Consumer ‘Education’ and ISO Standards Will Drive Digital ID Adoption

A quick glance at any online discussion board reveals the challenges confronting digital identity, and why we’re so wedded to the plastic driver’s licenses in our wallets.

“People say, ‘I don’t like Big Tech getting involved in this at all,’” Tom Donovan, principal solution consultant at ACI Worldwide, told PYMNTS. “They don’t want to give their data to Apple, and they don’t want to give it to Google,” he added, noting that consumers are worried about data security — and feel a bit more reassured by holding that physical license in their hands.

But as Donovan noted, provisioning digital versions of government-issued IDs can actually keep critical data secure, while verifying holders in real time across a variety of use cases well beyond the traffic stop or checking in at the airport.

“The methods of putting your digital IDs on those devices,” he told PYMNTS, “are simpler than the ones done through other apps.”

Limited Rollouts

Thus far, the rollouts have been limited in scope. Apple has pushed digital IDs forward a bit, having launched in Arizona and in Maryland. Digital IDs loaded into the company’s wallet, presented on iPhones or Apple Watches at TSA checkpoints at airports can verify users. Another 10 states are coming on board with similar Apple partnerships. Google’s multipurpose digital wallet will also support digital IDs.

As Donovan said, on the consumer side of the equation, “there are fundamental misconceptions about how this process would work” as they verify themselves across various in-app interactions. There needs to be more education about what data is being collected, why, and how it’s all being used.

Though some individuals are hesitant to share any of their personal details there’s a complex process playing out in the background that is actually more secure than many consumers might realize. The individual who adds their digital ID to a mobile wallet is in fact entrusting their information to a standardized ISO format (specifically, ISO 18013-5) that has been developed and formally published here in the states.

That standard, he said, governs the three-party “system” that has to be in agreement any time a digital ID is presented and verified — including the issuing authority (such as the state of Arizona), the relying party (the liquor store, for example) and the actual license holder.

“Any time that data is shared between the license holder and the person who needs to scan that license there, there’s the requirement that that biometric authentication or some other form of authentication is given,” said Donovan. Simply put, the would-be thief who pilfers a phone and might try to extract a mobile ID would be unable to do so — because access has to be granted in real time through a passcode, a fingerprint or a face scan.

“When you show people how this actually all works,” he said, “it makes them more likely to go through the provisioning and enrollment process.”

Looking ahead, he said the ISO standard can be used for a variety of other documents and use cases that extend well beyond the presentment of digital licenses — because the information that is shared is limited solely to what’s needed for a transaction. APIs enable app developers to digitally access data held on IDs to conduct other activities (and across other apps), such as renting a car.

In another scenario, as Donovan offered: “If you’re making an age-restricted purchase, such as alcohol, whoever you’re buying from — they probably don’t need to know your name or eye color.” All the enterprise needs to know is whether the consumer is at least 21 years of age — and only that piece of data will be offered, analyzed and verified.

“This helps keep the rest of your data secure,” said Donovan.

It’ll take a while for digital IDs to become ubiquitous, said Donovan, to be as commonplace as holding a plastic license in one’s wallet. Infrastructure is time consuming and costly to build but the path is becoming clearer. An increasing number of states launch their own digital ID initiatives, he said, “now that there’s one standardized approach — and both of the major smartphone platforms are on board,” said Donovan.