Although some have already declared it dead, the topic of digital identity is just now picking up speed in Germany. Creating a verified digital identity that covers a wide range of cross-sector applications is a mammoth task. In the current crisis situation, we are painfully aware of how urgently we need such an identity solution. In recent years, a wide variety of providers in different sectors have been working on it.
Let's be honest: Nobody needs another login-only service
Digital identity is often associated with accounts and the associated logins. The average Internet user has about 50 different accounts, many even 100. With another Single Sign On service (SSO), the number would then rise to 101 accounts for them. In this logic, an SSO would have to offer considerable added value to replace other logins. In this context, it is hardly purposeful to have a login that only works for a bank account or only for eCommerce offers.
But digital identity is about more than that. It’s about our most personal data, about proving “I am who I say I am.” And we will all have to provide this proof online and verified much more frequently as the digitization of offers progresses. To do this, we need a service that brings everything together.
Too few use cases for verified identities?
Many of the use cases for which one needs a verified identity are in fact rather infrequent: How often do we have to go to the government office, how often do we create new bank accounts, how regularly do we have to file our tax returns or take out insurance? The frequency is low – even if you add up all these cases.
That’s why the quality of the use cases is so important:
We log in somewhere every day, increasingly with two-factor authentication, we regularly pay online via express checkout, we increasingly have to sign digitally, verify our age somewhere or re-register with services such as car-sharing providers. What if we want to view our electronic patient records?
It turns out that both the required quality of the data and the frequency of use are increasing, and with it the need for strong identification and authentication. With a verified digital identity, not only the classic – but not regularly occurring – KYC processes become easier, but also all other, low-threshold processes become more secure and faster.
Eight factors for a successful identity solution made in Germany
Digital identity offers enormous potential, but it can only succeed if the following factors are considered:
- Provide all identification methods: VideoIdent is widely used, but also has disadvantages (long queue). Likewise the eID function of the ID card (PIN forgotten?) – Therefore, we should not rely on one procedure, but bundle all these relevant methods in one platform. This way, users and companies can draw on all procedures to create a strong digital identity for a wide variety of use cases in daily use.
- Enable reuse: key to sustainable identity is the storage and reuse of identity data, even at the AMLA level. This allows users to reuse the collected ID data in the long term, available through a central interface, transparent and self-determinable for the user to handle. Ideally, users will only have to go through an ID process once and then never again.
- A login ecosystem: We didn’t want another login! True, but identification is only the first step. After all, how do you get your data once you’ve verified it and want to reuse it? A login is necessary to reuse the data with a service that requires identification. Therefore, the login is an important add-on that creates access to banking, government and car sharing.
- Creating value-added services: However, the login alone is not attractive enough. Value-added services can be linked to the digital identity, such as digital signatures or a payment procedure for services that are directly linked to identification, such as paying directly for a certificate of good conduct or a parking sticker at the public authority. This can create use cases that are more frequently frequented than pure identification.
- Choose interoperability and cooperation: No provider will be able to order the field alone. National or even European cooperation between identity providers in the provision of data is inevitably required. Always based on the data sovereignty of the users.
- Regulation paves the way: Whether PSD2, eIDAS, OZG – many of the regulatory frameworks adopted in the past are only now beginning to take effect. eIDAS sets the European framework for trust services, the Online Access Act (OZG) states that digital administrative services must be offered digitally by 2022. The mills grind slowly, but at least they are moving!
- Acting across sectors: To be attractive to users, there can no longer be silos. What good is a bank login that only works at one group of banks to the user? The digital ID must work universally in banking, insurance, telecommunications, eGovernment, eHealth – but not only in highly regulated areas, but also in low-threshold ones like eCommerce and mobility.
- Mobile first: The smartphone is the central token that everyone carries with them. The goal must be to get a derived digital identity right there.
Verimi can be one such solution – though certainly not the only one. But one thing is certain: a successful digital identity requires cooperation between providers, the private sector and politicians.
Then the ID made in Germany will also work.
Image source: unsplash.com
