Scandinavians are weird. I noticed as much when I moved to Italy and became a world citizen for a while. It’s not just the fact that we live for the summer and act as self-guided photo voltaic panels when the sun peeks behind the clouds and we try to catch each and every ray. It’s also not the fact that we freak out when another person comes inside our one meter / three feet personal space. Neither is it the fact that we have more saunas than homes in this country (Finland) – and we use them almost each day. It’s the fact that in a country of five million people a single mobile network operator moves more data compared to its European counterparts such as Vodafone Germany, TIM Italy or O2 UK. It’s because banks here in Finland have a long tradition of making business with the identities they issue to their customers. In fact, I use my bank issued ID more frequently to login to third party services than to my online bank. Both of these have a common denominator – we embrace technology that frees us from social interaction, or like someone else might say; waiting in lines and queues.
The looming Payment Services Directive 2 might seem like a bugaboo to established financial institutions. There are a lot of changes coming with this directive, and from the Identity and Access Management (IAM) perspective, one key requirement is strong authentication. Other notable things include; mandatory APIs, improving regulation around new payment methods, increasing competition and efficiency, lowering cost, improving consumer protection, etc. Quite a few things seem to be changing. Using the Scandinavian example, financial institutions can turn the strong authentication requirement into a business opportunity. This business model has been proven to be viable and scalable in the Nordic markets.
The World's First Online Forest Asset Management Service
Let me give you an example. Our customer, Metsä Group (Metsäliitto cooperative), a forest industry group with €5 billion turnover, launched the world’s first online forest asset management service. The Metsäliitto cooperative has 116,000 member-owners. Most of these owners live in the cities now. The traditional model of owning, tending and living in your lands has disappeared to some extent. These city-dwelling owners sometimes have huge assets that need tending, and that can be sold. One acre of forest equals to €1600 on average (€4000 for a hectare).
The online site enables the member-owners to take care of their assets and sell it. The transactions can be of high value and that means that strong authentication is the only choice. Metsäverkko uses GlobalSign SSO to enable their member-owners to use their bank issued credentials to securely login to the site. If the asset has multiple owners through inheritance, each owner can securely login to the site from the comfort of their home couch and approve the transaction.
Since its launch last summer, Metsäliitto now acquires 25% of its raw material (wood) from its member-owners through the online service. The acquisition of tending services is even higher at 30%.
This is a valuable service for both Metsäliitto and the member-owners of the cooperative. This wouldn’t be possible without strong authentication. The strong authentication is provided by banks.
Identity Management Business Modelling
Financial institutions around the world have a treasure trove of valuable information that can be turned into a business opportunity – identities. Behind our online banking credentials sits a digital identity with properly vetted attributes. Banks around the world enjoy the status of being highly trustworthy organizations and therefore the digital identities they issue should enjoy the same trustworthiness.
In my home country (Finland), banks have sold authentication services for third parties for years. It’s an established business for banks and generating revenue each year. As new digital services emerge such as the Metsä Group online site, the need for trustworthy digital identities will grow. And, if someone raises their eyebrows and thinks what about using government issued electronic identities, please consider this; Finland was the first country in the world to introduce the eID and as of February 2016 eID users accounted for 0.15% (4,508 transactions) against the bank IDs 94.18% (2,846,933 transactions) in an eGovernment portal. The eID model is clearly not working here, but it is working in Estonia, where two out of three founding organizations behind the Certification Authority responsible for eID related services were banks.
On average, a single bank authentication costs €0.30. If you take the above example of a single eGovernment portal, bank authentication generates a revenue of around €10 million (12 months x 3 000 000 transactions x €0.30). And remember – this is an eGovernment portal. How much would the revenue be for a high-volume site?
Naturally, a €0.30 transaction fee might sound ludicrous in some market areas. But, it’s clear that the financial institutions can leverage identities in generating revenue. There are multiple ways you can commercialize identity services. Another benefit of selling authentication services to third parties is loyalty. If you can use your bank ID somewhere else, it becomes much more important to you.
Financial institutions as identity providers is not a technology issue. The Scandinavian model was built before modern federation standards, such as SAML, WS-Federation, OpenID Connect or OAuth. Today, products, such as GlobalSign SSO and GlobalSign Trust, can be deployed within mere weeks with all the relevant standards built-in to enable new business for financial institutions, but also help them meet the new authentication requirements of the PSD2 with modern solutions like smart phone app-based biometrics from one of our partner.
We are at the Money20/20 Europe event on April 4th – 7th in Copenhagen. Come to GlobalSign stand K30 to hear how we can help you turn PSD2 into an opportunity.