United States
The US Treasury says it is considering alternatives to facial-recognition technology by commercial provider ID.me to verify identities for online taxpayer accounts after some lawmakers raised privacy concerns.
The Internal Revenue Service announced in November that it will transition this year to identity verification using ID.me technology for accessing online services including tax records and Child Tax Credit information.
The process involves uploading a selfie to create an ID.me account and gained more attention this week as the IRS kicked off its annual tax return filing season.
Now a US Treasury official has said that Treasury and IRS are looking into alternatives to ID.me.
“The IRS is consistently looking for ways to make the filing process more secure but to be clear, no American is required to take a selfie in order to file their tax return,” the department said in a statement.
ID.me said in a statement that its technology complies with National Institute of Standards and Technology guidelines to offer three ways to verify identity. The firm said it provides digital identity services to 10 federal agencies, including the Social Security Administration and the Department of Veterans affairs, and 30 US states.
Canada
Canadian digital ID provider Bluink’s eID-Me digital ID app has removed a passport requirement and now allows for a driver’s licence or a photo ID card for identity verification.
eID-Me is described by Bluink as a “sovereign identity” that encrypts ID information onto a digital wallet that is contained in a mobile phone. The company says it removed the passport requirement for eID-Me because many people do not have a valid passport, which led to a high volume of requests to change the system.
Instead, the company has integrated a new feature called Flexible IAL that determine different levels of security assurance – IAL1 or IAL2+ – based on which ID documents are scanned by the user. A scan of one ID card will grant an IAL1 digital ID, while a scan of an ID card and a passport will produce an IAL2 digital ID.
Elsewhere Canadian digital identity firm Liquid Avatar Technologies has successfully finished a pilot programme with the Ontario Convenience Store Association (OCSA) for an end-to-end, live working test of its Smart Age program that is to be eventually rolled out across 8,000 convenience stores in the Canadian province.
The Smart Age programme provides digital age verification with support from biometric verification like a facial scan that is linked to a blockchain and stored on a digital wallet. The service allows a user to present their personal information via mobile phone app without needing to show a card ID to the store clerk. The program would ensure that customers are of legal age to purchase age-restricted goods like cigarettes, alcohol and lottery tickets, and reduce the use of fake documents and identity theft.
Taiwan
The Financial Supervisory Commission (FSC) in Taiwan is reportedly seeking to ease regulations on online consumer lending in banks, in an attempt to create a comprehensive digital banking environment.
Currently, strict identity authentication protocols apply to internet-based loan applications as compared to those applied at a physical branch. The requirements previously included verification of identity through a video conference or the use of encrypted digital tokens.
Under the new regulation, an end-user’s identity will be verified through the use of biometric data, such as the verification of an individual’s facial features, fingerprints, or retina. The same biometric identifiers would also be used for the purpose of identification when visiting physical branches.
The new rules would only apply to consumers who already have a digital savings account at the bank, with authentication through a credit card or another bank account.
United Kingdom
The Money and Pensions Service (MaPS) has set up an interim identity service for its Pensions Dashboard Progamme (PDP).
It has agreed on a two-year contract valued at £1.8 million with Netherlands based company Digidentity, reports UK Authority.
The move is intended to support the initial testing phases of the PDP programme, which is aimed at giving users a choice of online dashboards, each of which would provide all of their pension information within a single source.
It will also involve an assessment of how the identity market is developing in line with the proposed UK digital identity and attributes trust framework, launched and later updated last year by the Department for Digital, Culture, Media and Sport to provide a foundation for a market in relevant services.
European Union
If you liked this content…
The European Union Agency for Cybersecurity (ENISA) has released a pair of new reports that could influence the development of digital identity technologies in EU member states. One of the reports addresses some of the concerns with facial recognition technology, while the other details the potential for self-sovereign identities (SSI).
ENISA noted that COVID-19 has created a need for technologies that can verify someone’s identity online. Facial recognition has helped meet that demand, and has been used to facilitate everything from financial transactions to citizen interactions with various government agencies.
The problem, according to the ENISA report, is that facial recognition is still vulnerable to spoofing. The report lists photos, video replays, masks, and deepfakes as the primary methods of attack, and recommends some steps that organizations can take to guard against those threats. Most notably, the report encourages organizations to set a minimum video quality for face checks, and to implement presentation attack detection systems that can gauge depth and spot some of the inconsistencies found in deepfakes. It also advises organizations to cross-reference identity documents with lists of lost, stolen, and expired IDs, and to adhere to industry standards and best practices when implementing an authentication system.
Find Biometrics notes that ENISA’s SSI report, meanwhile, could inform the creation of a broader European Digital Identity scheme. The digital IDs would be available to all EU citizens, and would theoretically serve as a trusted digital identity that could be used for a range of cross-border interactions.
ENISA noted that a good SSI should give individuals more control over their personal information, allowing them to choose what and when to share when proving their identity. Priorities for SSI include data minimization, accuracy, and consent, as well as utility more generally. Once completed, citizens will be able to store a European Digital Identity in a wallet on a mobile phone, and share information by clicking an icon when accessing online services.
United States
The General Services Administration wants to replicate a system the Social Security Administration (SSA) has been implementing over the last three years to reduce identity theft in the financial services sector for use in the provision of digital services by various other agencies.
In 2018, Congress instructed SSA to create an electronic consent based social security verification system, known now as ECBSV, to help stop criminals from stealing the identity of victims, most of whom are children, according to Kate Wechsler, executive director of the Consumer First Coalition.
She said before the system was in place, identity verification at SSA “was paper based and very slow to the point that quite frankly, it wasn’t useful, especially in our increasingly digital environment for credit applications and decisions. You know, by the time you got the result from SSA that it wasn’t a match, the criminal has gotten their credit and is gone.
Congress specifically crafted the law to grant access to the system to financial institutions, including credit reporting agencies, but with the rise of digital services, Lam wants to see greater use of the SSA model across the government.
Czech Republic
Residents of the Czech Republic will soon be able to store, display and verify digital versions of their identity card and driving licence on their mobile device and will no longer be required to carry physical ID documents if they do so, the Czech government has confirmed in a policy statement.
The service will be made available “as soon as possible, at the latest in 2023” using the eDokladovska mobile app developed by the State Printing Works of Securities (STC) that enables users to upload and store “digital twins” of their physical documents on their Android or Apple device.
In addition to their digital ID card, driving licence and residence permit, users may also be able to import “additional documents which are issued/personalised by entities other than STC”, such as their vehicle registration certificate, birth certificate, firearm licence and health insurance card, to the eDokladovka app “in the future”.
United Kingdom
Businesses will have to license software to onboard employees remotely from April as Home Office outsources digital ID checking
Businesses face having to pay up to £70 per employee to verify a new starter’s identity from April as the Government privatises digital ID checking.
In a surprise move, the Home Office says that from April 6 businesses will have to use approved third-party software to verify digital identity.
Louisa Cole, a principal associate at Eversheds Sutherland, told The Times that, based on their research, these ID checks were likely to cost anywhere between £1.50 to £70 per prospective employee.
India
A new model of “Federated Digital Identities” has been proposed by the Ministry of Electronics and Information Technology in India. With this model citizens can interlink, store and access multiple digital IDs via one unique ID. From PAN card to driving licence, every important document can be kept under the unique ID.
The proposal is expected to be released soon. The Ministry will seek comments by February 27.
The federated digital identity will work as a key to a registry where all state and Central identities will remain stored. Citizens will then be able to use this digital ID for availing third-party services via authentication and consented eKYC.
