Should it be centralized or de-centralized?
EPA Hot Topic Webinar on 17 June 2020
Digital Identity is fundamental to the success of a digital eco-system that many countries are planning to create. It has gained additional momentum as a result of the COVID-19 pandemic.
The webinar was kicked off by John Ryan, Director-General of EPA Asia and moderated by Rajiv Madane, EPA Asia Ambassador. The webinar had a distinguished line-up of panellists as outlined below.
- Richard Lomas, Senior VP, Government Affairs, Asia Pacific at Citibank
In his opening remarks, Richard explained that digital identity is a prerequisite for financial inclusion, citing that almost 1.7 billion people are excluded from access to financial services. In addition, he stated that digital identity is the base layer to an upgraded financial eco-system and whether it is federated or centralised, the potential benefits to any country could be around 10% of GDP.
- Linden Dawson, APAC Customer Success Management Lead at Ping Identity
In her opening remarks, Linden touched upon the essential role digital identity plays in enhancing customer experience and driving customer journeys, enabling personalization across channels and using trusted devices like mobile to deliver passwordless authentication.
- Karl Mohan, GM Australia and New Zealand for Wirecard
In his opening remarks, Karl outlined three key driving factors that are bringing digital id to the forefront. One is the increase in the speed of digitization, second the need for creating trust in digital transactions as societies become more cashless and third the increased automation as the IOT and robotic innovations become mainstream.
During the webinar an online audience poll was conducted. The audience was asked whether digital identity should be run on a centralised basis (government) or decentralised basis (banks or other agencies)? The majority in the online audience selected decentralised.
The panel discussion started with the question of ‘trust’. Who should be the trusted keeper of digital identity? The government (the issuer of passport/id) or the banks (the trusted keeper of everyone’s money). According to the panellists, the major banks in Australia will do a better job of maintaining the digital identity of their customers on a decentralized basis. However, with the market forces maintaining this data, there should strong government and regulatory oversight. Any access to sensitive data should only be allowed with user consent and transparency. Users should be the owners and managers of their own digital identity.
It was felt that people in western economies are more reluctant to share data than those in Asia. The overall trust in government will be a key factor in whether a federated or centralised digital id model will be successful in a particular economy. The panel felt that trust is unique and contextual. With multiple points of storage and access, the federated digital identity becomes more powerful.
The panel discussed the Singapore model where Singpass is the digital identity and MyInfo is the data access layer where real-time data is aggregated from multiple sources (passport authority, tax, housing, transport authority, etc.). Would this be the model that other countries should adopt for launching a digital id eco-system?
The panellists felt that there needs to be a high degree of trust in government to manage identity. In Australia, New Zealand and parts of Europe, data privacy takes priority over trust in government as far as individual’s data is concerned. In the Singapore example, data privacy laws prevails over digital identity. In the Singapore MyInfo database, customer info is not stored centrally but in each agency (e.g. tax, passport, housing, etc.). Customers have to give explicit consent before any third party can use the aggregated information. That too, only the relevant information is shared with the third party.
The Swedish digital identity model was discussed by the panel. With a very high adoption rate of over 90%, the federated BankID model in Sweden became successful because banks came together to collaborate rather than compete. Together with the Swish P2P solution, the BankID digital identity solution became extremely popular. The key driver to digital id adoption in Sweden was useability in everyday transactions, e.g. using public transport. The key success factors for adoption of digital identity in Scandanavian countries are relatively small populations, societal values and culture.
The panel discussed the possible commercial models that could be deployed between digital id providers and digital id consumers. The panellists felt that creating a proper useability framework, identifying the risks, developing industry standards and having an effective value proposition could form the basis for a commercial model. The panel touched upon the AML and KYC rules for businesses and the need for identifying the ultimate owners of a business as a key component for building a commercial model for digital identity. It was stated that from a federated perspective, banks maybe able to generate an income stream by providing digital identity authentication services to third party service providers, provided customer consent is obtained.
The panel felt that commercial card schemes like VISA or Mastercard could be useful in providing access to financial services for workers, especially those who do not have proper identity documents but have a card or wallet account with the card schemes. These field workers are operating in remote locations in Asia and have been engaged by companies and businesses in those locations.
The panel debated on the encryption and security issued around digital identity. A federated digital id with proper cryptographic keys and proven security solutions could be an effective way to store and provide access compared to an all-in centralised digital identity storage system. The panel felt that it is critical for only providing data that is needed, where it is stored and who has access to it. As long as proper governance controls are in place, together with encryption and security technology, a federated digital identity model could work. Also, the design of the system together with robust privacy and data security laws would be important factors for a successful digital id rollout. The laws need to encompass a breach notification framework that compels companies to report breaches above a certain threshold.
The panellists rounded off the discussion with ideas for usage of digital identity across borders. It was felt that a mutual recognition agreement between countries could assist in the provision of cross border digital identity services. With COVID-19 and work from home becoming the norm, innovative solutions will embrace digital identity to enable provision of services for remote work and play.