Data Verification Platform, Federated Identity, Identity, Payments, Smartcards

Digital wallets are components, not systems

Posted on by George Peabody
Wallet with payment cards and cash
11
Apr

Two particular veins of discussion enliven those of us working on identification and data quality. One is digital wallets, the other is the availability of verified credentials. This post looks into the digital wallet and finds it less than a complete solution. (We will address verified credential availability in the next installment).

What is a wallet?

A digital wallet combines several key components:

  1. A container to hold credentials such as payment card and loyalty program numbers.
  2. A user interface that guides the loading and presentation of those credentials.
  3. APIs to connect with credential providers, requestors, and technical intermediaries.
  4. Cryptographic systems to secure the storage and release of those credentials on behalf of the holder.

Those are powerful capabilities. The wallet carries everything necessary to initiate a transaction by communicating the required credentials.

Not enough to stand alone

But alone, wallets are massively insufficient to provide, in the real world, a full system that enables a round-trip transaction. Wallets are a useful component, but they are only worthwhile when there is an arrangement between parties to govern which credentials are fit for purpose in each transaction they wish to conduct.

That arrangement may be called a network, a scheme, or a system.

Essential characteristics which a wallet on its own cannot provide include:

  1. A rule set, perhaps nudged by regulation, that governs what credentials mean, their intended scope of use, terms and conditions, how credentials are provisioned, and how they are used.
  2. A mechanism to prove the credential provenance and depth — that is, the richness of descriptors of index data, such as driver license and healthcare numbers, which also identifies the authoritative data source.
  3. A way to manage transactions. Digital wallets operate at the edge of the network to provide certain essential data and metadata to the counterparties, but the great bulk of every transaction — the user experience of goods and services and all the other data capture — occurs in software outside the wallet.

Look at the payments card network

The payments card network works because compliance with its business rules and technical standards make large-scale interoperability possible. And those requirements are exhaustive, from one end to the other.

When a transaction is initiated by card, two devices are involved: the card containing the credentials, and the terminal or the payment app that transmits those credentials into the card system. Both the card and the terminal or gateway operate at the edge of the network. Both need to comply with the card network’s standards. Cards or terminals that are not approved by the scheme will not be recognised and will be rejected.

The issuing of cards is controlled by the financial institutions which are members of the scheme, subject to the card system rules. Those rules define the roles, responsibilities, and liabilities for each financial institution involved, and for the customers of those financial institutions.

As with issuance, POS terminal functionality and compliance are guided by a subset of card network rules.

The card networks’ magic, and power, comes primarily from the rule set and not from the devices used to initiate transactions. That’s how Visa, Mastercard, JCB, and all other card systems roll. The card system would never have become a global network if each bank had to work with every merchant to accept its cards.

That’s the point missing from the digital wallet discussion. Rule sets organize and orchestrate the processes across business agreements, tech standards, and even brand. Cards, terminals, and wallets are components, not systems.

Apple knows this very well

Apple Wallet is not just a wallet. Apple has built a system, a scheme, that defines the obligations of each participating issuer. In the case of payment cards, Apple onboards each issuing bank, performing due diligence, before allowing that bank’s cards to be loaded into Apple Pay.

The Apple Wallet does, of course, represent Apple’s self-interests, from enforcement of its technical requirements to its ability to charge issuers when their cards are used. But those same business and technical rules also provide consistency and predictability for issuers and the millions of merchants accepting Apple Pay.

And now Apple is expanding its wallet and infostructure to carry cryptographically verifiable mobile driver licences, European eIDs, and COVID-19 vaccination certificates. As Apple slowly and carefully expands to these extra credentials, we can see that the heavy lifting relates to the due dligence needed to vet and onboard legitimate issuers of socially crucial and safety critical credentials.

Bottom line: The Apple Wallet system proves that the wallet needs an underpinning scheme.

Rules rationalize, simplicity matters

So, when you read about digital wallets — whether they are proprietary like Apple’s or not — ask yourself two questions:

  • Who’s setting the rules?
  • Do the design goals include adoption, interoperability, and scale?

If the answers are “no one” and “not so much”, then watch out. You may be headed for a world of costly bilateral or multilateral integrations. History demonstrates that such friction limits adoption. That’s an avoidable morass.

Lockstep’s Data Verification Platform is a scheme to rationalise and organise data flows between data originators such as government and the risk owners who rely on accurate data to guide decisions. Join us in conversation.

If you’d like to follow the development of the Data Verification Platform model, please subscribe for email updates.​