How BBVA's Covault is challenging the status quo with its digital identity–management solution

When travelers check in to a hotel abroad, the front desk asks for a credit card as well as a passport. The credit card is scanned, the passport is photocopied and put on file. Why? To verify the guest’s identity.

People comply because it’s how the system works — in hotels and everywhere online. But - as BBVA venture Covault is challenging -  what if there were a way to verify identity that didn’t involve potentially compromising sensitive data?

“Our data is everywhere today,” said Louie Gasparini, CEO of Covault, which is a business within BBVA’s New Digital Businesses portfolio. “All kinds of websites and businesses are holding on to this toxic information…do they really need all that?”

Covault’s business model began as a consumer solution: an app featuring an encrypted vault to store various pieces of data, from driver’s license numbers and bank identities to website login data.

Today, Covault is expanding its offerings, developing relationships with partner institutions and businesses to create identity markets and identity-enabled marketplaces that use Covault’s “data escrow.”

“Our users’ data is encrypted with keys they control and stored in the cloud. Covault can’t access that data — we only have encrypted blobs,” Gasparini said. “Only the user has the keys that can unlock those blobs of data when requested.”

Covault says its technology benefits everyone in the relationship: Consumers have a secure place to store their identity information and maintain control over how their data is leveraged; businesses decrease their liability in the event of a breach and streamline their processes, too.

Solutions for a changing landscape

For Covault’s founder Gasparini, the business is the result in many ways of his longevity in the industry, watching the issue of identity and data security increase in importance and complexity.

Gasparini helped build Wells Fargo’s first website in the mid-’90s; shortly thereafter, he led the bank’s team that launched the industry’s first online banking product.

In the early years of the new millennium, as phishing scams became more prevalent, he founded and filed a patent for PassMark, a two-way authentication technology that helped users verify their identity on a legitimate website using a secure personal image. PassMark was acquired by RSA, where Gasparinia also served as Chief Technology Officer.

As such, Covault brings together Gasparini’s financial and security experience in a way that is focused on the democratization of high-assurance, verified digital identities, where the data owner controls the data shared.

The challenging road ahead

Today, rather than addressing the root problem — that simply too much risky data is floating around and creating vulnerabilities for all involved — the onus remains on consumers to “be smart” with their data through vigilance and more secure passwords.

Despite the preponderance of massive data leaks and security breaches in the recent past — more than 10,000 unique breaches since 2005, to be exact — Gasparini believes most organizations stand by the status quo of collecting massive amounts of personal data during transactions and website registration.

That’s in part because it would require massive re-engineering to implement any new identity-verification solution on the back end. Among the biggest challenges facing Covault now as it grows is the huge reliance on the way identification currently works — an “if it ain’t broke, don’t fix it” mentality.

Though convenience has traditionally won out over security, Gasparini believes Covault can lead the charge in creating a solution that reduces friction, protects consumers, and creates a better process for businesses and consumers alike.