Although accessing government services online is much more convenient than in person, it can be a struggle for those who lack digital ID. That’s a problem myGovID, the Australian government’s new push for online verification, is aiming to solve. In this month’s Digital Identity Tracker, Jonathon Thorpe, head of digital identity for Australia’s Digital Transformation Agency, discusses the ins and out of the myGovID system and how it’s kept from becoming a honeypot for fraudsters.
The worldwide shift to move government services online has paid dividends, resulting in greater accessibility and money saved. Such offerings have not come about without growing pains, however, as the shift to online services can result in decreased access for those who are not economically secure and do not have the means to prove their identities online.
Some countries are turning to digital identities to better serve this group, with Australia implementing myGovID, an opt-in, government-provided digital identity. The offering was originally launched as a private beta in October 2018 but was recently made available on Apple’s App Store for the public at large. The app is currently only compatible with the Australian Taxation Office, but more services are slated to be added over the next six months.
PYMNTS recently spoke with Jonathon Thorpe, head of digital identity for Australia’s Digital Transformation Agency (DTA) — the government agency responsible for myGovID and the system’s origins and objectives — on how the Australian government plans to keep the platform secure and transparent.
What is myGovID?
MyGovID is not Australia’s first attempt at an identity program. The government proposed the Australia Card, a national ID card system that was ultimately shelved due to widespread public opposition, in 1980. The proposal was brought up a second time in the 2000s, this time dubbed as the Access Card, but was again discarded. Thorpe explained that myGovID is an entirely different animal.
“This isn’t about making sure everyone in Australia has a number, or everyone has a digital identity,” he explained. “It’s making sure that this is something that people can use when they need it to access things easier … it’s entirely voluntary.”
Thorpe noted that the program was born out of a 2014 report that explored banking and other financial services. The report found that conventional identity verification was extremely fragmented, as Australians had to meet with financial institutions (FIs) face to face to prove who they were with paper documents — a process that was not only inconvenient, but also costly.
“There’s about $11 billion [AUD] potential in the economy if we get this right,” he noted.
MyGovID’s onboarding process requires users to enter identifying details including their names, dates of birth and information from physical documents such as driver’s licenses or passports. These latter details can be entered manually or automatically from a picture of the document in question. Users can access the app via TouchID or FaceID after setup is complete.
Keeping myGovID secure
One of the perennial threats to digital identity is the ever-looming presence of hackers and their unrelenting efforts to steal citizens’ data. Staying one step ahead is a constant challenge, and tactics on both sides regularly change.
“There’s an evolving tech landscape [that changes] every four months,” Thorpe said. “Every time we look at the market it’s changed again.”
MyGovID keeps users’ private data out of cybercriminals’ hands by leveraging a federated model that spreads information out over a series of unrelated providers.
“There’s no honeypot here — we’re not storing anything in one place,” he said. “Because we’re collaborating with a whole range of organizations and industries to advance the security posture of the system, it means that if something does get compromised, we have a way to manage it and address it from then on.”
The DTA further secures myGovID with two-factor authentication (2FA) and biometric verification. It also adheres to the Trusted Digital Identity Framework (TDIF), a set of more than 500 standards established by the Digital Identity Federation.
User awareness is the final key to keeping the platform safe, Thorpe said. Biometric and 2FA protocols are ineffective if users are not aware of security best practices and how to use these procedures correctly.
“Building community awareness also builds trust,” he said. “Without trust and understanding of what this thing is, then there is a degree of fear around it.”
Transparency is key to trust
Gaining user trust is one of the most significant challenges any digital identity platform can face, and the first step to securing it is transparency, Thorpe said.
“Anyone interacting with our identity system [has a clear view into] what’s happening, how you’ve created your identity, where it’s gone and that it’s provided to an organization that you wanted to provide it to,” he explained.
He added that the second way to gain trust is to convince citizens of the program’s value. Digital ID is a new concept, and its presence is so ephemeral that potential users largely do not grasp its inherent value. Digital ID awareness needs to be tied to its tangible benefits, Thorpe noted.
“You can’t look at identity in isolation,” he said. “You’ve got to look at it in the context of the services you’re trying to make easier to access and improve … If you’ve got something that can prove who you are, and you use that in your everyday life, you increase the value of it in your life. It’s more tangible because it’s something used for a whole range of stuff.”
MyGovID is slated to officially launch sometime before the end of the year, meaning it will soon become clear if the DTA’s efforts regarding security, transparency and trust have paid off.