What is SWIFT Personal Digital Identity?

When interacting with corporate customers through electronic banking channels, financial institutions are sometimes required to authenticate received data (e.g. payment instructions) at the level of the individual (e.g. a specific representative in the corporate's treasury department). As a result, corporates and banks are often confronted with the complexity of multiple and different types of signing mechanisms (e.g. multiple tokens with different passwords), leading to higher operational risk and cost.

The need for authenticating (signing) messages at personal level has also emerged on SWIFTNet since corporates have started using SWIFT to interact with their banks (note that, since SWIFT's inception, users have exchanged messages authenticated at organization level, with SWIFT acting as a registration authority at BIC level). While initially restricted to a limited number of users/countries, this demand is now growing due to

stricter regulatory requirements

a larger corporate customer base and

new opportunities for dematerializing additional business flows (e.g. electronic Bank Account Mandates) which require personal authentication.

When initially discussing this requirement with the Corporate Access Group (CAG), it was felt that, given the multi-banking aspect of a potential solution, a cooperative approach was required which SWIFT could facilitate. As a result, an ad-hoc working group comprising CAG banks representatives was set up. The approach proposed in this document represents the outcome of the working group's findings.

Under the proposed approach, SWIFT will provide -through banks- PKI based credentials to corporates. Such credentials can be used by corporate representatives to sign data (e.g. payment instructions) sent to banks over any channel (e.g. Internet, SWIFTNet). The credentials would only become effective when registered (i.e. associated with the corporate representative) by each bank separately. For banks, such an approach caters for simplicity by avoiding any reliance between banks both in terms of registration process and usage of credentials (e.g. verification of credentials).

SWIFT provides (inactive) tokens to banks

Banks distribute these tokens to their corporate customers

Corporate representative activates the token by accessing the central SWIFT PKI infrastructure over Internet

The corporate representative registers with his bank via physical presence or secure remote ID technology to associate him with the unique identifier.

Trax Supports the Aladdin eToken PRO and Aladdin eToken NG-FLASH key for signing. SWIFT is launching the 3SKey (SWIFT Secure Signature Key) solution for a multi-banking environment.

For more information please refer to the SWIFT PDI documentation PDI token install and Digital ID solution description, available from SWIFT and provided with your tokens.

In order to install the tokes, please refer to http://www.swift.com/3skey/getting_started.html

To know more about 3SKey and the key algorithms used by SWIFT, please consult SWIFT collateral: See http://www.swift.com/3skey/index.html and select ‘Want to know more’… Note that passages in deep red are not applicable to SWIFT 3SKEY configuration.