Australia needs to get digital identity right

Australia is ahead of many other countries in enshrining consumer data rights, but it is slow with the checks and balances needed to secure digital identities that are used to exercise those rights.

“From a conceptual standpoint, Australia is far ahead, but the standards to support it are not there,” Ping Identity chief customer information officer Richard Bird said on his visit to Australia.

Without more focus on digital identity management, Bird warned that a plethora of single-use identity solutions may proliferate, injecting friction into digital services and elevating the risk of fraud at the same time.

Against this backdrop, Bird said there is a pressing need to get identity management right, following the passage of legislation associated with the consumer data in August 2019 that lays the foundation for open banking in Australia.

And unless identity can be securely verified online, there will be a heightened risk of fraud, with unauthorised people seeking access to data, he added.

Under the timetable for the roll-out of open banking, Australia’s four major banks are required to make consumer data available on all their products by July 2020. Other players in the banking sector will need to follow suit a year later, by July 2021.

Although the Australian government had committed to reveal the standards it would expect for identity management by the end of August 2019, Bird said businesses remain sceptical about its ability to push for those standards.

Several digital identity initiatives are already underway in Australia. In July 2019, the government announced that Australia Post’s Digital iD service had been accredited to provide identity services under its Trusted Digital Identity Framework (TDIF).

The tax office’s myGovID, a phone-based app currently in beta testing, also operates under the same framework to allow citizens to identify themselves online when using e-government services. The fourth iteration of the TDIF will be ready at the end of 2019.

But it is not just citizens engaging with the public sector or bank customers using e-banking services who need a better way to digitally identify themselves – it is a requirement for all consumers of digital and cloud-based services.

According to Gartner, the key drivers for consumer identity access management solutions are security and privacy, streamlined access and the opportunity to receive more personalised services across multiple digital platforms.

But without some form of direction, Bird said there is a risk of ending up with a hodgepodge of digital ID services created by businesses for specific applications that are skewed towards a functional need.

Although Bird does not think there will ever be a single digital identity service established – at least in the near term – he believes there needs to be consolidation so that consumers are able to access most digital services they need using just four or five identity platforms.

In a recent interview with Computer Weekly, Allan Malcolm, regional director for citizen identity solutions at HID in Australasia and East Asia, said there is a desire to move towards digital credentials – though that evolution has not moved as quickly as one might perceive.

“There are still concerns over data integrity, security and privacy, but the convenience of the technology normally outweighs the risks, which are often overstated,” said Malcolm.