UK Government Publishes Policy Paper on Digital Identity
The world has become increasingly digitized. As people continue to conduct business, shop, and operate online tools, a need for digital identifiers has emerged - just like identification and insurance numbers become unique identifiers used by virtually all organizations, from banking to healthcare.
Digital identity refers to the body of information about an individual, entity, or electronic device that exists online. As many transactions occur online, from end to end, verifying digital identities becomes crucial.
As such, the UK government has published a paper setting out a framework containing draft rules to govern the usage of digital identities in the future. This forms part of the government's plan to make it more convenient for people to verify themselves online using modern technology by creating digital identities that are as trusted as passports or any other commonly accepted official identification.
What Is Digital Identity?
Whenever people transact or interact online, unique identifiers and use patterns emerge that make it possible to detect an individual or their devices. This information can be used by website owners to track users for personalisation, particularly in targeted advertising and content.
Digital identities occur naturally from the use of personal information and from so-called shadow data. Data shadows refer to the sum of all small traces of information left behind through everyday online activities, e.g., sending an email, updating a social media profile, buying something online, etc. A digital identity could be a pseudonymous profile linked to a device's IP Address or a randomly-generated ID. Digital identities are often contextual in nature, as the user will provide selective information when providing authentication information.
Data points that make up a digital identity may include usernames, passwords, purchasing behaviour, date of birth, social security or passport numbers, online searches and medical history. These profiles contain aspects of a person's actual identity, which is why digital identities come with their own privacy and security risks. Pseudonymous profiles can also yield clues to an individual's identity through cross-site data analysis, which this framework will address as well.
The Digital Identity Framework
Just like passports and licenses identify people in real life when transacting or interacting with service providers, the inclusion of personally identifying information in the digital world comes with numerous benefits (and some risks). Authentication and verification for digital identities do exist but aren't standardised, and as such, some are safer than others.
The government's draft framework includes the various principles, procedures and standards that will govern the use of digital identities and personal details in a trusted and consistent way. If successfully implemented, the framework will enable interoperability and increase public confidence when sharing information online. The frustration of entering personal information across every platform and transaction can be reduced considerably, and institutions will be able to more confidently introduce time-saving online initiatives.
Once brought into law, the standards and requirements for organizations providing or using digital identity services will include having data management policies in place that explain how digital data is created, obtained, disclosed, protected and deleted. They will also be required to follow industry standards and best practices for information security and encryption. For example, users must be informed if any changes to their digital information have been made, e.g. address or contact information updates. Where appropriate, there should be a detailed account recovery process in place and a process for notifying users if the organisation suspects someone has fraudulently gained access to their account or used their digital identity. Organisations will also be provided with guidance on how to choose secure authenticators for their service.
Transparency around data usage and collection will be required as organizations will be asked to publish annual reports explaining which demographics have been excluded from their services and why highlighting inclusivity problems in products and marketing.
The Government has also stated that the proposed framework will promote the use of vouching, where trusted people within communities (such as doctors and teachers) will be able to vouch for a person's identity, which can be a useful alternative for individuals without traditional identification documents like drivers' licences or passports.
The Effects of the Framework
Economists estimate that the cost of manual offline identity proofing is as high as £3.3 per annum. These new plans will not make it more convenient for ordinary people to transact but boost the country's digital economy by creating new opportunities for innovation, enabling smoother and safer online transactions, as well as cost-saving initiatives for numerous businesses.
Financial institutions and other organizations that want to utilize digital identities as part of their services will have to consider how digital identities can be verified. The implementation of a digital identity system will bring efficiency and accelerated financial inclusion to the country but will require robust e-KYC development as well.
The best approach would be to employ digital identity verification solutions advanced enough to confirm that someone is who they say they are with accuracy and speed. Aside from reducing the risk of fraud and assuring AML compliance, identity verification should also enable a frictionless customer experience.
While the framework has not yet been signed into law, businesses should already start investigating future-proof systems and processes in anticipation of regulatory and societal change. If not, they risk being left behind the curve. If you would like to know more about the latest technology utilized in KYC and AML procedures, get in touch with our team at sanctions.io.