Business / technology
Your digital ID wallet
On a mission to provide a simple tool that easily confirms and controls your identity.
Personal Identifiable Information (PII) is data that can be used to confirm someone’s identity and can be further distinguished into sensitive and non-sensitive.
Depending on where you are in the world, PII might be known as something slightly different, but there is one common global goal: an increased level of safeguarding PII. Another aspect is educating individuals about PII ownership and management.
There is also an increased need for different methods of managing PII.
For example, the Open Banking concept gives individuals greater control over their banking data. It means you can share your external data with your bank of choice and share your bank data with accredited organisations. It could also improve how you compare products and services between organisations, making it easier to find a better deal.
When it comes to technology, Croatian company Identyum is joining the global challenge of developing a product that will deal with PII and give power back to its owners.
Identyum is on a mission to give complete control back to people with their identity data, so they can use it whenever and however they choose.
They are also helping companies transform their businesses by providing the platform for frictionless and legally compliant customer digital onboarding, authentication, data sharing and document signing.
We spoke to Robert Ilijaš, CEO, about their product and how identity proof works with Identyum.
Can you explain the concept of open banking in a short few words, and why is it such a critical technology enabler globally?
The fundamental concept of Open Banking is 100% automation of banking services. Currently, banking services like payments, loans, and deposits are used by humans. For example, through the Internet banking web interface or mobile banking application on your smartphone.
The concept of Open Banking introduces a new paradigm – that these banking services should be accessible and used by ‘other programs’ instead of humans.
To simplify, this essentially means that your bank would provide a programming interface for other applications so that, for example, you could arrange a car loan via your local car dealer’s mobile application.
How does the Account Information Service Provider (AISP) license define what you can do?
Under EU’s PSD2 regulation, the AISP license allows us to connect to any EU-based bank and access the end user’s payment data. Of course, we are permitted to do so only after the end-user gives us their explicit consent.
This payment data is essential as it serves as input to higher-level services, i.e. loan or insurance approval processes.
Why are some terrified of digital identity, and how do you explain its benefits to the average person?
Generally, very few are terrified, but those who are, it’s usually because of previous negative experiences with digital services and digital presence.
Unfortunately, we live in a society that has exploited personal data without control for the good part of the last 20 years.
People create profiles and share their data on social networks. Still, for the most part, people’s profiles are nothing more than a product that is being sold and resold by social network operators to advertising companies and pretty much everyone willing to pay for it.
Identyum’s digital identity is the exact opposite. Our mission is to enable 100% control over personal data. Your personal data should be yours only, and you should have total control over who, when, and for what purposes it can be accessed.
How does identity proof work with Identyum, and how can one ensure personal data protection by using the Identyum digital ID wallet?
The key concept with Identyum’s ID wallet is that the personal data within a person’s wallet is not accessible to anyone else but the wallet’s owner.
When creating your Identyum ID wallet, you have to define your Identyum PIN, which is never stored anywhere and encrypts your personal data within your wallet.
Whenever you decide to share some subset of your personal data, you have to enter your Identyum PIN to get it decrypted and made accessible to the person or company you have chosen to grant access to your data.
Identyum does not know your Identyum PIN, so not even Identyum can read your private data. Even further, you always have to authenticate yourself with a 2-factor authentication so that no one else can gain access to your data.
How does Identyum provide financial capacity proof?
By using PSD2 AISP APIs, since Identyum is licensed to access payment data, of course, with the owner’s explicit consent, it can provide higher-level services on top of it, like, i.e. algorithms for calculating financial capacity.
This, in essence, means that different variants of “aggregates and scores” can be calculated, like, i.e. your average salary, your capacity to repay a specific loan or even your insurance index.
Of course, it all depends on whether you consent to those calculations and to whom they would be delivered.
How can businesses enrich their workflows with your tool?
We provide programming interfaces that allow businesses to transform their customer-facing channels into a fully digital and remote experience.
This means fully remote, automated, and legally compliant remote identification or digital onboarding or Know Your Customer (KYC) and authentication, combined with the functionalities of lawfully valid electronic signatures and external data extraction like, i.e. AISP data for financial capacity scoring.
You recently obtained ISO 27701, Standard for Privacy Information Management. Why was that essential for you?
With ISO 27701, we’ve ‘put our money where our mouth is’. ISO 27701 is an international standard that certifies that the company manages personal data in the best way possible, compliant with leading security standards. It, therefore, proves to our end users that their data is safe within their Identyum digital ID wallets.