At the end of our conversation, we turned to practical implementation.
Lockstep asserts that if we used mobile wallets to present verified data to registration forms and login screens, then consumers and busiesses would not be vulnerable to impersonation after data breaches.
The user experience would be exactly like the now familiar click-to-pay. We should “click to present” our driver licence, passport, Medicare card, proof of age, working with children check and every other piece of important official data.
How to get there?
What would the pathway to adoption of mobile wallets for personal data look like? It’s not nearly as complicated as you might think.
Of course, it’s easy to be jaded or sceptical. Digital identity has been the slowest moving corner of cybersecurity.
Wonderful ideas like the Laws of Identity and Cardspace came and went over 15 years ago. Certain big consumer businesses in Australia have been trying to build identity provision services for over 20 years without ever seeing mass adoption. The U.K. and U.S. governments shut down their private-public digital identity federations (which were rooted in the same Standard Model of Digital Identity as our TDIF — a very bad sign that has yet to register in Canberra).
And now I seem to be calling for some kind of radical change when I say the very idea of digital identity is just not helpful. But no, the change I want to see is to meet consumers where they are most comfortable with data protection.
Most consumers are already using the perfect technology for the identification problem: mobile wallets and digital credentials.
People are used to the patterns of click-to-pay and tap-to-pay. The very same technology could present any officially endorsed facts and figures, safely and easily.
The card payments industry sorted this out years ago. The card networks have just one job: distribute verified copies of account numbers worldwide in a matrix of standard rules for issuing and using them.
Account numbers are simply a special class of data.
Thanks to the card networks, a merchant anywhere in the world can accept my credit card number without knowing me — or more’s the point, without knowing my bank or anything about the Australian banking system. The networks distribute scheme rules and card holder metadata to all end points globally. Every merchant and every consumer in these networks know where they stand if they follow the rules.
Make no mistake; the chip card and smart phone wallet are verifiable credentials.
With mobile wallets and click-to-pay being well habituated now, a profound shift in data resilience could play out in a very mundane way. A smart phone wallet could easily hold verifiable credentials for a couple of dozen official facts that figure in what we do online day to day. Each of those facts originate from different established issuers (and not from Apple or Google or any other wallet technology provider).
It’s significant that the government is at pains to say their “Digital ID” does not entail any new ID. Minister Katy Gallagher describes it as “the online version of showing someone your passport or your driver’s licence”.
It seems we all agree that what’s needed is a better safer way to prove the same old real-world credentials in the digital world.
Lockstep’s Data Verification Platform is a scheme to rationalise and organise data flows between data originators such as government and the risk owners who rely on accurate data to guide decisions. Join us in conversation.
If you’d like to follow the development of the Data Verification Platform model, please subscribe for email updates.