Building Trust Beyond Financial Services
Banks and others have a role to play in civil society.
Dateline: Toronto, 8th May 2025.
A Michael Miebach, the CEO of Mastercard, was interviewed by Nicolai Tangen, the CEO of the Norwegian Sovereign Wealth Fund (which has a stake in Mastercard), for Nicolai’s interesting “In Good Company” podcast series. The conversation turned to fraud, and Michael made a key point about the impact of fraud beyond financial losses, saying "once you're defrauded, you lose trust in digital solutions".
Banks Are The Place To Start
Miebach is spot on. Financial fraud subverts the digital economy and holds back the benefits of digital business. In my view, the financial sector has a responsibility to the wider economy (and society) and it is reasonable for the economy to expect a response from the sector because raising the bar on security is not only about reducing transaction friction and costs (which we will return to later), it is about making society better. An infrastructure that is more secure is good for all of us.
It seems to me that banks should create this new infrastructure because it’s not only a way for banks to save money, it’s also a way for banks to create new products and services that mean new revenue streams. In fact, it could be that security - in the form of identification, authentication and authorisation services around digital identity - is not simply an additional revenue stream in the future but that identity is bigger than payments to banks.
(Indeed Mastercard is about to pilot a new service in Europe that will give banks the ability to verify additional cardholder details, including age, date of birth, and address, further enhancing the security and accuracy of digital transactions.)
Now, when we in the digital finance world talk about identity, we often get a pushback from people who are (quite rightly) concerned about privacy. Yet as Miebach himself wrote in the Harvard Business Review, ID verification can be used to increase privacy, not take it away. He illustrates the point with the canonical example that if someone needed to confirm their age to buy alcohol, they wouldn’t need to share all the information on a typical driver’s license — name, age, address, photo. Using appropriate and well-designed digital identity infrastructure, confirmation would exist as a simple yes or no question — is this person older than 21 or not? And that’s the only information someone would need to share: not the data (a date of birth) but the relevant credential (IS-OVER-21).
Transacting this way, on the basis of credentials, not identity, delivers a more secure and more private environment for individuals and businesses. There is no need to trade off one against the other. It is better for everyone. So how can we move forward on this? Well, in the podcast, Michael says that Mastercard are in a “preferred position” (ie, in the middle of global value exchange) to tackle the fraudsters and goes to specifically mention digital identity as one of the tools that is needed to deal with the problem.
I couldn’t agree more that the customers of the networks (ie, banks) and their customers (ie, consumers and businesses) would benefit greatly from an interoperable global digital identity infrastructure, ideally one based on global standards such as W3C verifiable credentials and ISO mobile driving licences. I can use my British Airways Amex card and my John Lewis Mastercard anywhere in the world, so why can’t I use my British Airways ID to book a flight on Singapore Airlines or my Barclays ID to open an account with Banco do Brasil?
If we (ie, the financial sector) do this the right way then we can not only make consumers and businesses more secure, we can give them privacy too, thereby helping to reduce the potential for future fraud. This is something of a win-win for banks and other financial institutions: they can reduce fraud but they can go even further to put their arms around their customers to protect them out on the internet frontier.
Convenience Wins
Security and privacy are important, but it is convenience that drives consumer behaviour. Just yesterday I was with a colleague who was on the phone to his (UK) bank for half an hour because he was trying to buy an accessory from Mercedes (for around £200) and had had the transaction declined twice! Frankly, as soon as he has an alternative to paying online with his credit card (eg, a request-to-pay service or a pay-by-bank option) then he will use it even if he does not get the “Section 75” chargeback protection or some airline miles. Consumers will accept some friction if they think it gives them more security, but the acceptable levels of friction are quite low and the costs that it imposes on both service providers and consumers is too high.
with kind permission of Helen Holmes (CC-BY-ND 4.0)
The issue of friction is on my mind because I just went through the a dumb, time-consuming and error-prone process that we all have to go through multiple times each week when I went to access a service (in this case, to buy theatre tickets) and I had to create an account. In a sane world, I would have been able to press a button that says “ask my bank” — because my bank knows everything that the ticket company needs: it knows my name, my address, my bank account details and whether I am under 18 or over 65 — and then have something pop up in my browser or on my phone that says “Joey Donuts Travelling Theatre Company wants to know your name, bank account and whether you are under 18: is it ok for us to tell them” and away we go.
But no, I had to type everything in, wasting my time (and their money, since people will inevitably make mistakes doing this and then they will have to be fixed manually).
The issue of cost is on my mind because the cost of fighting fraud is getting out of control (because fraud itself is getting out of control). If we had a digital identity infrastructure so that the theatre company would know that I am Dave Birch and the bank knows that I gave the theatre company permission to take money from my bank account, there is no need for neural networks to try and guess whether I am Dave Birch or not and no need for AI supercomputers to try and guess whether I gave the theatre company permission to charge me.
So much of what we do in the fraud world is continual band aids, probabilistic assessment and inference that will simply have no role in an economy with a functioning digital identity infrastructure and I have long argued that this would be vital national infrastructure that is desperately needed o supports our transition to a new economy, not one that stutters along digitising the relics of the post-industrial revolution bureaucratic response to urban anonymity.
KYC Enabler
Mastercard say that digital identity will become "the master key" to a connected world, unlocking access across platforms and borders without exposing personal data, enabled through innovations in biometrics, tokenization and AI. I think they are right, because we already have all of the technologies that we need to build this new kind of digital identity that we need for the 21st century — zero-knowledge proofs, verifiable credentials, strong authentication — and banks can put them to work if they can co-operate for the greater good.
A comprehensive and convenient infrastructure transforms the prospects for fintechs, simply because dealing with the identity demands on financial services organisations is so complex and expensive that it has served as a have served as a moat around the incumbents.
If banks were to take care of (and be rewarded for) sorting out the ABCs of digital identity—that is, know-your-Agent (KYA), know-your-Business (KYB) and know-your-customer (KYC)—so that the rest of us were able to depend on an infrastructure that takes care of such things, then startups in particular could concentrate their resources on developing products and services to compete more effectively and make financial services better for the rest of the economy.
Dave- I agree. Indeed you would have written much the same thing 25 years ago in a much less complex world of web1.0 when the banks could have owned the entire "data/money" space via the Trust Network.... constructed replete with a liability model, dispute resolution process and so on.
That said the absence of bank CEO's at President Trumps Inauguration Day Ceremony speaks volumes.There is much to be done
BW JohnB
Fascinating perspective. The idea that banks should evolve into broader enablers of digital trust resonates strongly. But perhaps the real challenge isn’t expanding their role—it’s shedding the institutional inertia that keeps them confined to legacy trust models. What if, instead of banks owning trust, they became participants in a decentralized trust network where trust is earned through verifiable actions, most of which include settlement of a business transaction? That shift could redefine not just their role, but the architecture of digital trust itself.
https://timohotti.substack.com/p/introducing-the-internet-trust-layer