The DCMS has published a consultation where in-depth views were heard from members of the public on trust in digital identity products across the UK’s economy.
From the onset, the DCMS has appealed for the public’s engagement to provide the feedback, detailed below …
Participants contextualised their views on trust in relation to government and business, and managing trust during challenging social, economic and political situations such as, the COVID-19 pandemic.
The public dialogue favours important rules in the framework which hold identity service providers to achieving “usability, transparency, accountability and inclusivity in digital identities” and protecting data.
Digital identity service users felt that the collection of their data articulated a human behind identity processes and recognised their role in society.
Participants want to be assured that digital identity providers are motivated by public benefits of their technologies rather than by income.
Accountability and transparency should be at the core of trustworthy digital identity services.
Trust services and documents should be available to all in society.
Having control over their data is important to participants.
Giving an interview to the Financial Times, CEO Keily Blair describes “their incredible UK tech success story” after scoring their highest revenue.
At the helm of OnlyFans, Blair credits her background in “cyber, privacy and online safety” for helping to steer the “challenging landscape” that tech companies face whilst speaking cautiously about AI’s influence for creators and safety measures.
Blair sets a safe boundary for AI’s place on the platform, banning non-verified human creators from generating AI counterparts. However, once verified creators can leverage AI powers to create better content.
The interview showcases one leader’s astute understanding of how AI can be a double-edge sword. As a company, they will continue to allow real users to leverage the best parts of AI whist limiting AI-driven fraudsters from penetrating their IAM processes.
The company is dedicated to securely verifying every user on the platform through facial recognition technology.
Across regions where OnlyFans operate, a range of data is collected from the user from government-issued IDs and social media checks.
OnlyFans have introduced substantial changes to increase their alignment with the Online Safety Act.
The FIDO Alliance is consolidating the route for FIDO standards merging into the commercial payments ecosystem with the help of smart card company, EMVCo.
The authentication protocol is growing with global consensus between members for open standards based on passkeys. EMVCo’s product is a smart payment method underlaid with technical standards for secure transactions.
The duo will guide merchants, issuers and acquirers on how to submit and process FIDO authentication data under the standardised approach.
Merchants like EMVCo are adopting FIDO standards to create seamless, trust-bound e-commerce transactions in EMV 3DS secure messages. The whitepaper explores merchants using device-based authentication where any payments credential is bound to the trusted device to verify the credential is being used by the rightful cardholder.
The whitepaper suggests issuers require more data and control to validate cryptographic authentications, which should be transparent through a chain of trust between cardholder authentication, FIDO enrolments and FIDO authentication.
You can now download our first report by IdentityWeek.net on deepfake, morphing and AI trends.
We take a positive look at disruptive trends of Artificial Intelligence, not only generating deepfake attacks but powering the defence of biometric verification solutions.
Supported by the upcoming EU AI Act which will adopt a tiered-based risk system, the industry IS agreed on a balance of good and bad use cases surrounding AI.
Positives of AI-deepfakes:
Age-predicted deepfake images of missing people
Digital Twins for public figures
Google, Microsoft embrace digital avatars
Deepfake fraud more of a problem for organisations rather than users
Negatives of AI-deepfakes:
Deepfake media manipulating election messages
Increased circulation of fraudulent immigration/ travel documents used to human traffic
Sexual exploitation
Broken IAM for private and public sector
Find out more about these use cases. Thanks to our contributors of the first report – and we hope to collaborate with more identity experts for the next one!
France and Portugal have legalised digital documents – such as, mobile ID, passports, and driving licences – all in one go, making it necessary to issue a digital wallet.
The wallet incorporates digital credentials categorised under the four mainstream large scale pilots including payments, the travel DTC and eIDs.
The legislation to bring forth a digital wallet in these countries must be supported by both governments which have now agreed with other countries to unleash the benefits of mDLs and national IDs for global citizens.
According to BiometricUpdate.com, Portugal has given digital cards and documents the same legal grounding as physical IDs in the id.gov wallet app. Both apps, holding a limited number of digital credentials at this stage, will not integrate with other nation IDs.
In January, Denmark made multiple documents compatible with activating or logging into a MitID account from overseas. Several upgrades for MitID have been announced, which among them include a new and easier way of creating an app – by copying a new app from one device to another.
The upgrade mitigates the problems of having to input activation codes or scan a national passport; foreign passports, introduced in January 2024, and ID cards with a chip have been enrolled as documents to activate the MitID app online. A new MitID account can be created by transferring from one device to a second or third device, however a user may wish to activate a new MitID app by the following other ways: by scanning a passport and face in the MitID app or physically visiting the Citizen Service.
The Danish population and government has fully embraced digitalisation.
MitID.dk still provides users with a self-service solution but a QR code displayed within the app can scan the authentication tool over to different device.
MitID activation codes will be phased out, a fraud risk that can be disclosed to any criminal.
The emergence of Artificial Intelligence used to power harmful deepfakes is set to be addressed in the comprehensive AI Act this year, which will synchronise countries addressing the highest risk systems.
In light of this, Google has been forced to stop its latest innovation, using an artificial intelligence model to generate digital avatars of people in a move that has ignited a backlash. The AI deep-learning system shares similarities with OpenAI’s ChatGPT and deepfakes in creating realistic photographic images using users’ descriptions. The system, albeit built with intelligence, can not distinguish hateful or dangerous instructions. The depiction of ethnicities and genders has been a criticism of the technology, which cannot embrace diversity driven by humans.
As a result, the depictions interpret some people’s images within stereotypical contexts.
Google put out a statement to mitigate the backlash saying they were “working to improve these kinds of depictions immediately” and defending the technology’s ability to depict a “wide range of people”.
Google added:
“It’s generally a good thing because people around the world use it. But it’s missing the mark here”, seeming to acknowledge some offence was caused.
Singapore’s SingPass mobile app aligns with trusted digital transactions, fighting scams on the rise across the public and private sector. Kendrick Lee is Director of National Digital Identity for developing Singpass at GovTech Singapore. He joined a variety of participants in the ecosystem, from banks to authorities, at Identity Week Asia 2023 and gave a keynote address. Here, he explains the e-gov verification tool based on the National Registration Act, and myinfo, which facilitates consent based sharing of authoritative data.
Youniqx Identity, a leader in digital identity solutions, has announced the integration of digital vehicle registration within the Austrian app, ‘eAusweise’.
The app encompasses digital and ID credentials to serve modern methods of authenticating and verifying a person digitally. The ‘eID.li’ app and inclusion of digital signatures and citizen cards used since December come before this addition to the wallet. Drivers can combine the presentation of their driving licence with proof of registration, which will be useful to verify their identity when accessing a variety of everyday services.
Roadside checks will be fully digitalised for over 550,000 drivers in Austria who have active licences on record. The national digital ID app was launched in 2022 bringing decentralised remote authentication.
Helmut Lackner, CEO of OSD and youniqx Identity, commented on the milestone, stating: “This successful launch demonstrates the dedication of youniqx Identity to deliver innovative solutions to governments and their citizens”.
Youniqx Identity has also developed “individual secure software interfaces” connecting existing civil register databases for their customers in Austria and Liechtenstein.
The National Crime Agency (NCA) is offering a $15 million reward for information that leads to the arrests of two ringleaders of the largest criminal ransomware network, Lockbit.
The UK effort has launched a revenge attack on Lockbit systems, obtaining stolen data. In addition, the two more masterminds involved in the group, a father-son duo, were arrested by police in Ukraine.
Lockbit appeared to admit responsibility for the attacks after the UK’s organised operation to recapture the data, posting a message on their website that said: “now under control of law enforcement”.
The operation has been dubbed the largest intervention into cyber attacks. Several blackmailed law enforcement agencies including FBI and Europol are stopping ransomware payments to other criminals.
Australia’s online safety laws gain momentum and follow the UK’s direction to prioritise safety by design platforms which deploy age assurance tools.
Children are particularly vulnerable to the exploitation of internet-based services, and harmful content published online for their age group, which can be easily discovered or searched. Platforms are willing to promote this damaging content for commercial reasons.
Today, a MoU agreement signed with the UK will enforce the commitments of The Online Safety Act of 2021, which came into force on 23 January 2022.
The scope of this MoU will build on the historic partnership between both countries and be further reaching across many policy areas including, age assurance, safety technology, online media and digital literacy, gender bias technology, user privacy, online scams, and the impact of new technologies like AI.
With criminal sites evading permanent domains – a practice known as “domain hopping” – a partnership aims to sponsor registry providers for free access to Internet Watch Foundation (IWF) services, including detection alerts and the TLD (Top-Level Domain) Hopping List.
The “trailblazing” alliance will share missions of the Public Interest Registry and IWF to eradicate all sex abuse platforms online. PIR and IWF announced a new Extended Domain Name System Community Sponsorship to create a safer internet. The tools, being offered to registries for free, will increase awareness and make modern alerts more readily available.
The practice known as “domain hopping” enables criminals to profit from the sexual abuse of children and evade detection by regularly skipping to new domains.
IWF services will be expanded far and wide across Domain Name Registries. “Brands” commercialising abuse are also exploiting the regulatory “loopholes” and incentivising other criminals to copy the same practices.
These entities want to de-platform criminals that spread anti child safety messages through forging a market for the distribution of child abuse.
The measures will disable platforms to make them unsearchable and undiscoverable for any users.
The Public Interest Registry (PIR) is a US non-profit that operates the .ORG Top-Level Domain, strengthening safety as a priority for the internet which aligns with the IWF’s work to protect children online.
Organisations hosting domains like .org, .com, and more will be handed the tools to act quickly against abuse.
When a domain name is changed to favour a criminals’ intentions, harmful sites remain discoverable to users.
Currently only a dozen registries receive IWF Domain Alerts, the press release said, which will change if a thousand registries have access to the services.
Susie Hargreaves OBE, Chief Executive of the Internet Watch Foundation, said: “The internet is so much bigger than any one of us” – a World Wide Web which reflects the expanse of ready information we want it to serve. “And it is still growing”, she added.
“That is why this trailblazing move from PIR is so important. They are making an investment in the future safety of the internet”.
“Our world-leading protection against the spread of child sexual abuse can now be shared even more widely, sending the strong message that there is nowhere safe for criminals to target to spread child sexual abuse imagery”.
Simon Callaghan, CEO & Board Director of Blockchain Australia, who spoke at Identity Week Asia in November, justifies why he thinks blockchain is “not the answer for everything”, but recognises the technology holds “huge potential”.
He spoke to our editor, Evie Kim Sing, about the journey of blockchain, from spurring initial excitement around how a powerful, new technology can upcycle existing security tools.
The technology embeds many immutable benefits, such as decentralised identity and tokenisation, into numerous use cases – especially financial services.
Blockchain capabilities are also contributing to safer verification and authentication processes with central bank digital currencies. This provides “huge potential for the technology infrastructure of financial services”, he says.
This interview also contemplates blockchain verification leveraged in Web 3.0 for the next generation of web users, which could attempt to tighten security controls in the online space. Both “align well” for placing rewards and power around data control back on users.
Mobile Driving Licences and IDs are making the biggest change to issuance across global regions.
Whilst previously physical cards drove issuance, the top vertical of 2023 was the Mobile Driving Licence, forecast for further growth in 2024.
With mDL adoption predicted to rise again, Identity Week Europe 2024 – our flagship event – will retrace levels of counterfeiting during the last, pivotal 12 months and the advancement of “phygital” documents.
The panel which addressed driving licence security at last year’s event described minimal change in counterfeiting levels and suggested that fraudsters were not relying on any one type of counterfeit document to commit criminal activity.
Discussing the co-existing relationship between digital and physical documents, the session was both well attended and encouraged good participation from forensic document examiners and experts.
John Wunderlich, Member of the Kantara Initiative; Robin Tran, Forensic Document Expert at HSI Laboratory, Department of Homeland Security, and Jason Fensome, Counter-fraud Trainer at HM Passport Office joined their experiences in analysing security document features and shared insights into the most tampered features, counterfeit-proof designs, and fraud techniques.
Prompted by the moderator, Mark Lockie, Chair of Identity Week, Jason Fensome accepted that the UK’s driving licence is more standardised than US licences, which are issued under separate guidelines by each state.
He also said notable trends that the Passport/Home Office could comment on were popular fraud trends, better UK detection practices, and more remote training delivered by their partners.
Check out the agenda for Identity Week Europe 2024, with more dialogues around future ID cards…
Reported in the Guardian, fraudsters have exploited heavy document checks conducted by letting agents, leaving potential tenants and mobile users vulnerable to having their identities stolen rather than verified. Leaving the victim blindsided, their phone was controlled and bank account funds cleared. The incident highlighted the fraud risks for mobile users.
Without employing reusable digital IDs, ID documents can be a massive gamble for verification, especially when cyber attacks are so frequent among industries like banking.
The victim was regretful when their bank and telecoms company were both slow to act and reimburse the money. She willing complied with entering her personal information through an online form including photos of her passport, driving licence and even allowing open access to her Barclays current and savings accounts.
The ordeal asked questions of both her bank and SIM operator like why the logic of adopting UK government certified reusable digital ID is not accepted.
Yoti, which claims to have been the “lone” champion of reusable digital ID from 2016-2019, was quick to comment on the negligence of sectors to fulfil the interests of customers wanting a reusable ID.
Robin Tombs, Yoti’s CEO, said he predicted a shift in 5 years when the “UK Government, or the UK’s financial and telecoms regulators, will decide key financial and telecoms businesses need to change”. Customers need the choice to use a certified digital ID and banks should not fulfil any interactions if the customer has indicated they do not want changes made to their account, unless authorised through their reusable ID.
O2 Telefonica commented on the article too insisting security remains its top priority while it keeps investing in security measures.
IDnow, a leading identity verification platform provider in Europe, joins a consortium of five partners including the IOTA Foundation, walt.id, SPYCE.5, and Bloom Labs with the goal of making Crypto Asset Service Providers (CASPs) and self-hosted wallets compliant with the European Anti-Money-Laundering Regulation and the Transfer of Funds Regulation (TFR).
The new TFR regulation in the EU mandates that all cryptocurrency transactions will need to carry identifying data of the sender and the receiver. According to the new rule, compliance with TFR is mandatory for all CASPs. Additionally, the new AML Regulation will require all CASPs to comply with similar AML rules as other financial institutions. For example, when a user opens an account and registers a wallet with a CASP, an identification process is required to comply with the new AML Regulation and TFR.
One challenge for CASPs to adhere to the new rules lies in GDPR compliance, as personal identifiable information (PII) should not be stored on blockchains or Distributed Ledger Technologies (DLT). However, to comply with the new regulations, CASPs need to know with whom they are doing business and continuously verify this information.
Raising trust and transparency in crypto asset transactions
To address this challenge, the partners have formed a consortium to propose a system where a trusted party tokenizes an identification process it has witnessed, allowing CASPs to have confidence in this process, without revealing any PII. The resulting soul-bound token (SBT) can be used for blockchain processes, enabling web3 native interactions. Furthermore, the trusted party can reveal the identity information, if requested by an authorized party, such as law enforcement, as well as revoke the SBT, if needed.
Within the consortium, the IOTA Foundation, a non-profit foundation supporting the development of the IOTA protocol, will provide the underlying network as the proposed solution will be implemented on an Ethereum Virtual Machine (EVM)-compatible IOTA Smart Contract Chain. walt.id, a leading open source vendor of decentralized identity and wallet infrastructure, will develop, provide, and maintain the trusted witness service for creating and verifying SBTs like identity proofs, while IDnow will deliver the identity verification solution to onboard users into the wallet solution. Bloom, an all-in-one wallet for the IOTA, Shimmer and EVM ecosystem, will provide the capabilities for users to store, present and prove ownership of the SBT. SPYCE.5, specializing in the integration of hybrid blockchain technologies, will provide the essential infrastructure for seamless interchain communication and transaction validation, ensuring the system’s overall efficiency and regulatory compliance.
Rayissa Armata, Director Global Regulatory and Government Affairs at IDnow commented: “We are excited to be part of this forward-thinking consortium alongside highly esteemed crypto asset industry players to address a pressing need for crypto wallet solutions that comply with the latest EU regulations. Crypto companies are facing a race against the clock to implement new requirements, which is why we wish to submit this proposed solution to the EU for consideration to address the technological and regulatory challenges around AML, KYC and TFR in crypto”.
Dominik Schiener, Chairman of the Board of the IOTA Foundation said: “We are thrilled to be working with such incredible partners to create a truly seamless user experience and to provide the underlying distributed ledger technology. Identity verification in Web3 environments should be simple and straightforward, without sacrificing privacy or security. As regulatory requirements grow, we need innovative solutions that are easy to use for both businesses and everyday users”.
The director of the Financial Crimes Enforcement Network has remarked that “opaque corporate structures” and a lack of accountability to attribute ownership and activities onto real-life identities is muddying the reputation that financial entities hold as trust anchors.
Gaps or breakdowns in the identity processes of shell and front companies in the corporate structure are exploited easily by fraudsters at account opening and during onboarding, to facilitate money laundering.
The remarks were made in relation to an update on FinCEN’s ongoing Identity Project, which since its inception has tried to understand identities which are behind fraudulent transactions. Unlawful activities are perpetuated by untraceable identity processes, leading to corruption, tax evasion, fraud, drug trafficking, and the financing of terrorism.
“Lack of transparency around identity is a global problem”, Andrea Gacki said. “It’s one that necessitates strong responses across jurisdictions, and the public sector working with the private sector to solve these challenges”.
FinCEN said critical milestones were reached in January to protect the integrity of the financial ecosystem. The launch of FinCEN’s beneficial ownership registry followed up the Corporate Transparency Act passed in 2021.
This development imposes mandatory reporting procedures for identities which own or control companies in the corporate structure, especially in the U.S. In four weeks, the Financial Crimes Enforcement Network received nearly 300,000 reports regarding company ownership structures, which are securely held in non-public databases.
Throughout the coming year, the statement indicates that relevant authorities and financial institutions will be given access to this intelligence to fulfil their roles properly.
The data gathered will add to the value of the Bank Secrecy Act.
After a pivotal year at MOSIP, the pinnacle was a visit by Bill Gates, Microsoft creator and founder of his namesake non-profit, The Bill & Melinda Gates Foundation.
The walkaround helped promote MOSIP’s impressive achievements and strategic collaborations with countries looking to advance their economic development and pace of digitalisation.
MOSIP’s community work – lending resources, infrastructure and injecting investment into developing national ID programmes – saw them at the “helm of various events”, according to their website, including attending events like Open Source Day, Country Conversations in Bangalore, India, Partner Conversations and ID4Africa.
The past year reconfigured the poll race between countries developing their own sell-sufficient ID ecosystems, entering MoU agreements with MOSIP to leverage its Modular Open-Source Identity Platform.
MOSIP enrolled two new countries to its global programme in 2023, undertaking integrations of its foundational ID infrastructure across 6 countries – including Morocco, Philippines, Ethiopia, Togo, Uganda, and Sri Lanka.
It also collaborated with well-known universities, technology partners and entering a strategic partnership with CLARCIEV (Latin American Council Of Civil Registration, Identity And Vital Statistics) helped to develop and support digital ID infrastructure in Latin America and the Caribbean.
The modular platform has also progressed numerous pilots, reaching a global milestone for digital transformation, with 100 million citizens registered with a form of legal identification.
MOSIP’s partner ecosystem grew to 90+ partners, engaging governments to fulfil their commitments for citizens.
Noting additional achievements of the project, MOSIP said: “With an updated Partner Programme, MOSIP Marketplace, and a dedicated partner integration environment, MOSIP also welcomed 17 major SI partners, plus 20 more in the pipeline”.
MOSIP builds the foundational blocks of national ID systems from scratch to offer countries that lack the resources and investment to advance their in-house public digital infrastructure.
IdentityWeek.net is delighted to unveil our debut report: “The gold standard for defeating AI deepfakes”.
The report compiles research and presents the results of an expert survey that was conducted in January 2024 on deepfake and morphing attack trends. Selected experts from the ecosystem were invited to respond.
At the helm of a global interoperability working group, Nick Mothershaw, performs a key role as Chief Identity Strategist at the Open Identity Exchange, encouraging collaborative ambition for digital identity uses. Often chairing Identity Week, the familiar figure to the identity ecosystem of suppliers, influencers, and implementers talks about predictions for wallets, interoperability, and regulation that can maintain pace with commercial technologies. We also discuss fraud awareness and different controls from decentralization to AI-driven verification.
We asked Nick: “What was your biggest takeaway from meeting and working with the identity industry in 2023?”
Digital wallets, encasing all identity credentials, are projected into the future before regulation, which takes years of planning, is finalised. Wallets are enabling full services, but the interoperability between private/public credentials, data, frameworks and the technical infrastructure must substantiate new roadmaps.
The Gold Standard for defeating AI Deepfakes.
You can now download our first report by IdentityWeek.net on deepfake, morphing and AI trends.
We take a positive look at disruptive trends of Artificial Intelligence, not only generating deepfake attacks but powering the defence of biometric verification solutions.
Supported by the upcoming EU AI Act which will adopt a tiered-based risk system, the industry IS agreed on a balance of good and bad use cases surrounding AI.