The debate over how digital identifiers for Australian will be issued and used by both government and private sector businesses like banks and telecommunications providers has intensified sharply after the Chief Technology Officer of the ANZ Bank, Drs Patrick Maes Bank issued a strong warning against mandating a federated identity model.
The revelation that at least one of Australia’s big four banks has serious misgivings about using a series of linked identity checks across business and government to validate online access or secure transactions is a big development.
It’s the strongest indication yet that parts of the financial services sector still have deep misgivings about linking or donating their own customer identifiers to a government backed identity network, with Drs Maes suggesting the onus should primarily be on the state to create a unique instrument.
The views of the banks are crucial because the government needs them in order to pay people everything from welfare entitlements to tax returns, not to mention money paid to the government.
Put more bluntly, there is a growing fear that any move by the Digital Transformation Office to mandate a federated identity model could be a dumb, complicated, expensive and substandard turkey.
“We, in Australia, [with] 23 million people, we are talking about how do we create an identity system that’s federated [and] highly complex,” Drs Maes told Government News at the Australian Gartner Symposium and ITxpo.
“Because you are going to take a little bit of data from that bank, a little bit of data from myGov, a little bit of data of this – a co-ordination of all of these elements to create a pseudo identity which, by the way, will never be 100 per cent correct.
“With the threat landscape that we see with identity theft, I think it’s stupidity and I said that to them,” Drs Maes said of cross sector discussions between industry and Canberra on the issue.
The push to create digital identifiers – essentially an online credential that acts as an electronic key for customers of government and business – has accelerated quickly over the past year after the Digital Transformation Office went public with its call for there to be a public discussion over how an identifier will be issued and work.
Telstra and the Commonwealth Bank of Australia – both privatised former government monopolies – are regarded as cheerleaders for a new digital identity scheme that could potentially be offered to the government by industry as a service.
Australia Post, now officially a lossmaking government monopoly, has also had a stab at entrenching itself in the digital identity market through its Digital Mailbox but failed in a push to get the product mandated over the existing myGov credential that was initially developed out of Centrelink.
At the core of the digital identity idea is that as most services go online, a robustly secure secondary check is used to prevent fraud and unauthorised access.
With identity theft and credit card fraud at record levels, there’s a common interest.
Australia’s banks, as well as the telecommunications sector have for years keenly backed the creation of a national digital identity scheme because it would slash compliance costs, fraud and enable a far richer customer experience.
It could also provide a lucrative revenue stream, with the government now charging around $1 per check for its physical document verification service used for customer compulsory proof of identity checks.
But as the federal government moves almost all its services online, its agencies (as well as states and councils) are also faced with the same online verification problem that business has struggle with for more than a decade.
The DTO as well as numerous agencies have also publicly acknowledged that people should only have to log-in once to access multiple government services being delivered digitally in the one session, the primary credential now being myGov.
Policymakers have also acknowledged that as digital identifiers are created, either by the government or the private sector, those keys to online transaction need to interoperate to eliminate the misery of re-entering complicated credentials for each session.
But that’s where the consensus seems to end, with the key friction point being who mints the credentials or essentially runs the business of cutting and managing the digital keys.
ANZ’s Drs Maes is adamant the move to secure digital identities needs to happen, but doesn’t believe his institution needs to play the role of an identity issuer.
“Identity is extremely important. If we want to become a digital bank or if you want to become a digital economy it all starts with identity,” Drs Maes said.
“We [ANZ] do not want to be an identity provider, that is not our role as a bank.”
“Why [is Australia] not just doing what other countries in Europe have done or India – give each person in Australia an identity,” Drs Maes said.
“It doesn’t have to be with biometrics, it can be an identity card as in Europe where [there’s a secure] chip.”
Drs Maes revealed that in ANZ’s Indian operation it had already successfully trialled a facial biometric recognition system that utilised the Indian government’s identity biometric identity system.
“We built in test a capability where in our Indian franchise. People can walk into a branch to open an account, we just look at them without any paperwork, we identify the person, we can on-board the person,” he said.
The upside on getting identity right, Drs Maes stressed, was that it uncomplicated, secured and enhanced digital customer experiences.
Getting identity right was also good for business.
“The revenue on identity is huge. It can give you better security, it can give you a better experience – you can do hyper-personalisation … you can do that if you don’t have identity. It can create context in which you can do advisory or eco-system things.”
Simplicity, efficiency and speed were all key to maintaining a positive customer experience rather than building a solution that could be as complex and difficult to use as it is to use.
“I think for a country if we can sort it out – and that’s important from a government [or] a bank perspective – if we can sort out the identity and get that established we have a digital future. Otherwise we will make it extremely complicated . . . and there is no reason [to do that],” Drs Maes said.
Watch this space.