Embedded finance is great and I love having apps on my phone that take care of the interface to the tedious world of banks and money so that I don’t have to deal with them. But embedded finance doesn’t get me out of the house. And it can’t get me in to watch Manchester City again. It can’t get me on a plane to Singapore. Perhaps to get the post-COVID economy moving again, embedded health APIs will be more important than embedded finance APIs!
What’s the point of having all sorts of clever instant credit, credit transfer and buy on credit mechanisms that I can use to buy a new shirt if I am not allowed to go to meetings? Why bother with fancy QR code contact-free dining experiences if I am not allowed into a restaurant? How do I benefit from sophisticated electronic tickets dropped directly into my phone when there is nowhere to go on the train? What is needed to ease the economy back on track in the recurring pandemic, new normal world is the ability to show a vaccination record as well as a plane ticket and a negative test result along with a restaurant booking.
In fact, so pressing is this need that I might go so far as to predict that the virus shock may well mean a quantum leap in strategy in the world of digital identity: what if it is not finance or government, as most of us had assumed, but travel and hospitality that drives digital identity into the mass market?
It is actually pretty easy to imagine the customer journey with embedded health. I go online to buy ticket to see Hawkwind in concert at the London Palladium in May but in order to check out I must first present a certificate to show that I have been vaccinated against COVID-19 (I’m afraid that the Hawkwind fan demographic renders this necessary) and a certificate to show that I have been vaccinated against Yellow Fever or whatever else the London Palladium demands from would-be patrons. I present the digital certificates and go about my day.
That is quite easy to draw as some boxes and arrows mapping out a customer experience journey on a whiteboard, but what has to happen to make it a reality? That’s where things become a little more complex.
There are some well understood issues around identification and authentication but to my mind these are largely solved. There are plenty of companies that can do digital onboarding pretty efficiently (indeed, I am an advisor to the board of one of them, Au10tix) and there are plenty of companies that can do authentication: If I could have used “sign in with Apple at the London Palladium”, I undoubtedly would have. What’s missing, and where there has to be some progress to bring that smooth customer experience into being, is the standardisation of the creation, presentation and verification of the health-related data.
(Just to divert for a moment to be specific about language: I use claim to mean the process of presenting a credential to be verified and I use credential to mean some attribute that has been attested to by somebody that the verifier can trust. By trust, of course, I mean “can sue for large amounts of money if the data turns out to be incorrect”.)
If a theatre, or more likely a theatre’s merchant services processor (MSP), wants me to show that I have been vaccinated then both the claim process and the claim data have to be in some sort of standard format. Otherwise we will end up in bubbles and make no real progress. It is clear that something has to be done. Ursula von der Leyen, the president of European Commission, recently said that a “Digital Green Pass” would provide proof of inoculation, test results of those not inoculate and antibody status of those who had had the disease. This is inevitable, frankly, in one form or another. But how exactly would it work?
There are some great companies out there who are already working hard to make the transport and display of results as easy as possible.Yoti, for example, have been involved in a number of trials using FRANKD. This is a rapid Point of Care Covid-19 RT-LAMP. People scan a unique QR code on their FRANKD test bag to add their identity to the test. After a testing swab is taken, results are processed and delivered straight to the individuals’ Yoti app within 30 minutes. To scale up, though, we need standards that identity providers can use to interoperate with service providers of all kinds. This is why the foundation of the Vaccination Credential Initiative (VCI) is so important.
VCI is a coalition of public and private partners including Microsoft, Salesforce, Oracle, The Commons Project Foundation, Mayo Clinic and many others working to enable digital access to vaccination records using the open, interoperable SMART Health Cards specification, based on the W3C Verifiable Credential (VC) and HL7 FHIR standards. FHIR stands for Fast Healthcare Interoperability Resources, a standards framework created by Health Level Seven International (HL7) , a not-for-profit, ANSI-accredited organisation developing standards for the exchange, integration, sharing and retrieval of electronic health information. The idea, essentially, is to group a set of FHIR content resources (eg, immunisation or observation) for presentation in the form of a verifiable credential.
The New York Times showed a mock-up (from The Commons Project) of what a digital vaccine credential might look like in practice, using a pretty straightforward QR code interface that passengers are already familiar with for check in.
Waiting for a globally-interoperable set of standards won’t help to boost the economy today, so it seems to me that it makes sense to link sector-specific identities together with sector-specific credentials that can be later bridged at the back-end. The obvious place to start implementing something like the EU’s Digital Green Pass is in the travel sector and the obvious people to co-ordinate this are the International Air Transport Association (IATA) and, indeed, the COVID-driven need for a such credentials has led IATA and British Airways’ parent company, International Airlines Group (IAG), to starting work together in this direction.
I hope they chose to use open standards for their Travel Pass Initiative (TPI). TPI brings together four interoperable “modules” that combine to deliver a practical solution to get people moving again. These modules are:
- A up-to-date list of requirements for travel (ie, what vaccines or tests are necessary for travel on specific routes) so that travellers know what they need to do to travel;
- A registry of health centres that can carry out vaccinations and tests that travellers need;
- A contactless travel app for travellers so that they can find out what the travel requirements are, where they can get the tests and vaccines and store the results;
- An application for labs to report results.
Singapore Airlines has been the first carrier to adopt the new standard and begin verification based on the IATA TPI framework. Passengers who receive a negative test or vaccine will be given either a digital or paper QR code to take to the airport. Emirates will implement the first phase in Dubai in April and will use the app for the validation of COVID-19 PCR tests before departure. Using the app, which will automagically post details to the check in system, passengers travelling from Dubai will be able to share their test status directly with the airline before reaching the airport.
So if this works for getting on planes… why not use the same registries and APIs to power applications for restaurants and pubs to get the economy moving again? I’d be more than happy to be required to show my test status to get into the Etihad to watch the mighty Manchester City via a Travel Pass app, or my British Airways app, or my Man City app or whatever other convenient application was accessing standardised VCI vaccination and test records through the IATA API. And if IATA and VCI together create a global standardised platform then the opportunity for fintechs to exploit the combination of embedded health and embedded finance together in apps will be enormous.
(An edited version of this piece appeared on Forbes, 25th January 2021.)