Personal Identity Instruments
Today our personal identity is collected, captured and rendered by identity-issuing institutions. The plastic card is the common format used to convey that a trusted institution has certified your identity. However, we all know that this trust model is plagued with fraud issues.
The most common personal identity instrument, the plastic driver’s license, is easily counterfeited — so much so that 39 U.S. states recognized the issue as a pervasive problem. The Center for Immigration Studies also recognized that fraudulent licenses are an easy way for illegal aliens to break the law.
Technology vendors and identity-issuing institutions continue to explore new approaches to make identity fraud more difficult and keep personal identification documents safe, secure and authentic. As history has proven, sometimes the simplest policy change is difficult to execute given our existing paper/plastic identity document model. Recently, several state agencies have decided to go mobile by declaring their intentions to move driver’s licenses to a digital format on your smartphone, according to Move Magazine.
As the shift from paper and plastic to digital identity instruments evolves and matures, there will be pilot projects that are still haunted by security concerns in our current model. Yet these approaches only claim to carry the same level of trust and security as our current physical instruments, the driver’s license and ID card.
It’s time to rethink the construction and issuing of personal identity documents by leveraging mobile devices to make digital identification documents the center of your identity.
Digital Identification Documents
Academic institutions, government agencies and even retail companies rely on card data element standards such as ISO 18013 to provide guidelines for the content and formatting of data stored on machine-readable personal identification instruments. These identity-issuing institutions will expect the same level of industry consistency when they move to mobile devices. But individuals have their own set of requirements around digital identification documents — namely instant access, availability and reliability.
To achieve such expectations, we must rethink the entire life cycle of personal identification documents. This new era of digital identification must address transitions across the personal identity ecosystem:
- Issuing institutions need to manage the life cycle of identification documents in a cost-effective manner while also considering governance processes, user convenience, fraud protection and privacy.
- Identity documents need to be safe, authentic, secure and accurate.
- Owners need a convenient mobile offering for their identity documents that safeguards privacy, is secure and provides control over releasing identity information to others.
- Verifiers need an efficient and secure manner to verify the authenticity of the identity document and obtain information from that document.
This shift requires new technologies to address the issuing, managing and challenging of digital identification documents. This includes offering:
- Protection against fraud, tampering and counterfeiting;
- Prevention of fake IDs;
- Reductions in human errors during validation and governance tasks;
- Prevention of privacy threats and theft; and
- Face-to-face identity validation, which reduces broadband dependencies.
Business processes and workflows will be impacted by a move to digital identification documents. There are a number of steps in the typical life cycle that can benefit from the switch:
- The layout and design of digital identification documents can be created, reviewed and modified quickly and easily.
- The appearance of existing digital identification documents can be modified and distributed. You can update digital identification documents systemwide all at once.
- New digital identification documents are generated and pushed out to the owner’s device immediately. There’s no need to create, print and mail a plastic card.
- Multiple copies of the same digital identification document can be used. An identity owner can have a copy on all registered devices.
- Digital identification documents can be quickly and easily replaced if a mobile device is lost or stolen.
- Digital identification documents can be revoked and purged from a device.
An Aberrant Approach
Organizations are attempting to rethink solutions for the personal identity ecosystem. To get started on a mobile identity strategy, IBM recommends that identity-issuing institutions:
- Perform a costs analysis of the design, production and delivery of cards today. This should include assessing the ecosystem of providers and dependencies.
- Identify the operational assumptions for the tactical period where both paper/plastic and mobile identity options are available.
- Spend time examining verifier procedures for the handling of physical cards and mobile IDs.
- Speak with ecosystem members (e.g., insurance providers, vehicle registration bodies, etc.) to understand how they are proceeding since the pace of adoption will also impact them.
- Consider a tactical business model for a digital identification document solution. For example, analogous to vanity plates, mobile convenience could be handled as an uplift to offset initial adoption risks and budgetary shortfalls.
- Approach this technology shift in phases with focused pilots.
Distinguished Engineer and Client Innovation Advocate, IBM