This is a version of a talk we give with slides when we meet people face-to-face who need to know about GOV.UK Verify - usually government colleagues from different departments, or representatives from private sector organisations.
This blog post was updated on 4 July 2017 to reflect our most up to date thinking.
GOV.UK Verify is a new way to prove who you are online.
It’s designed to give people safer, simpler access to government services.
Most people are using the internet more and more to do the things they need to do - like banking, shopping, communicating, and work.
GOV.UK Verify allows people to do their government business, for example viewing their driving licence information or applying for Universal Credit - simply and safely.
Government must be sure that people are who they say they are when they’re using these kinds of services.
And people using these services must be sure their information is safe, and private.
The digital transformation of people’s lives, and of government, means the onus is on government to provide universal access to these kinds of services. We believe government should make these services so good online, that people prefer to use them.
Government services must be convenient.
But convenience can’t come at the expense of safety or privacy. And we know fraud and identity theft are real and growing threats.
GOV.UK Verify has been built to address this tension and the threats posed by fraud and identity theft. It’s a new, safer way to do your government business online, designed for the internet we have today and to adapt to challenges it might present tomorrow.
GOV.UK Verify has tackled this problem in a new way.
Instead of storing information centrally, GOV.UK Verify works with a range of independent companies, as a kind of safety network. These companies must be certified by government to verify your identity.
Certification is a process whereby companies have to meet and maintain standards set by government and by independent external bodies, such as the Privacy and Consumer Group (PCAG).
When you use GOV.UK Verify, you choose from a list of certified companies.
In order to verify that you are who you say you are to government, the certified company you choose checks multiple sources of information.
They might confirm with one source about a piece of information you give from your passport. And they might confirm a second source about a piece of information you provide from your bank statement.
In one sense, these are standard verification methods. But it’s also completely new: it’s never been possible for a user to do this online before, with no central storage; and this kind of federation - with public and private organisations working together for greater security and privacy, is also new.
You don’t need to wait for codes in the post, or post things yourself, or go in person to prove your identity somewhere.
This video walks you through how it looks when you use GOV.UK Verify online.
GOV.UK Verify is built as a federation - where responsibility is shared by a network of different organisations - because this limits the information government, and any certified company holds, to an absolute minimum: no one has the whole picture.
Government doesn't know which certified company you choose, or what information you give them, or what information they check. And the certified company knows nothing about the government service you’re using.
This way, no one has more information than they need and data isn't shared unnecessarily.
There is no central storage, or database, anywhere.
GOV.UK Verify moved from beta testing to live in May 2016.
We continue to test, research and develop GOV.UK Verify based on feedback from users.
From September 2018, Verify will also be able to accept approved identity schemes from other countries.
More and more services depend on GOV.UK Verify, and it will eventually become the default way for people to access services online (businesses will still use Government Gateway).