Mastercard joins with Australia Post on digital identity, but who's using what is deeply unclear

Mastercard has announced a surprise digital identity partnership with Australia Post that will see the post office’s slow-moving Digital iD product somehow integrated into Mastercard’s, as the global credit card giant faces intense local regulatory pressure over soaring online fraud rates.

In an announcement that comes just two days after the Reserve Bank of Australia again put the boot into local retail banks and card schemes over Australia’s messy digital identity landscape, Mastercard said it had now entered digital identity trials with both Australia Post and Deakin University.

Details around the mechanics of Mastercard’s latest digital identity plays — described as an “in market pilot” — are sorely lacking, with apparently two concurrent virtue-signalling efforts underway at once.

The biggest question is whether Mastercard is locally signing onto Post’s Digital iD service, or Australia Post is adopting a Mastercard product for established Digital iD.

Adding Mastercard to Australia Post’s customer brag book for digital identity would be a coup for the government-owned enterprise, which has found it next to impossible to sell Digital iD into retail banks who are under siege on multiple fronts from regulators.

But just what is on offer isn’t really clear, even with Australia Post’s taciturn general manager of digital identity products and services, Regis Bauchiere, providing a thoroughly workshopped insight in Mastercard’s announcement.

"Australia Post is delighted to participate in this pilot, which will help raise awareness about digital identity in Australia and provide our Digital iD users access to a larger variety of uses,” Bauchiere said.

“Complementing our participation in the Trusted Digital Identity Framework, it also positions Digital iD as the only identity provider offering our communities access to both government and private sector services.”

But how it does any of that that has been left hanging.

Conspicuously, Mastercard’s biggest issuer, the Commonwealth Bank of Australia, is not mentioned in the announcement, nor what impact the new Mastercard or Australia Post trials could have on its customers.

On Tuesday, Reserve Bank of Australia Governor of the Reserve Bank of Australia, Philip Lowe, singled out the CBA for a public lashing, sharply criticising Australia’s largest institution for stalling the uptake of the New Payments Platform, the creation of which was fiercely opposed by Mastercard and Visa.

In the same speech, Dr Lowe also put the boot into slow and confused progress on the digital identity front.

“Today, our digital identity system is fragmented and siloed, which has resulted in a proliferation of identity credentials and passwords. This gives rise to security vulnerabilities and creates significant inconvenience and inefficiencies, which can undermine development of the digital economy,” Dr Lowe told the AusPayNet Summit this week.

“These generate compliance risks and other costs for financial institutions, so it is strongly in their interests to make progress here.

"It is fair to say that a number of other countries are well ahead of us in this area.”

Dr Lowe also called out the twin-headed nature of the digital ID frameworks, namely financial sector’s digital ID sandpit, dubbed the ‘TrustID’ framework, developed by the Australian Payments Council; and the federal government-led Trusted Digital Identity Framework, that ropes in the Digital Transformation Office, Centrelink, Tax and myGov transactions.

Where the government’s long-suffering digital ID project is headed is a little opaque at the moment.

Last week Prime Minister Scott Morrison not only removed the head of the department formerly known as Human Services (now Service Australia) but then merged the entire agency into the Department of Social Security, with the DTA coming along for the roller coaster ride.

What is known is that a lot more will be known after the Thodey Review into the public service is released, with the PM previously saying it would ship this week after he necked five senior mandarins and four departments.

There is at least a little more detail on the Mastercard digital identity “pilot” with Deakin University.

According to Mastercard, the “initial phase…featured student volunteers testing an identity verification process for student registration and digital exams at the Burwood and Geelong campuses in Victoria.”

How they actually did that isn’t revealed. But there is a full quota of buzzwords, resplendent in their lack of firm commitment and detail.

“We’re delighted to partner with Mastercard in this first trial to test concepts that can one day deliver intelligent, future-focused solutions ready to respond to a digital world's needs,” said William Confalonieri, Deakin’s chief digital officer.

“The pilot aligns with our institution’s digital-first strategy to improve the user experience and we look forward to the concept moving into other trial environments.”

Mastercard’s militaresque sounding ‘president of cyber and intelligence’, Ajay Bhalla, reckons the whole thing is a bit of a challenge.

“Our increasingly digital life – the way we transact and interact – has challenged our traditional notions of identity, trust and privacy. We need a new model,” Bhalla said.

 “We believe that this starts with a commitment to the responsible handling of personal information, giving consumers control over which data is used and how it is used to verify their identity.”

Or perhaps it starts with addressing Australia’s monstrous online card fraud losses that are now more than $470 million a year for card-not-present, with Mastercard and Visa obscuring the split between credit and debit losses.

Neither Mastercard or its issuing banks wear those losses, instead passing through the vast bulk of them to merchants who pay handsomely to use their payment systems, who then have to pass though those costs to consumers in prices.

Perhaps if the liability for those online losses changed, there’d be more appetite and speed in adopting digital identities.