A new policy to ensure the approach to digital identities (digital IDs) is better joined up across the public and privacy sectors should be developed by the UK government, industry body techUK has said.
The new policy, which should "facilitate the creation of a fully functioning digital identity ecosystem", should be underpinned by a new "framework of standards" which the government should seek to develop through the evolution of its existing 'Verify' scheme, it said.
"Achieving a standardised digital ID system has proved elusive for many years," said technology law expert Angus McFadyen of Pinsent Masons, the law firm behind Out-Law.com.
"The opportunity that the combination of today’s technology, evolving use cases – such as open banking, and the opening up of Verify, present is fantastic. Whilst there are legal and compliance challenges to navigate, the incentive of the cost reduction and efficiencies that are available should see this taking off," he said.
According to techUK, developing a new digital ID scheme could save up to £10 billion in "reduced identity-linked fraud and greater operational efficiency", whilst doing nothing could, by 2021, see identity theft grow by 50% and a further 50% increase in the cost to business of complying with economic crime rules, such as 'know your customer' and anti-money laundering requirements.
"The plea from many in the tech industry is that the issue of identity needs to be joined up to tackle the need to manage multiple digital identities and consumer expectations on ease of access to all types of online service," techUK said in a paper it published earlier this month. "Tech companies small and large are keen to assist and are coming up with solutions. But they are encountering hurdles in outdated legislation, the complexity of the regulatory landscape and in achieving recognition of their solutions in the market."
Under the government's Verify system, individuals using government online services can choose a certified ID assurance provider with which to verify their identity. This involves answering security questions and entering a unique code sent to an individuals' mobile number, email address or issued in a call. When using government services online thereafter, government bodies are able to rely on the third party verifications of individuals' identities.
However, the numbers using the Verify scheme have fallen short of government expectations and last year it announced that funding for the scheme would end when the existing contracts with third party ID assurance providers expire in 2020.
In its paper, techUK called for "greater transparency" from the government on the future of the Verify scheme and said the work done with the initiative could still be built upon.
"The UK needs a detailed workable strategy through which the Verify scheme is to evolve into a standards-based ecosystem," techUK said.
"The government should set out a clear strategy for digital identity which will operate across the board: this is the only way to help both the public and private sector stay ahead of fraud and to allow UK citizens and companies to fully benefit from the digital world," it said.
Among its other recommendations it made, techUK said "approved digital age and identity verification methods" should be recognised "on an equal footing" with paper based and face-to-face verification.
It further called for a new lawful basis for processing biometric data for identity verification and authentication to be established in the UK, and for a single authority to be designated as responsible for digital ID in the UK, highlighting the number of bodies that currently regulate and enforce matters of identity in the UK.
"The long-term governance of a digital identity framework would, we suggest, be best managed through the establishment of a competent independent authority, or the allocation of this role to an existing authority," techUK said.
Contact an adviser
