Guest post: Digital driver’s licences are a platform for a secure future

30/05/18

By Tiffany Conway, Director of Field Marketing, Government Programs, Gemalto

After several years of massive hacks or leaks of consumers’ personal data making headlines, secure identities can’t be taken for granted anymore.

Perhaps the most notable breach last year was Equifax’s loss of personal data for almost 145 million Americans. That put nearly half the US population’s identities at risk in one fell swoop, and now we’ve learned the damage may extend even further than first thought.

Unfortunately, 50% of Americans in a recent survey said they still haven’t checked their credit scores for signs of identity fraud since that breach. That underscores the need for more reliable, trustworthy ways to verify identities so that fraud prevention is built into credentials, rather than dependent on personal vigilance in reviewing one’s credit history.

Digital IDs Testing in the Field

Four U.S. states and the District of Columbia are now testing digital driver’s licenses that could offer a solution for protecting consumer identities against many types of identity fraud. In partnership with law enforcement, retailers and transportation officials, these tests will help gauge how effective DDLs are as a platform for secure identity verification in a variety of everyday situations.

DDLs are confirmed as authentic through a digital, cryptographic signature that only the issuing agency can add to the digital license – sort of like the holographic security markings on today’s plastic licenses. But if these digital security features are tampered with or faked, the digital verification process would immediately flag the fraudulent activity; further moving the burden of validation from human to technology.

That gives retailers, law enforcement or other organizations much-needed certainty that the person in front of them is who they claim to be. Since most of these organizations don’t need any highly specialized equipment to verify DDLs, security against fraud could be had without substantial investment on their part.

 

The DDLs being tested today function within a secure smartphone app. That means users need to enter a PIN or use their device’s biometric readers to unlock the app before they can initiate the sharing of information, adding another roadblock to identity fraud in a format that’s convenient and familiar to most Americans.

Sharing Information in Everyday Situations

DDL users can select the relevant information to display in different scenarios – proof of age verifications, for example – helping to limit the data that is shared and protect against physical identity theft. To sell you beer or wine at your local supermarket, the clerk only needs to verify your likeness to your DL photo and your age, so why should they also have access to your address, driver’s license number, height and weight, or even your organ donor status?

Once a DDL user chooses the relevant information to share, the app displays a QR code which a supermarket clerk can scan using a standard 2D barcode reader. This opens a one-way channel of communication between the app and the device verifying it, wherein the app sends the proof-of-age information and a photo of the user, along with the digital signature of authenticity issued by the DMV. This tells the supermarket computer that the digital license is authentic and offers an unmistakable yes-or-no answer to the question “is this person legally allowed to make this purchase?”

A “fake ID” scenario is easy to visualize because these types of ID checks are so commonplace, whether for age-restricted purchases or to ward off credit card fraud. But DDLs simplify the verification process and bring technological reliability, taking the responsibility off of humans who could easily mistake a falsified ID for a real one (or not verify the credential at all.)

Different circumstances call for DDL users to share specific types and amounts of information. While liquor stores or casinos need only confirm your age, a traffic cop will need access to your full license information and driver record. In both cases, the protection against fraud is a necessary assurance in an increasingly complex identity landscape.

Building on the platform

By its nature a DDL can securely store and selectively display lots of different information, making it a great platform for other identity verification needs.

In the future, secure, digital credentials could simplify things such as enrolling for health insurance. Like the DMVs participating in the DDL pilot, insurers would need to issue digital insurance cards paired with a unique digital signature. When healthcare providers register patients, they could scan a DDL to verify the validity of the patient’s insurance status and while automatically populating the patient’s required personal information from the DDL onto intake forms.

The DDL platform could also be used as a second factor authentication for online purchases, much like some online retailers today asking for your mobile number to send an “out-of-band” verification code via text message.

Rather than users receiving a non-secure SMS message with a PIN code that has to be entered into the site manually, the message could be securely delivered through DDL app, where users would be prompted to verify their identity with a fingerprint, offering peace of mind that they are in control of when and where their identity is being used – even on the web.

Upon confirmation, the DDL application could then seamlessly populate to the online retailer any information the user deems relevant like their name or home address. The increase in reliability of information with DMV-verified data and convenience for the user could make a big difference considering the number of online transactions being conducted today.

Ultimately, digital IDs can give consumers more control over their personal information. While today’s pilot tests are limited to interactions with retailers, law enforcement, airports, and government agencies, they’re proving the legitimacy of a digital ID as a secure way for consumers to store and access their identity information, while building the latest digital fraud prevention techniques into everyday situations.

Subscribe to our free newsletter
Follow us on Twitter
Join us on LinkedIn

Latest Features & Interviews

SDW 2018 Interview: secunet on EES

In this interview, Frank Steffens, Principal in the Homeland Security division of Germany’s secunet tells us about their approach to the biometric Entry/Exit System (EES) planned in Europe.

SDW 2018 Interview: Ixla

Company spotlights have been created to give firms operating in the secure documents and identity industry an opportunity to discuss trends, product innovations and achievements.

White paper: Gemalto - The paper elements of a passport

An expert’s guide to using the paper elements of a passport.

More articles >>
Share |

Sponsored Links

SDW Conference and Exhibition
SDW is a world-leading conference and exhibition providing a global showcase for next-generation secure credentialing solutions.