EXCLUSIVE: “The Digital Me” – Sanne Ketelaar, UL Solutions in ‘The Fintech Magazine’
UL Solutions is one of the gatekeepers to trust in, and global acceptance of, mobile identity, which could make all physical documents irrelevant, says the company’s Sanne Ketelaar
When Sanne Ketelaar indulged her five-year-old son in a game of ‘grocery store’ – that age-old role-play where parents act as the bumbling customer and children play the earnest cashier – she didn’t expect it to be quite so relevant to her grown-up life.
“When I got to the payment, my son held up one of those big, base Lego bricks and said, ‘OK, you can now tap to pay’. I was completely flabbergasted!” she laughs .But in this game of pretend, it was what happened next that spoke so directly to Ketelaar’s career.
“I’d bought a bottle of wine in his shop, so I said ‘hey, don’t you have to check mummy is old enough to buy this?’ That’s when I had to go and grab my physical wallet and show him my driver’s licence.”
A physical ID that unlocks a citizen’s rights – to consume alcohol, drive a car, draw down benefits or any number of other entitlements – might well be redundant by the time Ketelaar’s son reaches adulthood. And, in her role at the global safety certification company UL Solutions, she will be instrumental in driving that shift. “Over the past decade, we’ve really seen a rise of convenient digital ways to pay.
“There’s mobile pay, peer-to-peer apps, and digital banks with no physical offices,” says Ketelaar. “But we still can’t leave our physical wallet at home. For most credentials, we still need to bring our ID card to identify who we are.”
Working in the US-based global testing and certification firm’s identity management and security division, Ketelaar helps oversee certification programmes that are key to the widespread adoption of mobile digital IDs.
They promise to do away with those fumble-in-the-wallet moments for many of us, but there’s a much bigger vision driving their adoption. Mobile IDs could be instrumental in helping the United Nations hit its target of providing the entire world with a legal identity by 2030; in giving citizens access to the full panoply of public and private services from their phone; and in liberating us from the username/password tyranny that is proving so vulnerable to cybercrime.
That’s not to say there are not deeply held concerns over how, and how safely, mobile digital IDs will be delivered, but, given that more than 80 per cent of the world’s population owns a smartphone and it’s the default for managing most of our daily lives, there’s little doubt that these forms of identity will play a big part in our future.
Indeed, ABI Research forecasts that more than 850 million citizens will be equipped with a form of mobile identity by 2026, and the EU Commission is aiming for 80 per cent penetration across the EU for its cross-border digital ID scheme by 2030.Among mobile digital IDs already available, some hold social security numbers and citizenship data; others contain biometric information or your COVID vaccination code. Few have developed beyond the national level, and most aren’t yet available in a mobile wallet – as with your flight or concert tickets, for instance.
In Estonia, citizens have been receiving a digital ID at birth for the past 20 years, and it’s being used as the bedrock of the country’s drive towards full digital citizenship. In India, a staggering 99 per cent of adults (that’s 1.3 billion people) have now been issued with Aadhaar electronic IDs, used primarily to access benefits and other state services. In Germany, since 2020, people have been able to store the digital version of their national ID card on their phone.New domestic projects seem to be emerging every week.
But if digital IDs are to be as universally recognised and trusted as paper records, they need an agreed international approach, not least to make sure the technology is interoperable – and with robust testing and certification to ensure, for example, that there is no risk of a record of what you do in one area of your life being made visible to another organisation, or, indeed all of your activities revealed to one body, be it a big tech or a government.
“We’ve seen a rise of mobile pay, peer-to-peer apps, and digital banks with no physical offices. But for most credentials, we still need to bring our ID card to identify who we are”
The Verifiable Credential Data Model specification, published by the World Wide Web Consortium (W3C), already provides a standard way to express credentials on the web in a way that is ‘cryptographically secure, privacy-respecting, and machine-verifiable’. But the International Standards Organisation (ISO)’s recent ISO/IEC 18013-5:2021 protocol specifically sets a standard for mobile driver’s licences (mDLs) where much of the current activity around mobile ID is focussed. As one of the third parties used to certify that a vendor’s technology is compliant with ISO specifications, UL Solutions has already published its recommendations on how the two can be made to work together.
But the standard around mDLs is important progress, believes Ketelaar, especially in the States.
“When you purchase an age-restricted item in a store, you hand over your entire driver’s licence – which, in the US, has lots of irrelevant information for a cashier to look at, like your height, your address, your weight, your eye colour, and whether you’re an organ donor.
“The ISO standard for mDLs stipulates a data collection limitation. Only your date of birth and a facial image will be requested and shared, and the app will ask you to provide approval to share that data. Plus, you can decide whether or not you let that information be stored – by a store, for instance, for future purchases there.”
As Ketelaar points out, in theory mDLs would mean you share less data with fewer people. The ISO standard also specifies that, when using an mDL, phones should not have to be handed over – itself a privacy violation in today’s world. Instead, whoever needs to check ID, be they a cashier or a cop, has their own app to scan it with. A final useful specification is that mDLs should work when devices have no internet connection. Google, which launched an API that supports mDLs in an identity wallet with Android 11 two years ago, has hinted that a mode could one day be built into phones that allows mDLs to be scanned, even when a phone is out of battery.
Apple, meanwhile, has already integrated mDLs into its wallet app, which supports the ISO standard in multiple US states. While, in the US, big techs have focussed on working with federal and the state governments to bring mobile drivers’ licences to market, in the UK, the government has just certified two providers to generate digital ID for use in two specific use cases – applying for a job and renting a house – but it verifies against either a driving licence or a passport. As we’ve seen with past innovations, big tech integrations are crucial for building trust with consumers.
For proof of that, you only need look at biometric technology – the subject of dystopian nightmares half a decade ago, but now a technology that the majority of people use to unlock their phones and approve payments. According to Dentsu Data Lab, 74 per cent of global consumers now have a positive view of the technology.
“I think biometrics will play a key role in future digital identity solutions, helping to combat money laundering and identity fraud,” says Ketelaar. “It’s already happening in US airports, where facial recognition becomes your entry ticket into an airplane. And we’re seeing some use in financial services, with Mastercard’s new Biometric Checkout programme, for instance, where all you really need is yourself to check out.”
Mastercard has called its initiative ‘smile to pay’, which is redolent of Amazon’s ‘wave to pay’ authentication option, introduced in 2020. The Mastercard pilot scheme is currently taking place across five St Marche supermarkets in São Paulo, in partnership with the Brazilian biometric authentication firm Payface. You are the payment.
With digital ID technology racing down the tracks towards us, the next obvious step is to combine those two separate tasks that Ketelaar experience in her son’s grocery store – ID verification and payment – into one. In the analogue world, a handful of US city governments have already taken steps in that direction by offering prepaid debit cards as part of a municipal ID card (for people such as immigrants without citizenship who are unable to obtain a state driver’s licence) or as part of a driver’s licence card.
Today, virtually every transaction can be handled by a smartphone. Tomorrow, it may just be our fingers and faces that we have to remember to take with us when we pop to the shops. Ketelaar reckons it’s only a matter of time before the technology, regulation and compliance barriers to that are overcome.
“[But] it is key these systems are tested by independent third parties – from a performance, functional, and security perspective – to really make sure they’re working as they should and there is no misuse of the systems or the data that has been collected,” she says.“In the future, though, I really believe that we’ll be paying with our identity – because why would I need a separate bank account credential to do that?”
It’s a vision of a future that will please those with wallets bulging with plastic, as well as those accustomed to reordering their driver’s licence after a night out. But it might just be the death of the grocery store game.
Which toddler, after all, will derive enjoyment from watching their parents pick up a plastic banana, smile, and walk straight out of their store?
People In This Post
Companies In This Post
- EXCLUSIVE: “Paying By Numbers” – Hugh Burden, AutoRek in ‘The Paytech Magazine’ Read more
- FF Awards 2022: The results are in! Congratulations to all the Winners! Read more
- FF Virtual Arena: International Payments Read more
- EXCLUSIVE: “Easing the Squeeze” – Rowan Brewer, Paymentology in ‘The Paytech Magazine’ Read more
- ITN Business and FINTECH Circle produce news-style programme exploring the role of fintech in society Read more