The Rise of Digital Identity Part 4: Future Digital Identity Solutions

The use of biometrics to perform identity checks has been around for a long time; for example where it is used by law enforcement agencies to record fingerprints of suspects or by border control to match facial images of people moving through airport security checkpoints. These types of scenarios are supported by specialist devices that provide captures of large high-resolution images, increasing matching capability and confidence.

The advent of highly powered personal devices with increasingly sophisticated cameras, microphones and GPS capabilities has provided the opportunity for self-service identity checks that can support true multi-factor authentication across a range of different form factors. This has resulted in many companies (such as Jumio, Onfido and iProov) providing mobile apps and SDKs which provide document verification checks (e.g. supporting passport and driving licence recognition and authenticity checks), facial capture and matching, and liveness checks (e.g. blinking, nodding etc.). This type of approach, coupled with additional data-based verification (e.g. passport validation, driving licence number checks, and verification of personal details such as name and address presence), provides strong digital identity-checking solutions.

Other companies in the market also support alternative biometric checks such as voice recognition, iris recognition, and even vein recognition. These can be used in combination with other authentication factors or alongside other biometric checks, for example, Monzo the challenger bank, provides self-service account registration for new customers using a combination of national ID checks, facial recognition, and liveness checks, and also capture voice footprint for subsequent verification checks. More recently, companies are also providing behavioural biometric solutions that can match an individual using attributes such as typing speed or mouse movement patterns, which provide a less intrusive and more seamless customer verification experience.

Biometrics as a form factor for digital identification provides stronger attribution to an individual due to its unique characteristics and is, therefore, less capable of impersonation, providing the means of capture is well controlled. To be effective, an individual, must be matched with a high level of confidence and without error. This is in part subject to the error thresholds imposed that determine acceptance and may give rise to false positives (where the subject has been incorrectly accepted) or false negatives (where the subject has been incorrectly rejected). An understanding of the trade-offs between these scenarios occurring is therefore important based on the organisation’s risk appetite in the context of what the user needs to do.

In terms of what this means for digital identity, the use of biometrics can occur at different stages of a user’s digital interaction. Like any of the forms of authentication, they must be verified against an authoritative known source.

Firstly, in terms of initially identifying and verifying an unknown individual for the first time, biometric verification can be used to support facial recognition against an authentic photo ID document, e.g. the photo of an individual on a passport or driving licence. Success for this initial process is subject to many factors surrounding the quality of the static image extracted and the selfie of the individual. This can be mitigated by performing quality checks as part of the process, or by using the stored high-resolution image on the passport chip if supported.

Secondly, once initial ID&V has been established, the individual can be prompted to provide additional biometric details which can be stored against their digital identity. This can include any biometric form factor providing there is the capability to use it in the future for verification, e.g., facial image, voice speech of a standard phrase, iris capture etc. Secure storage and management of special category data is critically important, and controls need to be established to ensure strict compliance needs are met. Once in place, an individual can quickly confirm their identity against the saved biometric. If necessary, this can be refreshed over time.

Correct use of biometrics in addition to document recognition as part of any identity checking is compelling: it allows for remote identification and verification without human intervention, reducing costs, providing an entirely self-service user journey and a fast and efficient experience. Success is heavily dependent on the technology options available and how they can meet the challenges inherent in the types of identity checks performed.

The Home Office published a Biometrics Strategy document in 2018, indicating their recognition of the use of biometrics for public sector services relating to law enforcement and security. Given the fast-moving nature of this space, it is expected this will adapt and evolve further over time.

Digital Identity is a necessity that allows people to transact and interact in what is now a fully online world covering personal and work environments. The COVID-19 pandemic has just accelerated a need and resulted in a faster and broader uptake across different demographics within the UK and Ireland.

The UK Government Digital Service (GDS) has initiated a multi-million pound project to deliver a native mobile app that will provide citizens with a ‘one stop shop’ to access services that span government departments. This will be designed to support mobile payments and scanning documents containing biometric chips and may be extended to incorporate forms of biometric authentication.

The Government has also established a set of new legislative measures. These include:

• A new Office for Digital Identities and Attributes (ODIA) with oversight of the new identity and trust attributes framework, and accrediting organisations against a standard
• Enablement of secure digital checks and identity verification by accredited organisations on behalf of public sector bodies
• Sharing of data by public bodies through the legal gateway

This further demonstrates the Government’s commitment to an area that it sees as the future for digital citizen enablement, ensuring citizens are engaged with the right level of trust and assurance.

The future of Digital Identity will only continue to evolve at a pace. Biometric technology and the devices which support verification will mature further and solutions may emerge using other technologies such as Blockchain to provide a distributed and decentralised digital identity model. Solutions will likely extend to other personal devices such as smart assistants (with use increasing significantly in the home), smartwatches and other wearables.

Data-driven intelligence and automation should underpin the digital identity solutions of the future. Analytics should be used to proactively mitigate risk, for example, by determining identification challenges according to the risk profile of an individual, and by analysing the outcomes of identification processes to further refine and strengthen solutions.

It is not inconceivable that before long, digital identity will be carried in person, with the individual, on a trusted device, and used to connect with the physical world to provide tailored real-world experiences relevant to their location and the context of what they are doing, e.g. recommendations and offers for preferred shops upon entry to a shopping centre where it recognises their presence.