As businesses and organisations become more mindful of security precautions since the introduction of GDPR, governments are taking steps to do their bit. Fabrice Jogand-Coulomb, Senior Product Marketing Manager and Mobile Security Expert at HID Global, discusses private sector verification needs in relation to digital ID, in more detail.
Digital identity is more than a buzzword in the government business. It is almost reality. More than 10 pilot projects and a small number of live projects are currently running worldwide, mainly around digital driving licenses. But what do we mean when we talk about digital identity? Is it just a digitalised identity document that is accessible on a smartphone? This would not make it any different from a conventional physical document, so why bother investing in such a project?
The security and trust advantages of a digital ID
A digital document has two major advantages that go beyond what you see on a mobile phone screen:
Cryptography. All data is protected by cryptography. This means that the implemented security reveals whether the data of the mobile ID holder is altered during any kind of communication. Cryptography also ensures the authenticity of the data, which means that the data can be verified as coming from the expected source. Or to make it even easier to understand, in the case of a digital driving license, one can trust that the data comes from the driver’s license authority that issued the mobile ID rather than being the creation of some hacker. In addition to that, encryption ensures that data can’t be accessed without consent.
Software. Just as important as cryptography is the fact that a digital document can be verified by software. This means that a device or desktop installation can verify the authenticity and validity of the document at any time. Relying on digital verification has the advantage that one does not have to trust his or her knowledge of security features in identity documents. Verifying an ID becomes easier, faster and more convenient than ever before.
National economies can save money by extending verification capabilities to the private sector
While digital identity is convenient for the citizen, the verification capabilities are what elevate the concept of a mobile ID to an identity ecosystem for an entire society – assuming the private sector also receives verification capabilities. This can be an interesting option for many businesses, ranging from cinemas and supermarkets to dance clubs and banks. It makes the implementation of mobile ID a truly valuable investment for governments. The reason is simple: with reliable verification on the private and public side, fraud can be easily detected. And identity fraud is what costs national economies billions of US dollars every year. But there are additional benefits that come with it such as faster verification or being able to remotely perform verification of an ID.
Governments need to consider the different verification needs of the private sector
Before extending the verification capabilities to the private sector, the different needs and legal liabilities that come with it must be taken into consideration. In my opinion, we can define three liability levels:
Low level. Let’s take a cinema as an example. It often offers reduced ticket prices for visitors of a certain age. If someone lies about his or her age, the liability for the cinema is low or even non-existent. At the same time, the business is losing money by not selling a higher priced ticket to that customer.
Middle level. An example would be an owner of a bar or off-license. Taking into account that there might be different legal frameworks from country to country, we can still say that the liability is higher than for the cinema, as a business selling alcohol has a responsibility not to sell alcohol to under age customers.
High level. Banks have probably one of the highest levels of liability towards their customers. If a thief is able to access someone’s bank account and steal money from it, there is huge economic damage for the customer and the bank itself. A bank that does not protect its customers from this kind of issue will eventually lose customers, which means, again, an economic loss.
There is a need for different verification technologies
All three levels of liability have an economic impact and sometimes even a social one that cannot be separated completely from the responsibilities that a government has. In essence, this means that the implementation of mobile ID needs to consider a legal framework that takes the needs of the private sector into consideration. Depending on these three levels of liability, governments have to introduce different technologies that can accommodate those verification needs.