability? It's very difficult. So we have been building this scheme, the solution, the scheme, Interact that Didier referred to. This was private sector-led, this was banks coming together and agreeing to building a scheme.
You know, in Europe, there is an equivalent. It's a bit like bank ID. So coming together, creating a scheme, agreeing on standards, but also on technology, contracting, and building the scheme and launching it. It's quite successful. There's over 5 million users, which at the scale of Canada is quite good. But that is difficult, and I think the private sector can take it to some level. It is not interoperable. It is not crossing the border. Even in Canada, it's not the only scheme, and the world remains very fragmented. I feel what's missing is a bit of a government layer to it.
How does it connect to the foundational pieces of sources of identity? How does it cross borders? And without the government, it's difficult. And so I feel the piece we have been missing in that scheme is a global standard, is a cross-border standard.
And that's why, Daniel, when we speak, my glass becomes half empty, because I'm hopeful that the efforts of the Open Wide Foundation and efforts that you folks are doing right now, including what the European Union is doing, actually, may contribute to getting to a global standard or a standard that can be used across, and then interoperability would be easier. I think it's very difficult for local jurisdictions to achieve it. Conversely, a pure government-led effort is also very difficult.
And we see that there's been a lot of chats in Canada about decentralized identity, verified credentials, and often what gets forgotten is what Didier was pointing out. It's the consumer, the customer. It becomes a concept, very nicely designed, often too complex, but losing sight of the economic reality and losing sight of what consumers actually want. And so I think the happy medium is a strong standard, simple, and local schemes that can carry the flag. Thank you. We see a clock that is blinking, but we can ignore it safely. We're sticking to the original plan, right? Okay. Perfect.
So, when I look at that computer, I don't check my LinkedIn thread, but I look whether there are questions. If you have questions to the audience, please add them to the app, and I can hand them over to Daniel, or I just ask them. This should be interactive, so if you have questions, they will arrive here. I will check them, and I will hand them over. Please do take advantage. This is not a YouTube video. You can make it interactive with your questions, and really, please do so.
A lot of you have mentioned that we need to put the customer in the center, and I think there will be regulatory challenges and technical challenges, but ultimately, maybe the key challenge is to ensure that customers want this. Marie, in addition to being at Visa, you're also part of one of the large-scale pilots, and you're looking at concrete use cases. What are the use cases, and maybe specifically, are there some cross-border use cases or use cases that you think will benefit from international interoperability that you see as part of your experience at Visa or at the EWC?
Yes, so we are involved in the EWC large-scale pilots, focused around travel, payment, and organisational identity. The kind of use cases we're looking at there are related, of course, to travel and cross-border, advanced passenger information, whether you want to book an airline, book an airline, book a flight, sharing your identity credentials with the hotel when you're checking in. Trying to get the border authorities involved was a little bit difficult, so, you know, you had to put that one on hold.
On the payment side, we are looking at how you use your EOID wallet to authenticate a payment transaction, as well as to initiate a payment, and then for organisational identity, it's around onboarding a new supplier and a few other use cases, internet domain registration, and so forth. I think payment is expected, hoped to be one of those frequent use cases that will drive consumer adoption, that will help the consumers to see, yep, there's something in this for me.
It's not that often you log into a government service, or you do a tax return, or indeed even open a bank account, which is also expected to have great benefits for, so that is one of those frequent use cases. I don't think that we've found the silver bullet yet, to be honest. We see how we can make the user experience for payment authentication and for payment initiation good, and we can have more flexibility around the payment credentials and how the authentication is done to improve the user experience, and to have a richer set of payment opportunities.
You know, being able to hold a payment credential or a token in your wallet, and using that in store to payment is not possible, and so forth. But still, I think that there is, in fact, more work to be done on these use cases, and I'm really not sure that there's going to be one use case that's going to, you know, save them all, kind of thing.
As we're looking around on the, I think my last point is that, as we're looking around on the existing identity system, you take the bank IDs and the it's me's, and so forth, it's, and in France as well, it's each country have a different use case that was really driving adoption. So, during a time in the pandemic, it was, you want to go to a restaurant, you need a COVID pass to get a COVID pass, you need a digital identity.
Great, then that was the use case that doubled the customer base at that point in time, in that setting, which is why I think, coming back to a previous point I had about this collaboration as a public-private partnership, there will be situations where the government say you must do this, and then that could drive the demand for getting the adoption for the consumers, and of course, by the government trusting the wallets, private sector, public sector, it means that the consumers can trust them as well.
So, I think the use cases will vary by country, it must bring convenience to the consumer for sure, and I think that there needs to be a collaboration with the government that they are eating their own dog food, drinking their own champagne, those kind of things as well. So, yeah.
So, Preet, if you had a magic button and you could enable one use case on a global basis, any contender? Kind of difficult to think of that, but definitely, I think, for me, I think the magic button is, I think, like if I have to give the example with Bhutan was probably, we didn't debate or deliberate much on a lot of details of what happens if this goes wrong, what happens if that goes wrong.
Probably, we like the philosophy of being decentralized, we like the philosophy of empowering user with their own identity, and then we work towards developing a product and a platform to give that rights to the user. And now, as we have onboarded people, as we have developed use cases, we know there is going to be challenges, we know there is going to be problems. I think we take it one by one and try to resolve it and find a solution for it, but I think if we just keep, like especially for Bhutan, being a very small economy, we can't afford to keep debating and doing large-scale pilots.
I think we're going to have fun for that. So, we just started with a very small-scale, like kind of development of the product, tested out a few users, and now we have rolled out. I think probably if there are, especially if not EU, if there are countries outside EU who wants to actually take the rigs, I think I would say you could press that button and go and implement the decentralized idea. I think that should be good for you. What are you most excited about, Didier? Is there any use case that you think is going to be the carrier rocket?
Yeah, I don't know how long it will take, but in my personal experience, I think we saw already a lot of evolution on having the ability to reuse credential or step that you did privately, but it's still limited to a given ecosystem or a given app. So, for me, the ultimate benefit of decentralization is not creating a silo of wallet, but it's allowing me to reuse across as well.
So, reusability across is the ultimate endgame, and reusability of not just identity, but I want to have different persona. It's contextual as well.
So, how do you enable that without overwhelming me? So, I'm a true believer that at some point we will have in our pocket working for you, your own personal assistant that is able to understand the context and manage your data and be able to reuse an event that you did somewhere else in the proper context without overwhelming me with too many questions.
So, I'd like to have that in my pocket 24-7, and even sometimes I'm okay for my personal assistant to act on my behalf. You asked me the question two times. I was okay to share my passport detail when I bought a British Airways flight. Why don't you remember that for me for the next six months? But I want to have agency on that decision. I don't want somebody else to take it for me.
So, I think once we move into a personal assistant attached to my data with contextual decision being made for me at the point of decision, then it's really going to help me out a lot. And I think with AI advancement, we are starting to see this notion, this notion of personal AI, decentralized identity, I'm having control over my data, help me take a decision versus clicking yes on the cookies because I don't want to read all of that, is going to be very transformational for user interaction. And we are not that far from making that happen.
Ramesh, you're active in many countries. Do you see, basically, there is this killer use case in every country, at least across Africa, or are there different customer needs? And it's really a country by country thing. I think it depends on what their priorities are. But largely, the theme is government to people benefits delivery. Social protection use cases are very high. And in conversations with agencies like UNHCR, I can imagine their people actually using the IDs tens of times a day for different service access.
So, I would say that social protection would be a large driver. I also see payments being the single largest use case. After that, I see access control, keys, passes, those kind of cases being frequent usage drivers. But storage and presentation of educational work skill credentials is also something that's seeing a lot of interest.
So, we are already working on a couple of universities to issue credentials and store them in wallets and apply for jobs using these credentials. So, these kind of cases are some things that we are seeing in action. But the single largest driver for us is the social protection case.
Franklin, have you come across anything with Interac and the Canadian scheme where people said, oh, I wished I could use that in the U.S., for instance, when I cross the border? I wish I could use that in the U.S. The cross-border is a very high bar.
I feel, you know, if you ask what's my magic button, what would I do, it is that. It is, as a bank, in Canada, we have a lot of immigrants every year. We onboard a lot of new customers who come from different countries.
And KYC, Know Your Customer Identity Verification, is very difficult. It's very difficult to cross-border.
You know, it's almost impossible digitally. If we could solve the standard, the technical limitations, we would also have a regulatory issue.
As a bank, our regulators need to recognize other countries' identity in a digital format. So, there's a lot of issues here.
I feel, I'm going where Ramesh is going, which is for these services to become ubiquitous and actively engaged, to me, it's not identity on its own. It's too hard and a very high bar. But it's identity traveling with payments and with data. And when you start to have identity payments and data flowing together, this is, in my view, this is the blood of financial services. This is what powers financial services. And countries who have mastered the three together have a high usage, and it really helps financial services function smoothly.
So, I'm hoping, for Canada, I'm hoping we would develop that. I'm hoping the U.S. market would develop that, and then down the road, we become interoperable. We have one question from the audience, and I think I liked it very much, because the title of the panel is Bridging Borders. But from what we've seen and from the discussion for the first 20 minutes or so, and also in general, we see that governments want to reinforce borders rather than bridging them. At least it feels sometimes like this.
So, how can we reconcile these perspectives? And maybe to add from my side, I'm a citizen, and I enjoy using this Schengen Treaty to enter a plane in Frankfurt without showing my passport. I travel to Barcelona, I leave the airport without showing my passport, and then I show my passport at check-in and hotel.
So, the question is, could we see such use cases really cross border and really to the benefit of people? And what can we as this group of people do for that? Who wants to answer? I can give an initial answer, and I'm sure that there's many who would like to complement. And in order, at least within the EU, I can see a future where you can take your EU ID wallet, it should, you know, got the PID from Spain, and you can take it to Germany and it'll be accepted.
I think in order to get beyond those borders, we really have to start looking at where, in what forum, how do we get the mutual acceptance? Under what circumstances is my digital identity accepted for a hotel in a different country?
Where, which entities will agree on that mutual acceptance, that mutual acceptance? What standards will we then choose?
So, the Commission has made certain choices in the ARF and so forth that we are, many of us are actively working to improve. Is that going to be the global standard? I'm not sure. But it's a big question in my mind, where does these agreements take place? Is that in the OECD? Is that in the UN?
I mean, the ITU that we know about now? Or is it in the standards organizations? And this probably is a bit of both. But I think in order to solve that problem, there needs to be a deliberate effort. And that's not just the EU, although that's creating a certain sense of direction, you know. We talked about yesterday, I think, and we mentioned the commitment phobia. I thought that was a lovely, you know, expression. The EU said, this is it. This is what we're doing for now, right?
So, where do we get the similar statements and an agreement from other countries? And this is where I think the US is extremely important, of course. It's a bit of a void there. And other countries. But where is that forum? What are the standards organizations? What are the, you know, acceptance to mutually recognize a digital identity from one country to another? Or is that bilateral? And then we'll take some time.
So, I think it's a good question, but hard to answer. True. I'd just like to add to the conversation.
So, we have a big challenge in front of us, which is that wallets can be really disruptive. And if businesses have to start accepting wallets or credentials, they have to change the ways they work, they have to change the tools they work, and they don't know whether they are good, they can trust them or not.
So, it's a matter of awareness and education and policy to drive towards that. The benefits that can be reaped are really high. We can bring down costs, we can bring down friction, make life really easy. But a lot of businesses are going to have to change the way they operate. And I think that changing that is the real challenge that we're going to have. If I can interject, I'd like to highlight what Marie was commenting on standards across the world and the EU developing a standard. The world of standards is fascinating because it is the underlying rail for any interoperable system.
And yes, we will need governments to want it as well. But standards is the key, and it will go a long way if you could have a global standard. The US is a very interesting market where there is no common standard. There's a lot of initiatives, lots of voices are talking about the standard. Nice is trying to develop a view. It seems that the mobile driver's license is becoming a de facto standard, mostly driven by the private sector, actually. I think the world has an opportunity here in that Europe has an opportunity to change the world.
Europe has a very programmatic, top-down approach to developing a standard at scale that works for many jurisdictions. If that standard is well done in an open way, done in a way that can be adopted by the rest of the world, I think this standard has a shot at becoming a global standard, and that would be quite powerful. And it's been done before.
Today, most components of our mobile phones across the world actually are based on a European standard that was adopted a long time ago. When I think of the word standard, I think Europe is doing something very interesting at the moment, and I hope you folks will serve us in North America to have a common standard.
Didier, I think you have 70 seconds for the closing. I think we should, as well, coming back to the user, let's not underestimate the power of the user. I know that in many situations, we try to plan standards and governance and everything to plan for the worst, but I think the key to the adoption is empowering very simple use cases where users will demand for it. You mentioned the example of the hotel, they are asking for my passport. In some countries, the hotel has to do that. In many situations, they don't, but they do it because it was the only way they had.
If all of a sudden, the hotel chain provider is starting to focus more on the user and on delightful experience, and it's starting to happen where I could show up at a kiosk, scan a QR, provide my information in a privacy-preserving manner so they can do the check-in and comply with whatever requirement they have, which very often are much less than what they are collecting right now, guess what? Next time, I will use that hotel chain versus another one.
So if we start focusing on making the experience much better for a user, that will drive benefit for the relaying party, for the hotel, and we will start changing habits. So I would say again, delight the user, and they will push and force for the change. We have seen that happening in other industries as well. I think delight the user is a great closing statement. Thank you very much to all my panelists, and I think we have one more panel.
