In all the recent talk about whether HM Revenue & Customs (HMRC) is truly committed to the Cabinet Office’s Gov.uk Verify service, there’s been less said about the commitment of the external providers – a factor that could yet sink the controversial identity assurance scheme.
Verify relies on creating a “market” of independent, third-party ID providers who perform the verification process to ensure that users accessing online public services are who they say they are. Currently there are seven organisations fulfilling this role: Barclays, CitizenSafe, Digidentity, Experian, Post Office, Royal Mail and SecureIdentity.
These ID providers (IDPs) retain or access all the personal data about citizens who wish to have a Verify identity – so the data is never passed to the government service that users wish to access. Instead, the external providers simply inform the online service that the user is correctly verified.
It is politically and technically fundamental to the design of Verify that this market exists. Politically, it avoids the creation of a national identity database; allows companies to make a profit; and offers choice to citizen-users. Technically, it means government systems don’t need to perform the complex assurance process for every login or secure transaction.
The return on investment for an ID provider
The attraction for the IDPs is purely commercial – government pays them up-front for every identity they successfully verify, and pays them again once a year whenever a user accesses a digital service. That’s not to mention the prospect of capturing user information that potentially allows them to market other services.
The providers compete for users, sometimes by offering different verification methods that suit different demographics – for example, some low-income users may not have a credit history; farmers found a similar problem when they were the first guinea pigs for Verify, and the fact many don’t have a mortgage became an issue.
Sources with knowledge of Verify suggest that, on average, IDPs receive about £5 per verified user.
Building a system to assure identities is not cheap – one expert with knowledge of government ID systems estimated “low single-digit millions” to develop an external verification service.
If those figures are even close to correct, it suggests each IDP will need perhaps half a million verified users before they start to reach an acceptable profit. They will have been tempted by the prospect of several million users each, and recurring revenue every year.
The Government Digital Service (GDS) has never published full figures for how much it spends on Verify, either. Sources suggest that the 2016/17 budget for Verify was £47m, of which just £4m was capital expenditure. Most of the remaining £43m was due to cover payments to IDPs for successful verifications. With the number of fully verified users still below one million and rising slowly, it’s unlikely GDS will spend all that budget this financial year even it wanted to.
This is where HMRC comes in. The real prize for the IDPs is the existing user base for the tax self-assessment service and HMRC’s personal tax accounts – currently there are 7.4 million registered users, a figure confirmed in the department’s latest update on its single departmental plan.
In an unwitting dig at Verify, HMRC pointed out that it’s already ahead of its target to have seven million users by April 2017. Earlier this month, Cabinet Office minister Ben Gummer set a target for Verify to reach 25 million users in 2020.
It’s an open secret that HMRC doesn’t want to use Verify, and is being forced to play along. The department is developing a successor to the existing Government Gateway system, which covers individuals, business and intermediaries (such as accountants who file tax returns for clients). Understandably, HMRC has no desire to use two separate ID systems, and Verify will not support business or intermediary accounts.
What’s more, HMRC says it doesn’t need the higher level of assurance for user IDs that Verify offers. As a result, GDS is developing a new way of using Verify that works to a lower standard. A pilot project, called basic accounts, was conducted in 2015 but quietly shelved. Basic accounts were not fully verified, but could be upgraded. IDPs in the trial were used to set up basic accounts, but without the same level of identity checking. Presumably – and this is a guess – an IDP would receive less money for completing this simpler transaction.
Eyes on the HMRC prize
IDPs will all have their eyes on the prize of HMRC’s 7.4 million users – that, in the short-to-medium term at least, is where their profit lies. And they know it – sources suggest that every time HMRC has rattled its cage about not using Verify, GDS needed to reassure nervous IDPs that the expected volumes would be delivered.
But it’s not even as straightforward as migrating those 7.4 million people to Verify and allocating them a basic-level identity. Remember – Verify is a market. Users have to be given a choice of which IDP they want to use. Government cannot give all those users to one IDP, nor can they simply divide them up equally, because some IDPs work better for different demographics.
There seems, on the face of it, no obvious way to avoid forcing 7.4 million HMRC users to have to re-create a new identity from scratch using Verify, even if they don’t need to go through the full verification process.
It’s unlikely IDPs will be allowed to market their services directly to those 7.4 million people, so for every one of them there must be a risk that if they lose out on any HMRC user land-grab (if that’s how the migration takes place) then they will struggle to achieve the return on investment they need.
The question for GDS and Verify is, at what point does an IDP decide it’s no longer worth waiting? And if one IDP quits, do the others see that as an opportunity to gain a larger slice of the HMRC pie, or as a sign that Verify is a failure?