User identity is the Achilles heel of the internet.
Proving who you are in the ever-growing digital world can require a mix of usernames, passwords, scanned documents, SMS codes and more. It’s cumbersome for consumers and a boon for cybercriminals.
In Australia, one in four people has been a victim of identity crime, according to the Australian Institute of Criminology, and the New Zealand Department of Internal Affairs estimates identity theft costs its economy upwards of NZ$200 million every year.
However, with billions of devices now connected to the internet, public and private sectors across the globe are tackling the problem through the introduction of robust, user-centric digital identity solutions.
Plenty of insurers are getting on board with the aim of improving the customer experience, but as digital IDs also apply to objects and assets, experts say they can help reduce the risk of fraud.
Digital IDs: Is it really you?
Digital IDs provide a single, streamlined way to prove identity for access to government and private-sector services, from selling a property to lodging an insurance claim.
They can include everything from bank account details to public transport passes, as well as verifiable credentials, such as vaccination records and university degrees.
Much of the digital ID technology already exists in the form of digital wallets, blockchain and biometrics like fingerprint readers, retinal scanning and facial recognition.
What’s been missing, however, is the ecosystem that brings the identifiable attributes together. That’s changing in countries across the globe.
In Australia, for instance, the federal government’s Digital Transformation Agency (DTA) has spent more than A$210 million developing a national digital ID program that allows single login access to government services such as Medicare and the Australian Taxation Office, and future expansion is expected to include private-sector organisations.
The European Commission recently proposed a framework for a European Digital Identity, which will allow all European Union citizens to prove their identity and share electronic documents from a European digital identity wallet stored on their phone.
In New Zealand, organisations such as Digital Identity NZ are assisting the government in developing a digital ID trust framework that will set the rules of engagement for all participants.
Insurance industry players are already tapping into digital ID programs in places such as Hong Kong, where digital life insurer Blue has adopted the government’s iAM Smart authentication method for selected insurance products.
Rather than uploading an image of their Hong Kong identity card when making a new online policy application, registered users can verify their identity via the iAM Smart mobile app.
Meanwhile, AIA Singapore recently became the first insurer in the city-state to connect to the government’s Singpass program, which enables users to access more than 1,400 government and private-sector services online and in person via their fingerprint, facial recognition or a six-digit passcode.
Melita Teo, AIA Singapore’s chief customer and digital officer, says the integration is part of the company’s broader digital transformation strategy.
‘It provides fast, secure and even more convenient customer experiences without compromising their data security, which is essential in an increasingly digital world.’
Power to the people
Michael Murphy, executive director of Digital Identity NZ, says the ultimate goal of digital identities is the creation of secure, user-centric, user-controlled data.
‘One of the biggest pains in applying for things like insurance, for example, is filling in all the paperwork,’ he says. ‘Imagine if all the information you needed was located on your phone.’
This is the convenience behind AIA’s integration of Sign with Singpass, which allows users to digitally sign an electronic document via the Singpass mobile app.
'This means customers can remotely authenticate and digitally sign new business applications — a valuable tool during COVID-19 lockdowns, says Teo.
‘We were fortunate that the hard work of setting up our digital ecosystem infrastructure had already been done pre-pandemic,’ she adds.
‘The integration further enhances remote authentication and boosts digital signing capabilities with biometric technology to accelerate our digitalisation.’
Insurers have always relied on data for risk assessment, underwriting and pricing. With digital IDs, verified data can help detect and prevent fraudulent claims and policy applications.
AI-based video identification is being used to meet know-your-customer and anti-money laundering requirements and prevent fraud.
In the video calls, customers answer a few simple questions and present any documents a company needs to sight. The video-call software uses biometric facial recognition, and analyses body movements to check the customer is a real, living person.
John Jones, digital identity partner at Deloitte Australia adds that pricing can become more granular when an asset can be precisely identified through a digital ID.
‘If the assets you owned were recorded on a blockchain, for instance, you could share that with an insurer and, in theory, get a home and contents insurance quote without needing to share your identity at that point, because the insurer would have confidence about the provenance of your assets.’
Digital IDs can also lead to more personalised cover, says Murphy. ‘Behavioural data is already used by insurers to determine things like car insurance premiums,’ he says. ‘If an insurer can identify exactly who is driving exactly what car, they can start to segment and slice that insurance much more granularly.’
While consumers have a growing appetite for digital convenience, many remain concerned about the protection of their personal information.
Ben Hamilton, partner at law firm Hall and Wilcox, says digital ID systems require a robust privacy framework to foster public trust and protect individual privacy.
He notes that as Australia’s digital ID system is rolled out to state governments and the private sector, it will bring into law a set of principles covered by the current Trusted Digital Identity Framework. This includes restrictions on data profiling, data collection and the use of biometric information.
‘With respect to biometric information, it will limit the circumstances in which that can be collected by others, and it will be subject to a consent regime,’ says Hamilton.
‘For instance, others may be able to access biometric information for proof and authentication purposes only, but there will be restrictions on collecting it and it will have to be deleted.
‘It’s too soon to tell exactly what the new laws will entail, but privacy, data security and consumer protection will be a clear focus.’
For AIA Singapore, the challenge was in promoting uptake of the digital ID service across its existing consumer base.
‘Younger customer segments were already digital natives and accustomed to interacting and transacting online,’ says Teo.
‘However, when COVID-19 circuit-breaker and heightened alerts were announced, it was more our mature customers who began exploring digital channels, some for the first time.
‘In short, we see our challenge as making sure that our technology is democratised — equipping employees, AIA insurance representatives, as well as customers to maximise its benefits without leaving anyone behind.’
Getting the infrastructure right is another challenge for digital ID systems, says Murphy.
‘There are interoperability issues between sectors,’ he says. ‘It’s complex enough within your own industry to get everyone to come together to build an ecosystem, without trying to consider how an individual login with health data can actually be used in financial services, for instance.
'There’s not as much cross-industry collaboration as there needs to be, but I think that will come.’
Jones adds that industry collaboration may delay progress of digital IDs in some sectors.
‘When you think about Australia’s open banking system, banks are now required to share customer data with each other when a customer requests it,’ he says.
‘A concern among insurers, for instance, may be that if they participate in an ecosystem of other insurance providers, what does that mean for them? I think there’s a tendency to wait and see what other industries are doing before some are willing to take the step.’
However, Jones stresses that digital IDs are set to transform the customer experience and tighten data security.
‘Nirvana is when we reach a point where you can open up your phone and access any service without having to remember a username or password,’ he says. ‘We’re not there yet, but that’s where we’re heading.’
Vaccination passports: a ticket to freedom?
The COVID-19 pandemic has brought the value of the digital economy into sharp focus. Many countries are developing a digital vaccine passport as a way of managing the risks.
In China, a vaccine passport for citizens is stored on the social messaging app WeChat, and allows individuals to travel across the border, enter grocery shops and move freely in society.
In the European Union, holders of the Digital COVID Certificate should be exempt from testing or quarantining when crossing a border within the EU.
New Zealand’s Ministry of Health has developed a digital vaccine passport known as My Covid Record. And in Australia, those who are fully vaccinated against the virus can access a certificate — paper-based or stored in a digital wallet — as an authorised ticket to greater freedom of movement.
Deloitte’s John Jones says vaccine passports and certificates are currently ‘clunky, early-stage versions’ of what verifiable claims may look like in the future.
In Australia, questions have already been raised about the security of the vaccination certificate, with several software developers identifying a number of flaws in the system when it was first released that could lead to forgeries.
‘The market is not very mature in places like Australia, and it may be that each state will need to hook into a government agency like Services Australia to get the relevant data and surface that alongside a QR code,’ he says.
‘Eventually, we’ll get to a point where there is a central ecosystem for the data, and this will promote security.’