Banking; Digital certificate; Digital wallet; Decentralized identity; Distributed ledger technology; Verifiable credential
Résumé :
[en] Know your customer (KYC) processes place a great burden on banks, because they are costly, inefficient, and inconvenient for customers. While blockchain technology is often mentioned as a potential solution, it is not clear how to use the technology’s advantages without violating data protection regulations and customer privacy. We demonstrate how blockchain-based self-sovereign identity (SSI) can solve the challenges of KYC. We follow a rigorous design science research approach to create a framework that utilizes SSI in the KYC process, deriving nascent design principles that theorize on blockchain’s role for SSI.
Disciplines :
Gestion des systèmes d’information Sciences informatiques
C. Allen, The path to self-sovereign identity, 2016, http://www.lifewithalacrity.com/previous/2016/04/the-path-to-self-soverereign-identity.html.
Arasa, R., Ottichilo, L., Determinants of know your customer (KYC) compliance among commercial banks in Kenya. Journal of Economics and Behavioral Studies 2 (2015), 162–175.
D.W. Arner, J.N. Barberis, R.P. Buckley, The emergence of regtech 2.0: From know your customer to know your data, 2016, https://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID3044280_code722134.pdf?abstractid=3044280mirid=1.
Arner, D.W., Zetzsche, D.A., Buckley, R.P., Barberis, J.N., The identity challenge in finance: From analogue identity to digitized identification to digital KYC utilities. European Business Organization Law Review 20:1 (2019), 55–80.
Association of German Banks. digital identities – steps on the path to an ID ecosystem, 2021, https://en.bankenverband.de/newsroom/comments/digital-identities-steps-path-id-ecosystem/#2.
Avellaneda, O., Bachmann, A., Barbir, A., Brenan, J., Dingle, P., Duffy, K.H., Maler, E., Reed, D., Sporny, M., Decentralized identity: Where did it come from and where is it going?. IEEE Communications Standards Magazine 3:4 (2019), 10–13.
Baskerville, R., Baiyere, A., Gregor, S., Hevner, A., Rossi, M., Design science research contributions: Finding a balance between artifact and theory. Journal of the Association for Information Systems, 19(5), 2018, 3.
Beck, R., Weber, S., Gregory, R.W., Theory-generating design science research. Information Systems Frontiers 15:4 (2013), 637–651.
Biryukov, A., Khovratovich, D., Tikhomirov, S., Privacy-preserving KYC on Ethereum. 1st Blockchain Workshop, 2018, ERCIM.
Butijn, B.-J., Tamburri, D.A., Heuvel, W.J.v.d., Blockchains: A systematic multivocal literature review. ACM Computing Surveys 53:3 (2020), 1–37.
Camenisch, J., Lysyanskaya, A., An efficient system for non-transferable anonymous credentials with optional anonymity revocation. International Conference on the Theory and Applications of Cryptographic Techniques, 2001, Springer, 93–118.
Casino, F., Dasaklis, T.K., Patsakis, C., A systematic literature review of blockchain-based applications: Current status, classification and open issues. Telematics and Informatics 36 (2019), 55–81.
Charmaz, K., Constructing grounded theory: A practical guide through qualitative analysis. 2006, Sage.
Christie, R., Setting a standard path forward for KYC. Journal of Financial Transformation 47 (2018), 155–164.
Clauß, S., Köhntopp, M., Identity management and its support of multilateral security. Computer Networks 37:2 (2001), 205–219.
Corbin, J., Strauss, A., Basics of qualitative research: Techniques and procedures for developing grounded theory. 2008, Sage.
Davie, M., Gisolfi, D., Hardman, D., Jordan, J., O'Donnell, D., Reed, D., The trust over IP stack. IEEE Communications Standards Magazine 3:4 (2019), 46–51.
Deutscher Bundestag. drucksache 19/30443, 2021, https://dserver.bundestag.de/btd/19/304/1930443.pdf.
Dhamija, R., Dusseault, L., The seven flaws of identity management: Usability and security challenges. IEEE Security & Privacy 6:2 (2008), 24–29.
Dunphy, P., Petitcolas, F.A., A first look at identity management schemes on the blockchain. IEEE Security & Privacy 16:4 (2018), 20–29.
Maliki, T.E., Seigneur, J.M., A survey of user-centric identity management technologies. The International Conference on Emerging Security Information, Systems, and Technologies, 2007, 12–17.
European Commission. eIDAS supported self-sovereign identity, 2019, https://ec.europa.eu/futurium/en/system/files/ged/eidas_supported_ssi_may_2019_0.pdf.
Financial Times. 81 % of financial services firms agree digital ID would improve financial crime prevention, 2021, https://thefintechtimes.com/81-of-financial-services-firms-agree-digital-id-would-improve-financial-crime-prevention/.
Finck, M., Blockchains and data protection in the european union. European Data Protection Law Review 4 (2018), 17–35.
Fridgen, G., Radszuwill, S., Urbach, N., Utz, L., Cross-organizational workflow management using blockchain technology – towards applicability, auditability, and automation. Proceedings of the 51st Hawaii International Conference on System Sciences, 2018, 3507–3516 AIS.
Glaser, F., Pervasive decentralisation of digital infrastructures: A framework for blockchain enabled system and use case analysis. Proceedings of the 50th Hawaii International Conference on System Sciences, 2017, AIS, 1543–1552.
Gregor, S., Hevner, A.R., Positioning and presenting design science research for maximum impact. MIS Quarterly 37:2 (2013), 337–355.
Guggenberger, T., Schweizer, A., Urbach, N., Improving interorganizational information sharing for vendor managed inventory: Toward a decentralized information hub using blockchain technology. IEEE Transactions on Engineering Management, 2020.
D. Hardman, No paradox here: ZKPs deliver savvy trust, 2020, https://www.evernym.com/blog/no-paradox-here-zkps-deliver-savvy-trust/.
Hardman, D., Harchandani, L., Othman, A., Callahan, J., Using biometrics to fight credential fraud. IEEE Communications Standards Magazine 3:4 (2019), 39–45.
Hevner, A., Gregor, S., Envisioning entrepreneurship and digital innovation through a design science research lens: A matrix approach. Information & Management, 2020, 103350.
Hevner, A., March, S.T., Park, J., Ram, S., et al. Design science research in information systems. MIS Quarterly 28:1 (2004), 75–105.
Hughes, P.L., The ‘need to know’ principle of computer security. Computer Law & Security Review 3:5 (1988), 29–30.
Jessel, B., Lowmaster, K., Hughes, N., et al. Digital identity: The foundation for trusted transactions in financial services. Journal of Financial Transformation 47 (2018), 143–150.
Jones, D., Gregor, S., The anatomy of a design theory. Journal of the Association for Information Systems 8:5 (2007), 312–335.
Kallio, H., Pietilä, A.-M., Johnson, M., Kangasniemi, M., Systematic methodological review: Developing a framework for a qualitative semi-structured interview guide. Journal of Advanced Nursing 72:12 (2016), 2954–2965.
Kokolakis, S., Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. Computers & Security 64 (2017), 122–134.
Kolb, J., AbdelBaky, M., Katz, R.H., Culler, D.E., Core concepts, challenges, and future directions in blockchain: A centralized tutorial. ACM Computing Surveys 53:1 (2020), 1–39.
Kuperberg, M., Blockchain-based identity management: A survey from the enterprise and ecosystem perspective. IEEE Transactions on Engineering Management 67:4 (2019), 1008–1027.
Ledger Insights. Self-sovereign identity successfully trialed for KYC in UK regulatory sandbox, 2020, https://www.ledgerinsights.com/self-sovereign-identity-successfully-trialed-for-kyc-in-uk-regulatory-sandbox/.
Lim, S.Y., Fotsing, P.T., Almasri, A., Musa, O., Kiah, M.L.M., Ang, T.F., Ismail, R., Blockchain technology the identity management and authentication service disruptor: A survey. International Journal on Advanced Science, Engineering and Information Technology 8:4-2 (2018), 1735–1745.
Liu, Y., Lu, Q., Paik, H.-Y., Xu, X., Chen, S., Zhu, L., Design pattern as a service for blockchain-based self-sovereign identity. IEEE Software 37:5 (2020), 30–36.
Lootsma, Y., Blockchain as the newest regtech application – the opportunity to reduce the burden of KYC for financial institutions. Banking & Financial Services Policy Report 36:8 (2017), 16–21.
Maler, E., Reed, D., The Venn of identity: Options and issues in federated identity management. IEEE Security & Privacy 6:2 (2008), 16–23.
March, S.T., Smith, G.F., Design and natural science research on information technology. Decision Support Systems 15:4 (1995), 251–266.
Moor, J.H., Towards a theory of privacy in the information age. ACM Sigcas Computers and Society 27:3 (1997), 27–32.
Moore, G.A., McKenna, R., Crossing the chasm. 1999, Harper Business Essentials.
Morse, J.M., Strategies for sampling. Qualitative nursing research: A contemporary dialogue, 1991, 127–145.
Moyano, J.P., Ross, O., KYC optimization using distributed ledger technology. Business & Information Systems Engineering 59:6 (2017), 411–423.
Mugarura, N., Customer due diligence (CDD) mandate and the propensity of its application as a global AML paradigm. Journal of Money Laundering Control 17:1 (2014), 75–96.
Mühle, A., Grüner, A., Gayvoronskaya, T., Meinel, C., A survey on essential components of a self-sovereign identity. Computer Science Review 30 (2018), 80–86.
Myers, M.D., Newman, M., The qualitative interview in IS research: Examining the craft. Information and organization 17:1 (2007), 2–26.
Norvill, R., Steichen, M., Shbair, W.M., State, R., Blockchain for the simplification and automation of KYC result sharing. International Conference on Blockchain and Cryptocurrency, 2019, IEEE, 9–10.
Ostern, N.K., Riedel, J., Know-your-customer (KYC) requirements for initial coin offerings. Business & Information Systems Engineering, 2020, 10.1007/s12599-020-00677-6 ISSN 1867-0202.
Peffers, K., Tuunanen, T., Rothenberger, M.A., Chatterjee, S., A design science research methodology for information systems research. Journal of Management Information Systems 24:3 (2007), 45–77.
L. Perlman, N. Gurung, Focus note: The use of eKYC for customer identity and verification and AML, 2019, https://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID3370665_code505438.pdf?abstractid=3370665mirid=1.
Rajput, A., Gopinath, K., Towards a more secure aadhaar. International Conference on Information Systems Security, 2017, Springer, 283–300.
Rannenberg, K., Camenisch, J., Sabouri, A., Attribute-based credentials for trust. Identity in the Information Society, 2015, Springer.
D. Reed, J. Law, D. Hardman, M. Lodder, DKMS (decentralized key management system) design and architecture v3, 2018, https://github.com/hyperledger/indy-sdk/blob/677a0439487a1b7ce64c2e62671ed3e0079cc11f/doc/design/005-dkms/DKMS20Design20and20Architecture20V3.md.
D. Reed, M. Sporny, D. Longley, C. Allen, R. Grant, M. Sabadello, Decentralized identifiers (DIDs) v1.0, 2020, https://w3c.github.io/did-core.
Reinecke, K., Bernstein, A., Knowing what a user likes: A design science approach to interfaces that automatically adapt to culture. MIS Quarterly, 2013, 427–453.
Rieger, A., Lockl, J., Urbach, N., Guggenmos, F., Fridgen, G., Building a blockchain application that complies with the EU general data protection regulation. MIS Quarterly Executive, 18(4), 2019.
Rossi, M., Mueller-Bloch, C., Thatcher, J.B., Beck, R., Blockchain research in information systems: Current trends and an inclusive future research agenda. Journal of the Association for Information Systems, 20(9), 2019, 14.
Ruce, P.J., Anti-money laundering: The challenges of know your customer legislation for private bankers and the hidden benefits for relationship management (the bright side of knowing your customer). The Banking Law Journal 128:6 (2011), 548–564.
Saldaña, J., The coding manual for qualitative researchers. 2015, Sage.
Schweizer, A., Schlatt, V., Urbach, N., Fridgen, G., Unchaining social businesses – blockchain as the basic technology of a crowdlending platform. 37th International Conference on Information Systems, 2017.
Sedlmeir, J., Smethurst, R., Rieger, A., Fridgen, G., Digital identities and verifiable credentials. Business & Information Systems Engineering, 2021.
Sedlmeir, J., Ross, P., Luckow, A., Lockl, J., Miehle, D., Fridgen, G., The DLPS: A framework for benchmarking blockchains. Proceedings of the 54th Hawaii International Conference in System Sciences, 2021, IEEE, Wailea, Maui, Hawaii, USA, 6855–6864.
Soltani, R., Nguyen, U.T., An, A., A new approach to client onboarding using self-sovereign identity and distributed ledger. International Conference on Internet of Things and Green Computing and Communications and Cyber, Physical and Social Computing and Smart Data, 2018, IEEE, 1129–1136.
Sonnenberg, C., Brocke, J.V., Evaluations in the science of the artificial – Reconsidering the build-evaluate pattern in design science research. International Conference on Design Science Research in Information Systems, 2012, Springer, 381–397.
M. Sporny, D. Longley, D. Chadwick, Verifiable credentials data model 1.0, 2019, https://www.w3.org/TR/vc-data-model/.
D. Swinhoe, The 15 biggest data breaches of the 21st century, 2020, https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html.
The Economist. Indian business prepares to tap into Aadhaar, a state-owned fingerprint-identification system, 2016, https://www.economist.com/business/2016/12/24/indian-business-prepares-to-tap-into-aadhaar-a-state-owned-fingerprint-identification-system.
Thomson Reuters. know your customer surveys reveal escalating costs and complexity, 2016, https://www.thomsonreuters.com/en/press-releases/2016/may/thomson-reuters-2016-know-your-customer-surveys.html.
K.T.T. Lyons, L. Courcelas, Blockchain and digital identity, 2019, https://www.eublockchainforum.eu/sites/default/files/report_identity_v0.9.4.pdf.
Toth, K.C., Anderson-Priddy, A., Self-sovereign digital identity: A paradigm shift for identity. IEEE Security & Privacy 17:3 (2019), 17–27.
Trust over IP Foundation. Introducing the Trust over IP Foundation, 2020, https://trustoverip.org/wp-content/uploads/sites/98/2020/05/toip_introduction_050520.pdf.
Venable, J., Pries-Heje, J., Baskerville, R., A comprehensive framework for evaluation in design science research. International Conference on Design Science Research in Information Systems, 2012, Springer, 423–438.
Venable, J., Pries-Heje, J., Baskerville, R., FEDS: A framework for evaluation in design science research. European Journal of Information Systems 25:1 (2016), 77–89.
Brocke, J.V., Winter, R., Hevner, A., Maedche, A., Special issue editorial – accumulation and evolution of design knowledge in design science research: A journey through time and space. Journal of the Association for Information Systems, 21(3), 2020, 9.
K. Wagner, B. Némethi, E. Renieris, P. Lang, E. Brunet, E. Holst, Self-sovereign identity: A position paper on blockchain enabled identity and the road ahead, 2018, https://jolocom.io/wp-content/uploads/2018/10/Self-sovereign-Identity-_-Blockchain-Bundesverband-2018.pdf.
Zavolokina, L., Ziolkowski, R., Bauer, I., Schwabe, G., Management, governance and value creation in a blockchain consortium. MIS Quarterly Executive 19:1 (2020), 1–17.
Zetzsche, D.A., Buckley, R.P., Arner, D.W., Digital ID and AML/CDD/KYC utilities for financial inclusion, integrity and competition. Journal of Financial Transformation, 2018, 133–142.
Zhang, R., Xue, R., Liu, L., Security and privacy on blockchain. ACM Comput. Surv., 52(3), 2019.
