CEO of Xpass: Digital identity is not a technological problem, it is a legal problem
Ernesto Cueto is the CEO and one of three Co-Founders of Xpass. Ernesto was born and grew up in Mexico. He has studied in France, Czech Republic, and Estonia. Currently he is finishing his Master’s degree in e-Governance technologies and services. During his Master studies his main focus has been digital identities for the private and public sector.
Xpass was born out of the personal frustration of having to fill in infinite forms to access online services. The need to come up with multiple passwords and user logins, among other identification and verification methods are not user friendly.
This is also a pain point for online businesses. During his time working at an international fintech, Ernesto discovered that on average, companies lose up to 50% of their potential customers during onboarding and verification processes.
Inspired by Estonia’s e-services, Ernesto saw the need to bring a similar solution to Mexico. Xpass lets users create a profile with their personal information, and enables 2-factor authentication. Once their Xpass profile is set up, any company can retrieve their data with the user’s consent.
Why are you building Xpass?
On day-to-day basis, I deal with various identity verification related topics. From making sure that customers could send money cross borders, to working with the biggest ID vendors in the world. I have gained enough knowledge to realize that the proof of identity should not be a time consuming process. Governments issue ID cards. That ID card already contains trustworthy information of who that person is. It is a waste of resources when private companies have to ask verified information from their customers. Banks and governments already have that information. And the proof of who you are should be for free. It should be your right as a citizen.
It blew me away when I moved to Estonia and experienced how easy it was to access services with a digital identity. Which means that digital identity is not a technological problem, it is a legal problem. I would like to see things happening in Mexico the same way they do here in Estonia. And if the private sector is the one that needs to be driving this change, then so be it.
If Xpass is not solving a legal or a technological problem, what is it solving then?
Xpass is solving the use case problem. We are proving that digital identity as part of user onboarding will bring higher business results. Xpass will enable companies to create higher user onboarding and product adoption rates. And all that with better security.
What could Mexico learn from a digital society like Estonia?
One thing Mexico could learn is better cooperation and collaboration with the private sector. I know that digital identity in Mexico is sometimes viewed as a way to enable corruption. If the private sector is not included in building digital identities due to corruption fears, countries will stagnate. And eventually the cost not innovating fast enough is going to add up. And it will take another similar event like coronavirus to drive the digital change.
Estonian has taught us the opposite. Digital signatures have saved Estonians 2% of their GDP. It cuts administrative labor time. In Estonia, the public and the private sector worked together to achieve this. Private companies were developing the tech behind digital identities, and gathering user feedback. Public sector helped to implement it across services. Digital identity is only the beginning of a massive digitization process.
However, it is important to remember: the fact that there is a digital identity, does not mean people are going to use it. Digital identities are only useful, if there are services that can be accessed with digital identity. For example, creating a profile for a delivery company or for a fintech. Or logging into your bank account, registering for a doctors appointment online and so on. It’s not that creating digital identity will make everything better, it’s the whole process.
What about identity theft?
With this solution, identity theft becomes a secondary topic. It is quite hard to steal someone’s identity. We can see it even in Estonia, where the fraud rates of identity theft are very low.
What makes it difficult is the fact that we are relying on three levels of confidence for a user: authentication, identification and reusability. To authenticate oneself, the user needs something they know, something they are and something they have. For identification, they need a government issued ID. For reusability, they need a platform that can ensure security and data integrity for the process as a whole. At Xpass, we are providing that platform.
Secondly, digital identity is a very user-friendly solution. Even if someone is trying to hack the user’s phone or hack their account, it will be quite obvious for the user. The user gets notified with the request to submit firstly PIN 1 to access a service, and then confirm the transaction with PIN 2. But only the user knows PIN 1 and PIN 2, which means that the user themself will have to enable the fraudster.
What would you suggest to a company that is operating in Mexico, and is thinking about implementing digital ID as part of their onboarding process? What should they think through first?
My first question would be, what sort of problem are they solving? For example, if they have seen in the past that people are sceptical of using their services online. That might be a sign that customers are a little bit afraid of trusting this company. Or customers come once, they get verified and then they will never come back again. Xpass will definitely solve that.
Why? Because Xpass let’s customers verify themselves on their phone and create a unique profile. With Xpass, customers can re-access several services with the same profile and with the same two PIN codes.
Customers don’t have to worry anymore about how they are going to access a certain service again. There’s no need to worry about remembering multiple passwords or correct emails. Or questioning whether that service is safe to use.
Digital identities are not like an USB stick that one can pass to someone else. It is the opposite. No one can use digital identity except for the person it belongs to. For example, if a customer wants to send 100 or 500 Pesos, they are the only ones who can authorise that transaction with a digital identity.
Let’s say that Citibanamex decides to partner with us. And let’s assume that Citibanamex partners with some airlines. Additionally, Citibanamex might partner with some shops that also offer credit- yes that’s a thing in Mexico. Citibanamex could easily give their customers a digital identity. Their customers could use that digital identity to buy a plane ticket, and check in at the airport.
And that’s the whole thing about digital identities. Customers get verified once by Xpass, they have PIN codes only they know, and they can use it as many times as they want. And this is a win-win situation. For the customers- they are in control of their data, and they can access services with ease. For the companies it means decrease in user verification and authentication costs.
But cut costs how?
Here are two examples:
Companies with over 10,000 yearly users pay over 5 USD per verification. Let’s assume these customers would also use Airbnb to make profit from their property, and send that money back to Mexico by using a financial service provider. The full verification would cost over 10 USD for both companies.
Or another example, Xpass verifies a customer. That customer is looking to get a loan and at the same time is applying for some governmental service. And for the sake of the arguments let’s say that both the fintech and the government are using Xpass. It would be very easy to re-use the same ID in order for the customer to access the fintech’s services. The information will be shared with customer’s consent. If the government is paying for the identity verification, then the fintech is going to essentially pay only cents, because they are acquiring already verified information.
If you are looking for ways to improve your user verification and onboarding processes, we would love to have a chat with you! Get in touch with us over here.