By S de Labriolle on Monday, 18 November 2019
Category: Blog

Digital Identity and the Rise of Mobile ID

How to address the challenge of enabling the delivery of trusted mobile ID that’s secure, convenient, and easy for citizens to use

Digital identity sits at the heart of economic and social transformation. Around the globe, governments are busy fast-tracking the delivery of streamlined e-services that touch every aspect of people’s lives – from paying tax to accessing healthcare and education.

Meanwhile, more and more of us are taking advantage of 24x7 connectivity to manage our bank accounts, buy goods and services, consume entertainment and undertake a plethora of other online activities. Little wonder that with the increase of ID theft and cyber criminality, the demand for high assurance and secure digital ID is accelerating.

This is also particularly true in emerging economies. Here, a digital ID would enable governments to accelerate the provision of national ID – and by extension, financial and social inclusion – to the many millions who currently lack a legal identity today. And with smartphone ownership in developing countries rapidly rising and catching up with the rest of the world, the opportunities to leverage the mobile channel are considerable.

Figure 1: The smartphone - a key enabler for the digital economy (source: GSMA)

In an effort to address both digital and real-world ID requirements, eDocuments are already becoming ‘phygital’ credentials – featuring physical components for face-to-face ID verification and a chip for remote ID or document verification.

As the market evolves over the coming years, it will move rapidly from a ‘card first and mobile companion’ landscape to a world where digital takes precedence. The physical card or document will still be with us, but it will move to support the digital tokens used to manage proof of identity.

The power of mobile ID

 

Mobile ID is a powerful proposition, offering both users and organisations the best of all worlds. It brings unprecedented levels of convenience when it comes to online identity verification and authentication, and comes with the assurance to be able to prove who we are whenever we need so, indeed few of us leave our homes without our phones! Not only is mobile ID convenient, it also offers an additional level of security by enabling advanced security measures with  what we call multifactor authentication  (something you have, your smartphone, and something you know, your PIN code for instance) and even offers the opportunity to further authenticate the individual using their biometric characteristics (something you are – finger print or face recognition). Of keen interest from a financial and operational perspective, mobile ID also offers a high level of return on investment for governments as it lower administrative expenses, prevent from fraud and abuse and reduce the administrative cost associated to lost physical ID documents and forgotten passwords.

 

Developing trusted mobile ID

How then, can we create a trusted mobile identity that offers smooth and seamless registration without jeopardising security?

Enrolment is the first critical step, and it can be done face-to-face by local entities and private partners, or through remote onboarding scenarios. With this latter option offering the most risk, it makes sense that remote enrolment is based on a foundational, government-derived identity.

Here are the options:

1. Non-electronic document

In countries where no electronic documents have been deployed, the latest ID attribute capture and biometric technologies allow governments to leverage existing non-electronic (physical) documents. Here, thanks to the quality of onboard cameras, users simply download the government issued mobile ID app (available from an app store) and take a picture of their physical ID documents with their smartphone. This is automatically scanned and matched to authenticate the document. The user’s selfie is then compared with the picture on the physical document and the identification process is complete.

2. Biometric database

Should a biometric database be available, users simply download the government-issued mobile ID app and enter their unique ID number. Document scanning and selfies could also be used here. The ID number, document scan and selfie are then compared with the biometric database for 1:1 matching. Such process is often used in the US for instance, with match on Department of Motor Vehicles (DMV) database server, to enable citizens to enrol to their mobile driver license app remotely.

3. ICAO eDocument

Here, governments can leverage electronic ID documents already in the field to facilitate onboarding.

In the case of ICAO documents, such as an ePassport or a biometric eID card, citizens can use their Near Field Communication (NFC) enabled phone to read the ICAO eDoc chip, before taking a selfie which will be compared with biometric data securely stored on the eDoc to ensure a match-on-card.

This option has the advantage of providing the highest level of identification assurance. Not only is it secure, it’s also smooth and convenient. And with the vast majority of new smartphones featuring NFC connectivity –– we’re likely to see high adoption of this mobile ID onboarding scenario.   

In some parts of the world, most notably in the European Union (EU) and the Economic Community of West African States (ECOWAS), regulations have been brought forward to facilitate seamless onboarding and the adoption of a mobile ID companion.   

In the EU, new regulation to improve the security of ID cards and residence documents will see identity cards produced in a uniform credit card format. The cards, which will utilize ICAO security standards, will include a machine-readable zone, a photo and two fingerprints of the cardholder. All of which will be stored in a digital format on a contactless chip. This move to contactless eID cards will enable EU citizens to easily register for mobile ID, using their ICAO eID card to activate their mobile ID for the first time and enrol.

Likewise, in Africa, the 15 countries making up the ECOWAS are also leveraging ICAO eID cards to facilitate cross border travel between member states. Here, the combination of contactless functionality and facial recognition makes the ECOWAS eID card incredibly quick and easy to use not only for border crossing but also for mobile ID registration.

 

The digitalisation of documents at large

In a world where digital technologies are changing every aspect of our lives, one thing is for sure: the digitalization of ID documents is a trend impacting every official document issuer and all sectors – from ID and healthcare cards, to driver licenses and travel credentials. All of which already start having or will soon have a digital mobile version.

Driver licenses have been one of the first documents making the transition from card to digital mobile application. Here, the citizen’s data is held on a secure app on the user’s phone, and can contain all key information – name, age, address, organ donor status, photo ID, licenses to drive and changes in driving status etc…. Many mobile driver license pilots are taking place around the world, and the tremendous benefits a mobile based digital credential bring to all parties make this trend unstoppable.

Here, interoperability is crucial to ensure licences can be recognised and read by law enforcement agencies when drivers are driving abroad. ISO standards are currently being defined and should be published by the end of 2020. 

When it comes to international air and sea travel, behaviours and expectations are also changing. Increasing traffic volume is putting pressure on government authorities and the airline industry as whole to facilitate seamless border crossing – without compromising security and while achieving interoperability.

Taking this challenge into consideration, ICAO’s New Technologies Working Group (NTWG) established a specialized sub-group to begin work on standardizing a mobile-based digital travel credential (DTC).

This next generation ‘virtual credential’ aims to enable document-free travel between participating countries. Data will be securely stored in the mobile device as a companion to the physical ePassport document. Alternatively, data can be hosted in the cloud and accessed via biometric authentication. Featuring multi-tiered authentication, passport data alongside biometric identifiers generate advanced passenger information that can be biometrically authenticated at check-in or when booking. Not only does this drive frictionless experiences for the traveller, it increases security and eliminates the issues relating to lost or stolen documentation.

 

Addressing the remote yet trusted Mobile ID onboarding challenge

 

As we have seen, there are multiple ways of enrolling citizens into a next generation mobile ID scheme – taking advantage of foundational identity to provide citizens with a secure and easy way to prove they are who they claim to be, to access services in the online and ‘real world’.

The latest initiatives in the EU and ECOWAS are significant. They are preparing the way for the large scale adoption of mobile ID by facilitating a secure remote onboarding process for citizens, and utilizing a contactless ICAO eID card with biometric features, to create a trusted mobile ID.

Making life easier and more secure for people, mobile ID can be used to replace a user’s personal passwords, protect their access to medical records, sign their online transactions, and ensure their digital identity is not abused or stolen. Similarly, mobile based digital ID makes it easy for governments to respond to citizen demands for frictionless access to – and authentication – of a range of ID credentials. Everything from digital driver’s licenses to proof of national ID, proof of residency or travel and visa permits. And the technology platforms are now in place to make all this a reality.