23 August 2021
A series of short posts defining some aspects of the digital identity world that can be a bit… confusing.
Age Verification (AV) – this one might sound simple, but we thought running through a few different types of AV might be helpful.
AV is simply businesses making sure their customers are the correct age to buy or access products and services that are only suitable for certain age groups.
Most obviously, to buy items like alcohol or tobacco in the UK, you must be 18 or over.
But there are other cases in which a business may need to know how old you are, for example when there’s a discount for over 65s.
For online retailers, making sure their customers are the right age can be challenging. There are a few different laws in the UK that online retailers must make sure they are abiding by.
Some methods of AV do not meet these laws, for instance, self-declaration. Have you ever had to tick a box saying you’re over 18 online? Or entered your date of birth to create an account that requires you to be a certain age? That’s self-declaration, a method being used less and less online due to its inaccuracy.
Here are some other types of AV that are being used more due to their higher accuracy rate:
OneID Age Verification is an example – you use the data your bank already holds about you to prove you are the right age online. Log into your online banking, and consent to share the information. All done in under a minute, and you don’t even give away your age, just the fact that you meet whatever requirements are needed (for example, yes, I am over 18 but no, I don’t need to tell you how far over 18 I am).
Digital Identity via hard identifiers
Send a photo of your passport or birth certificate, and your age is taken from there. A pretty reliable method, other than fake documents, but a real faff considering you have to look for the document, inevitably have a panic when you can’t find it, take a photo of it once you have…
Information database checks
You enter some details about yourself such as your name, address, and age. A check is then carried out on a database such as the electoral roll, or a credit database, and if the information matches up, you’re good to go. Another great method to check your age but it does require some extra steps like information matching.
We’re proud to say that OneID is bank-verified.
But what does that actually mean?
The term bank-verified can mean different things depending on the situation it’s being used in.
In our case, when we say OneID is bank-verified, we mean that the information we use comes from a bank – making our process safe, secure, and accurate.
For example, with OneID Verified Sign-In, you use the personal information stored with your bank to sign-in online. By sharing information such as your name or age directly from your bank through OneID, the website you are signing into knows that:
- The information you’re providing is correct. They know this because it has been verified by the bank’s security processes (and banks are well known for being pretty secure!).
- The information you’re providing definitely belongs to you. They know this because you are the only person who can access your bank, logging in with your fingerprint, Face ID, or secure passwords.
Using a bank-verified service like OneID means you can easily but safely prove who you are online, building trust in our online society.
Your digital identity is a collection of personal data about you that exists online.
There’s no definitive, technical definition of digital identity across the globe, as many important organisations such as the World Bank and the World Economic Forum have their own descriptions of the concept.
Here at Digital identity Net, our definition of a digital identity is made up of 3 simple components:
- The first part of your digital identity is your digital attributes. This is any personal information that identifies you. This could be things such as your name, address, or date of birth.
- Next, those pieces of personal information go through a verification process that makes sure the information is connected to you. This verification is done by a certified party, like us, and an example of this is using your bank-verified information.
- The final piece of the puzzle is you and your authentication details. Don’t worry, it’s simpler than it sounds. Authentication just means how you prove that you are the person this verified information belongs to, and could be a password, a PIN or your fingerprint/ face ID.
So essentially, your digital identity is made up of digital attributes that identify you as an individual. This information is then verified to be true and accurate and is accessed by you whenever you need to use it through usernames, passwords, PINs or fingerprint/ face ID login.
If you have all three of these components to make up your digital identity, then it can always be used to prove who you are online safely and securely.
Identity Theft & Identity Fraud
Identity theft is what happens when someone steals your personal details so they can use your identity. Identity fraud is very similar, but the person stealing your personal information uses it for their own financial gain.
Identity fraud comes in many forms, for example, credit card fraud, tax fraud, and benefits fraud.
According to Cifas, identity fraud in the UK has increased hugely in the past few years, with 223,163 being reported in 2019.
With the world we live in being so digital, fraudsters most commonly achieve identity fraud through data leaks. This is where an organisation that holds information about you, say your name, address, and card details is involved in a data breach. Fraudsters manage to get hold of your information through the organisation’s databases and then will use it to impersonate you online, most often to spend your money.
The best way to avoid identity fraud is to make sure your personal information is always protected. One of our goals at Digital Identity Net is to help people take control of their own personal data, making sure only they ever get to use it.
To learn more about identity theft and fraud, especially if you think you may be at risk, visit the Action Fraud website where you’ll find many helpful resources.
Level of assurance
In the world of identity, a level of assurance (LOA) is the confidence you can have that the authentication of an identity is true and accurate.
Put even more simply, it’s how certain you can be that an identity check has got the identity of the person being identified correct.
But what does this mean and why does it matter?
Essentially, the higher the LOA of an identity verification method, the more likely it is to minimise fraud and improve security.
However, identity verification with higher LOA is usually more costly and time-consuming.
This means that companies who need to verify your identity (like a supermarket website that needs to verify your age to sell you a beer) often face the tough compromise between being confident you are who you say you are without ruining your online experience and adding lots of hassle into your checkout journey.
OneID’s Age Verification and Verified ID finds a balance between these two things: we offer an identity verification solution with a high LOA that also feels as easy as ABC.
Our LOA is high as we use bank-verified data (if you want to know more about what that means, we’ve got a definition for that too), and our verification process is quick and easy as all you do is log in to your online or mobile banking and share your information from there.
To find out more about LOAs and why they matter so much to us and you, you can visit the AVPA page.
We talk about your personal data a lot. How it makes up your digital identity, how valuable it is, how you should protect it, and most importantly – how it is yours.
So, just in case you’re unsure, we thought we’d talk about what personal data actually is.
Personal data is any information that relates to an individual that is identifiable. Put simply, your personal data is information that can be attributed to you or identify who you are.
Personal data identifiers are wide and varied, but some examples are:
- Your name
- Your location
- Your ID numbers, for example, your passport number
- Biometric data, meaning your fingerprint or face ID
- Health data, such as genetics
- Your racial or ethnic origin
- Your sexual orientation
The list goes on.
Personal data is important to organisations. From your doctor who needs access to a large amount of your personal data when treating you, to your favourite clothing brand who needs to know where to deliver your new boots.
However, organisations also often use your personal data for profiling. This is where organisations use personal data like search history or purchase history to create a profile for you, specifically. Organisations do this mostly for marketing purposes, but the reasons are varied. For example, a clothing site may realise you view brown shoes all the time, but never black shoes. They’ll use this information to promote all the brown shoes on their site to you. Another example would be Netflix, who will use your viewing history to suggest new shows they think you’ll enjoy.
Because of GDPR laws, organisations always need your explicit consent to use your personal data. You always have the right to object to your personal data being used if you don’t want it to be, you can find out how here.
It’s really important you know who has access to your personal data, what they’re using it for, and how they’re storing it. Most cases of identity fraud begin with a data leak – this is when an organisation is attacked, and fraudsters get hold of the personal data being stored about customers.
Most importantly, your personal data is just that – yours. You should feel comfortable and confident in the knowledge that you have control over what your personal data is used for, and our mission with OneID® is to help you get there.
To learn more about your personal data, visit the Which consumer site.