Santander's aspirations to be your trusted identity custodian

Profile picture for user gonzodaddy By Den Howlett December 3, 2020 Audio mode
A trusted global identity is on the horizon. This is the story of Santander's involvement in that project and what it means for everyone.

Rod Boothby
(via Rod Boothby)

I recently caught up with Rod Boothby, Global Head of Identity — Digital Platform at Santander. The podcast rendered copy of our hour long conversation is above. An audio version of this text version is also available via the icon at the top of this story. 

I've known Rod for around 16 years. He was both influential and helpful in figuring out how to use blogs back in the day. Since then, he's enjoyed a career in various business and technical development roles, including periods at Wells Fargo, Joyent, and AIG. In short, he comes from a real pedigree in solving hard problems. His background in financial services struck me as an excellent fit for Santander when they came knocking. Eighteen months or so on, and Santander is at the cusp of providing the trusted custodial identity service needed by consumers and their suppliers alike. 

Moving mountains

In going to Santander, Rod was taking something of a risk because the general premise is that he would lead or be part of a team tasked with building out a new, global platform for the digital age. That always struck me as a vast, if not an impossible undertaking. Rod explained how the team was built for success and the fundamental problem it is solving:

It's tough to move a huge organization. And it's challenging to change the way it goes to market, especially a company that has been built out of an acquisition strategy because you have a lot of fiefdoms. But you can show the way; you can light the path that others can storm down. And that's what we did. It's a very clear path for the individual countries and the global group to understand that what we're building is a real cloud platform. This is what a very agile system looks like where you can kick out new applications very quickly and adjust to all the fintechs coming in. The bank's doing that. But the team also created space and opportunity to radically fix enormous global problems. And trust and truth on the internet turned out to be the critical flaws on the internet today. And what we worked out very quickly. And the data backs it up because while people may not trust banks always to give them a good deal or give them the lowest rate, they trust them to protect their assets.

The dangers of digital

As the conversation continued, we quickly got to the nub of the identity problem. As Rod explained, you walk up to a service desk in the analog world and show the provider a piece of paper, usually with your photo attached, which comes from a trusted source, often the government, and you're good to go. But this is an expensive process for everyone involved. There has to be a better way in the digital world, but equally, it is challenging because your digital identity is broken into many different pieces. 

The piecemeal nature of what makes up a digital identity makes it relatively easy for fraudsters to pick up enough information about individuals to establish an identity they can use to scam both you and suppliers in multiple ways. That presents risks on both sides of a transaction.

As the team explored Santander's potential to act as a trusted custodian, they discovered that there is a myriad of ways in which digital technology offers pieces of the puzzle. He explained, for example, that in some countries, a picture of your hand and face can be used to create a biometric measurement of your heartbeat, which, in turn, can be used to identify you. But again, this is only a part of the puzzle. Taking this concept further, Rod suggested that, like Twitter uses a blue tick mark to indicate that a person is recognized as verified, the bank can use the many ways it can verify you and perhaps attach a similar verification mark. As a person who pays, you want to know that the person you are paying is who they say they are too. Rod told a horror story about how a friend of his was duped and forked over a substantial sum of money that, quite literally disappeared. ROd explained that it isn't just the consumer who gets scammed: 

Big companies get fake invoices all the time; it's a real problem and getting harder to distinguish from the real thing. Receipt via a trusted mechanism - such as the bank - could be a critical addition to a fraud prevention team's weapons arsenal.

We've seen consultancies sending over invoices with wire instructions in Word documents as though email can't be hacked, and no-one's going to change the Word document and put in new payment instructions. It turns out that SWIFT and all these other things when you wire money, it's blind at the other end. So it is effortless to perpetrate simple fraud.

We then discussed the curse of false positives where a bank calls customers time and again with fraud inquiries. That happened to me, and eventually, I switched banks. It was all too tiresome. It turns out this is a favorite way for fraudsters to discover more information about you and your spending habits as they assemble profiles of people they figure out are vulnerable. Rod said that:

People don't realize just how much data is out there and held by the Google's and Facebook's of the world. You can ask them, and they'll tell you. But would you trust those services as custodians of your identity. Of course not. The tech companies are in the business of monetizing data, your data. Banks are in the business of monetizing your privacy.

And it's already working in some parts of the world. 

In the Nordics, you can get a mortgage approved in minutes. They already have identity systems that allow them to build services around identity management such as this type of transaction. We want to take this idea globally.

The way Santander is working in this provides the user with full control over what is shared. In some situations, such as a mortgage loan application, the mortgagor will likely need a lot of information about a person to determine their risk profile. As the mortgagee, I will approve access to various types of data, some of which my bank holds for itself and some of which is controlled by third parties. In this case, Santander wants to be the trusted custodian of all the required data. As the customer, we hope that you would see us as that trusted provider. In turn, the bank can earn revenue, providing that service but at a fraction of the cost in both money and time. 

Open source matters

That sounds fine in theory, but how does that idea work in practice? There are three legs to that issue:

  1. Santander partnered with the open-source OpenID Foundation.
  2. Santander determined that what they're developing should be an open-source standard, freely available to anyone.
  3. They advocate the idea to other banks. 

We went to PayPal and eBay who like the idea but said that to make it work, everyone needs to be using the standard. eBay wants both people (buyer and seller) to be verified and to have a trust stamp. 

That encouraged Santander to start talking to other banks. It reached out to the Institute of International Finance, which allowed it to access other larger financial institutions. Santander has agreements with several in the UK and others. It is early days but Rod believes the combined influence of these institutions improves the prospects for success. 

The potential is far-reaching with advantages in cost reduction and convenience. Rod gave the example of British Airways:

BA today scans your passport multiple times before you fly from London to New York. Why? Because they get charged $50,000 by ICE in New York if they drop off somebody who's not legally allowed to be in the US. Plus, they have to fly them back. So they want to transfer the risk. They want somebody else to confirm this person is who they claim to be, that they have a valid passport, that they have the right entry visa, and soon, probably, that they have a current COVID-19 vaccination. And if they can't confirm all those things, BA pays. The airline will pay a small fee for someone else to do that for them. They no longer need staff double checking all of that stuff. They no longer have to take the risk. So it's buying insurance. And transferring the risk from the reliant party to the bank means that we can take the risk or we can lay it off. That's why the insurance companies are all interested.

Executive sponsorship

But this is only one of many examples that McKinsey looked at in answering what a solution to the identity problem could do for the global economy. McKinsey says that in advanced economies, it'll increase GDP by three percent. And it'll increase GDP by six percent in developing countries. That's an enormous amount of value coming back into the world's economy. When thought of in those terms, it is not surprising that Santander wants to be considered a leading player. 

None pf this happens without executive sponsorship and here Rod credits Ana Botin, executive chair at Santander, who recently said the following on LinkedIn:

Together with The OpenID FoundationInstitute of International FinanceIBM and Slack, among others, we're encouraging developers around the globe to help us innovate how data are shared, verified and trusted. 

As digitalization expands across the world, our expectations have become significantly higher: we will only use products and services that provide excellent customer experience without compromising our privacy and online safety.

Building digital trust is now more urgent than ever. Despite two decades of progress in tech and digital, everyone still needs a physical form of identification and we have yet to create a sure-fire way to identify ourselves online. Digital trust will not only help us serve customers better, but also make society more inclusive.

Join us until 10 Dec. and share your ideas at ‘The Santander Digital Trust Hackathon’:

You don't get support much stronger than that and I heartily recommend that aspiring developers check out the competition. There's real money on the table.  

My take

When I first met Rod in his current role I was left wondering whether he was chewing off something that has eluded so many in the past. To have reached this point in such a short period is an amazing achievement to which everyone should pay attention. The positive impact that trusted identity could have on many parts of our global digital lives is off the scale of anything I've seen in recent years.

This is a topic that has largely gone unnoticed in the wider technology world but as many businesses and organizations respond to the pandemic with digital initiatives, identity is now part of the burning platform problem. Santander's position could not be better to both provide a positive impact in the world while profiting from their work. Why? Because trusted identity is the basis of a platform from which many services can be built.