RELATED CONTENT
Government insiders say digital IDs could make massive fraud events rare
When looked at through the lens of identity fraud in the United States, the pandemic has showed how poorly government systems performed in safeguarding an unprecedented emergency relief program.
On the other hand – and this hand is not steady – it has been the catalyzing event that could propel the nation into digital IDs, making government services faster, cheaper and more secure.
According to reporting by The (San Jose) Mercury News, $80 billion to $100 billion was fraudulently claimed from the $400 billion Covid Economic Injury Disaster Loan program. How much was taken with fraudulent identification schemes is to be determined, but the percentage is likely to be high.
Also disconcerting was a panel discussion June 17, sponsored by Socure, a predictive-analytics platform for digital ID verification, about how identity fraud is evolving. There were four speakers and a moderator all of whom are or have been federal or state officials.
Only journalists were invited, an atypical arrangement.
Even if there had been no gigantic economic bailout, all the millions of people suddenly interacting online with the world outside their homes would have presented rich opportunities for criminals. And that online glut of activity largely remains.
“There is more money moving through the system,” said Suzette Kent, a former federal CIO and current CEO of Kent Advisory Systems. The number of Americans online is extraordinary, and the opportunity for crime “is pervasive across all industries.”
The dangers are only going to get more sophisticated, said Linda Miller, former deputy executive director of the federal Pandemic Response Accountability Committee, part of the Council of the Inspectors General.
Now a principal at Grant Thornton, Miller said street gangs are crawling the dark web to learn how to get involved.
The panel agreed that it was not the speed at which relief money was sent to individuals and companies. It was the fact that anti-fraud measures were insufficient.
In the past, building friction into transactions has helped in some circumstances, said Jordan Burris, a former federal CIO chief of staff and now cybersecurity strategist at Socure. Those days are done.
The federal government has to “prioritize a mind-set shift,” said Burris. It is possible to use AI to spot red flags and suspicious patterns even as the speed of services increases.
Of course, there is always trust. Trust in government capabilities and competence, certainly, but also giving individuals the power to set their own varying, flexible levels of identity verification.
Kent said a person should be able to set verification parameters – friction – based on the transaction. A citizen likely (hopefully, should) choose more friction when trying to transact a tax issue, but paying entrance fees for a national park could be slick.
There is nothing remotely impossible in what the panel agreed must be done technologically to fight identity fraud. And the world saw that the federal government is capable of racing at business speed to aid the economy.
No less than the Treasury Department has sent officials out to talk about making 2022 a year of action on digital ID.
But left unsaid is that conservatives have spent a generation saying the federal government is incompetent, corrupt and too big. If recent political events are any indication, that sentiment has cemented for a large number of Americans.
Can a pilloried government win more control over personal information, even if the program is a collaboration with states and businesses? It would be asking for a lot of trust."
MORE STATES GOING DIGITAL
If more states adopt digital IDs, their range of use could be expanded, experts say.
Arizona First State to Accept Digital IDs for Air Travel
According to an announcement from Apple, Arizona has started allowing the use of digital IDs and driver's licenses at the Phoenix Sky Harbor International Airport. Other states are soon to follow.
Massive pandemic relief fraud has Congress eyeing digital IDs
Fintech platforms help US regulators weigh security benefits of digital IDs.
When the US government began offering financial aid to Americans struggling to cope with a pandemic-fueled economic collapse in 2020, the Department of Treasury and the Federal Bureau of Investigation urged Americans to be ever more vigilant about their personal information. COVID-19 scams seemed to be everywhere, and for government agencies, it became difficult to ensure that all the money it was sending out actually made it to the citizens most in need of aid—and not into the hands of bad actors.
It’s now estimated that hundreds of billions in COVID relief funds were stolen, Bloomberg reported, with no way of knowing the true cost of the losses.
It has perhaps never been clearer to the federal government how impactful it could be during times of emergency to already have trusted nationwide digital identification verification systems in place.
Unfortunately, that’s not where COVID-19 found America. Last year, McKinsey conducted an analysis of 12 countries, including the US, that provided COVID-19 aid. It found that the countries that were most successful in distributing aid to the right people were the ones that had already invested in digitizing financial infrastructure, including “the presence of a basic digital identification system with broad population coverage.” Countries like Singapore and India cover more than 80 percent of their populations with such a system; the US population coverage with digital IDs was around 70 percent in 2021.
Partly reacting to the pandemic, the US has slowly begun to ramp up that coverage so that more Americans have digital IDs. McKinsey reports that this will make it easier to provide financial aid more effectively and quickly in the future. But it also unlocks potential opportunities to provide Americans with more privacy and security than traditional IDs typically give.
For example, a driver’s license, which has become the default ID for most people in the country, has a vulnerable combination of sensitive information printed right on it: name, date of birth, and address. With digital IDs, the theory is that Americans can better protect sensitive information by relying on a QR code to share only the information needed for a transaction to be verified. This would limit the data collected by third parties that can then be seized by bad actors through data breaches—breaches that, without intervention, are predicted to cost the world $5 trillion by 2024, the United Nations reported.
In a truly digitized society, an ideal identity verification process might include none of those traditional ID features that many Americans associate with identity theft and other fraudulent activity. Socure, a leading global digital ID verification and fraud prevention platform, has helped many countries update systems and is now in talks with the US.
Socure’s Vice President of Compliance Debra Geister told Ars that the platform has been helping US regulators understand that beyond names, social security numbers, addresses, and birthdays, “there are a whole host of flavors” to identify Americans digitally, including IP addresses, mobile devices, and biometrics. Geister said that by consulting with fintech platforms like Socure, the US government can take advantage of private sector insights and inch closer to understanding how to mix all those flavors together to accurately verify “that the identity actually belongs to the person.”
The vision of the future being sold today is of a metaverse where people can travel back and forth, making transactions in virtual worlds and the real one. But experts say the only way this future will work is if people can trust that the avatars they meet online are who they say they are. That trust will depend on technologically advanced digital identity verification, Forbes Business Council reported, “adding a measure of safety, security, and privacy controls.” The same level of confidence in digital identity verification could exist for the public sector in the real world by relying on the same technology—if regulators can keep up, Geister said.
“As technology advances, we can't rely on old-school methods,” Geister told Ars.
What having a seamless digital identity looks like
Part of the US’s embrace of digital identity has already begun in the most basic way imaginable—with states launching digitized driver’s licenses. However, Bloomberg Law pointed out that nationwide adoption will depend on states “coalescing around a common standard for how the identification cards are built and used.” To get the whole country on board with digitizing identity, the federal government will likely benefit not just from states digitizing IDs but also from private sector financial technologies increasing the adoption of digitized identity verification.
One example is found in the increasingly popular forms of digital wallets. These can transform people's phone or watch into their ID so they can leave their real wallets with all their IDs and credit cards safely stored at home. The more that people get used to this easy way of providing ID, the more they will crave the same ease in all ID verification, whether it’s in the public or private sector, the thinking goes.
Evolving digital identity verification was a big trend discussed this October at the Las Vegas conference Money 20/20, where banks, major financial services technologies, nascent platforms, investors, and customers all gathered to discuss what’s most needed next in fintech innovation. As a featured speaker, JPMorgan Chase’s global head of payments, Takis Georgakopoulos, told hundreds of conference-goers why monitoring spiking consumer demand for a more seamless digital identity drove the bank to new investments this year.
“You see much more people wanting to own their digital identity across multiple different platforms, be able to use it in the way they like, and be able to interact with the platform, both online and offline, in the way that they choose, with a wallet that they choose, and currencies that will become, over time, interoperable between the real and the virtual world,” Georgakopoulos said. This and other key trends “drive a lot of our investments,” he said.
One of those investments earlier this year was in VW Pay, a digital wallet initially created for Volkswagen cars. Adit Gadgil, JPMorgan’s global co-head of technology, media, and telecommunications, told Ars that the car-based wallet solution would have remained a captive fintech system within VW, but now, JPMorgan can spin it out to be available to a wide range of car makers globally. Gadgil said that as the Internet of Things advances, the futuristic view that JPMorgan takes is one where you can pull up to a McDonald’s and pay for your food with your car or head to a gas station with pumps that detect and accept payment directly from your vehicle.
“You step out of a car, you fuel up, and off you go—you don't have to worry about the payment experience,” Gadgil told Ars. Comparing it to the marvel of Uber when it first launched and seemed to make a ride to anywhere appear out of thin air, Gadgil said that car-based wallets offer “a magical, delightful, seamless payment experience.”
It’s not just banks interested in digital identity. Chief compliance officer for the cryptocurrency exchange network Coinbase, Melissa Strait, told Money 20/20 attendees that she was also very excited about new ways that digital identity can be verified through blockchain technology initially developed to support cryptocurrency transactions.
“We can have a trustless identity, where I can know that you are a trusted party not because I know your name and your date of birth and things like that but because of the attributes you carry with you,” Strait said.
For JPMorgan, those attributes look like a mobile device or a car—or even less visible wearables that make it so that people won’t even need to carry an item to be recognized during legitimate financial transactions. “In China, they call it ‘you pay with a smile,’” Georgakopoulos said.
Challenges slowing down regulators
Although data breaches and fraud were major concerns for consumers who were shopping online in record numbers during the height of the pandemic, Strait said the growth in decentralized finance platforms in the past few years led the US government to primarily focus on anti-money laundering regulations. This, Strait said, provides challenges to traditional law enforcement investigations, which depend on knowing identifying information in order to issue subpoenas and file cases against bad actors. By taking away traditional IDs, the government has to rethink a cascade of legal processes defined by knowing names, addresses, and dates of birth of people involved in financial transactions.
“If you're removing that tool in their toolkit, that really starts to be a bit of a reframing in the way that they do their work,” Strait told conference-goers.
However, Geister told Ars she has found that US regulators also want to be able to provide aid securely and diminish fraud. It’s still very early days for regulators tackling these issues, and Geister said that to ease regulators into the future, her goal is “to help them understand the scope of what's possible” to secure an identity.
But what seems so exciting about digital IDs for fintech businesses like Socure, Coinbase, and JPMorgan appears less comfortable to regulators, Geister said. In her work, regulators aren’t even comfortable with a person's device pre-filling forms to add identifying information—a convenience Geister said consumers love.
“The regulators right now are saying, ‘No, anything that is not the consumer putting in their information is not acceptable,’" Geister said. However, lately, she sees regulators shifting course on that line of thinking and considering new ways to protect a person’s identifying information. Congress is even currently weighing a new law called the Improving Digital Identity Act, which would create a government-wide task force “to develop secure methods for governmental agencies to validate identity attributes to protect the privacy and security of individuals and support reliable, interoperable digital identity verification in the public and private sectors.”
As more people seek ways to verify their identities online and offline, for business and for government use, Geister expects that catching regulators up to financial services platforms will continue to be slow and steady.
“You think about government payments or aid programs—they don't want to stop them,” Geister told Ars. “But at the same time, that leaves them open to fraud. So I think that they're going to have to solve these problems a few at a time. I don't see them taking a massive leap.”
No comments:
Post a Comment