Depending on who you speak to, the term ‘digital ID’ might mean different things to different people. Stop the average person in the street in Brisbane and ask them to show you their digital ID, and they might reach for their mobile driving license. Ask a technologist in London, and their mind might turn towards the digital credentials they use to access work systems, while someone in Mumbai might assume you are referring to their 12-digit Aadhar number. The reality is, around the world there are many different ways individuals may identify themselves or share attributes that relate to them.
Advancing digital economies
Increasingly, as economies around the world shift towards digital services, the need for a safe, secure and interoperable digital identity mechanism becomes increasingly clear. In the Nordics, the need for interoperable digital identity was identified some time ago with a consortium of banks coming together to launch BankID in 2003. Since then, Bank ID has been rolled out as a standard method for electronic signatures and secure online identity verification, enabling individuals to access services, authorise payments and sign legal documentation. Identity systems that are wholly dependent on banks, however, do raise questions on inclusivity – it has been reported that half a million Swedes do not have access to BankID.
This foundation is now being developed and expanded upon within the EU with the eIDAS 2.0 regulation, which, by the end of 2026, will mandate that every EU nation must provide a standardised digital identity wallet, expanding the benefits of digital ID across the Bloc.
Meanwhile in Singapore, most digitally-savvy Singaporeans have adopted their national digital identity system – Singpass. Created by Govtech, Singpass has over 4 million users, facilitating 41 million transactions per month. It has brought a new level of convenience for identity verification and applying for governmental services within healthcare, public housing, police, tax administration and more. Endava’s presence on the ground in Singapore reports that only a minority of predominantly older generations prefer physical identification documents such as NRIC (National Registration Identity Card).
In other countries, the concept of digital identity has raised privacy concerns amongst citizens who fear increased oversight by government or private companies. In some countries, varying perspectives on privacy and trust have resulted in an assortment of approaches to solving the digital identity problem. Different solutions have been adopted in pockets of the community to meet the growing need to identify customers. The resulting fragmentation stands as a barrier to widespread adoption. As an example, Google recently announced the ability to generate an ID pass from a US passport, though it can only be used at selected TSA checkpoints. You may be able to use the service to get to your destination, but not to get home. Often, it is not clear who has authority to govern identity and define the path forward.
Increasing risks
In lieu of a ubiquitous digital identity solution, many businesses have maintained the traditional methods of performing identity checks. Typically, this involves customers presenting government or bank issued paper documents in person. (A common use case being the purchase of age restricted goods such as alcohol, though there are many more complex use cases such as loan and insurance applications).
Not only is in-person document presentation cumbersome and time-consuming for both the customer and the business, but it also creates a barrier to revenue generation. The customer cannot access the services they are seeking until they have presented physical documents. Perhaps more worryingly, there is a growing tendency for businesses to accept emailed scanned documents, sending sensitive information over an insecure communication channel and lowering the bar for fake or doctored images.
While these methods might be considered a necessary evil to meet regulatory and compliance obligations, they also introduce risk. In recent years, Australia has seen high profile cyber incidents compromise sensitive data at Optus, Medibank and Latitude Financial, amongst others. Similar incidents have been reported globally – Transport for London, LoanDepot in the US and Toyota in Europe and Africa. Compromised data, sold on the dark web, is then used to open accounts fraudulently with banks, BNPL operators and other services.
Some in the industry are starting to refer to data, not as the new oil, but as the new uranium. Responsibly managed data is a powerful asset that can catalyse businesses performance – but it is also a liability, with the potential to amplify fraud and scams and destroy customer trust if used without consent.
Lessons from the
payments industry
There are numerous similarities between identity and payments. Both need to be handled with care, and both are sought after by hackers and fraudsters. But the similarities do not end there. Credit and debit cards have become the preferred method of payment in many countries thanks to adherence to interoperability frameworks that mean consumers do not need a relationship with every bank, their card just works on any payment terminal.
The same convenience could extend to digital identity if agreement can be reached on a common standard. Considerations extend beyond technology into areas of trust and liability. For example, what happens if a compromised identity solution is used to access the services of an unrelated entity? In payments, schemes set out refund rules in the event of fraud. Identity differs from payments here in that you cannot refund a stolen identity. Some common identity
models include:
- Federated identity allows a user to access multiple services using a single set of credentials, typically through a trusted identity provider. This approach is widely used by major platforms such as Google, Facebook and Microsoft, where users can sign in to third-party services using their existing accounts with these providers. While federated identity services are convenient, sceptics highlight that the identity provider holds significant control and visibility into users' activities across multiple services.
- Verifiable credentials use cryptography to allow a user to present trusted claims about their identity, independently of a central authority. The decentralised model raises less privacy concerns and is less susceptible to single point of failure issues. However, it is more complex and difficult to explain to the general public compared to federated models which can often be easily explained with “your bank will vouch for you”.
In Australia, there has been some progress, with the recent passing of the Digital Identity Bill. Government services are becoming accessible using the government’s newly rebranded “myID” app, and three of the four major banks have started offering identity services leveraging the Connect ID digital identity exchange. Rental business Rentbetter and personal loan platform Lendela have already signed up to offer ConnectID. While it's still too early to celebrate mass adoption, progress made in the last 12 months is gaining attention on the world stage. Similar progress is expected to be made in the EU, as eIDAS 2.0 rolls out the European Digital Identity (EUDI) Wallet across the Bloc by the end of 2026.
The potential benefits associated with digital identity are significant for business, government and individuals:
- Onboarding could be reduced from days to a few moments, removing manual handling and improving productivity.
- Businesses would have the option of implementing privacy preserving processes – storing a simple assertion that the customer meets the requirements – for example “is of required age” or “is a resident of required country”, rather than holding a scanned copy of an entire passport page.
- There would be less honeypots of data to attract hackers.
- Plus prospective customers could become paying clients sooner, with less risk and inconvenience.
But to reap the rewards, governments need to implement supporting legislation, as we have seen recently in Australia. Business needs to ready themselves for transformation, and importantly, society needs to trust the stakeholders and identity model, whatever shape or form reflects societal norms of the country in question.