Building identity (ID) assurance systems into "customer registration processes" could help businesses cut the cost of fraud, a UK government minister has said.
Francis Maude said the Cabinet Office is working with "like-minded organisations" to look into the potential for ID assurance services to be used more extensively in the private sector.
The UK government has already developed an ID assurance framework called "Verify" that enables government bodies to rely on third party verifications of individuals' identities when those individuals interact with online government services. Verify has not yet been fully developed but is being tested by users of some online government services, such as services that allow individuals to check or update their company car tax or claim a redundancy or insolvency payment.
The Verify system enables users of government services online to avoid having to input information that can be used to verify their identity each time they wish to use one of those services. Instead, they can select an identity (ID) assurance provider to verify their details with the government service provider on their behalf after an initial verification exercise. Digidentity and Experian are currently the only certified providers, although Mydex, the Post Office and Verizon are scheduled to "join in due course", Maude said.
"Government is the first customer for this federated model of certified identity assurance providers – but there is potential demand way beyond the public sector," Maude said. "Customer registration processes in banking, insurance, transport and retail can all be improved – and fraud reduced – through a trustworthy and convenient digital identity assurance infrastructure."
"Digital identity can reduce the need for large amounts of personal information to be shared and stored by organisations. Instead information provided is quickly checked with the original data source," he said.
Maude also said that regulated businesses, such as those in financial services, could meet their 'know your customer' (KYC) obligations by recognising "a digital identity that meets government agreed standards".
However, financial services litigation and compliance expert Michael Ruck of Pinsent Masons, the law firm behind Out-Law.com, said that although regulated firms can rely on third parties' due diligence, the approach carries risk as "responsibility and any liability for failures remain" with those regulated businesses.
"The bank, or any other regulated firm, can rely on third party checks but this does not escape any liability on the bank’s behalf," Ruck said. "Therefore any such reliance would require the bank to check, observe and review the activities of any such third party and be sure that it was conducting the appropriate due diligence."
In his speech, Maude identified problems with relying on user passwords to open up services and said ID assurance can offer the secure and convenient services online consumers want.
"The best digital services put the needs and requirements of the people that use them first," Muade said. "It shouldn’t be any different for identity assurance. The internet is a fundamental part of everyday life, so internet security needs to be easy and convenient, helping us to go about our lives online safely, but without getting in the way."
"It’s about finding the right balance between usability and security. If we can find a happy medium, then we can strengthen trust, without diluting the qualities of speed, convenience and choice that make digital services so appealing in the first place," he said.
Copyright © 2015, Out-Law.com
Out-Law.com is part of international law firm Pinsent Masons.