More on the "Identity Assurance programme "

James Firth james2 at
Thu Nov 3 17:19:13 GMT 2011

Floriam Weimer wrote:

> Doesn't EU regulation forbid electronic enrollment? 

Really? For bank accounts? What about PayPal?! (Irony intended - seriously,
there are "pseudo-banks" and other services that would benefit).

> why would a bank would want to rely on third party for a core
> aspect of their customer interaction?

I doubt any bank would see identity verification as anything other than a
pain.  Several high street chains rely on branches, and when it's an
internet or business account the branch has to photocopy documents and send
to the relevant internal department. And they sometimes don't arrive.

And banks without a high street presence (granted, they are owned by banks
with a high street presence) have to rely on their parent organisation for
this service.  Or sending original documents through the post (flawed and
hated by customers).

> I'm not a business guy, so I can't quite grasp why
> anyone would subject themselves to the whims of mobile phone operators
> that way.)

It's a shitty, costly part of their business banks would rather not do?

Taken a stage further, why not subcontract the whole sign-in process?  That
would alleviate the "forgot my password, account locked" expense of printing
and sending a new PIN/Access code.  And then there's the secondary
identification tokens.  I have four bank accounts with four different banks.
Thankfully only one provides secondary verification (business account), but
if all did, would I have to carry the card reader/fob for every one?

It makes sense to subcontract. It makes even more sense from a customer
perspective to have a one-stop-shop* 

* (apart from it introduces a single point of weakness/monitoring/market

James Firth

More information about the ukcrypto mailing list