We’ve posted before about the work we are doing with private sector organisations, primarily through the Open Identity Exchange. This post is about how we are working with the private sector to make it easier for users to verify their identity.
When you open a new account or service relationship many organisations ask you to bring in ‘evidence of identity’, like a passport and utility bill. They then photocopy the evidence and keep it in a file somewhere as an audit record that they verified your identity. There are many weaknesses with this approach to identity assurance, not least being that the irrelevant personal data is recorded along with the identity details. But for many years it has been established practice.
We have been working with private sector organisations through the Open Identity Exchange to develop digital solutions that are better than their paper based predecessors - and don’t leave a trail of photocopied personal information in archives. In a digital transaction, if you ask the right question it is possible to provide a yes/no response and avoid the need for unnecessary personal data to be stored.
We developed an example service in the public sector. When a GOV.UK Verify user is registering with a certified company, they are given the option to provide passport and driving licence details as evidence of identity. The certified company has access to the Document Checking Service through which the details provided by the user can be validated with a simple ‘yes’ or ‘no’. Only certified companies can access this service, and only for the purposes of verifying an identity as part of GOV.UK Verify.
The certified company must do a number of other checks when creating a digital identity, including validating evidence provided by people. Through OIX projects we have been testing how the private sector might create services that work to a similar design as the Document Checking Service and allow certified companies to validate user asserted data - with the user’s consent - directly against the primary source. This will help increase the success rate for GOV.UK Verify, which is one of our objectives for the next year.
We reported on a project with the Mobile Network Operators in 2014 on how their infrastructure could be used for identity assurance. Together with the GSMA they are now working on an initiative called Mobile Connect.
Recently we’ve been talking to banks, the Payments Council and VocaLink about similar concepts. Banks must meet high regulatory obligations for identity verification when opening and operating bank accounts. We are now planning a project to investigate how a certified company could validate a user’s bank details. If you’d like to know more about this or any other OIX projects, please do get in touch.
Please get in touch or comment below if you’d like to know more.