Editorial

Digital Identity: Global Roundup

Digital identity news from around the world

Posted 26 February 2024 by Christine Horton


United Kingdom

Public sector bodies and organisations will now be able to procure Identity Services from the UK’s only bank-verified identity service provider.

OneID has been named as a supplier on Crown Commercial Services’ (CCS) Open Banking Dynamic Purchasing System (DPS). It is the first open banking provider to join the DPS that is also certified by the Department for Science, Innovation and Technology (DSIT) for providing identity services.

DSIT’s Digital Identity and Attributes Trust Framework assessing service providers against strict standards of privacy, inclusivity and transparency of data use, which in turn says gives local authorities, the NHS, and other UK government departments confidence when choosing an identity service provider.

Global

Prove has joined the FIDO Alliance Board of Directors in a move, it said, underscored “its commitment to advancing authentication standards and reducing global dependency on passwords.”

Tim Brown, global identity officer at Prove, will serve as the company’s Primary Board Delegate advising on authentication and device attestation for FIDO Alliance.

Latvia

Veridos has delivered new ePassports to Latvia in collaboration with the Portuguese state printer INCM.

Veridos, a joint venture between Giesecke+Devrient and Bundesdruckerei, was awarded the contract for the large-scale project. In addition to the documents, the collaboration with the Latvian authorities includes the supply of the central personalisation system as well as support and maintenance services over a period of five years.

For the first time the ID documents include Veridos’ security features CLIP ID Echo, Amber ID, Diamond ID and Spectre ID. CLIP ID Echo is a repeated portrait and biographical data of the cardholder, such as date of birth or ID number, that is only visible from certain angles. The technology is an evolution of CLIP ID (Color Laser Image Protected ID), an integrated solution that adds vivid color photos to the next generation of polycarbonate ID documents. It combines secure laser engraving with image printing for maximum flexibility in the production and personalisation process.

United Kingdom

Fraudsters have exploited document checks conducted by letting agents, leaving potential tenants vulnerable to having their identities stolen rather than verified.

A report in The Guardian highlighted the story of a London teacher who fell victim to fraudsters after attempting to rent a property. Using an online tenant referencing service recommended by the agent, she submitted a wide array of personal documents, including her passport and driving licence. Moreover, she was instructed to grant the service open access to her banking details via Open Banking.

Unbeknownst to her, fraudsters had commandeered her phone number by convincing her mobile provider, O2, to issue an e-SIM. With control over her phone, the criminals bypassed bank security, facilitating a substantial unauthorised bank transfer.

The teacher speculated her vulnerability might have been exacerbated by the extensive personal data shared during the tenancy check, coupled with a lack of two-step verification on her email account, which could have provided an additional layer of security.

This incident has prompted warnings to prospective renters about the risks of sharing extensive personal information and the importance of employing robust security measures, such as two-step verification, to protect against identity theft and financial fraud.

Australia

The Australian government is working on expanding the national digital ID system to include more digital ID providers.

Legislators are currently working on the Digital ID Bill to ensure the digital ID system is consistent by establishing an Accreditation Scheme that will help companies and businesses provide digital ID services, reports Biometric Update.

“The Bill will require Digital ID providers to meet high standards of security, privacy protection and fraud controls to be accredited. This means greater consumer protection,” says First Assistant Secretary from the Department of Finance, John Shepherd.

Australia’s Parliament introduced the Digital ID in late 2023, paving the way for the rollout of the nationwide digital ID system which has been tentatively set for July 1, 2024.

The system is meant to allow users to choose their preferred digital ID provider for accessing government and private services. Companies such as Australia Post, MasterCard and OCR Labs (IDVerse) have already received accreditation for providing digital ID services, while banks and other institutions have expressed interest.

Global

Mitek Systems has unveiled MiControl, a fraud management console that enhances Mitek’s Check Fraud Defender for the detection of cheque fraud for banks and financial institutions.

The firm said it is a response to the challenge of cheque fraud, which remains prevalent despite the surge in digital payment methods. Financial institutions process billions of checks annually, and the rate of cheque fraud has been on an upward trajectory, it said.

Global

According to the World Bank 2021-2023 Identification for Development (ID4D) Global Dataset update, there are 850 million people who do not have an ID at all, and an estimated 1.1 billion people that do not have a digital record of their identity. 1.25 billion do not have a digitally verifiable identity, while 3.3 billion others do not have access to a government-recognised digital identity to securely carry out online transactions, despite ID systems in almost all countries relying on digital data.

ID systems in more than 90 percent (186 out of 198) countries globally now rely on digital data; identification systems across at least two-thirds of countries offer at least a basic type of digital identity verification or authentication for in-person transactions; and about 40 percent of countries (mainly high-income ones) have a digital ID ecosystem that enables fully remote, secure authentication for online transactions.

Germany

A white hat hacker has perform a Man-in-the-Middle attack on the online version of the German National Identity Card, known as eID. The vulnerability could potentially pose a danger to the approximately 10 million people currently using the system.

“I was surprised at how easy it was to compromise the system,” the hacker told news outlet Der Spiegel.

The hacker built an application that could record the six-digit PIN users type in to log in to the eID on their smartphones. To aid the process, he used the official eID app code, which is available online as open-source software.

The malware could be installed on the user’s smartphone through Trojan software that gives access to the entire smartphone, similar to the ones used by certain governments to target dissidents and journalists. Alternatively, cybercriminals could also place the malware by tricking a user into downloading a fraudulent app from an app store.

Once they gain access to the digital ID, malicious actors could log the user into a fake eID app account as well as intercept data used to log into other eID services, including government services, eHealth platforms and banking systems, according to the hacker who published an analysis of the attack.

CtrlAlt says he informed Germany’s Federal Office for Information Security (BSI) in December last year and that the agency has acknowledged the vulnerability. In a response to Der Spiegel, BSI said there is no evidence of specific attacks carried out and that it sees no reason for a change in risk assessment for using the eID.

United States, United Kingdom, Brazil, Mexico

After a pilot programme in Australia and New Zealand, Tinder will be expanding its identity verification feature to users in the United States, the United Kingdom, Brazil and Mexico.

The option aims to help users confirm the authenticity of profiles by verifying key information, such as date of birth and likeness, the dating app said.

The enhanced process will require users to submit a video selfie along with a valid driver’s licence or passport. The system will then check if the face in the video selfie matches both the photo on the ID and the person’s profile photos, as well as verify the date of birth on the ID.

Tinder said the additional step aims to create a safer and more secure environment for users when connecting with their matches.

Africa

Experts have called on African countries to embrace digital identification (ID) systems to unlock economic value equivalent to three to seven percent of their gross domestic product (GDP).

The call was made by statistics and data experts attending the 12th StatsTalk-Africa Webinar organised by the African Center for Statistics at the United Nations Economic Commission for Africa (UNECA).

Mactar Seck, chief of the Innovation and Technology Section at the UNECA, said digital ID can create economic value for countries primarily by enabling greater formalisation of economic flows, promoting inclusion of individuals in a range of services, and allowing incremental digitisation of sensitive interactions that require high levels of trust.

Global

Idemia Public Security (IPS) has been recognised as a Microsoft Entra Verified ID partner for remote onboarding. The biometrics arm of the recently-trisected digital identity and security firm will provide liveness and document verification technology for Microsoft Entra Verified ID, expanding on the two companies’ existing relationship.

Europe

Plans for a digital identity framework, already agreed between Parliament and Council, will be debated on Wednesday and put to a vote on Thursday.

The new Digital Identity Wallet will allow citizens to identify and authenticate themselves online without having to resort to commercial providers – a practice that aims to increase trust, bolster security and respect privacy concerns.

The EU wallet will be used on a voluntary basis. During negotiations with Council, MEPs secured provisions to safeguard citizens’ rights and to foster an inclusive digital system by avoiding discrimination against those opting not to use it.

Denmark

An update to Denmark’s digital ID platform MitID will enable the app to be activated on a new device without using a passport, an issue that has previously caused difficulties for foreign residents.

Changes to the MitID digital ID and its website counterpart MitID.dk have simplified verification of a user’s identity when installing the app on a new device.

MitID users who change phones or want to install the app on a backup device no longer have to use activation codes or scan their passport, the Agency for Digital Government (Digitalisaeringsstyrelsen) said in a statement.

The app can now be copied and activated from one smart phone or tablet to a second device by the simpler process of scanning a QR code. The code can be displayed in the user’s existing app and scanned using the new device.

The update increases security as well as ease of use because scanning the QR code requires the devices to be at the same physical location, according to the agency.

Have you seen our Digital ID Directory?

Are you attending our next Digital Identity for Government conference on May 8th?