Distributed bank data is at the core of the OneID® solution. ‘Why?’ Because it’s simply the best! It’s the most up-to-date source of verified identity data, contained in systems most resistant to fraud. That is why we chose it as the foundation on which OneID® is built.
Faces and documents are, by their very nature, vulnerable to deep fakes. Bank data is not. Banks have mature KYC processes to ensure that they comply with stringent money laundering regulations. They conduct continual surveillance, ensuring their customers' identities are vetted and ongoing financial activity is verified.
Banks also heavily invest in defences against cyber threats, using cutting-edge and mature technologies. At the forefront lies biometric authentication, which grants access with a touch or glance. Paired with sophisticated machine learning algorithms, banks can tell genuine users from imposters with unprecedented accuracy.
Further bolstering their defences are device intelligence tools and risk engines, discreet services that analyse subtle behavioural patterns to detect anomalies indicative of fraud. By scrutinising the nuances of user interactions, banks can pre-emptively identify suspicious activities.
We go further than bank data and correlate this with other trusted sources of verified identity data, such as mobile network operators, fraud networks and credit reference agencies. The platform design allows us to compare identity data and other indicators from different sources, meaning that our products provide the most comprehensive and accurate identity data available, anywhere.
We protect the security and privacy of our users by keeping data distributed and where it belongs, rather than copying it, creating a central ‘honey pot’. The principle is to keep your financial data with your bank, health data with NHS, comms data with your telco, government data with the government, and so on, but with the “key” to all this safely with the user.
Putting an individual perspective on this, we take identity data from trusted, authoritative sources in real time, with your consent, at your moment of need. We store a record of the data fields you have shared (e.g., Name, Address) but not the actual values of the data (e.g., ‘Jane Smith’, ‘ 123 Acacia Avenue’). Your bank stores and protects the actual identity data. This keeps the data as safe as possible, protected by several layers of technology and security provided by your bank.
After all, you trust your bank with your money, so why not trust them to store your identity data?
For our own technology, we use Google Cloud Platform’s proven security model for protecting cloud services and our many certifications to ensure that we operate to the highest security standards.
To connect to other parties, we have secure certificates to operate from several ‘trusted registries’: the Financial Conduct Authority’s (FCA) register, the Open Banking Directory, and the Department for Science, Innovation and Technology’s (DSIT) Digital Verification Services (DVS) register. The Open Banking APIs are protected by a further security layer, Financial-grade API Security Profile (FAPI).
By building on top of bank security, we inherit security features from the industry that spends the most to make itself secure, such as:
We built OneID® on top of the Google Cloud Platform as a ‘cloud native’ platform, so it’s fully scaleable to ‘internet scale’ as transaction volumes inevitably increase.
Our services are built in a modern language called ‘Go’ (often referred to as Golang because of its former domain name, golang.org) because it is Fast. Go can compile directly to machine code without using an interpreter and is always one step ahead of Java regarding execution speed. Golang-based programs are lightning-fast, and compilation is quicker, speeding up development time.
In summary, OneID® is a ‘best-in-class’, world-leading digital ID solution. Our platform is cloud-native, fast, and infinitely scaleable, and the identity data we provide comes from the most up-to-date source of verified identity data available. What’s not to like?