Taiwan
Taiwan has issued fresh guidelines for digital identity verification to make it easier for financial institutions to verify customer identities and reduce risk.
Taiwan’s Financial Supervisory Commission (FSC) guidelines instruct companies to self-assess appropriate identity authentication methods according to risk and apply to regulators for trial implementation.
Previous security control regulations imposed strict rules on adopting new technologies for digital identity verification, trade publication Regulation Asia reports, via Biometric Update. In the past, each part of the financial industry had different security control benchmarks, and introducing new verification methods and scenarios meant formulating new standards for each one.
The FSC will allow for more flexibility, so companies can implement new verification technology without waiting for standards or regulations to be revised. The decision to relax the rules will accelerate innovation in the financial industry, the agency said. Financial industry associations should also provide flexibility for businesses to establish their internal standards for digital identity verification
Canada
Canada-based fraud detection company Paays has partnered with UK-based digital identity company Yoti to minimise identity fraud in auto financing.
The partnership aims to integrate Yoti’s identity verification technology with Paays ID Verifier solution to improve customer experience, reinforce identity checks, and mitigate the risk of fraud in auto finance applications.
Paays’ ID Verifier facilitates online identity verification for auto dealers and lenders, eliminating reliance on physical documents. This can result in quicker lending decisions and a reduction in paperwork through the implementation of digital solutions. Yoti’s identity verification technology enables Paays’ customers to validate individuals’ identities in real time via a secure online mechanism.
India
An anonymous hacker claims to have breached the digital ID numbers, as well as other sensitive personal data, of around 815 million Indian citizens. That’s more than 60 percent of the 1.3 billion Indian people enrolled in the government’s Aadhaar biometric digital identity program, and roughly 10% of the entire global population.
The personal data of hundreds of millions of Indians are now up for grabs on the dark web, for as little as $80,000.
To register for an Aadhaar card, Indian residents have to provide basic demographic information, including name, date of birth, age, address and gender, as well as biometric information, including ten fingerprints, two eyeball scans and a facial photograph. Much of that data has apparently been compromised.
Media reports suggest that the source of the leak was the Covid-19 test data of the Indian Council of Medical Research (ICMR), which is linked to each individual’s Aadhaar number.
Australia
Thousands of MyGov accounts are being suspended each month out of concern they’ve been breached via “scam-in-a-box” kits being sold by criminals on the dark web, reports The Guardian.
The products were being used to create fake websites and provide the specialist knowledge required to launch phishing attacks on Centrelink, Australian Tax Office and Medicare accounts.
So far this year, more than 4,500 MyGov scams have been confirmed, with thousands of accounts suspended each month due to suspected fraud.
In some cases, the kits come with security controls and allow criminals to run multiple scams at once, before quickly closing them to avoid detection. Some can identify when they’re being used by more IT-savvy users, and direct them to the official MyGov website. Many fake websites are almost identical to the real version.
Germany
German teleco Deutsche Telekom has announced two new customers for its digital identity wallet.
The company’s subsidiary T-Systems will supply the ID wallet for Gaia-X Federation Services, a major European initiative for trusted data sharing. The wallet was commissioned by the German trade group eco – Association of the Internet Industry and the Federal Ministry for Economic Affairs and Climate Action.
The service will be available to the Gaia-X at the beginning of next year. Self-sovereign identity (SSI) technology plays a role in the wallet with users in control of their digital ID credentials, the company says in a release.
T-Systems is also collaborating with its development partner, German digital identity company Verimi, to develop a proof-of-concept ID wallet for tax consultants on behalf of software company Datev which provides services for auditors, lawyers and taxation experts.
Australia / Brazil
Users of professional networking platform LinkedIn in Australia and Brazil will have their identify verified using ID authentication software from US selfie biometrics provider Persona.
This follows a partnership entered into between the digital ID technology provider and the Microsoft-owned social media company, per a joint announcement.
The partnership will also enable LinkedIn users in these two countries add authenticity to their accounts, to render them more trustworthy. A post on LinkedIn’s website about how the ID verification will work makes clear that Persona processes selfie biometrics, but the social media platform does not itself collect any biometric data.
Scotland
The police in Scotland have tripled the use of retrospective facial recognition over the last five years jumping from just under 1,300 in 2018 to nearly 4,000 in 2022.
The rising trend has continued during 2023 with more than 2,000 searches carried out in the first four months of the year, according to data obtained by a freedom of information request by UK investigative journalism organisations Liberty Investigates and The Ferret.
The Scottish police ranks fourth in the use of the technology in the UK. The leader is the London Metropolitan Police which accounted for 30 percent or 27,677 searches last year.
Canada
In its latest Public Trust Forum Report, the Digital ID and Authentication Council of Canada (DIACC) says hesitations about digital trust capabilities are partly the result of a gap in education around biometrics and digital identity, and partly due to missing or incomplete trust frameworks.
In a release, DIACC President Joni Brennan says concerns about data privacy, biometric security and potential misuse of personal information are understandable. “People should rightly be concerned because there are often no easily understood rules around where their personal data lives, who owns it, or how others use it,” says Brennan. “In today’s digital world, trust remains at a premium, and the importance of identity verification is at an all-time high.”
However, the report says there will never be buy in from all people when it comes to digital ID.
“Don’t wait for a universal public consensus on adopting digital trust capabilities because it will never come,” reads the report. “Use of government-issued digital credentials must be voluntary. Commit and message that public adoption is voluntary. Individuals may choose to use digital trust services or not.”
Global
Global background screening firm Certn has acquired Trustmatic, a Europe-based remote identity verification company. Trustmatic’s identity verification technology consists of identity document reading and authentication, face liveness detection, and biometrics. Trustmatic’s service is entirely automated, which, similar to Certn’s AI-powered products, results in cost and time savings for clients. The service is ISO 27001-certified and suitable for global KYC requirements.
Europe
The European Parliament and the Council of the EU have reached an agreement on a new framework for European digital identity, including regulation on digital ID wallets.
This concludes the two legislative bodies’ work to implement results of the provisional political agreement reached in June around a legal framework for a trusted and secure digital identity for all Europeans.
Under the new eIDAS 2.0 regulations, the EU Digital Identity Wallet will have extensive applications across public and private enterprise, supporting the EU in meeting its 2030 targets for the digitization of public services. With the full guarantee of EU law, wallet holders throughout Europe can use their linked digital ID to open bank accounts and make payments, store digital ID and biometric documents such as mobile driver’s licences or professional certifications, and expedite services in travel, healthcare and other areas of life. Significantly, the regulation makes it mandatory for so-called Very Large Online Platforms (such as Amazon, Google and Booking.com) to accept the EU Digital ID Wallet for login. The Commission’s release implies that this is a potential model for smaller companies, for which the features and specs of the wallet could boost both competitiveness and compliance.
Crucial to the wallet system is the user’s ability to choose whether or not to share personal data, and what data is shared in specific cases. In terms of UX, the wallet’s dashboard promises the ability to monitor transactions and report privacy violations, and to allow interaction between wallets with consent. E-signature capability will be free for personal use.
Sweden / Finland
Additionally, Yubico has joined a European Union large-scale pilot program concerning the EU Digital Identity wallet. Its involvement comes after an invitation by an “associate partner” to partake in the EWC pilot, steered by Swedish government agencies and coordinated by the Finnish Ministry of Finance. The pilot aims at developing an organisational wallet enabling shared control among various parties, with a demonstration video showcasing how a passkey for the digital wallet can be stored in Yubico’s USB keys.
In its pilot, Yubico, alongside GUnet (Greek Universities Network) and other networks, endeavors to exhibit an ARF-compliant wallet architecture independent of major phone and platform providers while ensuring security and ease of use. The integration of FIDO-based authentication and encryption, a global open standard, is central to this initiative. FIDO security keys, like those provided by Yubico, play a vital role in securing identity wallets by enabling encryption and decryption of wallet contents.
Yubico said it aims to help create a wallet for shared control use cases, like organizational or legal person wallets, with a broader vision of fostering more use cases across government and commercial sectors by 2026.
Jordan
Jordan said it aims to activate 1 million digital IDs by the end of the year.
As of the end of August, 500,000 citizens were using their digital IDs to access government services, and the nation hopes to have 3.5 million citizens using digital IDs to access public services by 2025.
Global
Digital ID verification company IDVerse (previously known as OCR Labs Global) has joined the Mastercard Engage partner programme to offer an automated identity verification solution to Mastercard customers.
IDVerse’s technology enables Mastercard to reach a wider range of connected devices by reducing AI technology bias towards newer devices and operating systems. IDVerse is taking the lead in training deep neural network systems through generative AI, actively combating discrimination based on race, age, and gender – while staying ahead of global fraud trends such as synthetic media and deepfakes.
Denmark
Nexi has sold its Nordic eID business to French digital ID firm IN Groupe for up to €127.5 million.
The sale comprises an array of trust services in Nordics and key parts of the eID infrastructure in Denmark, MitID and NemLog-in, which serves as a personal entrance key to both the public sector and most parts of the private sector, including banks and corporates.
The sell off is part of a commitment by Nexi to rationalise its operations and contentrate purely on its core digital payments business.
Lithuania
Lithuania has updated the directive for issuing digital permits for temporary residence refugees seeking shelter from the war in Ukraine.
The Lithuanian Minister of Internal Affairs noted that from now on when verifying the authenticity and validity of permits on the Migration Department’s website, migracija.lt, users will now have access to the personal and other data and a visual representation of the foreigner’s face displayed on the screen, SchengenVisaInfo.com reports.
