The recent article[1] about the UK governments attempts to facilitate eID for government services being handed to the
private sector made me think what is holding the eID market back?
With mobile phone and integration of connected devices technologies improving the security and user experience for digital services. The use of biometric sensors in devices require companies to relying on and to trust the device and the associated biometric
infrastructure. This is becoming an ‘implicit’ trust framework, with no 3rd party liability no the manufacturer of the biometric device. The FIDO (Fast ID Online) alliance has created a framework to exploit the biometric sensors in devices to unlock eID
credentials. However, this framework does not create an effective commercial value chain.
This is the issue that hampered NFC mobile payment deployment with multiple technical solutions but no workable commercial model. That was before the NFC card tokenisation commercial model was defined, created and deployed initially by ‘ApplePay’. This
model created an effective commercial relationship as the ‘token provider’ is paid for providing the service either each time a payment is made by consumer or the token is created. The international card schemes were key stakeholders that define, enforce
and facilitate the commercial model between card issuer and merchant acquirers for mobile NFC payments.
The need to improve how people prove their identity electronically is increasing as more services move to a digital first approach. This presents an opportunity for organisations to create these eID services coupled with Secure Customer Authentication (SCA)
PSD2 compliance requirements. However, SCA is unlikely to create a commercial model as each payment account owner is likely to rely on their own eID solutions that may use biometrics or other authentication methods.
The questions are who creates the commercial relationships for eID services and who manages the technology standards? These roles are fulfilled by the card payment schemes for the NFC ‘tokenisation’ in the mobile NFC ecosystem as well as manging its operation.
To date the biometric service available in the mass market, appear not to easily map on to a business value chain model for eID services. Technologies, such as voice or facial recognition work now but no organisations are managing the commercial relationships
and technology standards. I see this as a potential role for the card schemes in the future.
[1] https://www.computerweekly.com/news/252453631/Digital-identity-market-welcomes-plan-to-hand-Govuk-Verify-to-private-sector