Identity & Access Forum Spring Market Snapshot: Mobile Driver’s Licenses, Biometrics and Access Management Innovation
REDWOOD CITY, Calif., April 9th, 2024 – The Identity and Access Forum is commemorating the success of its inaugural Spring Member Meeting by sharing key insights from the event. This market snapshot offers perspectives from the industry’s most influential organizations, including the Department of Homeland Security, Amazon, major players in the implementation of digital IDs and many others. The Forum’s Spring Member Meeting followed the Secure Technology Alliance’s Identity & Payments Summit in Tucson, Arizona. The conference brought together hundreds of leaders for collaboration, education and networking.
Mobile driver’s licenses reach new heights –
Mobile driver’s licenses (mDLs), sometimes referred to as digital IDs, are reshaping the secure identity ecosystem globally. The technology brings consumers one step closer to ditching traditional wallets by allowing their driving credentials to exist on their Apple or Android-enabled devices. Here in the U.S., 26 states are taking steps toward implementing mDLs and they’re fully available in Arizona, Colorado, Georgia, Utah, Maryland and Iowa. Those states that have fully implemented mDLs represent more than 66 million people.
The future of identity and authentication is digital and mobile driver’s licenses are the next step in identity credentialing. Eric Jorgensen, director of the Arizona Department of Transportation’s Motor Vehicle Division, shared this sentiment while delivering the Identity and Access Forum Meeting’s keynote address. “State-issued identity credentials should always be perceived as a public good. By implementing mDLs, we’re providing people with a future-focused, highly secure, cryptographically protected, convenient ID that stakeholders can rely on,” said Jorgensen. “Mobile driver’s licenses are here! We’ve issued more than 900 thousand in Arizona alone. We just ask that interested states engage with us and help us continue to move this initiative forward.”
The Identity and Access Forum of the Secure Technology Alliance has been a leading advocate for the widespread implementation of mobile driver’s licenses since the technology’s inception and provides mDLConnection as a focal point for the latest information. It includes an implementation map showing the status by state of mDL programs. The Alliance has also published an mDL use case template to guide relying parties through the requirements and process for accepting mobile driver’s licenses.
As it stands, the leading use case for mDLs is travel. TSA currently recognizes mDLs as a secure identity credential at its various checkpoints. There was a universal call for stakeholders to begin programs to use secure, state-issued mobile identities, and their inherent mobile device biometrics, for more use cases. A speaker on behalf of Amazon sees digital IDs as a step above current verification and validation practices. Amazon is gearing up to accept mDLs in the near future for e-commerce-related identity verification use cases. Their first step will be integrating with device/OS wallet-based mDLs. They hope to integrate state-specific wallets where demand surges for broader support.
Biometric updates from the Department of Homeland Security –
New developments in biometric authentication were also a leading topic at the Identity and Access Forum meeting. A representative from the biometric and identity technology center at the U.S. Department of Homeland Security discussed their findings on the efficiency and security of these technologies.
DHS found that facial recognition works very well, with 95% of people being correctly matched, though challenges remain. Testing has revealed that 75% of errors are due to camera image capture problems and only 25% are due to matching problems. There are also some potentially concerning discrepancies based on gender and skin tone. According to DHS research, women and people with darker skin have higher error rates.
A current DHS initiative is testing Remote Identity Validation (RIV), tools that authenticate documents and the identity of users remotely. It is difficult for technology providers to test the effectiveness and fairness of these systems in part because it is hard for them to obtain fraudulent documents, something DHS does have in abundance. Also, testing for demographic differentials doesn’t often occur because of the high cost. DHS’ goals are to understand the current performance of RIV and help the industry develop more secure, accurate and equitable technologies.
Convergence of identity and access management –
For years there has been strong demand to converge physical and logical access control into a single solution. A panel on this topic showed that significant progress has been made with many companies implementing proprietary solutions or combining multiple technologies into a single credential to achieve these objectives. Mobile devices also represent a new approach, bringing physical access control into mobile phone applications or wallets. One impressive video showed a person entering their office building while on their mobile phone and, without interrupting their conversation, passing the phone briefly over the turnstile to gain access.
Still, much work is needed to find better ways to converge physical and logical access control. Industry participants see this need but note a lack of action to address it. Interest is so keen that a decision was taken by the Identity and Access Forum to form a new working committee on the convergence of physical and logical access control. For information about how to participate contact Managing Director, Sandy Mayfield. [email protected]
First-party trust and medical identity theft –
In payments, first-party fraud occurs when a consumer makes a legitimate purchase and then later requests a refund, even though the goods or services were received. Estimates of the problem range as high as $100 billion and, according to statistics shared at the meeting, 42% of Gen Z admit to engaging in first-party fraud. Factors contributing to the growth of the problem include increased e-commerce shopping, the ease of the dispute process, consumer awareness of zero fraud liability and the difficulty of detecting first-party fraud activity. Mastercard discussed an opt-in First-Party Trust program for merchants that uses AI-powered insights to combat the surging trend in “friendly” fraud.
In healthcare, 1.9 million Americans have been victims of medical identity theft at an estimated cost of $41.3 billion in the U.S. In addition to fraudulent use of individual identities, the industry is suffering from business email compromise, email phishing and spoofing and counterfeit drugs in the supply chain.
According to a speaker representing a company specializing in securing and sharing medical information among patients, providers and payers, an initiative from DirectTrust is creating a trust framework that can help with all these issues. It provides identity proofing at a NIST 800-63-3 IAL2 level that is bound to the real person’s identity in the form of a verifiable digital trust credential (i.e., two X.509 certificates, one for digital signature and the other for encryption). This enables identity authentication on every login and every transaction regardless of whether the person is inside or outside corporate firewalls. It prevents email phishing and spoofing attacks as the sender and receiver are always known. To prevent counterfeit drugs in the supply chain, the DirectTrust SAFE Identity for Bio-pharma Trust Framework also meets the FDA Drug Supply Chain Security Act (DSCSA) requirements.
Forum priorities –
The Identity and Access Forum’s primary focus is to provide a platform for solving cross-industry challenges and promoting innovation. This is achieved through collaborative discussion, networking events and educational resources. During the Forum’s member meeting, stakeholders identified key opportunities for improvement and development within the identity and access markets.
Those opportunities are highlighted by the numerous projects the Forum currently has underway that will benefit stakeholders within the ecosystem, including resources on:
- Differences between digital IDs and digital identity
- Key terms related to digital identity
- Identity assurance levels (IAL) and authentication assurance levels (AAL)
- Device authentication with EMV 3D-Secure
Resource recap –
The Identity and Access Forum has recently published a comprehensive guide for relying parties who are interested in accepting mobile driver’s licenses. The mDL Use Case Template is a companion to the Secure Technology Alliance’s white paper, “The Mobile Driver’s License and Ecosystem.”
By leveraging this new template, relying parties or mDL verifiers can build business cases, capture operational requirements and design interactions to shape how customers will present mDLs to facilitate better user experiences and more accurate identity processes. The document was developed by an experienced group of identity industry professionals and relevant stakeholders to support best practices, mDL interoperability and reduce misunderstanding in the implementation process. It is available for download free of charge on the mDLConnection website.
Organizations, associations, government agencies and individuals interested in participating in upcoming Forum projects can visit the Secure Technology Alliance’s website to learn how to become a member. By joining the Secure Technology Alliance, members will have access to activities within the U.S. Payments Forum and the Identity and Access Forum and additional Alliance working committees.
About the Secure Technology Alliance
The Secure Technology Alliance is the digital security industry’s premier association. By collaborating on education and guidance, the Alliance helps enable efficient, timely and effective implementation of large-scale, disruptive technologies. Its U.S. Payments Forum is the only non-profit organization bringing together merchants, issuers, payment networks, acquirers, processors and technology makers on neutral ground to develop resources for the betterment of the payments industry. The Alliance is also strengthened by its Identity and Access Forum which is dedicated to advancing the adoption and development of secure identification, including physical and digital technologies. This includes mobile drivers’ licenses, access control and various forms of identity authentication. For more information on the Alliance’s activities, please visit https://www.securetechalliance.org.
Contact
Sherlyn Rijos-Altman
Montner Tech PR
203-226-9290
[email protected]