Un and Underserved People Use Case

From IDESG Wiki
Revision as of 16:17, 27 May 2020 by Tomjones (talk | contribs) (→‎Derived Requirements)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Template:Comment

Use Case Metadata

Title

Un and Underserved People Enter the Identity Ecosystem: (Case #1) Leveraging a Bank Account to receive a Digital Identity :

This use case should be considered as a work-in-progress, and must still be evaluated within the financial services community for issues such as liability, regulatory concerns, privacy, and business value. This use case is being posted to the wiki to obtain greater exposure within the IDESG community, and to encourage comments from the community regarding technical, standards, privacy, and usability issues that appear to be relevant.

Status

Use Case Lifecycle Status

Contributed Working Draft Committee Review Compilation Approval Publication
This use case has been approved in version 1.2. This page may have been updated since the 1.2 document was approved.

Use Case Category

Un and Underserved People, Economic Inclusion

Contributor

Ann Racuya-Robbins (World Knowledge Bank)

Use Case Content

Use Case Description

Proposed Template Category "Use Case Purpose": Un and Underserved People Enter the IDESG Identity Ecosystem.

Un and Underserved refers to people that do not have, have lost, or have inadequate digital identities to enable them to participate in the secure and resilient, cost effective and easy to use, privacy enhancing and voluntary interoperable online Identity Ecosystem envisioned by NSTIC and the IDESG. Currently there are barriers to and opportunities for the Un and Underserved to enter the IDESG Identity Ecosystem. Such barriers may be, limited financial means, physical disadvantage or challenge, language differences, loss of employment, to name but a few. Such opportunities may be new products and services to remove these barriers, innovations in serving this community as well as greater social cohesion and internet-wide cyber-security.

Importantly, many of the Un and Underserved are also financially un and underserved. Today 68 million American adults are un or under banked. More than 2.5 billion adults around the world are unbanked.

The goal of this use case is to leverage existing programs and services, for example the FDIC "Safe Account" program, to allow the Un and Underserved to use their "Safe Account" bank account enrollment process as a means of obtaining a digital identity and entering the IDESG Identity Ecosystem. Being Un and Underserved is not a new problem but one that has had a long (perhaps going back to the beginnings of money and then banking)and often intractable set of complexities. The efficiencies of cyberspace (the internet) provides an historic opportunity to bridge this gap.

Scenario(Example): Julia, a prospective underserved financial services customer, wants to open a bank account as well as obtain an digital identity for use in the IDESG Identity Ecosystem.

Julia learns of a FDIC "Safe Account" type of account at her local community center which allows her to apply for an account and subsequently obtain a digital identity. Julia applies for and gets an FDIC “Safe Account” through an FDIC insured bank or equivalent financial institution compliant with 31 CFR 1020.220 - Customer identification programs (CIP) for banks, savings associations, credit unions, and certain non-Federally regulated banks. Or other acceptable customer identification program. The enrollment vetting process into a "Safe Account" serves the vetting requirements for Julia to obtain her digital identity. After a period of successful Safe Account practices Julia uses her Safe Account history and digital identity to apply for an FCCX credential or other governmental credential for accessing government services. Julia receives the government credential and uses the government credential to apply for other online services and products including more financial services. Julia is able to step by step build access to a wide range of products and services she will need and use as she provides for her family and builds her entrepreneurial life as a clothes designer and pattern maker.

Goals Summary: Julia will be able to obtain an digital credential with the qualifications used to obtain her Safe Account. Julia will be able manage her finances in a secure and insured or protected environment where she can increase her income through entrepreneurship, improving the quality of life for herself and her son, the economic activity in her neighborhood through her purchases, and tax receipts to her city and state. Julia will be able to interact with some government and non-profit services improving confidence in government and non-profit institutions and financial institutions including banking. The financial institutions and non-profit organizations, government agencies and healthcare providers will be able to increase the number of their customers/participants. Through this use case a broad range of stakeholders are brought together to share risks and rewards in creating an online Identity Ecosystem Framework where economic opportunity, productivity and human well being are harmonized.

Actors

1 Un and Underserved People.

2 Financial Institutions.

3 Non-profit Organizations.

4 Government.

5 Insurance entities.

6 Any Relying Party or Service Provider in the IDESG Identity Ecosystem that complies with the NSTIC principles and has a Trustmark Accreditation.

7 Alternative Financial Services.

Assumptions

Un and Underserved Person applies in person at the Financial Institution or uses an acceptable electronic means of application including for example Treasury’s OCIP that has brought together the FSSCC, DHS, and NIST to create a Cooperative Research and Development Agreement on identity proofing, which has identified new methods for satisfying the “know your customer" requirements of financial institutions.

Financial Institution must be a FDIC insured bank or equivalent. The digital identity meets the needs of relying parties.


Process Flow

File:ProcessFlow.png

  • This use case is unique in that the person, Julia and her son in this case, exist outside an online Identity Ecosystem. Entering the Identity Ecosystem is a kind of state change, so to speak, for Julia. The other stakeholders are already inside the Identity Ecosystem.
  • The process of entering the ecosystem should be done with care by all stakeholders.

Success Scenario

Julia is able to enroll in a Safe Account that provides her with a digital identity useful in the ID Ecosystem for products and services and for federal, state and local governments. Julia can also apply for and potentially receive other digital identities from other ID Ecosystem providers enlarging the range of products and online services, including financial she can access.

Error Conditions

Relationships

  • Extended by: Forthcoming
  • Extension of: Forthcoming

References and Citations

  • (“Safe Accounts are checkless, card-based electronic accounts that allow withdrawals only through automated teller machines, point-of-sale terminals, automated clearinghouse preauthorizations, and other automated means and which has lower-cost, electronic payments and prohibits overdraft or non-sufficient funds fees.” )
  • Consumer Privacy Bill of Rights
  • FIPPS
  • FDIC Model Safe Account Pilot
  • Federal Cloud Credential Exchange (FCCX)
  • According to the 2011 FDIC National Survey of Unbanked and Underbanked Households, September 2012, 68 million American Adults, making up 30 million American Households, are either unbanked or underbanked. Safe Account Final Report
  • FICAM

NSTIC Guiding Principles Considerations

Privacy Considerations

The Un and Underserved People Use Case will utilize FIPPS and Consumer Privacy Bill of Rights for ongoing guidance as this Use Case is further developed.
--Ann Racuya-Robbins (talk) 21:15, 15 December 2013 (UTC) Inserted as recommended by the Privacy Committee Reviewer.

Privacy Review Report by Jeff Brennen. Copied in full just below

Un and Underserved People Enter the IDESG Identity Ecosystem: Use Case by Ann Racuya-Robbins

Use Case Overview - The premise of this Use Case is that a subset of the population will use the existing FDIC “Safe Account” type or equivalent new bank account enrollment process in order to obtain a digital identity for use in the IDESG Identity Ecosystem. Discussion - In reality, the use of the bank account enrollment process could be used by anyone to open a bank account and/or obtain digital credentials. There are many questions that would need to be addressed including how the credentials and PII would be passed from the bank to the ecosystem, who would maintain the PII and credentials going forward, what would be the financial incentive for the bank to perform this identity verification and enrollment process if the person were not signing up for bank services also, and so on. But,I assume these questions, and more, would be the case regardless of the issuing agency and assume this will be addressed by other Use Cases and/or validated by the actual players themselves.
Privacy Considerations – The advantage that this Use Case presents is that the existing FDIC “Safe Account” enrollment process is well defined in “31 CFR 1020.220 - Customer identification programs for banks, savings associations, credit unions, and certain non-Federally regulated banks.” The specific types of identification required and exceptions are detailed[1], including denying or turning off bank accounts and reporting suspicious activity. Additionally, notice and data retention requirements are spelled out. The basis for the privacy considerations for this Use Case for issuance of the digital credentials becomes, therefore, a comparison of this enrollment process against the FIPPS and Consumer Privacy Bill of Rights, both as detailed in the Privacy Evaluation Methodology Guidance and Analysis Workbook. Recognizing the importance of privacy, the “Un and Underserved People Enter the IDESG Identity Ecosystem” Use Case identifies both the FIPPS and Consumer Privacy Bill of Rights as References and Citations’ documents.
Privacy Recommendations - As mentioned in the discussion section, 31 CFR 1020.220 provides requirements for the bank account enrolment process but does not address providing digital identity credentials anticipated by this Use Case. The Use Case process flow shows at a very high level how it would work, but provides little in the way of operational details. For these reasons, trying to put the Use Case through our privacy analysis methodology would be, in my opinion, premature. The Use Case provides a high level view of an identity enrollment/credentials issuance process that could serve the un and underserved population. The Use Case identifies FIPPS and Consumer Privacy Bill of Rights as reference documents. My recommendation is to modify the Privacy Considerations section of the Use Case with wording to the effect: FIPPS and Consumer Privacy Bill of Rights will be utilized for ongoing guidance as this Use Case is further developed. This will allow the “Un and Underserved People Enter the IDESG Identity Ecosystem” Use Case to move forward with the right privacy guidance built into it as it is further developed into an actual operational working model; and, allow us to take future detailed operational models through our Privacy Evaluation Methodology and provide useful privacy feedback for further developing the Use Case.

[1] Per 31 CFR 1020.220, the bank must obtain, at a minimum,the following information from the customer prior to opening an account:(1) Name;(2) Date of birth, for an individual;(3) Address, which shall be:(i) For an individual, a residential or business street address;(ii) For an individual who does not have a residential or business street address, an Army Post Office (APO) or Fleet Post Office (FPO)box number, or the residential or business street address of next of kin or of another contact individual; or(iii) For a person other than an individual (such as a corporation, partnership, or trust), a principal place of business, local office, or other physical location; and(4) Identification number, which shall be:(i) For a U.S. person, a taxpayer identification number; or(ii) For a non-U.S. person, one or more of the following: A taxpayer identification number; passport number and country of issuance; alien identification card number; or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard.

Security Considerations

User Experience/Usability Considerations

Interoperability Considerations

Domain Expert Working Group Considerations

Financial

Health Care

Derived Requirements

References