Cyber Security Radar

Explore our Cyber Security Radar to learn more about identified cyber security trends and the projects we initiate by clicking the numbered circles. Light blue trends include projects.

Find out how to read the Radar here

Later
2023
2022
2021
2021
2022
2023
Later

Digital Identity Ecosystems

Started in December 2021

A research on the impact of the upcoming European (digital) identity regulations on the financial sector.

There is a lot of uncertainty in the upcoming regulations. What kind of problems can we expect in the current and future way of working and how can we mitigate that? Which standards are needed to adhere to the new regulations? The financial sector has the opportunity to pro-actively influence infrastructure and regulation.

Affecting new eID standards from a banking perspective

Financial institutions both issue and verify credentials. How do we get ahead on new regulations and influence eID standards in order to control business impact?

  • Main goal: Take position on the new eID standards from a technical perspective
    • Detail Pro’s and Con’s on SSI on the aspects of Usability, Compliance, Privacy and Security, and Ethics. We will detail this on two implementation forms of SSI (Attribute wallets & Data at the source*) compared to current implementations
    • Develop technology to mitigate the Con’s and sharpen EU/NL infrastructure and regulations
  • Possible next step: Research on adoption curve SSI and measures to prevent exclusion of certain groups in society.
  • Derived goal: Detail the roadmap with gained insights for current means of identification and consent (iDIN and proprietary IAM, banking apps) 

To achieve this, the project team will investigate in the Explore phase which financial use-cases will be affected and take steps towards better digital identity: 

A.    Bank as Verifier of Credentials: the problem of costs

  • Use-case 1: Financial Institutions need to validate most credentials issued in order to be compliant to legislation or mitigating risks of scams. The validation of credentials is a labour-intensive task. Only for KYC purposes the world-wide financial burden is approx. 180mld. According to the FD.  We need a broad implementation of SSI to trust the credentials provided to banks and diminish validation costs
  • Use-case 2:  When a customer interacts with a bank it shares vulnerable information prone to scam. The amount of the scam increases according to the NVB (39,5mio in 2020; first 6 months of 2021: 22,5mio). Customers are not aware they are being scammed until it is too late. We need better systems to alert customers and/or block possible scams whilst performing (digital) transactions

B.    Bank is issuer of Credentials: the problem continuity

  • Use-case 3: The credentials a bank can issue can be highly volatile. (Balance, Transactions). EU policy now focuses on Attribute based Wallets. Attribute-based Wallets might not be the best way to exchange volatile credentials since these are instantly obsolete upon creation. We need a way to save guard the accuracy of highly volatile credentials. This is especially interesting from a financial crime perspective.

This project is part of the trend

22 Opportunity and threat March 2022

Growing importance of identity and access management

There is a growing significance of managing identities within or across enterprises. Through identity and access management, businesses can record employee activity and moderate access to programs and applications, so denying unauthorized access and detecting suspicious patterns, transactions and patterns. Initiatives around password-less manners, controlling one's own attributes with SSI-technology or multi-factor authentication are increasingly more prevalent.