Shieldpay stories

Get in touch

Why a single digital identity is the future of online security

In an age where so much of our life is conducted online, the idea of waiting in a branch clutching various documents to prove identity seems old fashioned in comparison. Rifling through filing cabinets to dig up proof of address, passports, driving licences and utility bills is often a painful – and repetitive - part of instructing a solicitor, applying to open a bank account, or for a personal loan or mortgage. It’s also an essential part of these industries’ compliance process; companies need to know that we are who we say we are.

While the move to the online provision of services has proved to be a game changer for these industries, it has also presented businesses with huge risk. Security systems have had to be radically overhauled to protect both consumer and businesses alike, with new requirements driven by the introduction of Anti Money Laundering (AML) and Know Your Customer (KYC) identity checks. These are costly and time consuming and have brought the previously obscure world of identity verification into sharp focus, highlighting the need for sophisticated technology to step in. The online-driven world has also opened up opportunities for cybercriminals to exploit system loopholes or unsophisticated participants. In July this year, the Government issued an open call for evidence on the future of digital identity[1], announcing a commitment to “enabling a digital identity system fit for the UK’s growing digital economy.” The evidence is being reviewed, but what’s certain is that digital identity is one of the biggest opportunities, and biggest challenges of the digital age.

One of the aspects of property transactions blamed for the length of the process, is the need for individuals to submit the same information time and again to access different services. Repeatedly printing off documents to submit in person or via post is onerous, but also potentially intrusive and not secure. As the Call for Evidence notes, individuals should be able to create digital identities under their own control, and then use different verified attributes to access various services as and when they need to. It hands them far greater oversight into the decisions they are making, and how their data is shared, in a secure environment.  

Progress has been made by some law firms, agents and banks. They will use credit reference agencies to search for sources of information and validate identity, open banking to further validate information or source of funds and even selfies and liveliness tests to confirm identity. Just take the journey on any of our challenger banks to see for yourself. These are sophisticated businesses with digitally savvy end-users. For most who are required to undertake such checks, the collection and validation of customer data industry is still far too fragmented and opaque, with a myriad of different sources needed to be used and service providers claiming superiority.

Then there is the pressure on managing customer expectations and creating a positive user experience amid these regulations, and the risk of alienating individuals by overusing their data or going so digital that some parts of society are left behind. The restrictions introduced by GDPR go head-to-head with the AML requirements. On the one hand, we have an increasing focus on verifying – and holding – personal data. On the other, penalties for incorrectly processing this can lead to penalties in the millions, not to mention a lack of trust.

The creation of an identity in a single, digital ‘passport’ could be a way to mitigate this; developing a footprint that is verified, secure and easy to disclose without the risk of oversharing data. Holding the information using distributed ledger technology (or centralised database), with the user handed control, would remove the need to release the information more often than necessary. There are steps in the right direction from the private and public sectors: the recent HM Land Registry Digital Street proof of concept, of which Shieldpay was a key contributor as settlement agent, successfully completed the test property transaction on the blockchain where Yoti, a digital identity company, was used as the sole KYC provider for all stakeholders in the transaction: Barclays, Premier Property Lawyers and Mischon De Reya, HM Land Registry and Shieldpay all relied on Yotis checks. The aim was to show how buying and selling a home could be made simpler, cheaper and quicker through a digital transfer of ownership, but it also showed how one trusted source of identity verification could be used by all relevant stakeholders. While this was a pilot only, at Shieldpay we verify the identity of all parties in any transaction and are looking at ways that we can allow stakeholders involved in an end-to-end property transaction – or any other transaction – to benefit from the checks that we do.

The notion of a national identity card has been resisted in the UK in the past, but will our continued adoption of the digital world not require something akin to this, whether government or private sector operated? But if such ‘passport’ were to acceptable to all stakeholders, the potential cost and time savings that could be realised by tackling upfront identity checks is significant. Governments need to be more amenable to open sources of data to verify identity and relinquish control and oversight back to individuals. At the same time, they must also set strict guidelines on corporate identity and what needs to be lodged. In these domains, the UK is lagging behind our Nordic, Australian, Indian, Singaporean and Chinese friends, who all have forms of centralised digital. Given some of these countries may be considered to have gone too far, with 84% of financial services firms in the UK concerned about their ability to identify customers[2], we have some way to go.

There is no doubt in my mind, that a trusted means of proving you are who you say you are is the future of online security, and our lives on the internet and off it. Whether it’s something as simple as switching bank accounts or eventually applying for a mortgage through facial recognition, it’s only going in one direction – and that’s up. 


[1]Department for Culture, Media and Sport, Digital Identity: Call for Evidence, 2019:

[2]Forrester, 'Leaders in Financial Services Are Experts in Customer Identity', 2018


Geoff Dunnett is Professional Services Director at Shieldpay, a secure payments solution offering services from Corporate Escrow transactions to Third-Party-Managed Accounts (TPMAs).


Want regular updates straight to your inbox?

Recent Posts