Potentials and challenges of the Swiss E-ID (2/2)
This is the second part of our series of blog posts on the proof of value of the OpenBankingProject.ch on the topic of “Use of Swiss E-ID”. The first blog post on the basics of the Swiss E-ID, self-sovereign identity and the Swiss confederation’s trust infrastructure as well as relevant use cases in the context of verifiable credentials can be found under this link.
From October 2024 to February 2025, 16 companies explored the potentials and implications of the Swiss E-ID and the corresponding trust infrastructure for the Swiss financial sector. The central objectives of this series of workshops included:
- The basics of self-sovereign identity, the Swiss E-ID (current status, roadmap) and participation in the Swiss confederation’s trust infrastructure (governance, roles, etc.) are known and the opportunities and risks for project participants have been identified.
- Relevant use cases for the Swiss E-ID (e.g. opening a bank account) have been identified and prioritized in terms of added value for customers, increased efficiency, etc.
- The business and technological implications of using the Swiss E-ID for the business architecture of the project participants are derived and analyzed with the involvement of relevant financial service providers.
- The various options for participating in the Swiss confederation’s trust infrastructure are evaluated.
Objectives 3 and 4 of the workshop series are examined in more detail in the following sections.
Business and technological implications for the business architecture
The use and integration of digital proofs (so-called verifiable credentials), such as the Swiss E-ID, as well as the corresponding connection to the Swiss confederation’s trust infrastructure has far-reaching consequences for the entire organization and, accordingly, the business architecture of a bank. In this blog post, we discuss the technical implications. The business implications were also identified as part of a workshop; please contact us if you are interested in this topic. For structuring the business implications, the meta-model of a business architecture from the Competence Center Future Financial Services of the Business Engineering Institute St.Gallen used (see figure below). The meta-model includes all relevant aspects of a bank’s business architecture and is divided into nine different sub-aspects. The individual sub-aspects and the implications of using verifiable credentials are explained in detail below.
At customer level, the most significant change is that bank customers now have a wallet on their smartphone and will be able to carry a variety of verifiable credentials with them in future. These credentials should raise expectations among customers that they can use them in their contact with the bank to carry out existing processes (e.g. onboarding) more efficiently, quickly or securely.
At the level of banking services or the business model, banks can integrate these verifiable credentials into their services and issue their own digital proofs in their customers’ wallets. In this context, banks can expand their range of services and diversify their business model by monetizing data.
As part of the regulation, the Swiss confederation must create the regulatory requirements for banks to be able to use verifiable credentials and to establish corresponding control and verification mechanisms for banks. In the case of onboarding, for example, a new “E-ID variant” must be added to FINMA Circular 2016/7. This specifies, among other things, whether or not further checks (e.g. liveness check, residence check, reference transfer) are required when using the E-ID.
In view of the Swiss E-ID, corresponding internal responsibility must be defined in the organization (positions, functions). The participants in the workshop series agreed that both business and IT should be equally involved in this field and that the topic has a strategic relevance that should be addressed at management level.
Considering a bank’s processes, these need to be adapted or supplemented to ensure the easy integration of verifiable credentials in customer contact. With regard to regulation, it must be ensured that the auditability of the processes is guaranteed. For example, when verifying a customer’s E-ID for a branch transaction, banks should ensure that the query is saved with a time stamp. This is the only way to ensure that the E-ID valid at the time of verification was presented by the respective customer.
In terms of skills, the employees who will be confronted with the verification and issuing of digital proofs in the organization in the future must be involved in particular. For example, branch staff or call center employees should be informed and prepared about the topic.
New issues arise with regard to suppliers and contracts in the context of the connection to the trust infrastructure. On the one hand, the bank must ensure registration in the trust register in order to register as a verifier and also as an issuer on the trust infrastructure. On the other hand, cooperation with certain existing providers will also change. For example, the use or integration of the E-ID could have an impact on cooperation with the current onboarding provider or trust service provider. It seems important that the bank is always visible to the customer in the wallet and that “Provider XY” does not appear to the customer as a verifier in the onboarding process as part of the identification process.
Existing customer interfaces need to be adapted as part of Applications & IT. For example, in the digital ordering process for a credit card with an installment facility, customers should now be able to obtain the required Qualified Electronic Signature (QES) with their E-ID and not be sent a physical form. If a bank also issues its own credentials, the functionalities in online banking must be enabled to establish connectivity to the wallet. As part of the trust infrastructure, the Swiss confederation publishes APIs that are used for verifying and issuing; these need to be integrated together with a provider or independently. Finally, hardware must also be provided for the branch (e.g. mobile devices or screens for presenting QR codes) that allow physical verification.
Finally, the data structures for the E-ID and other credentials must be adapted for the Business Objects & Data. If a bank wishes to become involved as an issuer, internal industry coordination is also required. This is the only way to ensure semantic interoperability so that all banks issue the same credentials uniformly that can be used efficiently across sector boundaries.
Courses of action for Swiss banks
This section presents the findings from the last objective of the workshop series. As part of the connection to the Swiss trust infrastructure and the use and issuance of verifiable credentials, there are a variety of possible options for banks. A basic self-sovereign identity (SSI) ecosystem can be divided into 11 different generic roles. Based on this, five options for action were distinguished in the workshop series.
In simplified terms, an SSI ecosystem consists of the basic roles of issuer (1), holder (2) and verifier (3). The Holder has a wallet from a wallet provider (4) to receive, store and share digital proofs in the network. Various providers (5) support issuers and verifiers in handling digital proofs and in connecting to the decentralized trust network. QES providers (6) provide digital signatures in SSI ecosystems and scheme providers (7) monitor the already mentioned semantic interoperability when issuing digital proofs. The authority (8) monitors governance, registration and other basic mechanisms (e.g. monetization) of the ecosystem. The data trustee (9) performs data fiduciary functions for holders, especially in the context of organizational wallets. The backup provider (10) stores copies of digital proofs so that Holders can restore them in the event of smartphone loss. Finally, the framework provider (11) operates the trust infrastructure and ensures that the authenticity of digital evidence can be verified by registers (e.g. basic and trust registers in the case of Switzerland’s trust infrastructure). As part of these generic role profiles, five different options for Swiss banks were discussed in more detail with the project participants.
Option 1: No participation in the trust infrastructure
With this option, the bank acts as a “late majority” and will wait a few years before using the Swiss E-ID or other digital proofs. This option offers a certain degree of investment protection, as the bank can benefit from the experience and lessons learned by first movers and early followers. On the other hand, it could cause a certain amount of frustration among digitally savvy customers and potentially risk migration to the competition.
Option 2: Selective use of the Swiss E-ID (Verifier)
Banks that choose option 2 prefer opportunistic use and integration of the Swiss E-ID. For example, they use the E-ID in onboarding or in the branch. The opportunistic integration of digital proofs focuses on the realization of “quick wins”. On the other hand, the costs of a “first mover” are borne selectively, paving the way for banks that jump on the bandwagon later.
Option 3: Comprehensive use of the Swiss E-ID and other VCs (Verifier)
In this option, banks use the E-ID in a variety of use cases. Option 3 is fully developed as soon as the Swiss E-ID can be used for all processes that require identification or the presentation of an ID document. As “first movers”, these banks benefit from a certain degree of appeal and are perceived as pioneers in the market. However, higher costs are to be expected compared to option 1. If the adoption of the E-ID only progresses slowly, it may well take several years before the investment pays off in the form of new customers or increased customer satisfaction.
Option 4: Verifying and issuing VCs within the bank (Verifier + Issuer)
Option 4 builds on the previously described option 3. With this option, however, internal bank credentials (e.g. for authentication in the context of call centers, counters, online banking or ATMs) are issued to customers. Customers can use these in contact with the bank, but outside of the customer relationship, these digital credentials do not provide any added value. According to the project participants, both the opportunities (pioneer, new customers, customer satisfaction) and the risks (costs) are slightly higher than with option 3.
Option 5: Far-reaching verifying and issuing
In option 5, a bank positions itself as a market leader in the context of digital proofs. Both the Swiss E-ID and other digital proofs are proactively integrated into the processes and driven forward through cross-sector collaboration. At the same time, these banks are also actively looking at what information they could make available to their customers in other ecosystems (e.g. credit score, financing confirmation, KYC data). Banks in this group take significantly higher risks (costs, reputation, complexity), but also have the greatest opportunities to actively shape this new world of digital evidence and position themselves from the outset.
In summary, it can be said that the verification and issuance of digital proofs has extensive professional and technical implications. The Swiss E-ID and the trust infrastructure provided by the federal government form the basis for a large number of digital proofs that customers can conveniently store in a wallet on their cell phone and share independently. In this new world, the customer is at the center, has sovereignty over their data and can use it independently in various processes. Ultimately, it seems essential that banks also get to grips with digital evidence at an early stage, in particular which external information they could receive via digital evidence in the future and, at the same time, which information customers would like to keep in their digital wallet. It remains exciting!
The OpenBankingProject.ch project group will meet again in May 2025 to implement various use cases as proof of concepts on the public beta (Swiss confederation’s sandbox).
