Let’s Talk About Digital Identity with Roland Adrian, Managing Director at Verimi.
In episode 40, Roland fills us in on how Verimi works and its privacy-by-design cornerstones, including data minimisation. Oscar and Roland also discuss the digital identity landscape in Germany and how it’s been affected by the pandemic, plus the future of identity in Germany and what needs to happen next.
[Scroll down for transcript]
“Customer experience is king at digital identity. And really, technology, security, privacy, whatever it is – it’s important, but in a sense it’s a commodity.”
Roland Adrian has been Managing Director and Spokesman of the Management Board at Verimi since January 2019. Previously, he was Managing Director and Spokesman of the Executive Board at Lufthansa Miles & More GmbH for four years. The business degree holder started his career in 1996 at Roland Berger Strategy Consultants in Munich. After holding leading positions in the KarstadtQuelle Group, he built up the HappyDigits bonus programme from 2002 as a joint venture between Arcandor AG and of Deutsche Telekom AG. In 2009, he moved to PAYBACK in Munich and from 2010 focused on the launch of the programme in India. As Vice President, he led PAYBACK’s expansion into various markets worldwide.
Verimi is the European cross industry identity and trusted platform. Verimi combines a convenient central login (Single Sign On), the highest data security and protection standards in line with European law and the self-determination of users regarding the use of their personal data. Verimi was founded in spring of 2017. The identity and trusted platform is supported by a network of thirteen international corporations. The shareholder network includes Allianz, Axel Springer, Bundesdruckerei, Core, Daimler, Deutsche Bahn, Deutsche Bank and Postbank, Deutsche Telekom, Giesecke+Devrient, Here Technologies, Lufthansa, Samsung and Volkswagen.
Verimi is a Ubisecure partner. Read more about the partnership in the press release: https://www.ubisecure.com/news-events/verimi-partnership/
Go to our YouTube to watch the video transcript for this episode.
The podcast connecting identity and business. Each episode features an in-depth conversation with an identity management leader, focusing on industry hot topics and stories. Join Oscar Santolalla and his special guests as they discuss what’s current and what’s next for digital identity. Produced by Ubisecure.
Let’s Talk About Digital Identity, the podcast connecting identity and business. I am your host, Oscar Santolalla.
Oscar Santolalla: Hi, and thanks for joining. Today, we are going to hear about the digital landscape in Germany. And for that our special guest is Roland Adrian. He is Managing Director and Spokesman of the Management Board at Verimi since January 2019. Previously, he was Managing Director and Spokesman of the Executive Board at Lufthansa Miles and More for four years. He built up the HappyDigits bonus programme from 2002 as a joint venture of Deutsche Telekom. In 2009, he moved to PAYBACK. And as Vice President, he led PAYBACK’s expansion into various markets worldwide.
Roland Adrian: Hi Oscar.
Oscar: Nice talking with you Roland and really happy to hear what is going on in Germany in terms of digital identity and everything related to that. And happy to know more about Verimi. I’ve been hearing ‘Verimi’ already for the last years and definitely need to hear more details. What are the products you are building and offering today? So please, tell us a bit of your journey how you became the managing director at Verimi.
Roland: Yes. Thank you, Oscar. And many thanks for the invitation. Glad to be here and talk to you a little bit about the market in Germany. So yeah, what was my journey becoming Managing Director of Verimi. Actually, my journey, professional journey, started 25 years ago when I started my career in consulting. Then some stations at Karstadt which is a department store group. And then I founded multi partner loyalty scheme together with Deutsche Telekom. And from there, I moved to PAYBACK which actually is Germany’s leading multi partner loyalty scheme. They are in quite some markets worldwide, in India, Mexico, Italy, US.
And from all the travel I then got introduced to Lufthansa, of course, and became the CEO of Lufthansa Miles & More. And during that time, actually, I realised that the future is more and more about seamless customer experience. Because if you look at Lufthansa, in many cases, the real loyalty benefits that you can get there, they actually translate into a real seamless customer experience that you get. If you look at all the fast tracks for security and immigration, priority boarding, preferred seating in the plane, it’s actually – the customers tend to reward benefits in their experience much more than any loyalty currency.
And so at the moment, where then Lufthansa invested into the Verimi idea, for me, it was very clear that this would be an exciting next step for me personally. So I decided to switch over to Verimi to be the CEO of Verimi, and to push forward digital identity to provide seamless customer experience for the users.
Oscar: And I can induce that Lufthansa is one of the founders organisation behind Verimi, but tell us more please for the ones who are not familiar with Verimi, please tell us what Verimi does.
Roland: Yeah, in fact, Lufthansa is actually one of the investors and we have altogether 13 very large companies in Germany that invested into the Verimi idea. And the large companies are renowned brand names such as Allianz, Deutsche Bahn, Deutsche Bank, Deutsche Lufthansa, Deutsche Telekom, Daimler, Samsung, Volkswagen. So, all very large companies that invested into Verimi to establish a wallet of digital identities. So that was their driving force. And I think when we will talk about the market a little later on, we will see that it was a very good moment to invest into such platform because the market urgently requires the platform and there’s pretty much an empty space currently in Germany.
And what we provide as Verimi is this one click digital experience for verified identification within our partners’ use cases. And at the core of it all, is an identity platform, of course, that matches all the regulatory requirements for anti-money laundering or EDA substantial. And this comes along with the solution for strong customer authentication. Because the critical part of such a platform is not the identification of customers itself but actually, the critical part is the reuse, and that means the re-access to the digital identity.
And then there are services that actually build on the digital identities such as electronic signatures, or secure payments, and actually Verimi offers products in all these four fields, that means for identity, so just identifying customers for strong customer authentication, for electronic signatures, and for payment solutions. And this is the platform that we have, so how do we bring customers on that platform? Actually, invite the customers to store their verified identity data with Verimi. And verified identity data, what can that be? We all know that’s ID card, it’s passport, it’s driver’s license, and it’s many attributes that are not such in governmental ID, but that are just verified IDs, like verified email, verified phone number or even in Germany, the tax number. And customers can actually come to us on Verimi.com and store all their data and everything they wish to store there.
But our experience is that customers don’t come without use case. So for my personal loyalty background, I oftentimes compare it to situations you wouldn’t register for loyalty scheme, if you’re not planning to shop or to travel with the partner where you can actually go and can collect the miles or the points. And very similarly, nobody would come to Verimi if he doesn’t plan to actually use his identity data somewhere. So from our experience, we learned that it’s crucial to be integrated into the use cases of our partners. So once you actually need to identify for the use case, we offer the customers to store their data with Verimi. So either they need to identify and haven’t stored with Verimi before, so then they can do it. And if they come, and they already stored their identity before, then they can just benefit from the one click identity that we offer.
So we actually provide a much better experience for the user, because instead of having video IDENT or photo IDENT, or whatever ID procedure is there, it’s a one click, seamless experience. And for our partners, we can enable them that they offer much better services to their customers. They minimise barriers to entry that come from any kind of identification process. And maybe even more important, we minimise transaction costs for identification, because reuse of a digital identity, of course, is much more efficient than any kind of first time identification.
Oscar: Yeah, definitely. Sounds like an excellent offer of identity for anybody who is at the moment in these brands, in these companies that have invested but I’m sure it is planned to be anywhere in – for now, in Germany, I guess. Some of these big names you mentioned, some of these big names, big company that are behind Verimi, some of them already have launched services in which the users can use Verimi?
Roland: Yeah, absolutely. I mean, we launched the Verimi platform some two years ago, actually. And we just launched it with a single sign-on feature so that you can use a classical single sign-on at that various partners. That was our MVP to really prove that the platform is there, that it’s stable, that it’s operational.
The actual product that we are all aiming at, meaning the identity product we just launched in spring last year. So we are live for a little less than a year currently. And we already have the first partner integrations and kind of minimum viable product setup. So there is an MVP in the market, where we now showcase all the various use cases that we can deliver. And the use cases just technically they split up into that we can do it in the web, that we can do it in the app, that we have an SDK, that we can do it as an in-line registration, what I just meant that you can register within your process or that you can have the one click.
And for the registration within the process, we’re also applying various identity methods. So that means we offer a bank ID where you identify with your current account with the bank, we offer a photo IDENT solution where you take a picture of your ID documents, we also have video IDENT solution. And of course, we also have an e–ID solution. This is the governmental solution. And this we showcase throughout the various use cases with a little focus on our shareholders, but we also have partners from outside of our shareholding group, where we now have a nice set of use cases and this year is about the scaling of all these use cases with more and more partners.
Oscar: So they are available. And for the end user, if someone wants to go to Verimi and create their identity, so that can be done at any time.
Roland: Anytime, you just go to Verimi.com, you create your account and you can do that in the web or on the app. Then you can choose whatever you want to put in your wallet. So you can verify your passport, you can verify your bank credentials. You can verify your email. So it’s a little that you can play around, just verify your data. But as I said, without having a use case, it’s more maybe a gamification that you can play around and try it out. But we see that the most customers come in if they really have a use case.
Oscar: Completely understandable. Yes. So we often talk in this podcast about the concept of privacy by design in the identity industry. And particularly in Germany, given its reputation, this country’s reputation for a strong focus on data privacy, how do these tie into what Verimi is aiming to achieve?
Roland: Yeah, and that’s a very good question. And absolutely, Verimi is what you can say, privacy by design. And the focus in Germany, the Germans tend to be very sensitive about data privacy, but it’s also the reputation of our shareholders, as you can imagine. I mean, they are not investing into a joint venture with all these large companies to then create any kind of sense that there is conflict with data privacy. So this means for Verimi privacy is done by design.
And there are three cornerstones when we say privacy by design at Verimi. So three cornerstones, and the one is a clear policy that there’s no advertising policy with Verimi. So we don’t offer any services or infrastructure for any kind of customer profiling or commercialisation of customer data. No, it’s just for the identity wallet that the data are there, nothing around.
The second cornerstone is secure storage. So, data is encrypted by private keys. And these private keys are securely stored locally on the smartphone of the users. And the entire architecture that we chose is as secure as possible and at the same time, as convenient as possible so that it’s a solution that people want to use. And all this, needs to meet the current regulatory context, which is quite unique in Germany, I believe. It’s unique and also complex. And we are meeting all this context as convenient and as secure as possible.
And the third cornerstone is the data sovereignty for the user. So, it’s very important for us that we are always fully transparent to the user. We tell him exactly what data he has stored in the wallet, what data he actually shares with the partner that he chooses. And we show very transparently a transaction record so that the customer is informed what happened. And there’s nothing hidden, nothing aside, no commercial benefit aside that we have transferred the identity data to the partner as the customer wanted.
And of course, the second key word is principle of data minimisation. It is data minimisation, also by design, because it is the wallet of the user. So whatever is in the wallet, actually, the user put in the wallet. The user decides what to put in. We are not collecting anything in the background, where we then need to say, “Oh, we just can collect minimal dataset.” The user decides what to put in. And the user also decides case by case, what to share with whom. And that is very transparent.
And then the principle of data minimisation does go more go to our partners, because they can only request a minimal dataset. And if they request more in our processes, they ask the customer if for you know any use they could also get this or that data, but the customer can say “No, I don’t want to give you that data”.
Oscar: Oh, yeah, definitely. I can see that there’s really good designs in terms of privacy and data minimisation in Verimi’s service. Bringing back the attention to the business landscape, could you tell us how is the wider digital identity landscape that Germany has today and if has been affected or how has been affected by the pandemic?
Roland: Yeah, sure. I would say digital landscape in Germany or digital identity landscape in Germany, overall digital identity has not really arrived in Germany. Where does it come from? I mean, if we look at the market, we see that we have a governmental e-ID scheme. And that scheme is there for more than 10 years now. And according to the latest studies, less than 6% of citizens actually use it. So that’s the one from the governmental side.
And then compared to other European countries, if you look at the banking industry, the banking industry has not set up something like a bank ID that we see in many other countries. And the reasons for that are very specific if you look at the German banking landscape, how the structure is and how many players are there and how these players work with each other.
And then as the third pillar in Germany, or the third aspect to look at, we have several Identity Service Providers that actually use this gap that there is not a governmental e-ID scheme or bank ID, Identity Service Providers came up. And they actually verify the physical ID, so the ID card, or the passport or the driver’s license, and confirm the data for the digital process. And these processes look like a very – a video IDENT, for example, where you have a call with a video agent, and then you show your ID card and everything and the video agent says “OK, yeah, looks perfect.” Or you have a photo identification, where you take pictures of your ID cards. Or you have a very, I think German phenomena, where you go to the postal office and show your ID card in the postal office for one time process and then the postal agent says, “OK, I saw it, I can confirm you have it”. And all this is for one-time specific use case only. So there’s nobody really in the market that stores data for digital ID.
Oscar: So it needs to be done, again, for instance, if I need to do another identification, I need to go to the post office again.
Roland: Exactly. So if you have like two or three transactions, if you happen to have two or three transactions the same week, you can go to the post office each and every day. And the procedure will start from scratch. I mean, you can also collect them and show the three transactions at your one visit but each and every transaction will be captured individually. So there is no synergy. And then there is no storage. So, if the week after you have the fourth process, you need to go to the post office again and start from scratch.
Yeah, and this shows as a result, the user has to identify himself over and over. So for every use case, and that’s not convenient. And that also creates very high barriers to entry for the merchants in the market. Because every user says, “Oh, that’s a hassle, I don’t want to do it.” And at the end of the day, this is pretty much inefficient for the digital transformation of Germany. So we urgently need a solution for this in Germany. And this is also one of the reasons why our shareholders came together and said, “OK, we need to do something.” And that we need to do something you asked for the pandemic impacts, I would say, as probably in all countries, I mean, pandemic has put very much pressure on the system.
If we now reflect what we have in Germany, if we look at the public administration, public administration is not yet open to accept any kind of privately operated IDs. So public administration is very much focused on their governmental e-ID scheme, and as I said, only 6% of citizens use it. So within the pandemic, when all the offices were closed, in the first place, there are only very few processes that are digital at the moment at all in public administration in Germany. But for those that are digital already, the access to these digital processes has been a key bottleneck. So basically, if you want to enable your public e-ID on your ID card that requires and required until end of last year, it required personal visit to the office, and that was closed. So they were fully stuck. And the solution is now that they want to make e-ID even more attractive and we will all see where it leads us this year. But the solution is not that they now accept privately operated ID schemes, which is pretty sad.
So if we look at the private sector, I introduced the various methods that we have there so that you can go to the postal office to identify yourself. Well, there was limited access to the postal offices too during these days. And the next one is that you can actually have a video call with a service agent in service centres. But also there, I mean, if you imagine the setup of a service centre and the call that everybody works from home, I mean that was a lot of pressure to keep the service centres up and running in the first place. And then they had a massive increase in volume and in requests from customers. So they were pretty challenged.
So that challenge is we are now in this situation for about a year. I think everybody has kind of learned how to cope with the challenges. But the good thing is like probably in every country, now there’s a big openness for change in the industry. So everybody is aware, it’s not the best idea to just continue what we have, but we need to change things. That is very good. That is very good for Verimi because everybody is talking about, “Ah, can’t we have a digital ID where people just have a fully digital process?” That’s a very good discussion.
On the other hand, we all know if you want to integrate identification solution in a regulated context, in a large company, that takes time. So now we have the good situation that people want to change and want to have innovations. We have the challenging situation that you can’t do it from one day to another. And we have the challenging situation, of course, that free budgets for those things are hard to find. So it will take time that we transition.
Oscar: Yeah, of course, I can imagine not only from people, people want change, better services, better data services, and also the organisation, companies and government are already into this. And so seeing now towards the future, again in Germany, what do you see as the future of digital identity in Germany? And if you can compare how are things happening other countries, for instance, other – yeah, other geographies?
Roland: Sure, yeah, looking at Germany, I would say Verimi is among those that actually pioneer the development of digital identity in the German market. So as I said, for the introduction, certain shareholders have founded Verimi, they have an objective what Verimi shall create for them. And they put strong financing into Verimi so that we are really enabled to create a change in the market.
So we have two main tasks in this pioneering role. The first task is that we need to set up an infrastructure that is able to deliver solutions in the given context. And that means now and today, our solution needs to work. So it’s not about the vision that may be in five years, or in ten years, it would be great to have any kind of solution that would work. But our task is to have an infrastructure ready that delivers solutions now. And this infrastructure is ready, we have the MVP, we are rolling it out. So that objective is done.
And the other objective is that, of course, we need to push forward and shape the landscape that we deliver innovative solutions and innovative solutions that can translate into kind of local storage. And I said that we are storing the private keys locally on the smartphone of the user, in a trusted execution environment at the app or even using the secure elements in the smartphone. This is something we introduced last year. So it was not planned in the initial architecture, but we saw that technology was able to deliver such a security service, and we innovated on this so that’s in the market now for about six months.
And we are working on new technologies where we have self-sovereign identity solutions based on blockchain technologies. And all this we want to deliver in the upcoming future. But for us, it’s really important that the solutions work in the current context. And if today you talk about self-sovereign identity in a regulated context in Germany, that is a great vision to have but there are many questions to answer before you can put it into practice. So this is the first thing we want to deliver in practice, and also to innovate.
I think that Germany as a whole is just starting in terms of digital identity, and there is still a very long way to go. First thing is that the given regulatory framework in Germany is not really in favour of digital identities. There’s a great lack of interoperability between the various frameworks for regulation, for example, anti-money laundering and telecommunications, the eIDAS framework for the public sector. It’s all isolated silos. And even within the silos, if you look into any anti-money laundering or telecommunication, these regulations are not really done for a digital space. So there’s still a lot of work to do that it fits the digital context.
The second one, why are we just starting in Germany, is that in German context, there’s only few appetite for public, private corporations. And I believe that the public sector has a key role to really initiate digital identity and the acceptance of digital identity among all the citizens. And if we look into the recent initiatives in the public administration and e-health sector in Germany, we don’t see that they really foster an open ecosystem of digital identities. It is very much about security and technology, and innovation and how it shall be and could be. But for the current situation where we urgently need a solution, from day to day, there is not the real inception. So it’s rather on a visionary stage where we say, OK, if we all reach there in five years, then we all have achieved something, which is great, that we have a common goal. But for kind of the context this year, we are lacking some dynamics on that side, I would say.
And the third part of why we are just at the beginning of digital identity in Germany is that we need to overcome all these legacy of intermediate solutions. As I said, we have the postal IDENT services, we have the video IDENT services, all these services are integrated at most of the companies and processes also tailored to these solutions. So it’s quite hard to overcome this legacy and to say, “Oh now, we need a new solution and a new process and new investment and new resources to realise it” in a situation where the process as a basic process works.
So I would say these are the three points why Germany is just starting. So it’s a regulatory framework. It’s a public private co-operation. And it’s a legacy of intermediate solutions that we have. But in this situation, I’m pretty confident that we will actually manage to set up digital solution and the real digital identity solution that is not only covering the ID card, but also driver’s license and any other personal IDs or certificates that you can put in your digital identity. And I’m confident that the joint efforts of the private sector will actually bring up solutions, and, of course, Verimi, we feel at the forefront of this development that we bring up solutions that fit the requirements at least of the private sector, and then, at any time, also invite the public sector to take part.
And there are so much room for development in the market, because we need digital processes, even for the existing use cases for efficiency and compliance reasons. I mean, it’s reason enough to digitise what we have. And there are so many new use cases coming in FinTechs, in shared mobility, that all need highly efficient workflows. And in some cases, these use cases just arise from the fact that you have this efficient workflow because there’s no barrier to entry anymore. And there’s no upfront investment into customer acquisition and customer identification anymore. It’s just one click away.
I mean, this development will come, it will come in Germany. We are fostering this development. I think in an overall European context, it is the question how we can drive these dynamics, because at the end of the day, we all know that the big tech players are providing these digital identity services as well. So the question will be, will the big tech players like the smartphone industry or software industry from US or from Asia, will they sooner or later provide these services to German and to European citizens? Or whether we manage to have our own national sovereign solutions in Germany? And this is what we are aiming at. We want to have our sovereign, own verified identity solution for Germany and also for Europe.
And well taken, at the moment, this digital infrastructure is missing in Germany, in particular – other European countries are far more ahead in that context. But I think we all need to push forward so that we keep our sovereign verified identity solution.
Oscar: Yeah, I couldn’t agree more with that. Definitely. And I’m sure that’s going to be the case to Germany, and also the other European countries, deliver their – the right way to deliver identity. And yeah, there are several challenges, there’s no, no doubt. So I really wish a lot of success to Verimi and the companies that are behind that. So…
Roland: Thank you very much.
Oscar: I’m sure if you deliver this business model that people need for the needs that we have today, and for the ones who are coming as you mentioned, or some mobility soon they are coming and be more, more important. Yes. So, that is going to be a success. So Roland, I would like to ask you one final question. So for all business leaders who are listening to this conversation, what is the one actionable idea that they should write on their agendas today?
Roland: That’s a good question. The one actionable idea… and I think the audience will be pretty international. So in my understanding, it very much depends on the specific context that you’re in, especially for digital identity. There’s only one thing I think overall, which is clear to all of us but I would like to underline. I mean, at the end of the day, the customer will choose the solution that best fits the expectations. The customer doesn’t think about technical solutions, and what technology is applied and how much privacy is in it. The customer just wants to have a solution for his use case. As I said, big tech players are targeting digital identity. And if there is somebody in the market that tends to have the best customer experience, then it comes from big tech players.
So the one actionable idea, what is it? I would say customer experience is king at digital identity. And really technology, security, data, privacy, whatever it is, it’s important but in a sense, it’s a commodity. And even though this sounds very basic, in reality, I see that a lot of discussions it is just the other way around. In a lot of discussions, it’s about technology, security, data privacy. But I believe this is not putting the European players in a leading position. Customer experience is king, even in digital identity. And this, I believe, is something that we shall all have very present in whatever we do.
Oscar: Yeah, I couldn’t agree more with that – customer experience and making it super easy for the users to try something that is, is designed like Verimi with privacy by design, data minimisation, doing right, something that has to be simple to use customer experience are the top of the mind, and that’s going to be a winning solution that customer will use.
Roland: Yeah, absolutely.
Oscar: Well, thanks a lot, Roland for enlightening us about the situation of digital identity in Germany and also the kind of work that you’re doing in Verimi. So please let us know how people can get in touch with you, find more about you and Verimi, what are the best ways for that?
Roland: Just send me an email [email protected] and I will certainly reply to you.
Oscar: Excellent. Again, Roland, it was a pleasure talking with you and all the best.
Roland: My pleasure. Thanks for the invitation and looking forward to keeping in touch. Thank you, Oscar.
Thanks for listening to this episode of Let’s Talk About Digital Identity produced by Ubisecure. Stay up to date with episodes at ubisecure.com/podcast or join us on Twitter @ubisecure and use the #LTADI. Until next time.
[End of transcript]