The future is trustless. What do we need instead?
"As a bank, if you lose your trust, you lose your business"
Wim Mijs - CEO of the European Banking Association
"As a bank, if you lose your trust, you lose your business" Wim Mijs - CEO of the European Banking Association
Every business needs to build trust with its final users. And it's even more crucial when your business is about safekeeping and investing people's money. Thus in the Fintech industry more than others, the dilemma every Product Manager and Architect needs to deal with is how to build trust while offering an attractive user experience?
Trust has been and is still at the core of the banking system. We allow banks to keep our money because we trust them. Whether it is trust by default (too big to fail) or gained trust (proven by track record and user satisfaction) is another topic, but what's sure is that technology has put that trust under pressure. As the CEO European Banking Federation Wim Mijs puts it to highlight this tension: "people love Google but don't trust it, people hate banks but trust them." Mix Google and banks (to get a Fintech), and you cold be either loved and trusted, or hated and untrusted...
In addition of all the fascinating challenges involved in building a chain of trust, let's focus on 3 key strategies presented by David Birch and his guests at the 2021 Money20/20 conference.
"Don't trust, verify"
There is a huge gap between trusting and verifying an information. Very simply put, to know the age of a person, you could check their ID card and deduce their age from their birthday, that is trusting the authority issuing the ID card; or you could ask the person to provide a birth certificate from when they were actually born, that is verifying. the id card is not enough, we can verify identity through metadata, IP address
Actually one may argue that creating a trusted environment makes things worse. Indeed, if we are using trust in our system and for instance identify users as actual people, the impact in the case of a data breach or a hack is much higher than if we trusted nothing and went for trustless verification. Mitigating this kind of risk brings us to the next strategy to prepare for a trustless future.
Does this hurt user experience? Not necessarily. The challenge is in building a ecosystem where KYC is not handled via trust, but with a set of verifiable information.
Keep as little information as possible
Central authorities, governmental as well as private authorities, companies should keep as little data on their users/customers as possible, to protect the users/customers as well as themselves in case of a breach or an attack. And ideally, that little information should be made only readable by the person it belongs to, so that even if a breach eventually does happen, personal information is not accessible in a plain form to the public.
This all goes into putting people in charge of their own identity. If they feel that they have control over their personal data that arguably belongs to them, then you can start to build relationship of trust.
As a matter of fact, this may prove to be a dent in the user experience if done wrong. It is more handy to let a service provider handle the heaving lifting and the management of your data rather than being responsible for it on your own, especially for non-technical audiences. But actually, think about the cookie banners, why do we need them? Most product designers hate them because they are a huge hindrance to seamless user experience. Though, we need them to ensure the users entrust us with their personal data. If done right, this policy of "keeping as little information as possible" would eliminate the need for cookie banners and lengthy agreement forms, putting the users themselves in charge of their own data.
Let banks play the first part
It is not so crazy to think that in the near future, everyone will have their own pseudo-me, a collection of cryptographically verifiable facts about themself, maybe their birth certificate, their AirBnB or Uber ratings, their driver's licence and whatnot. An interesting thought is to try to apply it to a form of credit score provided by your bank.
Felix Gerlach proposes as a general rule of thumb that if a transaction does not involve trust - here as confidence that the information is true and reliable rather than believing a central authority, it has a higher cost. So the challenge is to propose a custodial service of personal identity to enable more transactions that would not have taken place otherwise. And one may argue the banks know their customer better than most other players and have a good record of trust-based relationship with them. And Mr Birch would go as far as saying "If it's not going to be the banks, who is going to do it?"
So the most ambitious future you can imagine for the topic of trust in the financial sector is to think of it as something that enables radically new user experiences. One could dream of an open identity network that allows users to provide their own verifiable version of a credit score. This could for instance eliminate the need to connect and integrate with third parties before issuing a loan. Security and ease of use may very well go hand in hand to give birth to groundbreaking novelties.
In the end, one may see this no-trust movement merely as a new trend, but it is a ongoing race for the whole industry. Fraud around pandemic loan support in the UK alone has amounted to 25-30 G£.
The deal is to mitigate the risks of over-dependence on anchors of trust and try to minimize the amount of trust we can accept and verify everything else. That is the only logically reliable way to construct a chain of trust that can reach and win over the hearts of the end-users.
And here at Sipios, it's our job to build products that combine trust while bringing stunning user experiences. Our way to do it is to get into the right level of detail and defining during product conception the critical performances we must reach to convince our end-users. Saying "trust" and "user experience" is not enough: concretely, how the user wants to feel? What does he/she need to perform to trust the product?