John San Filippo
Tech CUSOs in Focus: Bonifii
By John San Filippo
In what is a recurring feature, Finopotamus, in cooperation with NACUSO, will profile CUSOs that offer innovative technology combined with the credit union ethos of people helping people. For this installment, we spoke with John Ainsworth, president and CEO of Bonifii.
The project that was to eventually become Bonifii grew out of a 2016 research initiative by the CUNA CEO Roundtable. The mandate was to develop a use case for emerging technology and the group settled on blockchain as that technology.
“It really started as kind of a crowdsourced effort,” Ainsworth told Finopotamus. “We had 70 credit unions, mostly U.S. but a few Canadian, that all put in some seed money. Then we said, let’s see if we can find a use case.”
According to Ainsworth, the group intentionally avoided cryptocurrency due to its murky reputation at the time. The group ultimately decided to build its use case around digital identity.
“The thought was that with GDPR (General Data Protection Regulation) and all of the privacy breaches, finding a decentralized identity that could protect individuals from being breached could be a particularly good use case,” said Ainsworth. “We actually formed our CUSO in late 2017.” The CUSO was originally named CU Ledger, but later changed its name to Bonifii. The CUSO started with a proof-of-concept pilot that eventually grew into a commercial product called MemberPass, a two-way member authentication system based on blockchain/distributed ledger technology.
“If you look at Bonifii from the investor standpoint, we have three categories,” said Ainsworth. “There’s the direct credit unions (and I think there are 24). There's the traditional ones like Patelco and Suncoast all the way down to some of the smaller institutions.”
He continued, “In the second group, we have Mountain West Credit Union Association and CUNA Strategic Services. They're the ones that sponsored the original research.”
The final group of investors includes both credit union and non-credit union groups. “The last group includes organizations like PSCU and CU Direct, a number of leagues, and even some commercial organizations like FIS,” added Ainsworth. “We have a pretty diverse group of investors.”
MemberPass in Action
MemberPass is a digital identity management tool that leverages blockchain technology, as well as biometrics and enhanced cryptography
“The thought is your ID should be like your phone number. It should be portable,” noted Ainsworth. “You should be able to take that around to anyone in the ecosystem. MemberPass started off as just a way to verify you within your credit union, but it’s now expanded.” In other words, a member can use the same MemberPass credentials at any participating credit union.
“Today MemberPass actually works as a second app. It's an authentication app,” said Ainsworth. “Think about Microsoft Authenticator or Google Aggregator. You download it and it becomes a verified credential. That’s the W3C buzzword. It’s proof that you’re you and at the other end the credit union is the credit union.” He added that MemberPass can be used over the phone, in the branch or at an ITM.
While the user experience is similar to the SMS-based authentication systems that have become popular, Ainsworth said that MemberPass is much more secure. “Think about, on the SMS side, all of the packet phishing, SIM card swaps – all of that is part of the whole fraud experience,” said Ainsworth. He also pointed out that a consumer’s answers to “out of wallet” security questions can often be found online.
Part of a Larger Ecosystem
As noted earlier, MemberPass is portable across credit unions that have adopted the technology. Therein lies the rub. “Now everything is about adoption,” said Ainsworth. “We have a number of credit unions live. Everyone's proving the product; we're seeing the value now. How far can we actually deploy it?”
Since broad adoption is such an important driver, Finopotamus asked whether there is any concern that by creating a credit union-specific product, Bonifii is excluding the banking side of the marketplace.
“Great question,” Ainsworth admitted. “We sit in two global communities that are actually the ones that are driving the standards and protocols. The first one is the W3C. They have published standards around verifiable credentials. We didn't build it. It's not our proprietary spec. We were one of the early adopters of what the W3C did. The second one is called the DIF, or the Decentralized Identity Foundation. Again, that’s a global community.”
Adherence to industry standards enables interoperability, at least from a technical standpoint. Whether competing organizations will choose to work with each other is another matter.
“Interoperability exists now technically,” said Ainsworth. “From a governance standpoint, we solved the tech part of interoperability. Now you're in the traditional dynamics of, do I really want to play with this other partner and pricing and all of that.”
Gigantor in the Metaverse
Looking ahead, Ainsworth said that MemberPass technology will even be useful in the metaverse.
“So now you have an avatar. You’re Gigantor,” said Ainsworth. “But who proved Gigantor is who he says he is? Others in the metaverse may not know Gigantor’s real-world identity, but they know Gigantor has been verified. That’s really the secret sauce. No matter what the situation, you need to be able to digitally prove that you’re you.”