Share or store? Ockto’s vision for secure sharing of personal data
Customers, consumers, and regulators regularly ask questions about whether Ockto stores personal user data in the Ockto app. In other words, do you store the data, or do you share it?
With the advent of European ID wallets, storing data is becoming the trend – all your personal data in a secure ‘vault’ on your own phone, under your personal control. It sounds secure and offers you, the owner of the personal data, full control over where it is used.
Yet at Ockto, we take a slightly more nuanced look at this issue. In this article, Paul Janssen, Product Director, discusses the differences between sharing and storing, and what trade-offs he makes when it comes to these two services.
Why do solutions like Ockto exist in the first place?
Why did we start offering this data-sharing service almost 8 years ago? Essentially, we wanted to solve one problem: empowering consumers to share personal data with service providers. Securely, quickly, and digitally. These service providers expect structured, up-to-date and verified personal data, limited to only those attributes necessary for providing their services.
Ockto fulfills all these requirements. With the Ockto app, individuals retrieve the data their service provider needs. The Ockto platform handles the exchange between the individual, the sources, and the service provider. Fast, simple, and secure.
Store or share?
From the start, we deliberately chose not to store user-retrieved data within a vault in the Ockto app.
First and foremost, we did this to make our solution as secure as possible. The data is already stored at the source and, where relevant, is sent to the recipient and stored again there. Temporarily storing it in the Ockto app would add a third location and would therefore, by definition, be less secure.
The most recent customer data
Equally important is that service providers want to receive the most up-to-date information. If the personal data is first stored and only shared with the service provider at a later date, a large part of the personal data may no longer be current and therefore less valuable.
After all, the service provider does not want to know where the person lived last week or yesterday, but what their current home address is. The service provider is less interested in last month’s salary, but the salary currently earned and registered.
Ockto thus also serves as a gateway; the personal data retrieved via Ockto is accessed and shared with the service provider and then immediately deleted.
Storing creates a stronger identity
As consumers increasingly start using Ockto to communicate their identity, this ‘gateway’ approach appears to have a drawback.
If a service provider needs additional personal data from the same person via Ockto at a later point in time, that person must identify themselves again within the Ockto platform. The service provider must then compare the newly obtained identity with the previous identity to ensure it is the same person.
Service providers also want to start using Ockto as a means by which an individual can sign an agreement and therefore expect consumers not to have to identify themselves again. So, storing identity in the Ockto app is a need we will address in the near future.
ID wallets & the European Digital Identity
For this, we will leverage the concepts developed under the framework of the European Digital Identity (EDI) and ID Wallets. Within an ID Wallet, a consumer can store their (self-sovereign) identity.
The current Ockto app will transform into an ID Wallet where an individual’s identity is kept. The Ockto app will then be inseparably linked to the identity of that person and can be used, for example, to sign contracts and for verification and authentication purposes.
Simple use cases versus the more complex practice
The architecture of the European ID wallet is still somewhat unclear when it comes to stating a preference for a ‘vault’ or a ‘gateway’ approach. The usage scenarios on which the architecture is based are simpler than the complex markets in which Ockto operates (mortgages, consumer credit, tenant acceptance).
These usage scenarios assume the ability to share some (identity) attributes and/or claims, which would eliminate the need to share a lot of personal data.
This is a good goal, but we think it will take some time before a lender will be satisfied with an answer from an ID wallet like “Yes, I can afford this property”, or “Yes, I earn enough for this loan”. This is quite different from the oft-used example of “Yes, I am over 18”.
For now, more complex services will still require a lot of personal data to be provided by an individual to a service provider. As far as we are concerned, storing all these pieces of information in a wallet is not the right answer. The main issue should be that an individual can easily, quickly, and securely retrieve and share data and that the service provider can process that data in a way that is coherent with its service.
In the coming years, the domain in which Ockto finds itself will become increasingly dynamic. We will ensure that our platform stays ahead of the game and current with European and national developments, always keeping the interests of consumers, citizens, and our customers at the forefront.
Paul Janssen explores the evolving landscape of secure and ethical data sharing, the European ID wallet, and its implications for Ockto customers. He wrote a couple more insightful articles on the subject of ID wallet (in Dutch), such as the developments he expects in the coming years that will affect parties in the financial sector.
Casestudy Justlease: From lead to order in 2 minutes and 41 seconds
Justlease is a smart and innovative private lease provider. The company started in 2012 with the goal of changing the world of car leasing. Its motto? “Automate every process that is repetitive.” We spoke to Robin Bonarius (Sr. Business Owner) and Stijn Claessens (Sales Manager) about their approach to underwriting processes based on ‘source data’.
Attempt 1: digital reading of supplied documents
The fact that the solution would lie in digitalisation was evident. In 2017, the first steps were taken to convert documents into digital data fields using document scanning technology. Expectations were high, but these first attempts led to some disappointment. Only a limited proportion of documents could be digitally processed in this way and the vast majority still required manual checking. There had to be another solution.
Taking cues from the mortgage industry
Around the same time, in 2018, the mortgage industry really started to dive into source data (= raw and unprocessed data, directly from the original source). Bonarius says: “I read in the press and on LinkedIn that mortgage advisers were starting to use source data to provide this kind of data in an accelerated manner. That’s when I called Ockto’s Sales Manager and said, ‘We need to have a chat’. And that’s how we came to the topic of source data.”
Goal: All required data in a single session
For maximum customer convenience, Justlease wanted to ensure that everything could be submitted in one session. During their initial discussions, however, Ockto was only supplying government sources, but that was not enough for Justlease.
Bank transactions & driver’s licence check
Bonarius: “To start working with Ockto, it was important for us that bank transactions were also available, and we had to make sure that the driver’s licence was included.” Bank transactions were fortunately already on their way and Ockto soon prioritised the addition of a driving licence check. Claessens adds: “I’m very pleased with how the things we really need are submitted quickly, such as income declarations of self-employed clients.”
Adjustments to working methods
To ensure that all the necessary data could be retrieved in a single session, Justlease also looked closely at its own working methods. “Our entrepreneurial spirit ensures that we looked at this creatively and pushed the boundaries wherever possible,” Bonarius says. He continues: “For example, the employer’s declaration – we stopped using that. We’d still have to have that submitted separately and we don’t want to do that. We now look at the history provided by the UWV, the Dutch public employment services organisation. If someone has always had a consistent income, they’re good.”
What value does it add?
Claessens: “To put it concretely: we go from lead to order in 2 minutes, 41 seconds. So that’s from a lease request on the website to a signed contract. At the average leasing company, we’d be looking at five working days. And what’s more, we process more files with fewer employees.”
Justlease currently works with two pipelines: a regular (manual) pipeline and the Ockto pipeline. The manual pipeline has been fully optimised in six years. Now the focus has turned to optimising the Ockto process.
Reduction in FTE
As it stands, the number of full-time credit acceptors has been halved. But there’s much more to be achieved in this. Bonarius: “In my view, the dropout rate will eventually become so small that only a third will remain.” He continues: “And perhaps the most important thing is the customer journey. The time savings for the customer and the convenience of not having to search for all kinds of data anymore.”
For Justlease, the value of source data lies mainly in the fact that everything is delivered in just one go. Claessens: “What I think needs to be improved in the customer journey is that when a data source is down, we still have to ask the customer for more information so that everything is submitted. We don’t want to have to call the customer and ask anything more of them.”
Straight-through processing and maximum efficiency
It won’t take them much longer, but Justlease still falls shy of STP (straight-through processing). Claessens: “The only thing holding us back now are residential charges from bank transactions. That categorisation is not yet quite ready to always go through automatically, so those are still manually retrieved by the credit approver from the supplied data. We still need to take some steps there.”
“And focus on maximum efficiency,” adds Bonarius, as he keeps the competition in mind. “We not only want to be the first private lease company to use source data, but also to establish a super-fast process.”
Interested in a brainstorm to see what source data can do for your process? Don’t hesitate to get in touch with us.
How to increase the first-time-right ratio of a private lease contract
As the operations manager of a private leasing company, you’re always working towards two things: as many processed files as possible per day, and a high first-time-right ratio in the acceptance of private lease contracts. Essentially, you’re looking to establish both quantity and quality at the lowest possible cost. This can be quite a challenge, as the private leasing sector’s acceptance process is highly regulated, which means that every document must be carefully checked by the approval department. Fortunately, there are several ways to increase the acceptance rate and the first-time-right percentage. And, they don’t start with the customer or the lease consultant, but with your internal processes.
Obstacles in the acceptance process
An important aspect of the acceptance process in the private leasing sector is the many documents that customers must provide. You need information on income, their living situation, and any debts, in addition to the required personal data. These papers then must be sent, processed, and stored in a safe, GDPR-proof manner. The tricky part is that this data comes from all sorts of different systems. For example, customers must provide information about their income and expenses. In addition, their identity must be verified. These documents often contain passport photos and/or social security numbers, information that a leasing company is not allowed to have because of GDPR regulations. The result? Additional action is required to ensure that the sensitive information is protected, and that no unprotected information remains in your systems. Not only does this take time, it’s also highly subject to errors.
In addition, due to promotional campaigns, there are regularly peaks in the number of requests for a private lease contract. As a result, the approval department cannot keep up, precisely at a time when new customers are desperate for a contract. The longer the waiting time and the bigger the hassle, the higher the chance that the customer will change their mind and go to a competitor.
All the more reason to take a close look at the acceptance process of private lease contracts! In this blog, you can read more about how to improve acceptance across the board. In the tips below, we’re specifically zooming in on your processes.
Connect with your customer early on in the process
The (digital) signature is often the last step in the acceptance process of private lease contracts. This means that customers can easily drop out if the process takes longer than expected. A simple tip: facilitate this moment of connection earlier. By asking for a signature as early as possible in the acceptance process, you connect the customer to your company. However, don’t see this tip as the solution to all of your problems. If you ask for the signature at the beginning of the process but then end up in an endless exchange of documents, your customer will not be satisfied.
Focus on data reliability
The first-time-right percentage of private lease applications increases if the reliability of the data provided is high. Therefore, we recommend making reliability a focal point of your operations. A good way of doing this is by working with source data. This is data that you’ve received directly from official government sources, such as FranceConnect, Info Retraite, and impots.gouv.fr. If you’re also able to receive all the data at the same time, you can check and approve all the information at once.
An additional advantage of source data is that you can automate (a large part of) the acceptance process. After all, you already know that the data is reliable.
Go for minimal data
In the acceptance process, much more data is requested than is necessary to draw up a private lease contract. Take a close look at the acceptance process and redefine your framework. Do you really need all the information that you’re currently requesting from your customers? If the answer is no, then you can leave some parts out. This also improves your security: what you don’t have, you can’t lose or accidentally leak. A good example is a copy of the customer’s identity card. This contains a passport photo and social security number, which GDPR regulations prohibit companies from keeping. Leave it out, it saves a lot of trouble.
Offer advice as early as possible
“Your debt capacity is just a bit too low for this car, but this other car looks great!” This is advice that customers want to hear at the start of their application, not when the private lease contract is almost complete. So, make sure that you have as much correct data as possible as soon as you can. In this way, you can make customers an appropriate offer that aligns with their financial situation.
First Time Right cannot happen without digitalisation
A high first-time-right percentage on private lease contracts can only be achieved if you digitise the process from start to finish. Ideally, you should allow customers to send in source data directly from the source systems and only ask for the necessary data fields. This may sound challenging, as you’ll receive less information than you’re used to; however, you’ll quickly notice that this new way of working speeds up the acceptance process, reduces the risk of errors, and improves customer service.
5 tips for smooth financial acceptance in the private leasing sector
“I have to call that customer back again because their data isn’t correct. But what if they drop out entirely?” This is a dilemma faced by many advisors in the private leasing sector. They are responsible for a good customer experience, but they also have to request the information necessary for financial acceptance in the context of a private lease contract. Are you a product manager, product owner, or innovation manager at a private leasing company? Then it’s up to you to give lease advisors better tools. Read on for five useful tips!
(Not) everything is fantastic
When lease consultants make a follow-up call after a new customer’s application (the so-called aftercare call), they only want to hear one thing: “Everything’s fantastic!” This indicates that the customer is happy with the deal, and that the onboarding process went smoothly. Still, it doesn’t usually happen that easily. Due to the complex financial acceptance process in the private leasing sector, customers have to jump through quite a few hoops before the contract is finalised. In addition, because they provide their data and you process it manually, the chance of errors is high. Things can go wrong with something as simple as missing initials on the lease contract. The result is that the contract is not accepted and must be redrafted and sent to the client again for signing. For the lease consultant working with that customer, this means more hassle, an unwelcome conversation and, often enough, a frustrated customer. Or even worse: no customer at all.
The main question here is: how can your organisation simplify the financial acceptance of private lease contracts so that the customer experience is not compromised? The answer isn’t to be found in the work of the lease consultant; they simply do what they’re told. The solution must come from the underlying structure. The head office is asking advisors to request all sorts of information that they really don’t need in order to close a deal. So somewhere in the process, something’s going wrong.
So much for the bad news. The good news is that you can improve this process. As an innovation manager or product manager, you can use the following five tips to simplify the financial acceptance process for private lease contracts, so that advisors can improve their service to customers.
Tip 1. Engage with internal stakeholders
Many documents are involved in the onboarding of a new private lease customer. In addition to the usual information, such as name and contact details, as a leasing company you want to know whether the new customer is creditworthy. That means the customer must provide information about things like income and debts. However, the question is whether all the information that you’re currently requesting is really necessary. So, take the time to talk to internal stakeholders that deal with customer data. Which steps are you taking now, which could be omitted? And, do you really need all the documents? There’s a good chance that some of the documents requested can be omitted.
Tip 2. Define the acceptance framework together
While you are discussing things with your colleagues, try to get a better understanding of each other’s work and responsibilities. Everyone has their own list of required customer information, but perhaps there’s some overlap, or you can help each other. An example: a self-employed person needs proof of income. An income statement for one year is usually sufficient for the process, but for an easier assessment, the approval department can ask the leasing consultant for an overview of the last three years. During onboarding, the lease consultant therefore asks the customer to provide their income data for the past three years. If all internal stakeholders sit down together and find out how much frustration providing the official documents causes the customer, they can all determine whether a declaration for one year might be sufficient as well. In short: ensure that the parties involved come out of their silos and make agreements together about the acceptance framework.
Tip 3. Prepare your customer
There’s nothing more frustrating than not being able to meet high expectations. Advisors in the private leasing sector know all about this. Sometimes their customers are already halfway through the onboarding process when they find out that the lease amount doesn’t fit into their monthly budget. Or that their application cannot be processed yet, as an income statement from a co-contractor is still required. Make sure that lease advisors properly prepare their customers for the financial acceptance process. Ensure that they explain which documents are required and which requirements they must fulfil in order to complete the deal. The sooner advisers request customer data, the better. In this way, they quickly get to know their customer and it becomes easier to make a suitable offer.
Tip 4. Focus on continuous optimisation
The cliché “standing still is like going backwards” certainly applies to the customer experience of private lease customers. After all, they expect more every year. Many other money-related matters, such as opening a bank account and getting a telephone contract, already happen without any barriers, so why is applying for a private lease contract still so difficult? Internal (or external) specialists can help you to improve customer onboarding. Be aware that this improvement process is never finished. Every year, something happens that influences the ideal picture for the perfect onboarding or the frameworks for financial acceptance: whether it is the implementation of GDPR regulations or the rise of chatbots.
Tip 5. Digitise the process
Now that we’re talking about progress: the more you can digitise, the better. When more processes are digital, customers no longer need to print and scan documents (both major frustrations!). It’s even better when you move from document-driven acceptance to data-driven acceptance. This requires a platform that regulates this process in a secure and GDPR-proof manner. Would you like to know more about implementing this type of customer onboarding in the private leasing sector? Feel free to get in touch with us!
What is a digital identity and how can you check your clients’ digital ID?
Banks and Mortgage lenders are obliged to check their customers’ identities. This applies to existing customers as well as onboarding customers. But what does ‘identity’ mean in this context? What is a ‘digital identity’? And, how do you check your customers’ digital ID easily and securely? Ockto product specialist Ilyan Tonneman explains.
Many of us take our official identity documents for granted but, in some parts of the world, the notion of ‘identity’ is a luxury. Identity is the fundamental key that paves the way to opening a bank account, voting, driving, starting a job, accessing medical and government services, flying, and even selling products and services. A digital identity is an easy way for around a billion people, who don’t have an official ID, to acquire valid and usable proof of identity. So, for many, a digital identity is the first step to obtaining basic financial services.
But what is a ‘digital identity’? Technically, the ISO/IEC 24760-1 standard defines identity as a “set of attributes that are associated with an entity”. In short, a digital identity determines which set of digital attributes must be associated with an entity. At Ockto, we define a digital identity as a set of verified attributes originating from multiple data sources for the purpose of uniquely proving a person’s identity, whether it’s done online, offline, now, or later via a mobile device.
Digital identity solutions
The world is becoming increasingly digital and there is a growing need for digital identity solutions that are just as safe, secure, and reliable as face-to-face customer identification. In the world of mortgage lending and banking this topic is especially relevant because these institutions are obliged to know who their customers are. AML-legislation dictates that financial service providers must check that onboarding customers are who they say they are – a procedure that must be repeated every 5 years. To this end, financial service providers have developed Know Your Customer programs: performing checks by which fraud – and in the worst case terrorism – can be prevented and traced.
Although Know Your Customer tops the list of priorities, the ‘customer identification’ subject shifts to a larger arena that focuses on the enrichment of trusted or verifiable data about a customer. After all, the more you know about your customers, the better you can tailor your products and services to suit their needs. One way to enrich data is to learn more about someone’s living situation: does the individual still have a partner and if not, what can you as a bank or mortgage lender do to lower that client’s monthly costs? This proactive attitude increases the confidence customers have in your organization – an increasingly important cornerstone for successful financial service providers.
How do you check someone’s digital identity?
The financial sector has a growing need for digital identity solutions and customer data enrichment. The logical question here is: how can this be done securely and effectively? When it comes to establishing a digital identity, there is no single use-case and therefore no single answer. In this age of big data, a lot of information about people and their digital and non-digital activities is being collected. That means information can be obtained from the Employee Insurance Agency, Tax Authority, Pensions and other governmental websites. Which data set is most effective for increasing customer trust? Which data set offers the most security and protects personal identification information (PII)? And, which offers effective levels of risk mitigation as well as a seamless onboarding experience? To provide the right levels of confidence and assurance for doing business safely, a digital identity solution must be able to answer many different questions.
The future of digital identity solutions
Think of digital identity as a marketplace of hundreds of data attributes, verification processes, and tools that should work together to identify ‘who’ a person really is, regardless of his or her unique set of identity characteristics and risk profile. When you link those data sources together, you create something unique. The promise of digital identity is that it is easy for both customers and businesses to use. It’s secure and only allows legitimate users to access specific services. It ensures compliance. It builds trust online across the globe. The good news is that this ideal state of affairs for digital identity is closer than you might think. Smart companies such as Ockto are building it now. Soon, citizens around the world will have access to digital identities, and we will all be able to benefit from the opportunities that the future offers.
Know Your Customer programs can be much more valuable
Requesting personal data during and after the onboarding of new customers creates a lot of additional work for financial suppliers’ Know Your Customers programs. Robert Harreman explains how a modern, integrated approach makes customer management safer, more effective, and more valuable.
Knowing your customers is important. The more information you have, the better you can match your services and products with the demand. This applies to practically every industry, especially the financial industry. Banks, mortgage lenders, and insurers have an obligation to exercise due diligence so that they offer the customer a suitable product. They also want to ensure that a customer won’t default on his or her obligations over the long term, or even worse, turn out to be unreliable. Finally, over the last decade, regulators have been imposing stricter requirements on the onboarding process and subsequent periodic customer checks (known as ongoing due diligence). Taken together, all of these information checks constitute a sizable amount of work for the financial service provider, but also for customers. Isn’t it high time that we started handling customer management more effectively? Fortunately, this can be done by using the latest tooling and techniques intelligently.
Financial service providers are required to establish that existing customers are as reliable as they were when they first came onboard. Regulators are increasingly alerting financial service providers about this obligation by checking whether they are properly complying with AML legislation. This legislation is intended to ensure that financial service providers continually monitor the customer’s situation, in order to more quickly detect or even prevent fraud and terrorism. It’s a good idea on paper, but in practice this monitoring and review process doesn’t always work well everywhere. This isn’t just bad news for the justice system; failure to comply with AML legislation can lead to very high fines and damage to a company’s reputation. This has happened to a number of international banks in recent years.
Know Your Customer programs
Pressure from the regulators causes financial service providers to spend a lot of time setting up Know Your Customer (KYC) programs. This KYC principle is also known as Client Due Diligence (CDD) and refers to the steps that financial service providers must follow in order to establish a customer’s identity, understand the nature of the customer’s business, and assess the risks of money laundering and terrorism financing. This is why banks and mortgage lenders deploy a lot of staff who, often manually, have to establish customers’ identities and detect possible fraudulent transactions. This initially happens during the onboarding process and subsequently on a regular basis.
Two drawbacks and a missed opportunity
The current KYC programs have two major drawbacks. First of all, they are anything but effective. Much of the work occurs manually and piecemeal, so that checks take a lot of time and the customer’s interests come second. The second problem has to do with privacy. During the transmission of personal data, information that isn’t relevant to the financial service provider often accompanies the data because it is included on the same document as the requested information. To prevent this, customers would have to shield part of the data, which in practice would mean censoring their documents with a (virtual) black marker.
In addition to these two drawbacks, the current KYC approach also leads to a missed opportunity. Good customer management should go much further than what is legally required. Maintaining the customer relationship and establishing that the purchased products still fit the customer’s circumstances are just as important. For example, does a personal loan still match that client’s income? Or does a larger family indicate different housing needs? If banks and mortgage lenders could proactively deal with these changes, they could contact customers in order to propose a better product fit in a timely fashion. In this way they would observe due diligence, create upselling opportunities and improve the customer relationship.
How do you do it well? The financial APK
Effective customer management should mean that you and your customer establish, in a timely and integrated manner, whether the product fits their situation and also find out if the customer still meets the legal requirements. So, you manage KYC, due diligence, and the product fit all at the same time. For this purpose, the customer can agree to regularly submit a limited set of personal data which the financial service provider can then use to determine if the customer relationship is still completely suitable. This includes information such as address, income, employer, family situation, and major changes in assets and debt position. By sharing this information from reliable data sources, it becomes easy for the customer to submit it, and for the financial service provider to automate the process.
In this way, the time-consuming Know Your Customer program changes into a financial APK that can be regularly executed in a fully-automated, efficient, and secure way. The precondition is, of course, that this APK be executed with reliable and updated processes and tooling. Once you have this in order, you kill two birds with one stone: excluding risks while improving the customer relationship.