Australia Post has launched a smartphone-based national digital ID scheme (https://www.digitalid.com/personal). However, until it gains a significant number of partners, particularly in the banking sector, the scheme may see limited adoption, Robin Arnfield reports.
In August 2017, Government-owned Australia Post (https://auspost.com.au/) announced Digital iD, a free service allowing Australians to verify their identity online and in person when accessing government and business services.
Australia Post says the service allows people to verify their ID once, so they can then easily prove who they are online and in person through the Digital iD app. This removes the need for people to repeatedly use several forms of ID to prove who they are or have numerous passwords to access products and services, it says.
According to Andrew Walduck, Australia Post’s Executive General Manager Trusted eCommerce Services, existing time-consuming ID verification processes cost the Australian economy up to A$11bn ($8.4bn) a year
Collaboration with Federal Government
In May 2017, Australia Post said that it is partnering with Australia’s Federal Government to ensure that Digital iD can be used to access the Government’s digital services.
“Australia Post will work with the Government’s Digital Transformation Agency (DTA) to integrate Digital iD into the Commonwealth of Australia’s Digital Identity Framework, a set of standards, processes and partnerships guiding the Government’s formation of a federated system of ID providers,” it said.
“The partnership between Australia Post and the DTA will focus on developing a proof of concept to help Government agencies enhance how they provide access to services online and over the counter.”
The DTA’s Govpass project, which is in beta development and testing with a limited number of users, aims to provide secure ways for Australians to identify themselves when using digital Government services.
Users will be able to prove themselves by having an accredited organisation vouch for them such as a Government agency, or in the future, their bank, the DTA says (https://www.dta.gov.au/what-we-do/platforms/govpass/).
The DTA expects to have digital ID services available for a broader group of users to test on a wider number of government services in the first half of 2018 (https://www.dta.gov.au/blog/creating-a-govpass-digital-identity/).
The first organisations to sign up for Digital iD are job outsourcing site, Airtasker; Australia’s largest credit union CUA; Travelex Australia; and Queensland Police Service. Consumers can use Digital iD when registering online for Australia Post services such as MyPost Parcel Collect and Mail Redirection.
Airtasker will use Digital iD to give its users an identity ‘badge’ to prove who they are, strengthening trust in its service.
CUA will initially use the technology to verify new members applying for CUA eSaver Reward or eSaver Boost savings accounts online or via smartphone, enabling more people to complete the process digitally without visiting physical branches.
“We see (Digital iD) as a tool to help us support members through life events – like moving house – with a better way to have their identity verified,” said CUA Chief Digital Officer Sue Coulter.
“Changing addresses is one of the most common reasons that people are unsuccessful in verifying their identity as part of an online application. So being able to tap into Australia Post’s data to increase the ability to verify those individuals is a huge step forward.”
“CUA is looking to begin a pilot within the coming weeks, trialling Digital iD on its online and mobile application forms for two savings accounts – the CUA eSaver Boost and eSaver Reward accounts,” a CUA spokesperson tells EPI.
“The pilot is likely to run for around 12 weeks, so CUA can collect feedback on the Digital iD experience and identify any potential refinements or improvements. Following the pilot, CUA will consider potentially expanding Digital iD to other products. This may include verification for other transactional and saving accounts, term deposits, credit cards or personal loans. CUA may also explore the use of Digital iD to allow members to identify themselves over the phone or in a branch.”
“At this stage, CUA hasn’t explored whether to utilise Digital iD for logging into digital services, such as online or mobile banking. However, this may be an area for further consideration following the Digital iD pilot and the upcoming launch of CUA’s new mobile banking app.”
Travelex will use Digital iD as part of its KYC checks, while Queensland Police Service will incorporate the technology into its forthcoming national police clearance certificates process.
Travelex plans to integrate Digital iD within its online currency ordering systems, providing KYC for online orders at Travelex.com.au where customers don’t visit a Travelex store, Travelex Online Country Manager James Vatiliotis says.
“We’re currently rapidly developing our solution for Digital iD, and hope trials will start before the New Year and a full scale roll out early next year,” he says. “Digital iD will really enhance our fulfilment offering and allow us to offer a Home Delivery solution similar to Travelex’s offerings in UK, US and Japan.
Digital iD also starts a new fulfilment journey as we look to automated fulfilment. What this looks like is still being explored, however. But with Digital iD there are some exciting possibilities to make our customers’ lives easier. We’re also exploring using Digital iD to provide a second level of KYC above our current KYC checks.”
To sign up for Digital iD, consumers download the associated app to their Android smartphone or iPhone and enter their personal data from their passport or driver’s licence. The Digital iD system compares this data with the information kept on the ID document issuer’s database to verify the user’s identity.
Australia Post says that, when someone uses Digital iD, a verified token showing that the customer is who they say they are is passed to the relevant organisation. Only information authorised by the customer – e.g. name, address and date of birth – is passed on. Users’ identity data is stored within an encrypted system located in Australia.
“Data is encrypted and stored with two keys, both of which are needed to unlock the user’s personal data,” Australia Post says. “One key is held by Australia Post and the other is on the user’s secure device. Both keys are required to unlock the user’s data. Neither the user nor Australia Post can access the private data without the other.”
Australia Post has created a developer centre providing a Sandbox environment where developers can test Digital iD on behalf of organisations interested in using the system.
“The Sandbox environment allows technology teams to perform all the operations available in the production environment using fictitious identities and verifications,” it says. “This means technology teams can fully test the end-to-end process of verifying an identity.”
“The key issue is whether consumers trust Australian Post,” Grant Halverson, CEO of Australian payments consultancy McLean Roche, says. “Will consumers be proactive in registering and will they remember they have an Australia Post digital ID when they need it? Will Australia Post build enough critical mass to allow a national program to be built?”
“The organisations currently signed up for Digital iD will use it for a mix of unrelated tasks,” Halverson says. “There are no banks or insurance companies and no other top 200 companies. The key issue for banks is whether Digital iD will replace existing forms of ID and/or credit checks: this is most unlikely. A better model is what Estonia has done with digital citizenship and digital ID all being driven by the Estonian Government (https://e-estonia.com/solutions/e-identity/id-card/). However, this Government-issued digital ID model suffers if you have to scale it in larger populations.”
“Without the involvement of Australia’s big banks, Digital iD won’t get large numbers of users,” says Andre Boysen, Chief Identity Officer at Toronto-based SecureKey, which is working with Canada’s banks to build a nationwide digital ID scheme in Canada. “From the consumer perspective, Digital iD has limited usage potential. Without multiple partners, people won’t want to sign up for it. What’s the use of a credential I can only use at one organisation – I might as well get the credential direct from that organisation. Consumers want to not have to do digital ID verification at every service.”
The Reserve Bank of Australia’s Payments Systems Board’s August 2017 meeting discussed “the potential for a framework for trusted digital identity to make online interactions more convenient and secure, including the potential to reverse the rise in fraud rates on card transactions,” the RBA said in a statement. “Board members encouraged the payments industry to work collaboratively on digital identity and noted the importance of engagement between banks and government on this issue.”
By contrast with Australia Post, Canada is further down the road to building a nationwide digital ID network.
In October 2016, SecureKey raised C$27m (US$21m) in growth capital to fund the commercial rollout of a nationwide federated digital identity network in Canada. The country’s largest banks, BMO Bank of Montreal, Scotiabank, CIBC, Desjardins, RBC Royal Bank of Canada, and TD, participated in the funding.
In October 2017, SecureKey said Quebec-based National Bank of Canada would participate in its new digital ID network along with the other big banks. This platform builds on partnerships that SecureKey has established for SecureKey Concierge, an authentication service enabling Canadian consumers to log into multiple Canadian government services using their bank ID. All major Canadian banks participate in SecureKey Concierge.
“We’re currently undergoing market trials of the new digital network and are aiming for commercial launch in early 2018,” says SecureKey’s Boysen. “We’ll have banks, government departments and telcos participating as digital ID providers in our Canadian network.”
Digital ID and Authentication Council of Canada (DIACC)
The DIACC is a non-profit coalition of public- and private-sector organisations committed to developing a Canadian digital ID and authentication framework. A standards-setting body, the DIACC’s members include representatives from Federal and Provincial government as well as private-sector firms.
In February 2017, the DIACC and SecureKey were awarded a grant of up to US$800,000 to develop a Cloud Identity Ecosystem. The DIACC said it will work with SecureKey to develop the digital security framework based on SecureKey’s technology architecture.
The grant is the result of collaboration between DIACC and the Command Control and Interoperability Center for Advanced Data Analytics (CCICADA) a research centre funded by the U.S. Department of Homeland Security Science & Technology Directorate.
In the US SecureKey is setting up a consortium of US banks, government departments and telcos to build a federated digital ID network. SecureKey’s long-term goal is to link digital ID networks in different countries that use its platform.
“The problem with national digital ID schemes is that they aren’t interoperable with each other,” Boysen says. “Our vision is to establish national digital ID schemes using our technology in two or three countries, and then use this as the catalyst for a global interoperable digital ID system. This global platform will be cross-border but will respect the fact that individual countries require their citizens’ ID data to reside in-country rather than offshore.”
BankID is used by 80% of all Norwegian adults to prove their identity to government departments and all of the country’s banks and mobile telcos. BankID has been working with tech supplier Encap Security to include support for Apple Touch ID and Android to enable biometric authentication for mobile devices.
In Norway, BankID transactions represented 90.9% of total ecosystem transactions in 2016, around 11.4 million transactions per month. According to Gemalto, BankID’s tech partners, almost a million Norwegians are now employing the BankID system for secure online authentication, of whom nearly 40% are using the Mobile ID app.