Page 64 - ITU-T Focus Group Digital Financial Services – Technology, innovation and competition
P. 64

ITU-T Focus Group Digital Financial Services
                                              Technology, Innovation and Competition



               be identified across financial service providers, thus significantly simplifying the account opening KYC process
               and regulatory compliance, to the benefit of both the banks and their customers. It is expected that the BVN
               programme will be extended to the DFS sector in the coming months.
               There are moves to ‘harmonise’ BVNs and the national identity numbers (NINs) issued by NIMC, with the NIN
               being the primary identifier and the BVN being a secondary field. However, given the relative ubiquity of BVNs
               when compared to NINs (and NIMC cards), this process may take some time.


               7.3.2   Liability

               The gap between consumer awareness and industry use of personal data defines a requirement for consumer
               protection beyond the realms of consent.
               Consent legislation is becoming increasingly undermined by unrealistic expectations placed on the consumer
               to understand what they are consenting to. As this trend develops, there is a need to establish regulation
               (where there are deficiencies) defining standards of conduct between consumers and the entities which use
               their data; to establish best practice guidelines; and to promote their adoption.





               8      Recommendations

               Recommendation 1:  At the time of registration, a DFS operator should create a digital identity for their
               customers, for use in both DFS transactions and (where relevant) in identity assertion with external service
               providers:

               •    This transactional identity should be derived from a state-issued foundational identity to ensure reliability,
                    flexibility, and control.
               •    Clearly this is not possible if there is no state-issued foundational identity service that can support the
                    validation of a foundational ID against the national identity service in quasi-real time. In this case, see
                    Recommendation 2, below;
               •    Ensure that the transactional eID is authenticated locally, not remotely, to ensure maximum security;

               •    Ensure authentication (local) is separate from authorisation (centralised);
               •    Make provision for periodic re-verification of identity attributes.

               Recommendation 2:  Where a customer is unable to provide a foundational document of digital identity,
               consider the issuance of a dynamic, self-asserted digital identity, which may be ‘stepped up’ over time and
               as required.

               •    The LoA of this digital identity should be developed over time, as required to access new services, by
                    measures such as:
                    •  Associating a strong form of authentication such as biometrics (see the limitations of biometrics
                       described in Section ‎3.2.3) with the identity, so that the service provider can be assured that the
                       same person is accessing the service on each occasion;

                    •  Attaching an attribute - noting sponsorship/endorsement from someone who does have the necessary
                       documentation/state-issued digital identity;

                    •  Verifying the 2FA opportunity presented by a self-asserted mobile phone number, backed by SIM
                       registration;

                    •  Adding additional attributes as further documentation, which may be subject to validation, becomes
                       available;

                    •  Noting repeated/consistent usage of the digital identity over a period of months.



                50
   59   60   61   62   63   64   65   66   67   68   69