Co-chaired by:
Jukka Yliuntinen, Giesecke+Devrient and Jenny Ahlqvist, SpareBank 1
Core Team:
Kevin Faragher, TD Bank, Stephan Mietke, Association of German Banks and Peter Fjelbye, Nets
February 2020
How to Make Digital Identity a Success: Insights and Learnings from Seven Digital ID Schemes
A Report from Mobey Forum’s Digital ID Expert Group
| ALASTRIA | ITSME | e-ESTONIA | NemID | BankID | Verimi | Verified.Me | |
|---|---|---|---|---|---|---|---|
| Official name of the scheme | Alastria ID | itsme | e-Estonia | NemID | BankID | Verimi | Verified.Me, by SecureKey Technologies Inc. |
| Country | Spain | Belgium | Estonia | Denmark | Norway | Germany | Canada |
| Members / participants of the scheme | Cross-industry led | Bank and MNO | Government led | Bank and government led | Bank led | Cross-industry led | Cross-industry led |
| Format of the scheme (company, governmental body, non-profit organization, other) | Not for profit | For profit | Not for profit | Governmental body | For profit | For profit | For profit |
| Live since | Not live yet | 2017 | 2002 | 2010 | 2004 | 2018 | 2019 |
| Sectors where services are offered? | The Alastria members offer different services. Sectors include: banking & financial services, insurance, venture capital, logistics, telecoms, retail, education, legal, mining, construction. We have agreements to collaborate with treasury and digital admin- land registry, notary etc. | Four basic services: 1) Share ID data 2) Log in 3) Confirmation of an action 4) Sign documents with legally binding and qualified signature. | Multiple from governmental to municipal and private sector. Also, e-residency card program for non-citizens. | Various financial services offered by the banks, gambling sites, access to national e-post box, health information, registration of properties in official registers, tax declaration, access to self-service universe in the public sector called borger.dk, application to subsidies for students and un-employed workers. | Authentication and qualified signatures. | Verimi is an open platform and offers its services for all industry sectors, including regulated sectors such as banking & financial services, telecommunication, insurance, education, mobility, and also the public sector. Verimi provides different levels of identification and user authentication services as well as qualified electronic signatures (QES) and payment functionalities. | Verified.Me is a digital identity and attribute sharing network. The service simplifies identity verification processes. |
| Numbers of users (penetration of eligible population)? | Some proof of concepts deployed - not production services yet. | 1,500,000 users, growing at 80,000 new users per month. | 98% of the population of 1.3m citizens have national electronic ID cards (minors not included). | 5.1m active users out of a population on 5.8m citizens (88%) penetration (over 15yrs old). | More than 4m; 93 % penetration (over 18 year old population). | N/A | N/A |
Executive summary
This report from Mobey Forum’s Digital ID Expert Group presents a comparative overview of seven digital ID schemes across Europe and North America. It provides insights and comments on the evolution of the schemes, their varying models and management, technological underpinnings and the services they provide to users.
The report also takes a broader look into the future, exploring the potential for cross-border integration together with the challenges and opportunities this presents, and provides high level commentary and observations from the Expert Group.
The purpose of the report is to furnish stakeholders with a broader awareness of how digital ID is evolving across the world and to provide some key considerations on how to build sustainable frameworks for digital identity.
A new kind of Expert Group report
Given the nature of the subject matter, it is fitting that the mode of publication for this report adopts an all-digital format. The ‘raw’ findings of the study are presented here, in a categorised and tabulated format to enable the reader to perform detailed scheme-by-scheme comparisons. This approach is then complemented by category summaries, which take the form of ‘Commonalities and Differences’. Finally, in pursuit of an even broader view – one that reaches beyond the data and supports reasoned speculation on the likely future direction of digital ID – the Expert Group also offers a third, higher-level narrative, which is presented in the following ‘Viewpoint Analysis’.
By presenting the study findings across these three levels of content it is hoped that the data, the takeaways and with the Expert Group’s anticipated future direction for digital ID are all equally accessible to you, the reader, so you may be able to quickly zero-in on the kind information you need, according to your desired level of granularity.
Methodology
The ID scheme data referenced was sourced by the members of Mobey Forum’s Digital ID Expert Group in 2019. Data was collected via a combination of written surveys, email and verbal interviews conducted with established contacts at each of the represented schemes.
The schemes that are featured were selected from an original shortlist of fourteen targets, according to their willingness to collaborate and participate in the report.
The shortlist was compiled by Mobey Forum’s Digital ID Expert Group, with a view to exploring as broad a cross-section of schemes as possible, according to a variety of factors including scheme maturity, geography, structure, and commercial vs governmental origin.
Executive summary
This report from Mobey Forum’s Digital ID Expert Group presents a comparative overview of seven digital ID schemes across Europe and North America. It provides insights and comments on the evolution of the schemes, their varying models and management, technological underpinnings and the services they provide to users.
The report also takes a broader look into the future, exploring the potential for cross-border integration together with the challenges and opportunities this presents, and provides high level commentary and observations from the Expert Group.
The purpose of the report is to furnish stakeholders with a broader awareness of how digital ID is evolving across the world and to provide some key considerations on how to build sustainable frameworks for digital identity.
A new kind of Expert Group report
Given the nature of the subject matter, it is fitting that the mode of publication for this report adopts an all-digital format. The ‘raw’ findings of the study are presented here, in a categorised and tabulated format to enable the reader to perform detailed scheme-by-scheme comparisons. This approach is then complemented by category summaries, which take the form of ‘Commonalities and Differences’. Finally, in pursuit of an even broader view – one that reaches beyond the data and supports reasoned speculation on the likely future direction of digital ID – the Expert Group also offers a third, higher-level narrative, which is presented in the following ‘Viewpoint Analysis’.
By presenting the study findings across these three levels of content it is hoped that the data, the takeaways and with the Expert Group’s anticipated future direction for digital ID are all equally accessible to you, the reader, so you may be able to quickly zero-in on the kind information you need, according to your desired level of granularity.
Methodology
The ID scheme data referenced was sourced by the members of Mobey Forum’s Digital ID Expert Group in 2019. Data was collected via a combination of written surveys, email and verbal interviews conducted with established contacts at each of the represented schemes.
The schemes that are featured were selected from an original shortlist of fourteen targets, according to their willingness to collaborate and participate in the report.
The shortlist was compiled by Mobey Forum’s Digital ID Expert Group, with a view to exploring as broad a cross-section of schemes as possible, according to a variety of factors including scheme maturity, geography, structure, and commercial vs governmental origin.
Introduction
The effects of digitalisation are evident in almost every corner of our global economy. As our collective reliance on technology continues to grow so too does our need to establish robust, secure and user-friendly ways of verifying our individual identities, digitally. The evolution of digital ID schemes around the world presents huge opportunities for a wide range of stakeholders from individual consumers, to technology and other service providers, banks and governments. As we enter 2020, it is fair to say that the field of digital ID is in varying stages of maturity. In a bid, therefore, to expand Mobey Forum’s knowledge and awareness of the various trends and opportunities in this important field, our Digital ID Expert Group has conducted an in-depth, collaborative study with seven of the most prominent Digital ID schemes across Europe and North America.
Understanding digital identity
For the purposes of this report, the term ‘digital identity’ is defined as a collection of information about an individual, organization or device that exists online (or in a network) and is the digital equivalent to ‘real’ identity documentation. In this report we focus specifically on digital identity schemes that cover individual, physical persons.
Introduction
The effects of digitalisation are evident in almost every corner of our global economy. As our collective reliance on technology continues to grow so too does our need to establish robust, secure and user-friendly ways of verifying our individual identities, digitally. The evolution of digital ID schemes around the world presents huge opportunities for a wide range of stakeholders from individual consumers, to technology and other service providers, banks and governments. As we enter 2020, it is fair to say that the field of digital ID is in varying stages of maturity. In a bid, therefore, to expand Mobey Forum’s knowledge and awareness of the various trends and opportunities in this important field, our Digital ID Expert Group has conducted an in-depth, collaborative study with seven of the most prominent Digital ID schemes across Europe and North America.
Understanding digital identity
For the purposes of this report, the term ‘digital identity’ is defined as a collection of information about an individual, organization or device that exists online (or in a network) and is the digital equivalent to ‘real’ identity documentation. In this report we focus specifically on digital identity schemes that cover individual, physical persons.
Viewpoint Analysis
Despite the globalising effects of digital technology, much of our digital existence remains geographically specific. As both individuals and as communities, we will always have a physical presence somewhere in the world, regardless of how ‘global’ our connected technologies enable us to become. To this end, we increasingly need digital services to support our local activities as well as enabling our borderless lives online.
From local to global
It is little surprise, then, to learn that most of the major digital ID schemes investigated in this report have developed distinctly localised approaches.
This inward focus has, until now, made a lot of sense. All of the schemes aim to deliver ID services that are legally recognised, which means they operate under the auspices of national governments and populations. Perhaps more fundamentally, the recruitment of a regular user base is also a necessary first priority for an ID scheme, and each has to start from somewhere.
That the seven also share common use-cases like digital authentication, digital signing and access to e-banking, is also no surprise. Indeed the provision of authentication to banking services is consistently represented across the board. These services represent the intersection of daily usefulness (and therefore likely rapid adoption by users) and ease-of-deployment, thanks to the existing depth of verified KYC data that banks and financial service providers already hold on their customers.
About the schemes
Commonalities & differences
- The schemes reveal a strong weighting toward private sector-led initiatives, with only one scheme, e-Estonia, being 100% government-led.
- All schemes aim to provide national ID services, with the exception of Verimi, which is planned to operate across borders.
- All schemes aim to deliver ID services that are legally recognised and enable secure digital transactions.
- While variations in use-cases are evident, all schemes typically focus on user authentication and digital signing services.
Use drop down navigation below to adjust the best view for your device.
| ALASTRIA | ITSME | e-ESTONIA | NemID | BankID | Verimi | Verified.Me | |
|---|---|---|---|---|---|---|---|
| Official name of the scheme | Alastria ID | itsme | e-Estonia | NemID | BankID | Verimi | Verified.Me, by SecureKey Technologies Inc. |
| Country | Spain | Belgium | Estonia | Denmark | Norway | Germany | Canada |
| Members / participants of the scheme | Cross-industry led | Bank and MNO | Government led | Bank and government led | Bank led | Cross-industry led | Cross-industry led |
| Format of the scheme (company, governmental body, non-profit organization, other) | Not for profit | For profit | Not for profit | Governmental body | For profit | For profit | For profit |
| Live since | Not live yet | 2017 | 2002 | 2010 | 2004 | 2018 | 2019 |
| Sectors where services are offered? | The Alastria members offer different services. Sectors include: banking & financial services, insurance, venture capital, logistics, telecoms, retail, education, legal, mining, construction. We have agreements to collaborate with treasury and digital admin- land registry, notary etc. | Four basic services: 1) Share ID data 2) Log in 3) Confirmation of an action 4) Sign documents with legally binding and qualified signature. | Multiple from governmental to municipal and private sector. Also, e-residency card program for non-citizens. | Various financial services offered by the banks, gambling sites, access to national e-post box, health information, registration of properties in official registers, tax declaration, access to self-service universe in the public sector called borger.dk, application to subsidies for students and un-employed workers. | Authentication and qualified signatures. | Verimi is an open platform and offers its services for all industry sectors, including regulated sectors such as banking & financial services, telecommunication, insurance, education, mobility, and also the public sector. Verimi provides different levels of identification and user authentication services as well as qualified electronic signatures (QES) and payment functionalities. | Verified.Me is a digital identity and attribute sharing network. The service simplifies identity verification processes. |
| Numbers of users (penetration of eligible population)? | Some proof of concepts deployed - not production services yet. | 1,500,000 users, growing at 80,000 new users per month. | 98% of the population of 1.3m citizens have national electronic ID cards (minors not included). | 5.1m active users out of a population on 5.8m citizens (88%) penetration (over 15yrs old). | More than 4m; 93 % penetration (over 18 year old population). | N/A | N/A |
The qualified Know Your Customer (KYC) processes that enable banks to verify individual identities have, so far, served the banks well. This is the source of ‘trust’ for most schemes, and remains rooted in the user’s existing bank credentials, which are most commonly established via physical visits to branches and nowadays also via digital onboarding solutions that banks, for example, have started to deploy.
The confidence established in bank credentials also plays well to banks potential future role as guardians of their customers’ digital identities beyond financial services. The depth of their KYC processes should continue to be a priority focus for banks looking to position – and differentiate – themselves in this space in the future. Unlike other stakeholder groups that are challenged either to develop ID services that will attract users, or to recruit sufficient users to their scheme in order to reach critical mass, banks already have both a ready-made userbase and an ID service (e-banking access) that is in popular demand. This puts the banks in a uniquely a strong position to facilitate the launch of national ID schemes together with supporting their wider development over time.
Identity schemes in focus
For these reasons (with the exception of e-Estonia, which is a 100% government-led scheme with mandatory citizen adoption), banks and financial institutions have enjoyed significant roles in all of the digital ID schemes reviewed. Some, indeed (including NemID, BankID, ITSME for example) are either partly or wholly operated by private sector financial organisations. At the same time it is important to note that also e-Estonia has very strong participation from the financial sector and online banking is one of its most used digital ID services.
Finding the right starting point
Just because authentication to e-banking has been the most prominent service across the seven schemes in this study, does not necessarily make it the default starting point for any scheme. More important is to find a compelling use case that requires everyday engagement by users, and focus on using digital ID to enhance that process. This could be e-banking authentication, it could equally be something else specific to the individual market in question.
How are the schemes used?
Use drop down navigation below to adjust the best view for your device.
Commonalities & differences
- Authentication to e-banking is the by far most prominent service.
- Enrolment is, for the most part, performed online with e-Estonia being the notable exception; this is also only scheme providing physical token (identity card) to represent digital identity.
- Existing banking credentials are being widely used as the principal means of initial identification.
- The inclusion of access to health records, together with other governmental services like taxes and benefits, is notably supported in the Nordic markets of Denmark and Norway, unlike elsewhere.
- Approaches to managing costs vary. Norway’s BankID used cost savings as an initial jumping off point, whereas the government-led e-Estonia scheme mandates that users pay €25 charge at a police station in order to obtain the validation required to enrol. It is also important to note, however, that in Estonia’s case the physical identity card provided is also a valid travel document.
| ALASTRIA | ITSME | e-ESTONIA | NemID | BankID | Verimi | Verified.Me | |
|---|---|---|---|---|---|---|---|
| Which services, enabled by digital ID, are used most frequently? | Not live yet | Transactions: 33% Gov, 66% private Public sector: Authentication. Private sector: KYC, Bank & insurance login, payment orders & payment confirmation and document signing. Operator: KYC, Subscription change, helpdesk. Health: access to sensitive data | Online/mobile banking - 99% banking services apply digital ID. Digital signatures feature heavily. - Social security services, including e-prescriptions and I-voting (44% of users voting applied digital identity in the last elections). - 99% of public sector services can use e-identity. - 67% of the citizens actively use digital ID cards. - Loyalty features available on digital ID identity cards. Merchants integrate loyalty schemes. | Total number of transactions pr. month: 70 m Bank: 40 m equivalent to : 58% Private: 15 m equivalent to: 21% Public: 15 m equivalent to: 21% | Private sector most popular. - Authentication to internet banking & payment services. - Access to different bank accounts. Same digital ID applicable to governmental services. Govermental services in second place. -Customer authentication. - Users can alter destination account for receipt of government money and order doctor appointments and prescriptions. - Government uses digital postbox to send information to the public e.g. military information to youth, cancer registration and health checks etc. | Private services established, public services in development. - Customer account creation, e.g. transfer of verified data in regulated sectors (AML-compliant onboarding) -Account aggregation - Secure single sign-on, inc. bank account login, customer accounts etc. - AMLD and eIDAS-compliant ID and verification to facilitate “one-click registration” - Authentication, incl. PSD2 compliant 2FAaaS. - Payments (guaranteed direct debit). - Digital signatures, incl. qualified electronic signatures (QES). | N/A |
| What are the reasons for users (consumers / businesses) to use digital ID instead of physical services or other means? | All members can create services they believe will be useful for their customers. | New services: corporate access management for remote working, IoT (not really protected today). Today people are using Itsme to make their lives easier. | Digital identity allows for attributes, which pysical ID doesn't. New services: public transportation and parking, significant cost-benefit in e-banking | Mandatory consumer adoption due to public sector digitalization (to reduce cost). Broader, more convenient access delivers a win – win situation. Mandatory Digital Post services for citizens and business is an example of the digitisation initiatives. | Digital services are more efficient and available 24/7. | Convenience for consumers (B2C) and conversion for businesses (B2B). New services: Digital/online verification services and improved digital processes (one-click registration) facilitate simplified customer on-boarding and check-out procedures, via stored and re-used (verified) digital identities. | Time savings. Increased privacy, security and convenience.Seamless UX that is as safe as it is easy to use. Cost savings (for service providers). 50% reduction in onboarding process, tens of millions saved if 15% shift service provider interactions from physical to online. |
| Enrolment processes; how is it done, what requirements? | Enrolment via one of the services providers on Alastria. | Completely mobile process, rooted to banking app. Confirm identity info via bank credentials. Choose PIN code and activate with touch and face ID. | Obtain five year validation from police, costing 25 EUR. Re-applying can then occur online. Minimum age: 15 yrs old. | Remote and physical enrolment is done based on KYC. | Through internet bank customer proofing. Physical presence and a valid passport is required. The customer data is verified though the bank’s customer database and/or Norwegian citizens registry. BankID Merchant certificate obtained via an online portal provided by Vipps (former BankID Norge). Bank issues based on the required KYC and AML. | Account creation completed online, login requires username password. Consumers and businesses can choose from a selection of different online identification services, i.e. eID, (e.g. new German ID card), Video-Ident, Bank/AML-Ident (re-use of existing identification), as well as auto ident and photo ident for use cases that do not require AML compliance. | Download the app or use within a web browser, and follow a step-by-step process for users to connect with their financial institution. |
E-Estonia is the exception, being government-led (although strongly supported by financial and other private sectors). It is important for banks to recognise, however, that when the government services demand that consumers validate their ID using another authority (and even require them to pay for the privilege), this does not form a barrier to adoption: 95% of Estonia’s population participate in e-Estonia.
Is branding needed for digital identity?
There appears to be consensus that creating a brand for each digital ID scheme is important, certainly in the early stages as adoption is building to critical mass. Whether separate brands are required to address consumer and service providers remains an open question, the answer to which is likely to depend on the unique specificities of each audience group in each market. While the importance of marketing is recognised, it is not fully applied universally, and different strategies exist for raising awareness and establishing the schemes’ brands. Certainly, for consumer-facing services a marketing focus on convenience and security is paramount.
Marketing
Commonalities & differences
- With the exception of Alastria, all schemes see the value in branding the scheme as an individual entity. e-Estonia has established both local and international brand names which it says has assisted in raising awareness of the scheme.
- Broad variations in the schemes approaches to marketing are apparent, ranging from no requirement at all (due to participating stakeholders managing the communication) to fulsome marketing designed to drive adoption.
Use drop down navigation below to adjust the best view for your device.
| ALASTRIA | ITSME | e-ESTONIA | NemID | BankID | Verimi | Verified.Me | |
|---|---|---|---|---|---|---|---|
| Does Digital ID require a unique brand name? (e.g. creating a separate entity like Itsme in Belgium and branding under that name) | Don't know - too early to take a view. | Yes | Yes. There are international and local brands that have helped establish the service. | Yes | Yes | Yes | Yes |
| Do you run any marketing for the Digital Identity? Or for the services enabled by Digital Identity? | Alastria members to do the most marketing by positioning the service with their customer. | Position the brand but no marketing campaigns have yet been done. Partner enrolment and support raises awareness. | Some - aimed at the 1/3 of the population that are not using the electronic identity cards. Also some marketing for new services, like i-voting and for e-residency. | None. The banks and DIGST communicate about the solution. Nets supports these activities and communicates to private service providers. | Some - recently for digital signing to engage youth and create critical mass. | Yes, for digital ID as well as connected use cases at the side of our partners through advertising campaigns. | Fullsome marketing and communications to launch Verified.Me. Success relies on consumers signing up for and using the service. Marketing is a key vehicle to achieve this. |
| Who would be the right target groups for the marketing (consumer, service providers)? | Service providers. | Unspecified. So far the scheme has more demand for business partners than it can handle. | Consumers and service providers. | Both consumers and service providers. | Primarily consumers and then service providers. | Consumers and service providers. | Consumers and service providers. |
| What is the main focus in marketing? Usage/brand/simplicity/? | N/A | Usage and benefits. | Simplicity, security and use cases. Your digital identity (passport). | Conveying convenience and security as well as trust (e.g. no tracking, no data selling). | Education on the service |
Collaborate to succeed
As well as the enabling role that banks play, it is also important to recognise that six of the seven schemes are based on models of collaboration (with e-Estonia also strongly emphasizing its cooperative approach), comprising a combination of government, banking and telco organisations. This collaborative model is here to stay. With it, many of the schemes have already achieved significant success, both in terms of user enrolment and service provider acceptance.
And as the schemes mature, new services will be introduced that will require greater collaboration with a wider range of stakeholders. This is already evident in the Nordic and Belgian markets, where the ITSME, NemID and BankID schemes are well established, the domestic populations enjoy a high level of digital literacy and the major stakeholder groups such as government, transport and healthcare are equally advanced.
Level of collaboration
Commonalities & differences
- Most schemes operate a collaborative model
- Typically, schemes are driven and coordinated by a single stakeholder.
- Top management has been consistently involved in both policy creation and steering of development.
Use drop down navigation below to adjust the best view for your device.
| ALASTRIA | ITSME | e-ESTONIA | NemID | BankID | Verimi | Verified.Me | |
|---|---|---|---|---|---|---|---|
| Does Digital ID require a unique brand name? (e.g. creating a separate entity like Itsme in Belgium and branding under that name) | Don't know - too early to take a view. | Yes | Yes. There are international and local brands that have helped establish the service. | Yes | Yes | Yes | Yes |
| Do you run any marketing for the Digital Identity? Or for the services enabled by Digital Identity? | Alastria members to do the most marketing by positioning the service with their customer. | Position the brand but no marketing campaigns have yet been done. Partner enrolment and support raises awareness. | Some - aimed at the 1/3 of the population that are not using the electronic identity cards. Also some marketing for new services, like i-voting and for e-residency. | None. The banks and DIGST communicate about the solution. Nets supports these activities and communicates to private service providers. | Some - recently for digital signing to engage youth and create critical mass. | Yes, for digital ID as well as connected use cases at the side of our partners through advertising campaigns. | Fullsome marketing and communications to launch Verified.Me. Success relies on consumers signing up for and using the service. Marketing is a key vehicle to achieve this. |
| Who would be the right target groups for the marketing (consumer, service providers)? | Service providers. | Unspecified. So far the scheme has more demand for business partners than it can handle. | Consumers and service providers. | Both consumers and service providers. | Primarily consumers and then service providers. | Consumers and service providers. | Consumers and service providers. |
| What is the main focus in marketing? Usage/brand/simplicity/? | N/A | Usage and benefits. | Simplicity, security and use cases. Your digital identity (passport). | Conveying convenience and security as well as trust (e.g. no tracking, no data selling). | Education on the service |
The business side: management & monetisation
While pricing for some business models was unavailable, it is interesting to note that more mature schemes have taken the step to publish their price lists. Typically, a per-transaction fee or an annual per-user fee (or a combination) is charged to the service provider using the scheme. Notably, having trialled a structure that charged users per-transaction, one scheme discovered that this was inhibiting usage so transitioned to a service provider fee model that is tailored to the number of users.
European regulation prohibits the majority of schemes from collecting and using data for commercial gain. Many of the schemes have also taken policy decisions in this regard, to respect the privacy of their users (and to guard against the risk of reputational damage that can occur from monetising user data). That said, there may be scope for this revenue stream to be developed, depending on the body, as anonymised data collected with informed user consent becomes more plentiful.
The broader question over who pays for the service – the user or the service provider –will be determined by those that organise and administrate the scheme. Results of the survey indicate however that service providers benefit from digital identity and are, therefore, also willing to pay for it.
Monetisation
Commonalities & differences
- All schemes rely on service provider fees for commercial support.
- None directly monetise user data, however, some provide identity data to merchants to enable ID verification.
Use drop down navigation below to adjust the best view for your device.
| ALASTRIA | ITSME | e-ESTONIA | NemID | BankID | Verimi GmbH | Verified.Me | |
|---|---|---|---|---|---|---|---|
| What is the business model you are using – per use fee, (monthly/annual) subscription fee, per transaction or other models? | Not for profit. The network is free for members until a certain level, analyzing if then members must pay per transaction. Membership fees – NGO & academia free of charge, €500 (startup), €5000 for medium sized companies, €10 000 for large. | Service providers bear the cost. Customer per-transaction fees were trialled then dropped - they detered engagement. Annual subscription model for for unlimited usage now opted. The range of fees is large: the scheme has a regressive tariff depending on the number of users. | Government invested in the infrastructure (ID card issuance, public service acceptance, underlying IT). Est. 2% GDP saving annually. Certification body charges fees from banks and service providers on a per query basis. | Private Service Providers pay 0.13 EUR pr. transaction or 0.43 EUR per user/year. Public and banking sectors have specific contracts and pay for development, maintenance and operation. | Vipps handles sales and distribution to merchants and public sector service providers. Transparent price list for merchants inc: certificate, monthly subscription and transaction fees. public sector pricing agreed via dedicated service contracts. | Fee for business users (var. monthly + per transaction). One-off compensation for ID providers (per user), when contributing an identity to the platform. | The application is free for consumers to download, through their App store or Google Play. Data rates may apply. |
| Who pays for the service: consumer, service provider or others? | Service povider | Service provider | Service provider | Service provider | Service provider | Service provider | Service provider |
| Are you monetising data, any examples? | No. As a Trust Service Provider there is potential to enrich data capture, but not to monetise. | Not for governmental bodies. Private sector can collect information e.g. on logins to banking services, but it is not known whether this data has any relevance for monetization. | No | No. | No. | No neither collecting nor monetising consumers’ data. Trusted connections may collect/monetize but only with user's informed consent. |
In Norway, via BankID, a wholly digitised solution is in the pipeline which would entirely remove the lifecycle management costs of physical cards from the model, reducing the overhead required to maintain the scheme. This would, however, require every user to have digital access and have the skills to manage their identity digitally. New business contingencies would also need also to be put in place to support a 100% digital system.
From a management perspective, the notion of digital identity has largely been assessed from internal point of view, perhaps due to the seniority of decisionmakers – i.e. How to engage parties? Who pays and who earns? How to position competitively in the market for digital identity solutions? Conversely, little focus appears to have been applied to questions relating to the end-user: What does an optimal user experience look like? What are the most relevant services for the population? This is an area that will require increasing attention as the schemes develop, particularly since user-centricity has become a defining force in digital service design.
What’s next?
Beyond delivering basic services, more advanced digital identity models, such as self-sovereign identity and multi-identity management, are much less widely represented. These have been introduced by more mature schemes, in Nordics and Belgium for example, which suggests that adoption elsewhere will follow, as the other schemes become more sophisticated over time.
While all schemes have a mobile variant, some can be described as ‘mobile dominant’, reflecting that mobile devices are becoming the default environment to use and manage digital identity. The services provided by collaborative, multi-stakeholder schemes are popular, particularly when user-access to services is easily accessible via mobile devices.
The cross-border conundrum
Collaboration across national borders is what many consider to be the natural next step for Digital ID. The digital or online world is rarely constrained by borders; we routinely trade goods and services internationally using digital systems, and data available on the internet (with a few exceptions) is freely accessible, globally. Why shouldn’t a German digital ID be useable in France, Norway or Canada? Now that all the schemes operate through the mobile channel (with some clearly championing a ‘mobile first’ strategy) the market pressure to deliver on this simple premise continues to grow year on year. Unlike the idea, however, the reality is fraught with complexity.
It is clear that all the schemes are bound by some form of regulatory standard, both for electronic identity and data privacy. These regulations, which provide restrictions over the actions of the schemes, act principally to help them establish legitimacy – a key factor for successful adoption, both by service providers and users.
Given that all of the schemes have developed from their local market, legal harmonisation will be crucial in enabling cross-border and domestic (cross-market) interoperability.
From a technical and regulatory perspective, Europe is playing an active role. The recent introduction of the eIDAS regulation which promotes cross-border consistency provides a foundation for wider adoption of digital identity. This EU regulation mandates that ID schemes must comply to a standard framework for electronic signatures which, in theory, will make it usable across the whole of the EU. As a result, participating governments will be able to accept a foreign digital identity to provide access to its services as needed.
Cross border potential & regulatory considerations
Commonalities & differences
- All schemes based in Europe must abide by EU regulations including GDPR, eIDAS, PSD2 SCA, AML5 and others. Verified.Me operates according to Canada’s Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA).
- All schemes must also operate in compliance to domestic regulations.
- Nordic schemes have been specifically designed to be domestic-only services. Others have either been designed to be open to cross border integration, or are exploring their potential.
Use drop down navigation below to adjust the best view for your device.
| ALASTRIA | ITSME | e-ESTONIA | NemID | BankID | Verimi | Verified.Me | |
|---|---|---|---|---|---|---|---|
| Did you consider this to be cross-border? If so how? | Focused on Spain, but blockchain is innately cross-border. Alastria is a member of EC’s International Association for Trusted Blockchain Applications (INATBA) and is participationg actively on EBP's EBSI project in particular as coconvenor of ESSIF (European Self Sovereign Identity Framework) use case. | Conceived initially as a national initiative but developed with cross-border potential. Test market will be Luxemburg. Also looking at other markets in Europe. | In the beginning designed for Estonia internally only; step by step by adjusting the Estonian file type carrying signatures to an internationally adjustable format the crossborder aspects became more relevant. Compliant with EU regulation, including eIDAS. | Not applicable - Danish solution. | Not applicable - Norwegian solution. | National scheme but potential to internationalise. | Has plans to launch the service in countries outside of Canada. |
| Are there cross-border aspects to be considered? Challenges? | How to establish critical mass in the new market? Finding common use-cases and positioning for adoption. | Maturity of the infrastructure and acceptance varies within EU. Some countries are more private sector driven and others public sector. | Compatibility issues in tech, standards, civil registration numbers, assurance levels, evaluation criteria. Culture and historical issues impact cooperation and trust in governmental institutions. Local presence also needed. | Challenges include: • different applications of eIDAS regulation. • different national regulatory requirements. • different national ID-documents. • different status quo of digitalisation of public sector services. | Identity is sovereign: every country wants service to be accountable locally rather than via an offshore corporation. Second, identity is cultural: what works in one country will seldom work unchanged in another. Understanding the nuance in identity management between countries is key. | ||
| Did you consider this to be cross-border? If so how? | Focused on Spain, but blockchain is innately cross-border. Alastria is a member of EC’s International Association for Trusted Blockchain Applications (INATBA) and is participationg actively on EBP's EBSI project in particular as coconvenor of ESSIF (European Self Sovereign Identity Framework) use case. | Conceived initially as a national initiative but developed with cross-border potential. Test market will be Luxemburg. Also looking at other markets in Europe. | In the beginning designed for Estonia internally only; step by step by adjusting the Estonian file type carrying signatures to an internationally adjustable format the crossborder aspects became more relevant. Compliant with EU regulation, including eIDAS. | Not applicable - Danish solution. | Not applicable - Norwegian solution. | National scheme but potential to internationalise. | Has plans to launch the service in countries outside of Canada. |
More work needs to be done before the various European schemes can converge. Each scheme is bound by domestic regulations which, by definition, vary from market to market, and sometimes also contradict legislation defined at the EU level. Legal harmonisation is also just part of the integration picture. The schemes are also challenged by their different business models, and by not sharing a common underlying infrastructure. With these factors in mind, interoperability remains distant, and long-term collaboration will be needed to achieve it. Thanks to the consolidation of financial systems that has already taken place in the Nordic countries, however, cross border interoperability restricted to that specific region may be a nearer term possibility.
Technology choices
Commonalities & differences
- All schemes have based their solutions on either Public Key Infrastructure, or blockchain technology.
Use drop down navigation below to adjust the best view for your device.
| ALASTRIA | ITSME | e-ESTONIA | NemID | BankID | Verimi | Verified.Me | |
|---|---|---|---|---|---|---|---|
| Did you consider this to be cross-border? If so how? | Focused on Spain, but blockchain is innately cross-border. Alastria is a member of EC’s International Association for Trusted Blockchain Applications (INATBA) and is participationg actively on EBP's EBSI project in particular as coconvenor of ESSIF (European Self Sovereign Identity Framework) use case. | Conceived initially as a national initiative but developed with cross-border potential. Test market will be Luxemburg. Also looking at other markets in Europe. | In the beginning designed for Estonia internally only; step by step by adjusting the Estonian file type carrying signatures to an internationally adjustable format the crossborder aspects became more relevant. Compliant with EU regulation, including eIDAS. | Not applicable - Danish solution. | Not applicable - Norwegian solution. | National scheme but potential to internationalise. | Has plans to launch the service in countries outside of Canada. |
| Are there cross-border aspects to be considered? Challenges? | How to establish critical mass in the new market? Finding common use-cases and positioning for adoption. | Maturity of the infrastructure and acceptance varies within EU. Some countries are more private sector driven and others public sector. | Compatibility issues in tech, standards, civil registration numbers, assurance levels, evaluation criteria. Culture and historical issues impact cooperation and trust in governmental institutions. Local presence also needed. | Challenges include: • different applications of eIDAS regulation. • different national regulatory requirements. • different national ID-documents. • different status quo of digitalisation of public sector services. | Identity is sovereign: every country wants service to be accountable locally rather than via an offshore corporation. Second, identity is cultural: what works in one country will seldom work unchanged in another. Understanding the nuance in identity management between countries is key. | ||
| Did you consider this to be cross-border? If so how? | Focused on Spain, but blockchain is innately cross-border. Alastria is a member of EC’s International Association for Trusted Blockchain Applications (INATBA) and is participationg actively on EBP's EBSI project in particular as coconvenor of ESSIF (European Self Sovereign Identity Framework) use case. | Conceived initially as a national initiative but developed with cross-border potential. Test market will be Luxemburg. Also looking at other markets in Europe. | In the beginning designed for Estonia internally only; step by step by adjusting the Estonian file type carrying signatures to an internationally adjustable format the crossborder aspects became more relevant. Compliant with EU regulation, including eIDAS. | Not applicable - Danish solution. | Not applicable - Norwegian solution. | National scheme but potential to internationalise. | Has plans to launch the service in countries outside of Canada. |
Where there’s a will, there’s a way
Ultimately it is up to those stakeholders that organise and administrate the schemes to work to establish trust between them. If this can be accomplished, then a meaningful level of co-operation could well be possible without forfeiting compliance to each scheme’s domestic regulations. Just as important is the shared will of decision makers influencing the management and direction of the schemes. Close collaboration between relevant parties, and the strong endorsement from the top management of each participating entity, are vitally important factors for success. These conditions create interoperability almost by default, because the motivations of contributing stakeholders are aligned, as is the collective will to contribute and drive the scheme towards common targets.
Viewpoint Analysis
Despite the globalising effects of digital technology, much of our digital existence remains geographically specific. As both individuals and as communities, we will always have a physical presence somewhere in the world, regardless of how ‘global’ our connected technologies enable us to become. To this end, we increasingly need digital services to support our local activities as well as enabling our borderless lives online.
From local to global
It is little surprise, then, to learn that most of the major digital ID schemes investigated in this report have developed distinctly localised approaches.
This inward focus has, until now, made a lot of sense. All of the schemes aim to deliver ID services that are legally recognised, which means they operate under the auspices of national governments and populations. Perhaps more fundamentally, the recruitment of a regular user base is also a necessary first priority for an ID scheme, and each has to start from somewhere.
That the seven also share common use-cases like digital authentication, digital signing and access to e-banking, is also no surprise. Indeed the provision of authentication to banking services is consistently represented across the board. These services represent the intersection of daily usefulness (and therefore likely rapid adoption by users) and ease-of-deployment, thanks to the existing depth of verified KYC data that banks and financial service providers already hold on their customers.
About the schemes
Commonalities & differences
- The schemes reveal a strong weighting toward private sector-led initiatives, with only one scheme, e-Estonia, being 100% government-led.
- All schemes aim to provide national ID services, with the exception of Verimi, which is planned to operate across borders.
- All schemes aim to deliver ID services that are legally recognised and enable secure digital transactions.
- While variations in use-cases are evident, all schemes typically focus on user authentication and digital signing services.
| ALASTRIA | ITSME | e-ESTONIA | NemID | BankID | Verimi | Verified.Me | |
|---|---|---|---|---|---|---|---|
| Official name of the scheme | Alastria ID | itsme | e-Estonia | NemID | BankID | Verimi | Verified.Me, by SecureKey Technologies Inc. |
| Country | Spain | Belgium | Estonia | Denmark | Norway | Germany | Canada |
| Members / participants of the scheme | Cross-industry led | Bank and MNO | Government led | Bank and government led | Bank led | Cross-industry led | Cross-industry led |
| Format of the scheme (company, governmental body, non-profit organization, other) | Not for profit | For profit | Not for profit | Governmental body | For profit | For profit | For profit |
| Live since | Not live yet | 2017 | 2002 | 2010 | 2004 | 2018 | 2019 |
| Sectors where services are offered? | The Alastria members offer different services. Sectors include: banking & financial services, insurance, venture capital, logistics, telecoms, retail, education, legal, mining, construction. We have agreements to collaborate with treasury and digital admin- land registry, notary etc. | Four basic services: 1) Share ID data 2) Log in 3) Confirmation of an action 4) Sign documents with legally binding and qualified signature. | Multiple from governmental to municipal and private sector. Also, e-residency card program for non-citizens. | Various financial services offered by the banks, gambling sites, access to national e-post box, health information, registration of properties in official registers, tax declaration, access to self-service universe in the public sector called borger.dk, application to subsidies for students and un-employed workers. | Authentication and qualified signatures. | Verimi is an open platform and offers its services for all industry sectors, including regulated sectors such as banking & financial services, telecommunication, insurance, education, mobility, and also the public sector. Verimi provides different levels of identification and user authentication services as well as qualified electronic signatures (QES) and payment functionalities. | Verified.Me is a digital identity and attribute sharing network. The service simplifies identity verification processes. |
| Numbers of users (penetration of eligible population)? | Some proof of concepts deployed - not production services yet. | 1,500,000 users, growing at 80,000 new users per month. | 98% of the population of 1.3m citizens have national electronic ID cards (minors not included). | 5.1m active users out of a population on 5.8m citizens (88%) penetration (over 15yrs old). | More than 4m; 93 % penetration (over 18 year old population). | N/A | N/A |
The qualified Know Your Customer (KYC) processes that enable banks to verify individual identities have, so far, served the banks well. This is the source of ‘trust’ for most schemes, and remains rooted in the user’s existing bank credentials, which are most commonly established via physical visits to branches and nowadays also via digital onboarding solutions that banks, for example, have started to deploy.
The confidence established in bank credentials also plays well to banks potential future role as guardians of their customers’ digital identities beyond financial services. The depth of their KYC processes should continue to be a priority focus for banks looking to position – and differentiate – themselves in this space in the future. Unlike other stakeholder groups that are challenged either to develop ID services that will attract users, or to recruit sufficient users to their scheme in order to reach critical mass, banks already have both a ready-made userbase and an ID service (e-banking access) that is in popular demand. This puts the banks in a uniquely a strong position to facilitate the launch of national ID schemes together with supporting their wider development over time.
Identity schemes in focus
For these reasons (with the exception of e-Estonia, which is a 100% government-led scheme with mandatory citizen adoption), banks and financial institutions have enjoyed significant roles in all of the digital ID schemes reviewed. Some, indeed (including NemID, BankID, ITSME for example) are either partly or wholly operated by private sector financial organisations. At the same time it is important to note that also e-Estonia has very strong participation from the financial sector and online banking is one of its most used digital ID services.
Finding the right starting point
Just because authentication to e-banking has been the most prominent service across the seven schemes in this study, does not necessarily make it the default starting point for any scheme. More important is to find a compelling use case that requires everyday engagement by users, and focus on using digital ID to enhance that process. This could be e-banking authentication, it could equally be something else specific to the individual market in question.
How are the schemes used?
Commonalities & differences
- Authentication to e-banking is the by far most prominent service.
- Enrolment is, for the most part, performed online with e-Estonia being the notable exception; this is also only scheme providing physical token (identity card) to represent digital identity.
- Existing banking credentials are being widely used as the principal means of initial identification.
- The inclusion of access to health records, together with other governmental services like taxes and benefits, is notably supported in the Nordic markets of Denmark and Norway, unlike elsewhere.
- Approaches to managing costs vary. Norway’s BankID used cost savings as an initial jumping off point, whereas the government-led e-Estonia scheme mandates that users pay €25 charge at a police station in order to obtain the validation required to enrol. It is also important to note, however, that in Estonia’s case the physical identity card provided is also a valid travel document.
| ALASTRIA | ITSME | e-ESTONIA | NemID | BankID | Verimi | Verified.Me | |
|---|---|---|---|---|---|---|---|
| Which services, enabled by digital ID, are used most frequently? | Not live yet | Transactions: 33% Gov, 66% private Public sector: Authentication. Private sector: KYC, Bank & insurance login, payment orders & payment confirmation and document signing. Operator: KYC, Subscription change, helpdesk. Health: access to sensitive data | Online/mobile banking - 99% banking services apply digital ID. Digital signatures feature heavily. - Social security services, including e-prescriptions and I-voting (44% of users voting applied digital identity in the last elections). - 99% of public sector services can use e-identity. - 67% of the citizens actively use digital ID cards. - Loyalty features available on digital ID identity cards. Merchants integrate loyalty schemes. | Total number of transactions pr. month: 70 m Bank: 40 m equivalent to : 58% Private: 15 m equivalent to: 21% Public: 15 m equivalent to: 21% | Private sector most popular. - Authentication to internet banking & payment services. - Access to different bank accounts. Same digital ID applicable to governmental services. Govermental services in second place. -Customer authentication. - Users can alter destination account for receipt of government money and order doctor appointments and prescriptions. - Government uses digital postbox to send information to the public e.g. military information to youth, cancer registration and health checks etc. | Private services established, public services in development. - Customer account creation, e.g. transfer of verified data in regulated sectors (AML-compliant onboarding) -Account aggregation - Secure single sign-on, inc. bank account login, customer accounts etc. - AMLD and eIDAS-compliant ID and verification to facilitate “one-click registration” - Authentication, incl. PSD2 compliant 2FAaaS. - Payments (guaranteed direct debit). - Digital signatures, incl. qualified electronic signatures (QES). | N/A |
| What are the reasons for users (consumers / businesses) to use digital ID instead of physical services or other means? | All members can create services they believe will be useful for their customers. | New services: corporate access management for remote working, IoT (not really protected today). Today people are using Itsme to make their lives easier. | Digital identity allows for attributes, which pysical ID doesn't. New services: public transportation and parking, significant cost-benefit in e-banking | Mandatory consumer adoption due to public sector digitalization (to reduce cost). Broader, more convenient access delivers a win – win situation. Mandatory Digital Post services for citizens and business is an example of the digitisation initiatives. | Digital services are more efficient and available 24/7. | Convenience for consumers (B2C) and conversion for businesses (B2B). New services: Digital/online verification services and improved digital processes (one-click registration) facilitate simplified customer on-boarding and check-out procedures, via stored and re-used (verified) digital identities. | Time savings. Increased privacy, security and convenience.Seamless UX that is as safe as it is easy to use. Cost savings (for service providers). 50% reduction in onboarding process, tens of millions saved if 15% shift service provider interactions from physical to online. |
| Enrolment processes; how is it done, what requirements? | Enrolment via one of the services providers on Alastria. | Completely mobile process, rooted to banking app. Confirm identity info via bank credentials. Choose PIN code and activate with touch and face ID. | Obtain five year validation from police, costing 25 EUR. Re-applying can then occur online. Minimum age: 15 yrs old. | Remote and physical enrolment is done based on KYC. | Through internet bank customer proofing. Physical presence and a valid passport is required. The customer data is verified though the bank’s customer database and/or Norwegian citizens registry. BankID Merchant certificate obtained via an online portal provided by Vipps (former BankID Norge). Bank issues based on the required KYC and AML. | Account creation completed online, login requires username password. Consumers and businesses can choose from a selection of different online identification services, i.e. eID, (e.g. new German ID card), Video-Ident, Bank/AML-Ident (re-use of existing identification), as well as auto ident and photo ident for use cases that do not require AML compliance. | Download the app or use within a web browser, and follow a step-by-step process for users to connect with their financial institution. |
E-Estonia is the exception, being government-led (although strongly supported by financial and other private sectors). It is important for banks to recognise, however, that when the government services demand that consumers validate their ID using another authority (and even require them to pay for the privilege), this does not form a barrier to adoption: 95% of Estonia’s population participate in e-Estonia.
Is branding needed for digital identity?
There appears to be consensus that creating a brand for each digital ID scheme is important, certainly in the early stages as adoption is building to critical mass. Whether separate brands are required to address consumer and service providers remains an open question, the answer to which is likely to depend on the unique specificities of each audience group in each market. While the importance of marketing is recognised, it is not fully applied universally, and different strategies exist for raising awareness and establishing the schemes’ brands. Certainly, for consumer-facing services a marketing focus on convenience and security is paramount.
Marketing
Commonalities & differences
- With the exception of Alastria, all schemes see the value in branding the scheme as an individual entity. e-Estonia has established both local and international brand names which it says has assisted in raising awareness of the scheme.
- Broad variations in the schemes approaches to marketing are apparent, ranging from no requirement at all (due to participating stakeholders managing the communication) to fulsome marketing designed to drive adoption.
| ALASTRIA | ITSME | e-ESTONIA | NemID | BankID | Verimi | Verified.Me | |
|---|---|---|---|---|---|---|---|
| Does Digital ID require a unique brand name? (e.g. creating a separate entity like Itsme in Belgium and branding under that name) | Don't know - too early to take a view. | Yes | Yes. There are international and local brands that have helped establish the service. | Yes | Yes | Yes | Yes |
| Do you run any marketing for the Digital Identity? Or for the services enabled by Digital Identity? | Alastria members to do the most marketing by positioning the service with their customer. | Position the brand but no marketing campaigns have yet been done. Partner enrolment and support raises awareness. | Some - aimed at the 1/3 of the population that are not using the electronic identity cards. Also some marketing for new services, like i-voting and for e-residency. | None. The banks and DIGST communicate about the solution. Nets supports these activities and communicates to private service providers. | Some - recently for digital signing to engage youth and create critical mass. | Yes, for digital ID as well as connected use cases at the side of our partners through advertising campaigns. | Fullsome marketing and communications to launch Verified.Me. Success relies on consumers signing up for and using the service. Marketing is a key vehicle to achieve this. |
| Who would be the right target groups for the marketing (consumer, service providers)? | Service providers. | Unspecified. So far the scheme has more demand for business partners than it can handle. | Consumers and service providers. | Both consumers and service providers. | Primarily consumers and then service providers. | Consumers and service providers. | Consumers and service providers. |
| What is the main focus in marketing? Usage/brand/simplicity/? | N/A | Usage and benefits. | Simplicity, security and use cases. Your digital identity (passport). | Conveying convenience and security as well as trust (e.g. no tracking, no data selling). | Education on the service |
Collaborate to succeed
As well as the enabling role that banks play, it is also important to recognise that six of the seven schemes are based on models of collaboration (with e-Estonia also strongly emphasizing its cooperative approach), comprising a combination of government, banking and telco organisations. This collaborative model is here to stay. With it, many of the schemes have already achieved significant success, both in terms of user enrolment and service provider acceptance.
And as the schemes mature, new services will be introduced that will require greater collaboration with a wider range of stakeholders. This is already evident in the Nordic and Belgian markets, where the ITSME, NemID and BankID schemes are well established, the domestic populations enjoy a high level of digital literacy and the major stakeholder groups such as government, transport and healthcare are equally advanced.
Level of collaboration
Commonalities & differences
- Most schemes operate a collaborative model
- Typically, schemes are driven and coordinated by a single stakeholder.
- Top management has been consistently involved in both policy creation and steering of development.
| ALASTRIA | ITSME | e-ESTONIA | NemID | BankID | Verimi | Verified.Me | |
|---|---|---|---|---|---|---|---|
| IF YES | YES | YES | YES | YES | YES | YES | YES |
| How is the collaboration organised? What types of organisations are involved? | Collaboration on the maintanance and development of the platform. Five people directly employed. | itsme is owned by four banks and three MNO. Banks deliver ID info, MNO's provide access to the SIM card and the secure element. | Initiated by governmental sector, but collaboration from the very beginning between government, telcos and banks. For example the Certification Authority of the PKI system has been managed by the private sector entity (banks&telcos) and once scheme was established multiple agencies and private sector actors have embraced the scheme and it has become very much collaborative. | Nets owns the Scheme apart from a few services (nemid.nu, PID, RID and LDAP search functionality). Nets has agreements with the banks and with DIGST. Nets is responsible for development, maintenance, and operation. | Solution is owned by the banks (and the mobile ID part by the telco). Collaboration between bank, telco and government. | Supported by alliance of international companies. Shareholders contribute expertise in financial services, mobility, e-government, media, telecoms, travel, technology, consumer devices. | Verified.Me is a service offered by SecureKey Technologies Inc. The Verified.Me service was developed in cooperation with Canada’s major financial institutions. |
| At what level in the organizations is the collaboration agreed on? | Innovation departments, operations. | Board, members of executive committee. | Top executive levels in multiple governmental agencies and private sector companies. | Top level management | Board level | Board level | C-Suite and innovation departments. |
The business side: management & monetisation
While pricing for some business models was unavailable, it is interesting to note that more mature schemes have taken the step to publish their price lists. Typically, a per-transaction fee or an annual per-user fee (or a combination) is charged to the service provider using the scheme. Notably, having trialled a structure that charged users per-transaction, one scheme discovered that this was inhibiting usage so transitioned to a service provider fee model that is tailored to the number of users.
European regulation prohibits the majority of schemes from collecting and using data for commercial gain. Many of the schemes have also taken policy decisions in this regard, to respect the privacy of their users (and to guard against the risk of reputational damage that can occur from monetising user data). That said, there may be scope for this revenue stream to be developed, depending on the body, as anonymised data collected with informed user consent becomes more plentiful.
The broader question over who pays for the service – the user or the service provider –will be determined by those that organise and administrate the scheme. Results of the survey indicate however that service providers benefit from digital identity and are, therefore, also willing to pay for it.
Monetisation
Commonalities & differences
- All schemes rely on service provider fees for commercial support.
- None directly monetise user data, however, some provide identity data to merchants to enable ID verification.
| ALASTRIA | ITSME | e-ESTONIA | NemID | BankID | Verimi GmbH | Verified.Me | |
|---|---|---|---|---|---|---|---|
| What is the business model you are using – per use fee, (monthly/annual) subscription fee, per transaction or other models? | Not for profit. The network is free for members until a certain level, analyzing if then members must pay per transaction. Membership fees – NGO & academia free of charge, €500 (startup), €5000 for medium sized companies, €10 000 for large. | Service providers bear the cost. Customer per-transaction fees were trialled then dropped - they detered engagement. Annual subscription model for for unlimited usage now opted. The range of fees is large: the scheme has a regressive tariff depending on the number of users. | Government invested in the infrastructure (ID card issuance, public service acceptance, underlying IT). Est. 2% GDP saving annually. Certification body charges fees from banks and service providers on a per query basis. | Private Service Providers pay 0.13 EUR pr. transaction or 0.43 EUR per user/year. Public and banking sectors have specific contracts and pay for development, maintenance and operation. | Vipps handles sales and distribution to merchants and public sector service providers. Transparent price list for merchants inc: certificate, monthly subscription and transaction fees. public sector pricing agreed via dedicated service contracts. | Fee for business users (var. monthly + per transaction). One-off compensation for ID providers (per user), when contributing an identity to the platform. | The application is free for consumers to download, through their App store or Google Play. Data rates may apply. |
| Who pays for the service: consumer, service provider or others? | Service povider | Service provider | Service provider | Service provider | Service provider | Service provider | Service provider |
| Are you monetising data, any examples? | No. As a Trust Service Provider there is potential to enrich data capture, but not to monetise. | Not for governmental bodies. Private sector can collect information e.g. on logins to banking services, but it is not known whether this data has any relevance for monetization. | No | No. | No. | No neither collecting nor monetising consumers’ data. Trusted connections may collect/monetize but only with user's informed consent. |
In Norway, via BankID, a wholly digitised solution is in the pipeline which would entirely remove the lifecycle management costs of physical cards from the model, reducing the overhead required to maintain the scheme. This would, however, require every user to have digital access and have the skills to manage their identity digitally. New business contingencies would also need also to be put in place to support a 100% digital system.
From a management perspective, the notion of digital identity has largely been assessed from internal point of view, perhaps due to the seniority of decisionmakers – i.e. How to engage parties? Who pays and who earns? How to position competitively in the market for digital identity solutions? Conversely, little focus appears to have been applied to questions relating to the end-user: What does an optimal user experience look like? What are the most relevant services for the population? This is an area that will require increasing attention as the schemes develop, particularly since user-centricity has become a defining force in digital service design.
What’s next?
Beyond delivering basic services, more advanced digital identity models, such as self-sovereign identity and multi-identity management, are much less widely represented. These have been introduced by more mature schemes, in Nordics and Belgium for example, which suggests that adoption elsewhere will follow, as the other schemes become more sophisticated over time.
While all schemes have a mobile variant, some can be described as ‘mobile dominant’, reflecting that mobile devices are becoming the default environment to use and manage digital identity. The services provided by collaborative, multi-stakeholder schemes are popular, particularly when user-access to services is easily accessible via mobile devices.
The cross-border conundrum
Collaboration across national borders is what many consider to be the natural next step for Digital ID. The digital or online world is rarely constrained by borders; we routinely trade goods and services internationally using digital systems, and data available on the internet (with a few exceptions) is freely accessible, globally. Why shouldn’t a German digital ID be useable in France, Norway or Canada? Now that all the schemes operate through the mobile channel (with some clearly championing a ‘mobile first’ strategy) the market pressure to deliver on this simple premise continues to grow year on year. Unlike the idea, however, the reality is fraught with complexity.
It is clear that all the schemes are bound by some form of regulatory standard, both for electronic identity and data privacy. These regulations, which provide restrictions over the actions of the schemes, act principally to help them establish legitimacy – a key factor for successful adoption, both by service providers and users.
Given that all of the schemes have developed from their local market, legal harmonisation will be crucial in enabling cross-border and domestic (cross-market) interoperability.
From a technical and regulatory perspective, Europe is playing an active role. The recent introduction of the eIDAS regulation which promotes cross-border consistency provides a foundation for wider adoption of digital identity. This EU regulation mandates that ID schemes must comply to a standard framework for electronic signatures which, in theory, will make it usable across the whole of the EU. As a result, participating governments will be able to accept a foreign digital identity to provide access to its services as needed.
Cross border potential & regulatory considerations
Commonalities & differences
- All schemes based in Europe must abide by EU regulations including GDPR, eIDAS, PSD2 SCA, AML5 and others. Verified.Me operates according to Canada’s Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA).
- All schemes must also operate in compliance to domestic regulations.
- Nordic schemes have been specifically designed to be domestic-only services. Others have either been designed to be open to cross border integration, or are exploring their potential.
| ALASTRIA | ITSME | e-ESTONIA | NemID | BankID | Verimi | Verified.Me | |
|---|---|---|---|---|---|---|---|
| Did you consider this to be cross-border? If so how? | Focused on Spain, but blockchain is innately cross-border. Alastria is a member of EC’s International Association for Trusted Blockchain Applications (INATBA) and is participationg actively on EBP's EBSI project in particular as coconvenor of ESSIF (European Self Sovereign Identity Framework) use case. | Conceived initially as a national initiative but developed with cross-border potential. Test market will be Luxemburg. Also looking at other markets in Europe. | In the beginning designed for Estonia internally only; step by step by adjusting the Estonian file type carrying signatures to an internationally adjustable format the crossborder aspects became more relevant. Compliant with EU regulation, including eIDAS. | Not applicable - Danish solution. | Not applicable - Norwegian solution. | National scheme but potential to internationalise. | Has plans to launch the service in countries outside of Canada. |
| Are there cross-border aspects to be considered? Challenges? | How to establish critical mass in the new market? Finding common use-cases and positioning for adoption. | Maturity of the infrastructure and acceptance varies within EU. Some countries are more private sector driven and others public sector. | Compatibility issues in tech, standards, civil registration numbers, assurance levels, evaluation criteria. Culture and historical issues impact cooperation and trust in governmental institutions. Local presence also needed. | Challenges include: • different applications of eIDAS regulation. • different national regulatory requirements. • different national ID-documents. • different status quo of digitalisation of public sector services. | Identity is sovereign: every country wants service to be accountable locally rather than via an offshore corporation. Second, identity is cultural: what works in one country will seldom work unchanged in another. Understanding the nuance in identity management between countries is key. | ||
| Did you consider this to be cross-border? If so how? | Focused on Spain, but blockchain is innately cross-border. Alastria is a member of EC’s International Association for Trusted Blockchain Applications (INATBA) and is participationg actively on EBP's EBSI project in particular as coconvenor of ESSIF (European Self Sovereign Identity Framework) use case. | Conceived initially as a national initiative but developed with cross-border potential. Test market will be Luxemburg. Also looking at other markets in Europe. | In the beginning designed for Estonia internally only; step by step by adjusting the Estonian file type carrying signatures to an internationally adjustable format the crossborder aspects became more relevant. Compliant with EU regulation, including eIDAS. | Not applicable - Danish solution. | Not applicable - Norwegian solution. | National scheme but potential to internationalise. | Has plans to launch the service in countries outside of Canada. |
More work needs to be done before the various European schemes can converge. Each scheme is bound by domestic regulations which, by definition, vary from market to market, and sometimes also contradict legislation defined at the EU level. Legal harmonisation is also just part of the integration picture. The schemes are also challenged by their different business models, and by not sharing a common underlying infrastructure. With these factors in mind, interoperability remains distant, and long-term collaboration will be needed to achieve it. Thanks to the consolidation of financial systems that has already taken place in the Nordic countries, however, cross border interoperability restricted to that specific region may be a nearer term possibility.
Technology choices
Commonalities & differences
- All schemes have based their solutions on either Public Key Infrastructure, or blockchain technology.
| ALASTRIA | ITSME | e-ESTONIA | NemID | BankID | Verimi | Verified.Me | |
|---|---|---|---|---|---|---|---|
| Have you made technology choices for your scheme? | Blockchain | Public Key Infrastructure and Open ID Connect protocols. Utilises the secure element. | Public Key Infrastructure, utilises SIM secure element and IOS/Android. Cards have RFID capablilty. | Public Key Infrastructure | Public Key Infrastructure | Public Key Infrastructure | Verified.Me is built on top of the IBM Blockchain Platform which is based on Linux Foundation’s open source Hyperledger Fabric v1.2, and will be interoperable with Hyperledger Indy projects. Industry-standard federation protocols. |
| Was technology a factor in your decision to implement your scheme? | Yes, to provide a secure and privacy enforcing solution. | Yes, but services, security and simplicity were also driving factors. | Yes – it was important to encompass the requirements from both the banks and the government. | No | Yes Blockchain is a key factor in providing trust, privacy and security. |
Where there’s a will, there’s a way
Ultimately it is up to those stakeholders that organise and administrate the schemes to work to establish trust between them. If this can be accomplished, then a meaningful level of co-operation could well be possible without forfeiting compliance to each scheme’s domestic regulations. Just as important is the shared will of decision makers influencing the management and direction of the schemes. Close collaboration between relevant parties, and the strong endorsement from the top management of each participating entity, are vitally important factors for success. These conditions create interoperability almost by default, because the motivations of contributing stakeholders are aligned, as is the collective will to contribute and drive the scheme towards common targets.
Conclusions
The results and observations presented in this report indicate a clear and widespread need to establish secure and user-friendly digital identity. How to reach such a position varies, but is always rooted in the trust that the identity issuer is able to establish with each individual. This is where the banks still reign supreme. They have mastered the ability to operate at scale in highly regulated environments, under conditions that require rigorous and stringent security and identity verification procedures. This makes the banks prime candidates to be future guardians of their customers’ digital identities, potentially supporting services that stretch beyond their traditional banking and finance territory, generating new revenues as a result. It also means that, in today’s age of the data breach, they have rightfully earned the trust of their customers to perform these services.
Also clear is that schemes are successful when they provide relevant and frequently used services that are delivered in an accessible manner via good user-experience. The scheme’s ability to scale quickly, both in terms of enrolled users and number of service providers is just as important. Again, banks have a strong position, since they have multiple assets like existing KYC processes and services like banking login that users frequently access.
Unsurprisingly, mobile devices have established themselves as the preferred channel for managing digital identity. Here, it is important for banks and other stakeholders to develop an in-depth understanding of the whole mobile ecosystem, including the roles of device manufacturers and device platform vendors. This knowledge will aid their creation of strategies that will help them to secure long-term and pivotal roles as the digital identity industry continues to evolve.
The study also reveals that close collaboration between relevant parties, and the strong endorsement from the top management of each participating entity whether private or governmental, are also important factors for success. These conditions create interoperability almost by default, because the motivations of contributing stakeholders are aligned, as is the collective will to contribute and drive the scheme towards common targets.
As digital ID schemes continue to mature, the issue of cross-border interoperability will gather momentum. While EU regulation has provided the framework for interoperability, much work remains before the schemes can be harmonised to enable a seamless flow of digital identity usage over the borders. Here again banks can have important role to play.
No mention of digital services (ID-related or otherwise) is complete without mention of the ‘GAFAs’ Google, Amazon, Facebook, Alibaba/Alipay etc., together with other global, networked firms like Mastercard and Visa. Like so many other industries, these hugely powerful players have serious potential to upend the global market for digital ID. With millions of subscribed customers, no cross-border interoperability challenges to overcome, and a wealth of knowledge and expertise in the digital space, they have the potential to disintermediate other parties like banks from the digital ID value chain. Already they have stakes in some forms of digital ID, most commonly in user authentication for lower-security cloud services. Should they opt to collaborate with governments on new solutions, they could represent an instant, scalable and friction-free route to market for new ID services. How long it will take the GAFAs to reduce this lead is hard to predict; they can certainly move quickly but, equally, are unlikely to be afforded bank-beating collaborative relationships with governments any time soon.
Most importantly, banks must be cognisant of the opportunities they have to adopt critical roles in enabling and facilitating digital ID schemes, and realise that this advantageous position is likely to change soon. Perhaps sooner than they think.
Conclusions
The results and observations presented in this report indicate a clear and widespread need to establish secure and user-friendly digital identity. How to reach such a position varies, but is always rooted in the trust that the identity issuer is able to establish with each individual. This is where the banks still reign supreme. They have mastered the ability to operate at scale in highly regulated environments, under conditions that require rigorous and stringent security and identity verification procedures. This makes the banks prime candidates to be future guardians of their customers’ digital identities, potentially supporting services that stretch beyond their traditional banking and finance territory, generating new revenues as a result. It also means that, in today’s age of the data breach, they have rightfully earned the trust of their customers to perform these services.
Also clear is that schemes are successful when they provide relevant and frequently used services that are delivered in an accessible manner via good user-experience. The scheme’s ability to scale quickly, both in terms of enrolled users and number of service providers is just as important. Again, banks have a strong position, since they have multiple assets like existing KYC processes and services like banking login that users frequently access.
Unsurprisingly, mobile devices have established themselves as the preferred channel for managing digital identity. Here, it is important for banks and other stakeholders to develop an in-depth understanding of the whole mobile ecosystem, including the roles of device manufacturers and device platform vendors. This knowledge will aid their creation of strategies that will help them to secure long-term and pivotal roles as the digital identity industry continues to evolve.
The study also reveals that close collaboration between relevant parties, and the strong endorsement from the top management of each participating entity whether private or governmental, are also important factors for success. These conditions create interoperability almost by default, because the motivations of contributing stakeholders are aligned, as is the collective will to contribute and drive the scheme towards common targets.
As digital ID schemes continue to mature, the issue of cross-border interoperability will gather momentum. While EU regulation has provided the framework for interoperability, much work remains before the schemes can be harmonised to enable a seamless flow of digital identity usage over the borders. Here again banks can have important role to play.
No mention of digital services (ID-related or otherwise) is complete without mention of the ‘GAFAs’ Google, Amazon, Facebook, Alibaba/Alipay etc., together with other global, networked firms like Mastercard and Visa. Like so many other industries, these hugely powerful players have serious potential to upend the global market for digital ID. With millions of subscribed customers, no cross-border interoperability challenges to overcome, and a wealth of knowledge and expertise in the digital space, they have the potential to disintermediate other parties like banks from the digital ID value chain. Already they have stakes in some forms of digital ID, most commonly in user authentication for lower-security cloud services. Should they opt to collaborate with governments on new solutions, they could represent an instant, scalable and friction-free route to market for new ID services. How long it will take the GAFAs to reduce this lead is hard to predict; they can certainly move quickly but, equally, are unlikely to be afforded bank-beating collaborative relationships with governments any time soon.
Most importantly, banks must be cognisant of the opportunities they have to adopt critical roles in enabling and facilitating digital ID schemes, and realise that this advantageous position is likely to change soon. Perhaps sooner than they think.
Engage with us
If you would like to learn more about the Mobey Forum Digital Expert Group, or talk to us about membership to Mobey Forum please contact us.
Engage with us
If you would like to learn more about the Mobey Forum Digital Expert Group, or talk to us about membership to Mobey Forum please contact us.