360 458 iStock 103191981 LARGE

December 2016

Two perspectives on identity management

 

iStock 000005913775Medium 1Advances in ID Technology

Over the past 20 years, we’ve experienced exponential change and advances in technologies and policy for driver’s licenses in North America. These advances have occurred not only in regards to the physical changes of the document, but also in the ways in which the services surrounding the issuance of a driver’s license are delivered—from where the license is printed to how a citizen renews or requests associated services.

On the physical side, we’ve seen licenses move from a “cut and paste” Polaroid-type photo in a laminate pouch to a digital print-on-demand model, which allows many citizens to receive their license almost instantly using PVC and composite cards. In terms of card personalization, we have seen an increase in the use of pigment inks to provide a more durable color solution for resistance to sunlight and fading. That said, the biggest trend has been the transition to polycarbonate card substrates and laser engraving due to the extreme durability and unique security features that incorporate variable data during the personalization process.

The need for better validation promoted new machine-readable technologies, including standards for magnetic stripes and 2D barcodes. Additionally, enhanced driver’s licenses (EDLs) have enabled citizens to more easily cross borders by adopting the standards seen in the passport card using the UHF chip between the United States, Canada and Mexico.

Furthermore, the REAL ID Act of 2005 brought forth new mandates surrounding the management of driver’s license data and how states share data across borders. This has had a big impact on reducing the number of duplicate driver’s licenses issued in the United States. Biometrics, of course, have also become a standard to help secure the identity of citizens and prevent duplicates in DMV databases.

Today we see states and provinces integrating a variety of Security at the Time of Personalization (STOP) features into their license programs. These features use variable biographical data and produce unique physical security aspects that make the documents more difficult to falsify.

So where do we go from here—what will the next 20 years hold? Security will continue to be top of mind. DMVs will continue to establish a trusted infrastructure that can validate the authenticity of the driver’s license or ID card. This will provide document integrity and validate where the document specifically came from. 

iStock 000005913775Medium 2The Next 20 Years of Identity Management

I like to use the banking industry as an example for how I see the future of identity management evolving. Personal banking has gone from cash, to checks, to debit and credit cards, to internet banking, and now, mobile pay. I view identity management in a similar way in that it’s going to evolve into a variety of things as technology advances.

When you look at airlines, they went from requiring a paper boarding pass to allowing the use of a mobile boarding pass. At first, I was leery about connectivity issues with the mobile boarding pass, but once I realized I could save the boarding pass to my smartphone’s “wallet,” I didn’t need to worry about connectivity.

When it comes to the adoption of the mobile driver’s license (mDL), if we can’t authenticate it, then we can’t trust it. I need to be able to rely upon it 100 percent, whether I’m getting IDed at the grocery store or boarding a plane. The big linchpin with the mDL is the authentication piece. In order to authenticate a person’s identity, I need a way to verify with the source. Being able to verify the information with the source in real time allows us to have more confidence in the information that’s presented and makes it more difficult to commit fraud. For example, AAMVA’s DLDV program is one way we could connect the mDL to the source for real-time verification.

We tested a digital watermark reader with the mDL pilot in Iowa, which required another smartphone to read the device. In the future, I envision something similar to a barcode reader that doesn’t need connectivity to work in order to verify the app is legitimate and to extract the information from it.

In order for the mDL to be successful and adopted in the future, it needs to be better than what the plastic license is today. We’re still in the infancy phase. People need to get used to the concept that the plastic license may not be the best mechanism to use to solely identify someone; being able to verify information with the source adds value and is better than the stagnant piece of plastic, which is only updated every five to eight years and has security features that are not universal across jurisdictions.

Will we still have cash and paper checks in 20 years? We will. Will we have plastic licenses? We will. There will still be a demand for the plastic license until technology and connectivity can be relied upon 100 percent for mobile identification. Retailers also need to have the technology to read mDLs. In the meantime, I see mobile identification as a tool to supplement the plastic license and an opportunity to become more consistent across North American jurisdictions and around the world.

All in all, we’ve been doing a better job of managing identities and securing identities. In the last 20 years, our ID fraud cases have dropped 70 percent in Iowa. We’ve made significant improvements in managing and securing identities, and with the mobile technology it will only get better in the next 20 years.