Verifiable Credentials

Can blockchain technologies support vulnerable and financially excluded customers?

Things to consider:

  • Are you serving customers who meet the FCA’s vulnerability drivers?
  • Do you know which of your customers are in a vulnerable situation?
  • Do you check and update the vulnerability status of your customers?

We found that:

  • Over 53% of the UK population sit under the four FCA drivers of vulnerability: health, life events, resilience and capabilities.
  • Most technology is not built to adapt to vulnerabilities.
  • Other forms of digital identity can meet KYC (Know Your Customer) FCA regulations to drive financial inclusion, and can help meet ESG (Environmental Social Governance) and SDG (Sustainable Development Goals) UN directives.

In this project, we implemented a prototype decentralised identity system using the Microsoft ION platform, to allow customers to retain ownership of their personal details and to share them securely.

This project was part of the Trustworthy Digital Infrastructure for Identity Systems project, led by the Turing Institute and funded through a grant from the Bill & Melinda Gates Foundation (INV-001309).

For more information, please read our final project report on our verifiable credentials Finclusion project.

Using Verifiable Credentials to identify vulnerable customers in finance

Digital identity systems are used worldwide, from “digital passports” to online log-in systems, but this project sought to investigate how “trustworthiness” might be designed-in to such systems. Trust is characterised here through several characteristics, including security, privacy, ethics, resilience, robustness and reliability, yet there remain significant challenges in designing systems which embody these concepts.

Vulnerable customers within the financial sector are particularly important to consider within this framework, and such a trustworthy identity system should not further exclude people from participation in the financial industry. In the United Kingdom, the FCA (Financial Conduct Authority) has issued guidance in this respect, which strongly encourages fair treatment of vulnerable customers, but financial institutions often lack a coherent strategy to the identification of client vulnerability.

The sociotechnical challenges in this space include the (often manual) disclosure and handling of vulnerabilities, integration with support processes, and risks for collusion and fraud. A detailed look at this problem space can be read in our publication, Spiliotopulous et al, 2021. Decentralised Identifiers (DIDs) and Verifiable Credentials (VCs) hold potential for improving the identification and disclosure process for such vulnerable customers, and allowing the provision of tailored financial services and products.

We produced a design specification for such a system in 2021, which provides an implementation of the World Wide Web Consortium (W3C) standards for DIDs v1.06 and Verifiable Credentials Data Model 1.07 in a Microsoft Azure environment. This drove our discussion and evaluation of potential solutions for the use case of vulnerability in finance.

Finally, we produced and deployed a software prototype based on this specification, for evaluation in interviews, workshops and focus groups.


The prototype project is split into two code repositories: the issuer and the verifier. These can be accessed at:

For issues, please use the GitHub issues feature, or feel free to get in touch using our contact form, or by emailing