Technology and financial companies, including JPMorgan Chase & Co., Mastercard Inc., and Microsoft Corp., are pushing to accelerate digital identification systems, hoping to eradicate massive data breaches and overreliance on Social Security numbers.
The Better Identity Coalition, a coalition of the companies advocating for the technology, has nudged policymakers and floated possible measures for government action for months.
A new House bill, introduced Friday, would encourage development by creating an interagency task force, technology standards, and grants. Colorado also is leading the way, unveiling a state-authenticated, digital driver’s license stored in a mobile app.
Paperwork and aid applications for Covid-19 pandemic programs have added urgency to calls from financial services, technology, security, and healthcare companies to broaden digital identity adoption.
Companies and states are tinkering with different formats. If widely adopted, the technology could cut down on massive regulatory costs involved in identity verification and legal costs following breaches. But privacy concerns and issues surrounding technology standardization will have be resolved before widespread use.
The pandemic moved many ordinary transactions online, from commerce and lending to unemployment benefits and business formation. That trend has increased fraudulent activity, said Richard Bird, chief customer information officer at Ping Identity Holding Corp., a security software maker that’s part of the coalition.
Identity fraud losses pre-pandemic amounted to nearly $17 billion in 2019, with many instances tied to fraudulent account openings and takeovers, according to a 2020 report by Javelin Strategy & Research.
“We have all this stuff that’s moved to the digital, except for our identities, which is the big gap,” Bird said. Getting governments and businesses on the same page about accepting digital ID “has the potential to reduce the amount of overhead and manual processes,” he said.
It could also help curtail theft of government funds, such as the more than $550 million in Washington state unemployment benefits believed to have been siphoned off by a Nigerian crime ring during the pandemic, Bird said.
The coalition, whose members also include Equifax Inc., Norton LifeLock Inc., and Wells Fargo & Co., has maintained that state and federal governments must drive the initiative by providing digital formats of physical government-issued IDs such as driver’s licenses or passports.
“Government is the only authoritative provider of identity, but its systems are stuck in the paper and plastic world,” said Jeremy Grant, the coalition’s leader.
Colorado created a mobile app for digital driver’s licenses that are legally accepted for transactions in the state. Colorado had nearly 64,000 accounts using the digital ID app as of Sept. 8, and has seen a 6% to 7% monthly growth rate for new accounts since February, a state government spokeswoman said. Nearly 1,500 people have renewed their license through the app while many motor vehicle departments were shuttered during the pandemic.
But most states lack the resources to overhaul their information technology infrastructure to offer digital IDs, Grant said. The coalition estimates it would cost DMVs nationwide from $2.5 billion to $3 billion to offer digital IDs, Grant said.
The coalition has also supported privacy and cybersecurity standards and the interoperability needed to ensure digital IDs are accepted across borders and industries.
The bipartisan Improving Digital Identity Act, introduced Friday, aims to address some of the issues.
The legislation, spearheaded by Rep. Bill Foster (D-Ill.), would provide grants to states to implement digital IDs. It would create a group of state and federal policymakers, housed within the White House, to coordinate a national approach to digital identity for use in the public and private sectors. The National Institute of Standards and Technology (NIST) would be tasked with developing privacy and security standards for governments offering services for digital ID verification.
The legislation would also require, for the first time, a comprehensive review of all government regulations mandating the use of SSNs.
“So much of peoples’ daily lives are spent conducting business online—whether it’s banking, investing, shopping, or even communicating with doctors,” Foster said in an emailed statement. “It’s become vitally important to ramp up safeguards to protect against identity theft and fraud, so that both consumers and businesses can have confidence in online transactions and the peace-of-mind of protecting sensitive information.”
Given the legislative timing, the bill is unlikely to get enacted this year, although there has been a tremendous amount of interest in digital ID since the pandemic started, Grant said.
The legislation emphasizes the government sector but would “have a cascading effect” on industry, Bird said. “When you drive out doubt about the user and you’re certain they are who they say they are, I can guarantee you’ll begin to uncover all the other problems that are downstream in that particular issue,” he said.
The bill’s focus on privacy standards is critical, said Joe Stuntz, a former White House cyber and national security policy staffer and now director of federal and platform at Virtru, a digital privacy and encryption company.
The main concern is “linkage,” where people’s medical, financial, tax, education, location, and social media data could be interconnected, Stuntz said. The ability of organizations to have access to a single identity that taps into all those data pools, even for legitimate purposes, “is scary from a privacy perspective,” he said.
Digital ID creators need to balance efficiency and the ability to use the same credential in a way that halts oversharing and ensures anonymity, Stuntz said.
NIST has the expertise and prior experience to help find that balance, he said.
Creating digital IDs goes beyond replacing physical ones, said Christine Leong, global lead for decentralized identity and biometrics at Accenture.
Many regulations still require in-person interaction for identity verification, which is difficult when government agencies are shuttered or operating remotely, she said. The House legislation would push governments to think through some of those procedures, and whether they can be updated, Leong said.
Governments can also foster cross-sector collaboration, she said. A bank and a telecom company could use customer information to help one another authenticate the same person, she said.
“It isn’t something that one organization can necessarily do by themselves, because it requires everybody to accept it and to trust it,” Leong said.