The pandemic has been a springboard for digital identity. Momentum has been accelerated by several key developments: increased availability of digitally presentable credentials, acceptance of biometric technology, increased use of digital ID to enable compliance in high-trust activities, and major stakeholders around the globe – from governments to tech giants – creating and enabling the infrastructure within which digital ID can operate.
We are now barely two to three years away from a full digital identity existence.
But this new reality needs commitment from buyers – those organisations that will come to rely on digital ID. There are tens of thousands of organisations across the globe that are not moving at the same pace as those working towards making digital ID happen. They are organisations across all sectors – banking, finance, retail, payments, property sales, pensions, travel, employment vetting, age verification, and more.
The benefits of digital ID are significant – improved digital onboarding, lower costs per user and reduced fraud – and need to be communicated better to these organisations.
In other markets around the world, although there is hesitation among some organisations, digital ID is still being established at a much faster pace. Take, for example, the Nordics, and in particular Denmark. Digital ID has been established there for many years, with almost everything – driving licence, health information, including the Covid pass, retail loyalty cards, gym membership, educational achievements, access to bank accounts – linked to a person’s ID. The benefits are widely experienced across Danish society.
“The benefits of digital ID are significant – improved digital onboarding, lower costs per user and reduced fraud – and need to be communicated better”
Nick Mothershaw, OIX
The EU is mandating that all countries are able to issue citizens with a digital ID wallet that can contain everything from health and education credentials to banking information and benefit entitlements, so they can easily prove who they are and what they are entitled to do. It’s an ambitious programme, but one that is too “big government” for the likes of the UK, where the bad memory of the attempt to introduce national ID cards still looms large.
In some ways, digital ID reality is like a new shopping centre. The suppliers are ready to go and have opened stores, but no one has told the shoppers that it’s open or how to get there. For those that do find their way through the doors, they have many questions: Will my regulator accept this? Is it safe? What happens if something goes wrong?
Although there is much discussion taking place on solving problems around digital identity, it is not providing clarity on key areas – specifically trust and security, costs and compliance, inclusivity, and impact on innovation and competition. In the UK, relying parties are understandably nervous about the lack of clear rules or guidelines around establishing digital ID securely and retrieving the right information from it. As a result, digital identity adoption in the UK has stalled.
The Digital Identity and Attributes Trust Framework being developed by the Department for Digital, Culture, Media and Sport (DCMS) is the opportunity to fully address the concerns of UK organisations that will come to rely on digital ID. In its latest draft, there are still some fundamental areas that have yet to be fully addressed, but it is definitely heading in the right direction.
The final areas where clarity is required to help move the organisations forward are:
Governance: A governance body will oversee the DCMS trust framework. OIX is urging the government to appoint a new specialist governance body, specifically created for identity, rather than append it to an existing body. And we strongly recommend that it is a public and private sector collaboration, building on the increasingly collaborative approach taken to creating the trust framework. This will be essential in ensuring customer focus and enabling innovation, as well as helping to drive and support adoption among organisations.
Interoperability: For consumers to be able to use a single identity of their choice across many different sectors, there are three key areas that must be coordinated: the way data is shared, the way digital ID acceptance is communicated, and the way fraud is approached. OIX is working to help define ID attribute standards for the UK, which will be globally interoperable. While digital ID is proving to be more effective in mitigating fraud, thanks to stronger ID proofing and robust biometric authenticators, a lack of coordination across the many different sectors could open up opportunities for manipulation by fraudsters. A single trustmark will need to be developed and promoted in the UK to show users that IDs are interoperable across sectors.
Liability: With fraud comes liability and this is a big question for those organisations holding off on their preparations for digital ID adoption. It is, however, a largely commercial matter, and that has been recognised in the new trust framework. The conditions or limitations will be left to sector-specific schemes to set, such as those emerging in finance and home buying, as each use case will have different liability considerations. This is a great example of where the new UK trust framework is getting its pitch just right – allowing the private sector to leverage existing commercial constructs where appropriate.
Inclusiveness: Will digital identity be inclusive enough? Millions still struggle to gain access to products and services. Organisations need reassurance that digital ID will move this challenge forwards, not backwards. We need standards in the framework that ensure inclusivity and allow for private sector adoption, such as opening up more datasets. OIX has identified five key datasets that will enable those who are “ID challenged” – amounting to 5.9 million UK citizens – to access public and private sector services. They include NHS patient numbers, national insurance numbers, council tax bills, online banking and learning records services.
By working closely with the private sector and incorporating the work of recently established sector-focused schemes, the DCMS trust framework can play a significant role in not only supporting the UK economy, but enabling it to operate on a level playing field with other markets.
We need to get this right in the UK. We must answer the outstanding questions for those parties that will have to understand and navigate the practical elements of full digital identity adoption. The benefits for consumers, organisations and to society will be vast. To start delivering them, these organisations need to get on board now.
Nick Mothershaw is chief identity strategist at the Open Identity Exchange (OIX).