Embracing Digital ID the Right Way with Interac

By replacing physical identification such as passports with digital variants, entire new ecosystems of access, security, and convenience can be unlocked.

Identity is the crux of modern society. Take a moment to consider the number of routine identity authentication touchpoints in our daily lives, whether it’s smaller checks such as logging into an email account, or larger verifications involving transactions like banking and accessing government services. These activities are typically protected by a password or maybe even a biometric gate like a fingerprint or a facial scan, however, more antiquated verifications such as flashing a piece of physical ID are often still required.

In a connected world where faces unlock phones and AI is capable of building more AI, carrying a physical, replicable plastic ID sounds decidedly obsolete. Look at it like this: The first true passport was referenced in 1414, and over 600 years later, almost every traveler in the world is still using a version of it to move between borders. Other industries have evolved at a slightly faster pace—the printing press was invented 600 years ago, but now we have access to digital advancements including voice-to-text software and AI capable of writing news articles.

Digital ID promises to bring our physical documents into the 21st century. In practice, digital ID is an extension of current physical ID documents such as driver’s licenses, passports, and bank cards, but which offers individuals more privacy and control over how their information is used and shared, while at the same time eliminating threats associated with physical ID documents such as theft and counterfeiting.

Current forms of digital ID are largely based on social media logins. Billions of people verify themselves through connected Facebook, Twitter, or Gmail profiles. This basic form of digital ID is unsafe as profiles are self-created and are not vetted. Simplifying ID checks in this way, along with other external factors, has led to a 33% annual growth in identity theft in Canada, according to a recent Digital Identity report from Interac.

Citizens are even resorting to risky methods to prove identity. According to another recent Interac study, Trust and Identity in a Digital World, nearly half of all respondents have taken a picture of their ID to store it, despite realizing that the act itself is unsafe and could lead to fraud.

“With so much of our economy now reliant on digitally-based transactions–and with this proportion growing continually–it is essential to address these problems now,” reads the Digital Identity report. “Reaping the full benefits of a twenty-first-century economy will only be possible if we create digital identity and authentication methods that are highly secure, ubiquitous, and convenient.”

The path towards Digital ID

The public is ready for more convenient, digital options to manage their identity documents online and on their mobile device. Close to nine out of 10 Canadians feel a digital version of a driver’s license, passport or health card would be more convenient than a physical one in at least one case, according to the Interac study.

Neil Butters, AVP, Digital ID and Innovation at Interac realizes that advances in the field “will take some time, as we are in the very early days of digital ID.” Despite that, the company is one of the most well-placed to lend their voice and research to the study and application of digital ID.

“Our way of thinking is you should be able to use digital variants or evidence of ID, whether it’s a drivers license, passport, or something else, to assert your ID and provide the necessary information a government, bank or any other organization needs to prove identity,” says Butters.

As a leading payment network facilitating hundreds of millions of transactions in Canada each year, secure authentication is a field Interac excels in, and as the most trusted financial services brand in Canada, Interac has emerged as a leading voice in the push for digital ID.

“Interac is a central intermediary,” Butters continues. “Our network includes over 250 financial institutions and provides Canadians with real-time access to their money through secure platforms. While most think of Interac as a payments company, the foundational technology behind our payments network, combined with the trust we have established with Canadians over our 35-year history, positions us well in the future to enable digital ID across a range of devices and platforms.”

The benefits of Digital ID

Digital ID has the potential to offer benefits to Canadians across a range of public and private sector use cases. Anytime someone interacts with government services, they usually must identify themselves: signing up for benefits, obtaining licenses and permits or checking into a hospital. The same is true in order to access things like insurance quotations or to apply for a loan. These checks could be reduced by hours or even days as the need to send physical copies of credentials is negated by digital ID.

The Digital Identity and Authentication Council of Canada (DIACC) has estimated that close to $500 million is lost each year in productivity due to a reliance on manual validation of identity. This comes from the lost time people spend needing to travel to an office to present documents in-person.

“A significant amount of time and energy is wasted in physically communicating sensitive information about yourself,” says Butters. “Relying parties such as government agencies, banks, utility providers and others should be able to validate your information digitally and enable you to pay for their services online securely and conveniently.”

Convenience is a benefit of digital ID, but the defining elements are security and privacy. Users often have to create multiple logins or email addresses just to access services, or even worse, hand over an entire piece of ID that lists non-relevant sensitive personal information. When purchasing controlled products such as alcohol, customers are often asked to hand over their entire ID when only age verification is required. By reducing identification to a binary process that simply confirms or disallows an action without any arbitrary information shared, security prevails.

“What we’re trying to do with these end-to-end digital experiences is provide convenience to the end-user while also raising the bar for security and privacy,” explains Butters. “There is an incredible amount of information that is being shared when it shouldn’t be. By streamlining that, it becomes a binary indicator: is the credential valid, and are you over the age threshold required. It’s as simple as that.”

Digital ID from the ground up

“I like to use an analogy—would you ever build a house without a foundation?” asks Butters. “We know what happens when there is no foundation and a storm comes along. The challenge we see relative to digital identity is that if you don’t build that foundation, you’re allowing bad actors to have a foothold where they shouldn’t be.”

In a report, Interac describes this as “designing with layers.” Once the foundation of identity is solidified, public and private sector entities can then quickly and easily verify information—are you old enough to buy alcohol? What is your social insurance number (SIN) to open this bank account? These attributes are only shared with the explicit consent of the citizen, passing each layer only if that consent is acknowledged and the information shared is secure.

“If you don’t get that first layer correct, everything built on top of that is a house of cards,” says Butters. “It is incredibly important to get foundational identity right to fully realize those end-to-end digital user experiences.”

That is the key differentiator of digital ID. Every layer of ID is built securely and controlled by the owner. Security via abstraction achieves this, ensuring citizens do not simply hand over digital versions of their entire passport, SIN, or birth certificate. Instead, the unique identifiers on a piece of ID are replaced with codes or tokens that change every time they are used.

Tokenization, as this process is called, is already used by Interac and others in the payments space. An identifying factor such as a debit card number is replaced by a randomly generated token, which is then used to complete the transaction. The same process can be applied to a passport or driver’s license numbers.

“User consent is incredibly important to get right,” says Butters. “Today there are all kinds of websites that use implied consent—you click once and the information you provide can be used and reused, which is not a good practice. The opportunity we see is that through strong authentication mechanisms, you raise the bar on non-repudiation and allow end-users to give consent on a binary level for only that transaction.”

Digital ID’s next steps

Realizing a comprehensive digital ID ecosystem requires the right leaders that embrace trust, ubiquity, and reach to step up. Even then, it cannot be one company controlling the rollout of digital ID. Implementing digital ID will require coordination between a large number and range of stakeholders, including governments and regulators, associations, banks, and financial institutions.

Interac recently announced the acquisition of Ottawa-based 2Keys, a national leader in enabling secure digital experiences for Canadian governments, financial institutions, and commercial clients. Interac sees the acquisition as a catalyst for the future of digital identity in Canada, as it continues to enhance its payment platforms and support new ways for Canadians to securely access and use their identity, data, and money with confidence and convenience.

Together, Interac and 2Keys will take a comprehensive approach to build digital ID solutions for the Canadian marketplace, including working with the public sector to digitize and strengthen existing pieces of identity as well as supporting the development and use of foundational, government-backed digital identity for new citizens.

Digital ID is about limiting access to unnecessary information. Those who need to verify themselves should only provide the exact necessary identity parameters. The selected parameters have to be abstracted to limit the risk of identity fraud and other breaches in security. Enabling and adopting digital ID is a logical next step, but it’s one that needs to be carefully considered and approached by the right partners.

Digital Magazine is an Official Media Partner of Interac