IDCheck.io is now certified by the Digital Identity and Attributes Trust Framework. Here’s why it’s important.
It’s been over a year since the UK government released its Digital Identity and Attributes Trust Framework (DIATF) – a set of rules and standards for digital identity providers to follow. The Framework gives an authoritative jab to the concept of digital identity verification in the UK, or at least that’s what the UK government hopes.
As the UK market still lags significantly behind some of its European counterparts, digital identity verification has the potential to optimize the user experience and improve business efficiencies in hundreds of use cases across the UK’s public and private sector. From account opening in banking and crypto, age verification in mobility, automated check-in processes in travel, financial risk checks in gambling, and contract signing in telecommunication. The UK government has decided to start off with the release of guidelines and requirements for a few initial use cases: Right to Work, Right to Rent, and DBS Checks.
This is understandable, considering the UK’s government services are the area perhaps most in need of a digital update, as anyone who has recently tried to update their National Insurance contributions can attest. In fact, there are almost 200 different ways for people to access local and national government services in the United Kingdom, with a head-scratching 44 different sign-in methods.
Leading by example, in February 2022, the UK government rolled outs its GOV.uk One Login digital identity app. By June 2023, eight government departments were using the digital identity service, with more than 1.5 million verified identities issued. The government has pledged that by the end of 2024, most governmental services would be available via the one platform.
Identity crisis? The future of digital identity in the UK.
Why the Digital Identity and Attributes Trust Framework is important.
With the release of the Framework, the journey toward a brave new digital world in the UK has once again begun, but this time with more confidence, direction, and sense of collective buy-in.
Although it’s unlikely the British public will ever actually know what the Framework is, they will undoubtedly benefit from the guidelines and best practices contained therein, for example, whenever they open bank accounts, sign contracts, or join a gaming or crypto platform. As such, the Framework will be pivotal when businesses decide which identity service provider to choose.
In order to become certified, providers are required to adhere to rules and requirements in the following areas:
1. Ensuring products and services are inclusive
Providers should ensure everyone can use their products and services, regardless of who they are or where they’re from. Offering a wide range of accepted identity documents is key.
2. Privacy and data protection
Providers must follow data protection legislation and ensure users can easily find out why providers are collecting personal data; what it will be used for; and who it might be shared with. Providers must also receive user agreements, and let users access and update their personal data at any point.
3. Fraud management
Providers must follow best practice guidance on fraud management, from, for example the Chartered Institute of Public Finance and Accountancy. They must also be able to regularly monitor threats and fraud, and have a way of identifying, notifying, and supporting a user whose identity, attribute or account has been compromised. They must also engage in regular fraud reporting, and a way to look for suspicious activity.
Providers must have an information management system that follows an industry standard, such as ISO/IEC 27001:2017, and adhere to the principles of confidentiality, integrity, and availability.
Choosing a DIATF-certified identity verification provider is a sure-fire way of futureproofing your digital identify proofing offering in the UK market, even for use cases other than the three currently available.
As certification against the Framework requires a thorough assessment against Home Office requirements, users of any certified identity verification provider’s services can rest assured that they meet the requisite standards of safety and security regarding customers’ personal data. Equally as important are the guardrails it plants in UK infrastructure to ensure sustainable growth and widespread adoption of digital identity in the UK.
Read more about our Framework-certified digital identity verification service, IDCheck.io here.
Content Manager at IDnow
Connect with Jody on LinkedIn