By Nick Mothershaw, Chief Identity Strategist at the Open Identity Exchange
There is a lot of noise around digital ID. It’s a major focus for governments around the world. In some countries, a single, joined up digital ID is now the only way to access both public and private sector services. Specifically in the UK, the government is certifying digital ID providers to start working with the businesses that will come to accept and rely on these digital IDs.
What this means for businesses is that there is now a digital ID ecosystem in place and digital ID is ready to be adopted. Every business, regardless of size or sector, will be impacted in some way by digital ID adoption. The biggest and most beneficial impact will be on those businesses that will come to accept and rely on digital IDs, so the sooner they take steps to make it key part of onboarding and managing their customers, the better position they will be in.
But do these businesses truly understand what digital ID is? Do they know how it will work for them or what the benefit on their business and their customers will be? Do they know where to go for advice and support on adopting digital ID?
In our work at OIX to make sure digital ID meets the needs of the end consumers and the businesses that will come to rely on it as proof of who those end consumers are, we are finding that there is still a lack of understanding and a lot of myths, particularly among many smaller businesses.
What is digital ID and why is it needed?
Businesses, digital or otherwise, need to know who they are dealing with and what those customers – consumers or businesses – are allowed or are eligible to do.
Currently, each business has its own process to ensure customers are who they say they are. For the customers, this means that they have to prove who they are to each individual business, each time they want access to services. They end up with multiple usernames and passwords, which can easily be forgotten, and it becomes an incredibly frustrating and time-consuming process for customers that want and need to access those services quickly.
This can lead to them abandoning the process. For the businesses, this means a loss of those customers. There is also the cost of verifying customers over and over again to consider, as well as the cost to recover forgotten usernames and passwords.
A digital ID is both digitised real-world credentials – for example, passport, driver’s licence, vaccine certificate or qualifications – and derived credentials that allow users to prove their status – over 18, Covid Safe or certain levels of assurance. Both give businesses the assurance needed. Digital ID is re-usable, so customers can provide trust in their identity to any business through one digital ID. And they should be able to do so instantly, gaining access to a business’ services straight away.
What are the benefits for businesses that adopt digital ID?
The ability to establish trust has become far more complex than it’s ever been, especially since the explosion of digitalisation and the subsequent (and substantial) growth in identity theft and money laundering.
Digital ID is the game changer in how trust is established, how it is conveyed and embedded. But the benefits are wider. Not only is fraud reduced, users have a far better experience, operations are streamlined, compliance is easier, security is heightened and there are greater cost efficiencies.
How will it work?
Don't miss out on any breaking news or insightful opinions!
Subscribe to our free newsletter and stay updated on the go!
By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email.
The first time a customer, or user, goes through the process of setting up a digital ID to access a service, it will be through a digital ID provider selected by the business providing the service. The user will go through a proofing process with the chosen ID provider and set up their data in their digital ID, such as name and address.
This may take a little time, but once done, the digital ID stores the proof of who they are in a protected format on the user’s own device or in a user specific space in the cloud. The user can then use their digital ID again and again, anywhere and with any business to access many services instantly.
In the case of new customers who already have a digital ID, businesses can simply accept the digital ID the user has set up through another digital ID provider in order to confirm the user and access rights are legitimate.
The digital ID itself always belongs to the user, regardless of which ID provider has been used to set it up. They control what data is stored in it, who their data is shared with and what data is shared. Only the credentials needed to access specific services will be shared. For example, if they are eligible for a bus pass, only their age will be confirmed. Their date of birth will not be shared. Any changes to a user’s details will be verified and updated by the digital ID provider, and business will be informed automatically.
Will digital IDs be safe and secure?
One of the biggest myths around digital ID is that it is not safe or secure. The answer, in fact, is that digital ID is safer and more secure than the current processes that are in place. This is ensured by trust frameworks – essentially a set of strict legal and technical rules that the digital ID providers must follow. These digital ID providers will undergo a tough assessment before they are certified, so the businesses that accept the digital IDs can be confident that their customers have been proofed meticulously and their data stored securely.
With this also comes an improved multifactor authentication approach, which is stronger ID proofing and more robust biometric authenticators. Simply put, it makes it far more difficult for fraudsters to access.
Fraudsters, however, are persistent and innovative. If a data breach does occurs, the ID provider of the breached digital ID will have to suspend or close the user’s ID, notify the real end user and all organisations impacted. Additional ID proofing or authentication may be put in place when the user next uses their ID.
Liability for the breach will depend on the rules of the specific trust framework or contractual position between the ID provider and the accepting business. In general, however, if the data breach is because of an ID provider failing to follow the trust framework rules, they may be held liable.
Finding the answers to the many questions around digital ID
With more people needing to, and wanting to, access services remotely, businesses have to know with confidence who they are dealing with and what that person is eligible to do. For users, they need to be able to provide trust in their identity to any business, so that they can access the services they are entitled to.
Digital ID enables businesses to onboard customers to their services more quickly and with less hassle. Businesses become more efficient, spending less time proving who their customers are and concentrating instead on providing their core services. Digital ID is safer and more secure, and it makes the customer’s life a lot easier.
But it is complex and can be confusing. There are organisations, like the OIX and sector specific digital ID federation schemes, all ready to provide businesses with advice and support on adopting digital ID. It’s time for smaller businesses to get on board with digital ID, or get left behind by those that do.