Banks prepare to issue myGov compatible digital identities

Everyday Australians will be able to use their mobile and internet banking credentials to sign into government services online under a bold new digital identity push that could quickly leapfrog state and federal efforts.

The Reserve Bank of Australia (RBA) has confirmed that the first version of a quietly orchestrated framework for a new federated identity credential known as “TrustID” has been completed, and will interoperate with a similar scheme being run by the Digital Transformation Agency (DTA).

The new banking identity credential is a major victory for payments regulators because it overcomes decades of internecine squabbling between major institutions amid fears a successful first mover would extract a big competitive advantage.

The RBA, alongside the powerful Payment Systems Board and the Australian Payments Council (which includes banks and schemes), have been cajoling major institutions to get their act together on issuing interoperable digital identity credentials for at least a decade.

Used in conjunction with online card payments as well as other online transactions, the use of digital identity has the potential to seriously reduce payments fraud worth more than $470 million a year that are largely passed through to merchants.

Like the introduction of the real time New Payments Platform, banks had largely stalled the development of an industry-wide digital identity credential because they were not on the hook for escalating online losses, much to the frustration of regulators.

Now, in a move reminiscent of the imposition of real-time transactions through regulatory intervention to overcome institutional inertia, the RBA has again augmented an industry-wide fix to get banks to adopt new technology.

“In June, the APC [Australian Payments Council] reached a significant milestone by completing the first version of a ‘TrustID’ digital identity framework. The [Reserve] Bank, in its capacity as an APC member, was involved in the development of the framework and, along with other participants, helped fund the project,” the Payment Systems Board annual report reveals.

“The TrustID framework sets out various requirements to facilitate the emergence of an interoperable network of competing digital identity solutions in Australia.

“The intention is that a digital identity established by a private sector provider under the TrustID framework will eventually be able to be used to access government services, and vice versa.”

While no timeline is spelled out in the PSB's report, the creation of the framework acts to light a fire under institutions and payment schemes to start integrating TrustID into their transactional, customer onboarding and security ahead of a looming payment system review slated for 2020.

In the event banks continue to shun a federated digital identity option, the RBA and Australian Securities and Investments Commission have the live option of forcing banks to soak up online fraud losses rather than foisting liability onto merchants.

“The [TrustID] framework is designed to allow individuals to establish their digital identity online with a preferred service provider and then to use those credentials to prove who they are when interacting online with businesses, including when making online payments,” the PSB wrote.

The emergence of TrustID also reveals that Treasury is not prepared to gamble on the DTA’s myGovID or Australia Post’s competing DigitaliD credential being widely adopted by the financial services sector that has now been given an implicit deadline to aggressively ratchet down fraud.

A critical element of the creation of an RBA-backed digital identity is that banks will no longer be able to point the finger at the bureaucracy’s sometimes challenged efforts to spur adoption of government digital credentials that have periodically been politically weaponised.

The Howard government had tried to get a social services ‘Access Card’ up and running in its last term, a project that would have put a smartcard chip and photo onto based the existing chipless Medicare Card.

That project was then scuttled after Labor dubbed it an Australia Card Mk2, with the outsourcing of Medicare payments processing painted-up as a target two elections ago in what became known as ‘Mediscare’.

At the most recent election Labor remained non-committal on the future of digital identity until the final days of the campaign, until its necessity and public acceptance was questioned by Ed Husic, who also took aim at the data security and need for open banking.

With the future of the DTA and its projects an open question prior to the last election, what has now become clear is that Australia’s central bank and payments regulators determined they needed their own digital option in the event others fell by the wayside.

With the NPP’s PayID now being increasingly adopted, and the Commonwealth Bank recently revealing it will use government facial biometrics holdings for know-your-customer checks, the run-up by other banks to start using digital identities like TrustID is set to sharply accelerate.