Reported by David G.W. Birch

In the past, bank robberies were straightforward crimes where thieves stole money, which belonged to the banks, not individuals. However, modern criminals now target personal data, which is far more valuable and has wide-reaching consequences. Financial institutions hold vast amounts of personal information, and the theft of this data, as seen in the case of Evolve Bank & Trust, can lead to significant issues such as identity theft and fraudulent account creation. The prevalence of this type of attack highlights the inadequacy of current security measures in safeguarding sensitive personal information.

One major factor contributing to this vulnerability is the reliance on outdated Know-Your-Customer (KYC) regulations. These rules require banks to collect and store identity documents, like passports and driver’s licenses, as proof of identity. However, KYC processes often act as mere “security theatre,” offering the illusion of protection without real security. Expired documents, for example, can cause unnecessary friction for honest customers while doing little to stop determined fraudsters. With advances in deepfake technology, which can now bypass liveness checks, the weaknesses of KYC are becoming even more apparent, making the system increasingly ineffective.

To address these challenges, a fundamental shift toward a robust digital identity infrastructure is necessary. The Bank for International Settlements (BIS) has proposed a vision of a future financial system, the “Finternet,” where digital identity plays a central role. This system would allow individuals to share verified credentials securely through digital wallets, enabling faster and safer financial transactions. Banks could authenticate users using these wallets and technologies like FaceID, streamlining processes such as account openings. Solutions like HSBC Labs’ prototype, which uses decentralised systems powered by Polygon ID, demonstrate that such innovations are already within reach.

Ultimately, traditional KYC systems are no longer sufficient in an age of AI, deepfakes, and increasing cyber threats. The financial services industry must embrace new technologies such as homomorphic encryption, zero-knowledge proofs, and secure multiparty computation to balance security with convenience. Concepts like a “National Wealth Service” app, which consolidates financial data securely, reflect the growing demand for smarter, frictionless solutions. As the world transitions into an AI-driven future, it is critical for the financial sector to proactively redesign identity verification processes to protect both institutions and customers.

Read original report (long version): https://www.forbes.com/sites/davidbirch/2024/12/11/now-appearing-at-your-local-security-theatre-know-your-customer/