In October 2016, technology start-up SecureKey raised C$27m ($20.25m) in funding from Canada’s top banks to build a federated digital ID network for Canadian consumers and businesses. Robin Arnfield reports.
The new service will build on partnerships that Toronto-based SecureKey has already established for SecureKey Concierge, an authentication service which enables Canadian consumers to log into multiple Canadian government services using their bank ID.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataBanks
SecureKey has signed up Canada’s six largest banks: Royal Bank of Canada (RBC), TD, Scotiabank, BMO Bank of Montreal (BMO), CIBC and National Bank of Canada, as well as Quebec’s Desjardins for SecureKey Concierge. BMO, Scotiabank, CIBC, Desjardins, RBC and TD all participated in SecureKey’s October 2016 funding round.
SecureKey Concierge offers a single sign-on alternative to consumers having to remember multiple Canadian government-issued credentials.
“There are about 80 different online Canadian government services that you can use your bank credentials to log into via SecureKey Concierge, instead of a government-issued user name and password,” Greg Wolfond, SecureKey’s founder and CEO tells RBI. “These are sites such as Revenue Canada, Service Canada, or Citizenship and Immigration, that have high value but don’t get frequent use.”
“We have millions and millions of users of SecureKey Concierge and we’re adding on average 200,000 to 300,000 new users a month to the service,” says Wolfond. “It took a while to get all the banks on board, but we have full coverage now. We made the system really respect the privacy of the citizen. When you log in to pay your taxes, for example, the government can’t tell which bank you are using to log in, and the bank can’t track what government service you are accessing.”
Wolfond is a serial entrepreneur whose earlier companies include Footprint Software, a financial software company he sold to IBM, and 724 Solutions Inc., a wireless infrastructure software provider.
“You are you” digital ID validation
“The reason we got the six big banks to invest in us, is that we see a window of opportunity for a ‘you are you’ digital identity validation platform,” says Wolfond. “We want to take our easy to use website log-in process and use it to provide a federated ID system drawing on multiple databases that lets someone show up somewhere, prove who they are and get immediate service.”
A key regulatory change facilitating adoption of a federated digital identity system is the fact that the Canadian government amended the Proceeds of Crime (Money Laundering) and Terrorist Financing Act in June 2016. The revisions allow greater flexibility in the methods for verifying identity in non-face-to-face contexts, and enable consumers to open accounts with electronic signatures instead of paper signatures.
“SecureKey’s new service will let consumers use their smartphone to verify who they are online, in person, or over the phone, in a safe and secure manner that is completely under their control,” says a SecureKey spokesperson.
“It will replace the need for consumers to wait in lines to share a valid piece of ID or other key documents, or to go through painful form-filling during registrations. Wherever they are, physically or digitally, won’t matter. So long as they have their smartphone (device) with them, they will be able to verify that they are who they say they are.”
“SecureKey is doing some very cool things in the field of digital identity,” says Jason Davies, MasterCard Canada’s Head of Digital Payments. “I think they’ll become a great Canadian success story.”
Collaboration
“We believe that, to do things in a secure way, you need to bring trusted parties together to build an ecosystem where the citizen is in the middle and privacy is right at the forefront,” says Wolfond. “We envisage a very diverse ecosystem of different types of parties in Canada joining SecureKey’s network.
“My banks hold the data that they know about me, the telcos hold the data that they know about me and the Province where I live holds the data it knows about me,” says Wolfond. “So we’re bringing together the strength of the banks, the telcos and the Provincial governent databases to build a system that should be easy for consumers to use, where they are in control of their data and decide what to share and with whom. Its goal is to let consumers open accounts in 30 seconds.”
Consumers could use SecureKey’s new platform to open new accounts with a bank or new phone accounts with a telco. “I could show up at a bank or a telco to open an account and provide my mobile number,” says Wolfond. “Then my phone would wake up and say: ‘are you willing to share your name and address and your credit score with this bank or telco?’
“If I say yes, I should be able to open my new account in 30 seconds, not 30 minutes as it is today. I could open a credit card account and share my name, address, credit score and validated income for the last year with the issuer. This would change the loan approval process to seconds. Or, if I am renting an apartment, I could prove who I am and provide my credit score. We could drive billions of dollars into the economy in terms of efficiencies from faster account opening.”
“Currently, when you register with a Canadian government service, you answer a bunch of questions and they post you a user name and password,” says Wolfond. “We want to be able to let you prove your identity to the government by using our new service. So a consumer would use a digitally-signed proof of identity from their bank, along with proof of their phone number from their telco’s database and validation of their photograph from their Province’s driver’s licence database.”
Wolford says that all the banks which have invested in SecureKey will be using its new service for account opening both for new and for existing customers. “Often your bank will make you mail in a form or visit a branch to open a new account even though you already bank with them,” he says. “So our system will make this much easier and more efficient to open accounts.”
“It’s of great value for a consumer to be able to retain control of their personal information and to have their digital ID information validated and trusted,” says Pierre Roberge, one of the founders of SecureKey and now an independent digital ID and payment innovation consultant. “But, if a digital ID platform only works with one bank, this is of no use to businesses as it would exclude many of their customers. What is so good about SecureKey’s new platform is that it is backed by Canada’s six largest banks and so will reach about 90% of the banking market. This means there is no fragmentation in terms of business reach.”
The blockchain
SecureKey’s new permission-based platform will use the blockchain’s distributed ledger to store and securely exchange consumers’ identity data, with users controlling what personal information is released to public- or private-sector organisations. Its current system, SecureKey Concierge, is not blockchain-based.
The distributed nature of the blockchain means that, in SecureKey’s system, a consumer’s data is not stored in a central location which could be vulnerable to hacking. “We don’t want to make it possible for any one organisation to have all the data about a citizen,” says Wolfond. “We don’t create honeypots of data in our model. Also, our system is resilient against denial of service attacks as it runs on nodes in different places.”
“Using the blockchain makes sense for digital ID management and authentication because of the reliability of the distributed ledger,” says Mike Bradley, former head of products at Visa Canada and currently managing director of Canadian consultancy.
Pilot
“We will be launching our new system in Canada first in Q2 2017, and are in pilot with the six banks that invested in us,” says Wolfond. “But we are making plans to export the system to other markets and bring on other partners who can help us to move into other countries.”
SecureKey has been working closely with US standards body NIST (National Institute of Standards and Technology) on its new service. “The service has a lot of the properties that the US government is looking for, such as a higher level of privacy than existing authentication and identity systems and resilience against denial of service attacks,” Wolfond says.
“We see tremendous opportunity for our new system,” Wolfond says. “There are a large numbers of industries and use cases which need this type of federated approach to ID management and privacy.”