“The link between the digital world and the physical world is going to be forged through biometrics.”
That’s the assessment of IDEMIA Digital ID Partnership and Innovation Director Gregory Kuhlmey, who said biometrics will serve as the foundation to digital identities and thus to digital wallets as they are the most secure method of authenticating a person’s identity.
In an interview with PYMNTS, Kuhlmey noted that regulation on digital identity and trust services in the European Union, which IDEMIA has always pushed for, stretches back to 2014. Last month, the European Commission proposed a regulatory update.
As part of that update, the EU has unveiled its plan for an “EU digital identity wallet” that Kuhlmey said functions much like the traditional leather variety one holds in their pocket or purse. Several European countries already have mandatory identity documents, including stalwarts like passports and driver’s licenses, as well as less common official documents that need to be presented at a moment’s notice, including fishing, hunting or boating permits.
Add to those laminated documents and papers identity attributes, such as addresses and professional certifications, and all these items taken together could conceivably be held in a digital wallet.
But the digital wallet is envisioned to be held close to the holder, released only with the user’s consent. The wallets themselves may, in at least some form, be mandated by the EU’s member states, he said.
The European Commission’s goal is for 80 percent of Europeans to own a digital wallet securely tied to their legal identity by 2030.
“With massive citizen adoption and relying parties’ acceptance, you immediately have a critical mass that you can tap into and can start building/developing services for these individuals and onboard more businesses for a variety of use cases,” Kuhlmey said.
But with a centralized, personalized trove of data, the security risks of having all that information in one place remain elevated. A breach or compromise means that bad actors don’t get access to just one piece of sensitive data; they get it all. Centralized databases managed by customers therefore require careful design and implementation of security measures.
Many of those databases, depending on the firm (or government agency) holding the data, could — if not properly secured — expose the information of potentially millions of users in the event of a breach.
“These are very scalable attacks,” he said.
Identity On The Edge
But he said there’s another option embraced by firms, such as IDEMIA, known as “identity on the edge.”
It’s a design philosophy that lets sensitive information be encrypted and stored on the user’s device or at an agency, for example, but not anywhere else (and not in a centralized database). Such an approach could prevent hackers from performing scalable attacks.
According to Kuhlmey, users would be able to secure their wallets with many authentication factors and through encryption. There’s precedent for such an approach as IDEMIA has a mobile ID wallet product that is up and running in Latin America.
Biometrics uniquely ensure that the right user is indeed behind the device’s screen. It is biometrics, he said, that acts as the authentication factor to release information. Consumers can fine tune just how they want biometrics to be introduced into the process, perhaps for high-value or highly sensitive exchanges of information or actual monetary transactions.
Biometrics will prove especially important during the onboarding steps, in which an authority may issue a digital identity to the wallet of a holder to enable certain services, and the authority wants to make sure the information and devices are indeed bound to a real, live person.
The emerging use cases will make it possible to use the digital wallet as a digital “vault” of sorts for trusted IDs, he said.
Picture, then, the individual who goes to rent a car and can share their driver’s license, insurance or other data with the agency in order to secure the rental.
In the case of online interactions, the additional “trust layer” can also enable someone to share vital information with a provider. For example, a user could use their ID wallet to share healthcare information during a telemedicine appointment (and along the way, verify the credentials of the nurse or doctor), he said.
The playing field will be leveled for more companies to leverage new services around the trusted environment created through the digital identity.
The digital wallet initiatives are still in the proposal stage, although Kuhlmey estimated that we’ll be seeing an accelerating rollout through the EU after the regulation is adopted next year.
“Interoperability standards will be key in achieving the critical mass needed for wallet adoption,” he noted.
Taking a page from the GDPR standards, we’ll see coverage spanning hundreds of millions of people.
The digital wallet, he said, is “aligned with the values of high security, high usability and very strong privacy protection … we can very easily envision a future where this digital identity works in Europe — but also works across borders and with international standards.”