Mobile ID combats fraud, gives holder control of personal data: USPF report

The U.S. Payments Forum (USPF) has published a new white paper entitled “The Role of Mobile IDs in Payments.” Authored by Teresa Wu and Annemarie Mattheyse of USPF member company Idemia and nine other identity and payments industry professionals, the paper “examines how government-issued mobile IDs (mID) which include mobile driver’s licenses (mDLs), can be leveraged in the payments ecosystem, both today and in the future as well as in-store and online, including examples of where digital identities and digital payment acceptance can potentially converge.”

The authors argue that limits on functionality have been problematic in early incarnations of mobile ID, but that “there is a global effort for more advanced approaches that would address some of the limitations of the physical forms of government-issued IDs.” On the question of mDLs, in particular, the paper cites the Transportation Security Administration’s (TSA) Identity Management Roadmap and its efforts to engage partners to enable biometric and digital identity deployments.

“The goal is to offer enhanced security, with strong cryptographic authentication of the mID, as well as interoperability and improvements in terms of privacy for the identity holder,” says the USPF. Strong cryptographic authentication makes it much more difficult to counterfeit mIDs and lessens reliance on manual checks. Other benefits include the ability to perform remote verification, the ability to be updated as needed in real time, and the option to share only data relevant to the transaction.

In looking at the benefits of mobile digital ID for payments, the paper also offers “an overview of the acceptance of mID transactions compliant with the 2021 ISO/IEC 18013-5 standard, which defines the technical and functional requirements for mDLs and mDL readers and focuses on in-person use cases, and introduces the draft ISO/IEC 18013-7 standard, in which mDL identity verification could be leveraged in online commerce and open new possibilities for remote verification of mIDs in the payment industry.”

Given a rising interest in digital IDs and mobile driver’s licenses in North America, payments stakeholders should “begin exploring how mIDs can be leveraged for payment scenarios as well as for other non-payment events, in person or online.”

New ISO/IEC standard in the works covers use of mIDs online

A potential game-changer for mobile IDs in payments is the draft ISO/IEC 18013-7 standard, which would “open the way to promising use cases in the payment and financial spaces, in which mDL identity verification could be leveraged in online commerce or could facilitate remote KYC to create a new account with a financial institution.”

Potential use cases listed in the paper include age verification for retail sales of age-restricted goods such as alcohol, tobacco or firearms; airport security; hotel check-in; car rentals; opening a bank account; ID verification for online gambling or sports betting; event ticketing and access control; and other examples across financial services, travel, hospitality, entertainment and public access.

Honing in on the payments ecosystem, the paper says that for verification, relying parties can leverage verification applications that can be standalone devices, mobile software loaded onto a phone, or built into point-of-sale (POS) systems and handheld scanners. Identity verification for buy-online, pick-up in-store (BOPIS) transactions and high value transactions is among the payment-specific benefits of mobile ID.

In addressing data privacy concerns, the paper notes data minimization and informed consent as fundamental considerations.

Point-of-sale remains pain point for payment transactions

In general, the future looks bright for digital ID in payments – but there are a few constraints, including a fairly typical communication breakdown with POS vendors. “At this time, with the exception of the mID reader itself, POS vendors have not received any direction about which data elements should be examined or stored, nor has there been any guidance from the payment networks about whether any data elements should be included in a payment transaction message,” says the paper.

“Due to the lack of definition of required data elements and policies, and as the issuance of mIDs increases along with the continued deployment of merchant mID readers, any POS integration would most likely require custom development work performed by or on behalf of the merchant.” Which is to say, for digital ID readers in POS, it’s still largely case-by-case.

‘Immense promise’ in digital ID and biometrics

The integration of biometrics and digital identity holds “immense promise for streamlining processes, enhancing security, and empowering individuals.” But it will take collaboration with industry and government partners to address key considerations, such as ethical considerations around bias and discrimination, audits and independent oversight mechanisms to ensure fairness and accountability, and international cooperation and harmonization of standards.

If that can be achieved, the authors say, the world will be ready to face the coming deluge of AI-assisted online fraud. “As the amount of fraud increases,” they write, “the appeal of standards-based digital identity solutions will only grow.”

Article Topics

biometrics  |  data privacy  |  digital ID  |  financial services  |  IDEMIA  |  identity verification  |  ISO 18013-5  |  ISO 18013-7  |  ISO standards  |  mDL (mobile driver's license)  |  Secure Technology Alliance