Ripple, a Cryptocurrency Company, Wants to Rewire Bank Authentication
A digital-currency company thinks it can protect the personal information used to perform identity checks in the financial industry.
The systems banks use to confirm customer identity are slow and vulnerable to criminals.
Companies built around Bitcoin and other digital currencies mostly focus on storing and transferring money. But at least one company is trying to prove that some of the underlying technology can have a much wider impact on the financial industry.
That startup, Ripple Labs, has already had some success persuading banks to use its Bitcoin-inspired protocol to speed up money transfers made in any currency, especially across borders (see “50 Smartest Companies 2014: Ripple Labs”). Now it is building a system that uses some similar cryptographic tricks to improve the way financial companies check the identity of their customers. The system could also provide a more secure way to log in to other online services.
Verifying identity is a constant, expensive headache for financial institutions, which are bound by strict regulations designed to curtail money laundering and support for blacklisted organizations such as terrorist groups. Most banks turn to one of a handful of large data brokers, such as Experian or Acxiom, to power their ID checks. When you open a new account, a bank gathers key personal information and sends it to its broker to verify your identity, and to confirm that you aren’t on any block list.
Under Ripple’s system, the same basic process would take place. However, your personal information would be used to generate a unique cryptographic token. A bank could send the token to a data broker that has its own token, made using your personal information at an earlier time. The math underpinning Ripple’s system would allow the broker to confirm that the data you had given the bank was correct, without either the bank or the broker ever revealing the data itself.
Apple’s mobile payment technology uses similar technology to protect credit card numbers (see “10 Breakthrough Technologies 2015: Apple Pay”). When you use Apple Pay, only a cryptographic token representing your credit card number is transferred to the merchant. That token can be used to charge your card, but it won’t reveal anything to anyone who manages to steal it, and it cannot be reused.
Stefan Thomas, chief technology officer of Ripple, says its ID verification system should reduce the risk that personal data will be stolen or accidentally leaked and should also be faster than the systems used today, which have developed gradually over decades and still use outdated technology. He says Ripple decided to develop the technology after it became clear that the financial system needed more than just new ways to transfer money.
Thomas adds that by cutting costs and security risks, Ripple’s system might allow cheaper data brokers to emerge. It could also make it easier for banks to operate in poorer parts of the world, where verification systems can be particularly expensive to operate, even for U.S. banks, he says. And Ripple’s engineers are also working on ways their protocol can be used to log in to online services.
Sarah Jane Hughes, a law professor at Indiana University who specializes in payment systems, says Ripple has identified a legitimate opportunity. Companies spend a lot on complying with identity verification rules, and mistakes are expensive, she says. For example, PayPal agreed to pay $7.7 million to the U.S. Treasury last week for failing to block just under 500 transactions involving people subject to U.S. sanctions. “If you could do verification more rapidly and with a greater degree of certainty, it would be hugely valuable,” says Hughes.
However, Hughes says, switching to a new system would not be easy for most financial institutions. They would probably have to retain the old system for some time for compatibility reasons. That means Ripple’s idea would have to deliver significant benefits to gain traction.
Ripple has a basic version of its system working today. It is testing it internally and with partners such as Shift, a startup working on a debit card that can be used to spend digital currencies. Later this year, Thomas hopes start talking with banks that already use Ripple about testing the system.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today