• United States

What we could learn from the banking world

Jan 20, 20033 mins
Enterprise Applications

* Automated Teller Machines are examples of secure identity management networks

The banking industry’s Automated Teller Machine (ATM) network has been used by the Liberty Alliance Project as an analogy for the federated identity management scheme it is rolling out. But it could also serve as a good analogy for a national or global identity system based on sound, secure directory services practices.

When ATMs were first introduced 30 years ago, they were attached to particular branch banks and only patrons of that branch could use that machine. Even so, most people were extremely reluctant to give it a try. What would they do if a mistake was made? Suppose they asked the machine to withdraw $100 and it only gave them $80? What if the customer wanted to do more than one thing? How could they keep someone else from raiding their account? So many questions. Many banks reacted by putting phones on the ATMs that would connect directly to a support center. People getting short-changed could talk to a real person immediately, just like they were used to with “real” tellers.

But a funny thing happened: the ATMs proved a lot less error-prone than human tellers. It’s true that occasionally you would request $100 and only receive $80 (it has happened to me) but – wonder of wonders – the ATM knew I’d only gotten $80 and deducted only $80 from my account. It was all explained on the receipt – no need to phone the customer service center.

Still, acceptance of the machines took a long time – some people have never adjusted to using them. Yet today the network has expanded and you can use that ATM card at retail stores, gas stations – even government offices. Enough people have accepted ATM card use to form a critical mass that allows more and more services to be tied to the cards. With the advent of the combination ATM/debit card (looks like a credit card but immediately deducts the “charge” from your account) you could visit most major population centers of the world with a single small square of plastic and never be at a loss for good food, fine lodging or transportation.

That card identifies you uniquely. That’s right, uniquely. Even though your spouse, or someone else, may be a joint account holder with you and have an ATM card of their own to access that account the cards identify each person differently. You could (and probably should) each have a different personal identification number (PIN). Your unique identity as the holder of that card is already established in one or more databases (the bank, the debit card issuer, etc.,). In other words, the directory is already in place.

All that’s really needed is to expand the schema and federate the directories to allow for global identity management, controlled by the user but available to all authorized parties. I’m sure that Visa International, MasterCard, American Express and other credit and debit card issuers along with Bank of America, Citicorp and the other large banking establishments already are formulating plans along these lines. Just as with the initial ATM machines, though, the technology is outstripping acceptance. But as we can learn from the ATM experience, if we build the network and it’s useful, then the users will eventually flock to it. Or, as someone said in another context, “Build it, and they will come.”