A growing number of the state agencies that issue identity credentials like driver’s licenses are working to make digital IDs available to residents in the form of mobile driver’s licenses (mDLs). They are also collaborating with federal officials to give Americans a faster option for security checks and flight boarding.
This introduction of digital ID in a way that makes things easier for people will reframe the way numerous air travelers think about the technology, and bring a base of informed users to the popular dialogue about how people should establish trust.
Consumers and biometrics
Touch ID debuted in September, 2013, but most smartphone users were introduced to biometrics in person sometime later, less than ten years ago for most of us. In the intervening time, the use of a PIN as a way to unlock a smartphone has become old-fashioned to many.
Consumers are also becoming used to using biometrics in other settings. In 2024, consumers will see a wider availability of biometric identity verification solutions offered by commercial entities to verify the identity of the individual, when transacting either in-person or online, than ever before.
Commercial uses of biometric technology now span across fingerprint, iris and facial recognition modalities to ensure the individual is the same one who initially enrolled in a service such as grocery store checkout or amusement park season pass.
As consumers repeat processes like taking a selfie or scanning a fingerprint to complete a purchase instead of entering a number sent in a text message, they will see the benefits of replacing other tedious, ineffective procedures. And one place where Americans are clearly looking to replace those processes is the airport environment.
Biometrics and digital IDs
Biometrics have long been a consideration in the standards for passports, and are widely used to connect individuals to their digital ID around the world. It is little surprise, therefore, that as states issue mDLs to provide digital ID to their residents, they are similarly implementing them with biometrics standards in mind.
The mDL allows for the verification of a person’s identity to a trusted government issued source along with the additional option of extending the verification to make use of biometric facial 1:1 match with a selfie.
The greatest success of biometric technology for everyday applications is in its ability to accurately confirm who an individual is in a 1:1 or 1:few matching situation. These are the kinds of comparisons used in airport applications like security checks and flight boarding. Completing these checks without handing over a passport will demonstrate the value of biometrics-backed digital IDs in the form of increased speed and convenience.
Further, by providing users the choice to use their biometric features for a specific identity verification process and transparency into its ethical use by the operator, we should see less alarmism over the use of biometric technology.
Digital IDs and airports The Transportation Security
Administration (TSA) has been a pioneer in acceptance of mobile digital identities helping to make the travel experience quicker. Dedicated TSA lanes now exist at several airports for encouraging passengers to use their mobile digital credential. TSA began accepting mDLs on a trial basis in early-2022. The pilots are expected to reach dozens of airports this year, as two more states join the seven already issuing digital IDs accepted by the agency.
The first assessments of how successful the pilots have been may also come out in the year ahead, potentially creating a tail-wind of positive attention and consumer interest. Next steps for US digital IDs Then there are trials for other applications, like retail purchases and age verification for alcohol or tobacco purchases, as in Charleston, Soth Carolina and Nevada, respectively. In the latter case, the privacy of the individual is protected by the ability of the digital ID to provide a “yes/no” answer to an inquiry if the person is old enough to make the purchase, while the retailer gets assurance that the ID is not fake.The next step is production roll-outs where trials have happened, and more trials in other locations and by other retailers.With these pilots, digital ID adoption and use will grow rapidly this year, starting with air travelers. The most consequential outcome of this change in public experience may eventually be real progress towards the creation of strong legislative guard rails for biometrics use.
Also:
Digital ID - At A Gigantic Scale And Supersonic Speed
What is Digital ID?
Digital identity refers to the acceptable and trusted digital format of a person or company’s identity. It has attributes like name, place, and date of birth, citizenship, biometrics, unique identity number, and more, as defined by national law.
Consider a business handling high volumes of online customers that wants to quickly and securely authenticate users. High volume businesses typically operate on low margins and cannot afford any losses due to fraud or authentication errors. Digital identity could eliminate almost all ambiguity in authentication and make online identity fraud almost impossible to pull off. For e.g; the user tells the username to a voicebot and authenticates his identity with a fingerprint. Also, the user’s mobile number, the geolocation, the IP address, UID and bank card could all be additional components of a highly secure and reliable authentication system using digital identity determinants.
Why is digital identity an exciting area for financial businesses?
The pandemic has caused many individuals and organizations to shift to online business formats in a very short period of time and hence we are witnessing a massive surge in online traffic and transactions. So now there are billions of businesses and individuals who rely on the safety of the online transaction ecosystem. Also, the rapid growth in online transactions has been accompanied by a dramatic increase in the number of financial crimes. Majority of these scams involve identity theft. Digital ID is expected to deliver significant improvements in securing transactions and preventing fraud.
Second, Know Your Customer (KYC) regulations require financial businesses to verify the identity of individuals opening an account with them. Digital ID can be used to complete the KYC process rapidly and cost effectively. Also, there is a huge cost saving in doing KYC verification using Digital ID besides elimination of a lot of paper documentation and manual processing which is currently required.
Thirdly, Digital ID can help financial businesses to improve customer experience. A lot of users get frustrated with the tedious registration processes of financial applications and abandon them before completing the registration. Also forgotten passwords are an irritant to many users looking for quick service. Digital ID will help to provide a quick and smooth authentication experience to all these customers.
Financial businesses are therefore excited to use Digital ID to prevent fraud, follow regulations effectively while boosting their productivity and customer experience.
Not having a digital identity infrastructure is not an option anymore.
Recent escalations in financial frauds have resulted in businesses, individuals and government organisations suffering staggering losses. These could have been prevented if there existed an infrastructure that could offer quick and reliable authentication. For example, in the US, over 70% of the COVID scams were of security number theft which could have been prevented if the Digital ID infrastructure was in place. A lot of taxpayers money was lost to fraudsters while the real beneficiaries were left unserved.
For banks and smaller organisations like NBFCs and microfinance companies the consequences of not having a robust Digital ID authentication system in place can be very disastrous and permanently damaging. It could wipe off years of profit in a stroke if there is a security lapse while making thousands of online transactions in a day.
How financial businesses can take advantage of this tech
Many countries already have made substantial progress in some sort of e-identity of citizens. For e.g; Aadhar number in India, the e-ID cards in Italy, Spain, Germany or a mobile ID in Finland can be used to authenticate its owner. So, there exists an infrastructure that can offer financial businesses a platform to use Digital ID authentication.
Financial businesses can take advantage of Digital ID to protect against fraud by upgrading their infrastructure and redesigning their onboarding and authentication processes around Digital ID requirements. The real advantages will be seen when everyday transactions involve this tech.
In India for example, banks have linked account holders to their Aadhaar numbers which includes biometrics. So, a lot of people wonder why biometrics have not been used yet for validation of transactions - like on payments, PIN for ATM/ credit cards etc.
Some typical use cases in financial services currently are KYC / Age Verification, faster sign ups etc. and in verticals like retail and hospitality, enabling instant checkout etc.
This challenge is whether all the businesses have the ability to collect credentials, create digital identities, to link those identities to their off-line legal entities and then use those digital identities to support online authentication when doing transactions.
Some big banking institutions do have these capabilities. And Governments most certainly do. Across the world, governments are actively involved in making the payments ecosystem more secure by expediting Digital ID efforts. A central repository of digital identity
SMEs and smaller organisations have to make their own investments in hardware and involve Digital ID solution vendors in designing and implementing new workflows to their onboarding and authentication processes. By doing this now, they can be ready to reap the benefits when the Digital ID ecosystem goes live. Also, they will be compliant with the expected stricter online authentication regulations come into effect.
Digital identity in the financial world in the future could also share the digital profile so that one can get an overall & truer picture of the individual. It will caution financial institutions from over exposing them to an overly leveraged entity. The absence of a shared repository could have led to one person defrauding many different financial institutions across geography with fraudulent documents. In the past when banks were not online and not on the same network - there were fraud committed across various branches of the same bank in different geographies by the same individual. Eg in point is the CIBIL score.
The regulator should be responsible for administering the digital identity and connected repository - while the participants of the industry like NBFCs would need to do their job by updating the central repository and having a good risk policy for the process.
Another hot application in the near future will be in digital currency customer onboarding.
Criteria for self evaluation
Identifying the criteria for assessing the proper digital ID based authentication system will depend on various factors, some of which could be
Type of business 2) Purpose of authentication 2) Volume of transactions 3) Type of IDs available with your customers
Accordingly you can prepare a map to assess your current status in terms of hardware and processes and then compare it with the desired infrastructure. Experienced Digital ID and KYC automation solution vendors like Simpragma can do a professional assessment for you and recommend the most suitable criteria and processes for your business.
For example, a mobile phone number is an ideal unique identifier to help validate a customer’s digital identity for Google and Apple. But even the processes followed by giants in online technologies have scope for improvement. After all, a phone number isn’t personal and it isn’t something a person owns. So, the availability of a complete Digital ID attributes set will enable all kinds and sizes of businesses to reassess and redesign their authentication processes.
Also:
States Should Think Beyond Mobile Drivers' Licenses For Digital Identity
Other forms of digital ID will also be important for serving constituents online and preventing fraud.
State-issued digital credentials give Americans fast, secure tools for verifying their identities in online transactions. While mobile drivers' licenses (mDLs) will be one of the most important digital credentials for states and their residents in the coming years, they’re only one piece of the identity-verification puzzle.
An mDL stores fixed data points like birth date, home address, height and eye color. But states and their constituents generate many more data points that modern identity tools can use to streamline public services and thwart fraudsters. That’s why states are creating other identity services such as digital IDs. Ohio’s OHID, for example, gives residents one digital credential to file for unemployment benefits, pay taxes and participate in other state programs.
Here’s how mDLs and digital IDs differ and why states should consider a broader perspective on digital identity.
mDLs: AN OVERVIEW
Physical drivers' licenses are trustworthy credentials for verifying Americans’ identities for a range of transactions. Similar cards for non-drivers ensure everyone has reliable credentials.
An mDL replicates the functions of a physical driver’s license. About a dozen states have active mDLs, which typically operate within smartphone apps like Apple Pay, and many more states have mDL projects in the pipeline.
ADVANTAGES OF mDLs
Built-in foundation. State DMV offices are already identity experts. “Eighty percent of our population has gone to a DMV office with documentation in hand to demonstrate they are who they say they are,” says Torre Jessup, North Carolina’s chief deputy state CIO and the former commissioner of his state’s Division of Motor Vehicles. With so many of the core processes already in place, Jessup says, it’s prudent to have state DMVs play a key part in digital identity, including the issuance of mDLs.
Automation. Jessup notes that mDLs can be part of a state’s digital verification solution, helping them optimize identity processes to boost speed and efficiency.
Privacy. Agencies and private companies can tweak the settings on mDL applications to filter out personal data in specific use cases like age verification for alcohol purchases.
Accuracy. Identity data contained in mDLs can be more timely and accurate because of instant updates on mobile apps.
TAKING DIGITAL IDs INTO THE FUTURE
Jessup says states need interoperable digital IDs and mDLs that improve remote identity verification and approval scenarios for all residents. He points to the advantages of virtual credentials when, for example, people lose their identity documentation in a fire or flood.
“Ultimately, this is an opportunity to make sure people in that type of situation don’t have to re-create their identity by producing paper documents that may be difficult to obtain,” Jessup says.
The stakes for identity protection are just as high.
“We’re seeing in real time the amount and sophistication of fraud hitting governments,” Thompson cautions. “The fraudsters will double down on states using outdated approaches.”
Fraud protection. Unlike static physical cards, mDLs can react dynamically to evolving threats. “Fraud can strike at any time, and fraud looks very different over time,” says Matthew Thompson, senior vice president and general manager for public sector with Socure, a leading digital-identity and antifraud platform provider. The ability to upgrade mDLs to meet new threats is a big advantage over printed IDs, says Thompson, who has years of hands-on experience helping states implement mDLs and other identity technologies.
CHALLENGES WITH mDLs
Fixed format. mDLs contain only a fraction of relevant identity data. “My identity as a resident is much more than what the North Carolina DMV has on file,” Jessup says. Income data from the Department of Revenue, for instance, could streamline approvals for Medicaid applicants.
Cost and complexity. States must invest in technology upgrades and work out the nuances of making mDLs trustworthy and interoperable.
Slow adoption. The ecosystem of mDL issuers, users and organizations that accept them is just now taking shape. This creates a “chicken-or-egg” scenario — mDLs need adoption to grow, but residents won’t adopt them if they can’t use them somewhere. “It’s going to take a decade-plus for mDLs to become mainstream,” Thompson says. States, meanwhile, have identity challenges that need to be addressed now.
THE DIGITAL IDENTITY SPECTRUM
The limits of mDLs oblige states to employ a spectrum of digital identity strategies and processes to streamline services, improve trust and discourage fraud. Digital ID verification and authentication can take multiple forms, such as:
Portals. A statewide online portal (such as OHID) can remove annoying duplication of effort for residents working with multiple state departments. “Why should the state burden the public with providing a copy of a document containing information it already has?” Jessup asks.
Processes. Even if they don’t deploy a portal, states and their technology partners can develop custom processes that collect data from multiple sources to simplify ID verification.
Applications. “Not every government use case requires heavy vetting of identity,” Thompson notes. A lightweight app, for instance, can verify or authenticate based on simple data points like age, email or home address.
Digital ID apps can also make identity interoperable across state lines. Sophisticated identity management software can apply multiple technologies and data sources to authenticate transactions and fight fraud in ways an mDL can’t.
IMPLEMENTATION ADVICE
Digital ID solutions must reach 100 percent of constituents to ensure equity and fairness. Making that happen starts with convincing leadership to provide enough funding. “We need to inform our lawmakers that secure digital accessibility is just as important as making sure bridges and roads are safe,” Jessup says.
States need frameworks for regulating digital IDs and making them fraud-resistant, interoperable and easy to use. Jessup says legislation isn’t always the best route for regulating rapidly evolving technology like digital IDs and mDLs. Like many states, North Carolina has a part-time legislature. If a major identity challenge occurs after a legislative session ends, passing new laws to address the problem would not happen until the legislature reconvenes.
If there are places where we’re sure legislation is required, then I think we should do that, but I’m not a fan of saying we should pass laws just yet, Jessup says.
Regulations on AI applications must protect private data without hamstringing the technology in ways that help fraudsters, Thompson says. “If policymakers limit the use of AI in this area, it’s going to leave governments behind and continue to expose us to advanced identity fraud attacks,” he adds.
.jpg)