By Nick Mothershaw, Chief Identity Strategist at the Open Identity Exchange (OIX)
Digital ID will be a game changer for all businesses that will come to accept and rely on digital ID as the primary way for their customers to access their services. It will enable a far better user experience, streamline operations, simplify compliance, heighten security, reduce fraud, and ensure cost efficiencies.
The topic has been on the radar for most SMEs for a while now, but our work at the Open Identity Exchange (OIX) indicates that less than half have actually moved further along the path to adoption.
There are five key questions stopping SMEs from moving forward with digital ID adoption.
“How will digital ID work?” Digital ID wallets have emerged as the preferred method of storing, securing and managing digital IDs. Thought leaders on the topic of wallets are arguing for them to be ‘smart’ – to help those businesses that will come to accept digital IDs work out quickly what information will be accepted in the complex processes and rules they have to follow to proof a person. This will eliminate the need to have to work through the multiple credentials that exist, in constant liaison with the end user (the customers) to get the right ones.
We believe that smart wallets must go even further and guide the end customer too, without the user having to understand the complex rules involved. Rather than leaving their customers to work out which credentials they need in order to gain access to a business’ services, the smart wallet must do that for them – safely and with the user’s consent. Whether that means combining information from several credentials to meet data minimised needs or helping them obtain the credentials they don’t have.
There are two key routes currently presenting themselves around how these wallets will be implemented. One where governments issue government credentials into government issued wallets, whilst private sector credentials do the same into private sector wallets. This option means that the end user will end up with at least two wallets, and could prove to be a barrier in effectively combining credentials to meet the specific needs of complex use cases.
The second route, and the one in our view would ensure fewer barriers to digital ID progress and adoption, is where governments issue credentials into private sector wallets that they trust. This would enable a user to have just one wallet containing all the credentials, which can be combined where required to meet the needs of complex use cases.
“Will fraud challenges increase?” A key feature of digital ID is that data will be protected by robust authenticators, such as biometrics, which are inherently difficult to copy or reproduce. Furthermore, ID providers are undergoing tough assessments to become certified to global security standards for data access and management, to ensure they are proofing users properly and storing their data securely.
“Will the data be safe?” In many countries digital ID works in a decentralised way, so users’ data is not kept in a central database. It’s distributed and kept in a protected format on the user’s own device or in a user specific space in the cloud. This makes it less vulnerable to attack.
“Who is liable if there is a data breach?” If fraud takes place as a result of an ID provider not following the rules under which it was certified and operates, it will most likely be held liable. It will be required to suspend or close the user’s ID and notify the real end user and all the organisations impacted by the fraudulent use of the stolen ID. Additional ID proofing or authentication may be put in place for when the real user next uses their ID.
Will digital ID adoption make inclusivity issues worse? Experts worldwide have said been saying for years that there are over one billion people across the globe who struggle to prove their identity. Our own research has revealed that in the UK alone, 12% of the population struggles to prove who they are, because they do not have digitally presentable evidence, such as a driver’s licence or passport. If anything, digital is placing far greater focus on addressing inclusivity issues, with major global and local initiatives to make secondary options available to ensure that everyone who wants a digital ID can get one.
Moving forward and joining the digital ID adoption curve
Digital ID is happening regardless of whether businesses are ready for it or not. In some countries, digital ID is already the primary option for access to both private and public sector services. The UK is catching up, with many digital ID providers going through the government’s rigorous certification processes and set to offer their services.
There major initiatives underway, led or supported by organisations like the OIX, to ensure that those burning questions are addressed and the barrier to digital ID adoption are removed. If SMEs don’t start the journey now, they will get left behind.
By Nick Mothershaw, Chief Identity Strategist at the Open Identity Exchange (OIX), a non-profit trade organisation on a mission to create a world where everyone can prove their identity and eligibility anywhere through a universally trusted ID.
Working with organisations across the globe, Nick is leading the development of clear guidance around inter-operable, trusted identities. In his previous role as Director of ID and Fraud at Experian, he led the development, launch and operation of a full ‘Identity as a Service’ solution – the first live example of a digital ID that is seamlessly interoperable across public and private sector in the UK.
