Ruth Milligan is the Head of Financial Services and Payments at techUK
If we think about what the growth of tech has been about since we all woke up to a ‘wide-web’ world, one word underpins it all: connection. And with the advent of open banking, the number of ways we can connect to our personal bank accounts will multiply.
Current security measures are clunky and outdated
In all our financial dealings, we must prove who we are. Currently, to open a new account, we start from scratch – often with copies of passports, proof of address, etc. We then have a proliferation of passwords and authentication devices to re-prove our identity each time we use a service. In a digital world, this is becoming archaic and highly open to fraud.
As argued in techUK’s Digital ID White Paper, there is an urgent need in the UK, for a digital identity market, in which providers can do away with current complexities and offer seamless, digital methods of identity.
Moreover, this should span both the public and private spheres, allowing us to pay our taxes, deal with our local authority and access our private financial lives.
For such a system to function, private sector providers must have access to passport and DVLA records to verify identities. Most importantly, these IDs would be interoperable – we must avoid unconnected, stand-alone systems, which would cause confusion among citizens, inefficiency and loss of opportunity.
The route to digital IDs in the UK
The UK is a market leader in financial services and security technologies. We are ideally placed to drive digital identity technologies, authentication techniques and standards and to export them overseas.
Much work has already been done in multiple fora. Solutions can begin with consumer IDs and develop them to encompass business-to-business. These additional capabilities can position the UK as the global hub of digital trust and reinforce our dominance in global professional services.
What is now required is for all the players who have made such progress to collaborate.
Establishing global standards for digital identities
One of the first steps is to establish a set of overriding standards, set and overseen by a trusted independent authority. The current Good Practice Guide 45 (GPG45), produced by the Government Digital Service, is an excellent basis. Any company wishing to provide identities would have to comply – and, ideally, receive a trust-mark.
Different areas of life require different levels of proof of identity; that is a complexity that must of course be addressed. To obtain a mortgage, I need to provide more information than I do, for example, to buy alcohol. If, therefore, I approach a mortgage application with a basic-level ID, further details would be asked to enhance that ID, compliant with AML/KYC requirements. Crucially, however, the details already there would not have to be re-verified.
Clearly a system of trust and liability would also be required, possibly based on a contributory liability insurance scheme.
Many people in the UK do not have the requisite proofs to enable them to access all financial products – so-called ‘thin-file’ applicants. This can also be addressed by allowing people to augment their ID level through other attributes. Schemes are already being trialed within local authorities to ‘build- up’ identity files, using a wide range of attributes, such as education history, housing records or proof of rent and other regular payments.
techUK is now establishing cross-sector, collaborative working groups to push these aims forward: we encourage all those working towards this vision to get involved!