A post-COVID world means a responsibility to offer services remotely, when possible; especially if the remote-first service is cheaper, better, and faster.
One such service is identity assertion. In this day and age, there should be no reason for me to need to show up in person for you to confirm my identity, especially given that what you receive from that in-person visit is typically more expensive and lower quality than what can be achieved remotely.
In addition, the bulk of what is needed for this can be done today, relatively easily. This isn’t a change that requires rebuilding everything from scratch, just rearranging a few pieces.
We already have the ability to use passports and other identity cards remotely. Any identity card with an NFC chip can be verified remotely by a modern, ordinary smartphone using the same technology we use for contactless payments every day. When combined with a biometric ‘selfie’ scan, this provides an intuitive method to prove identity to a much higher standard than an in-person visit ever could, while ensuring greater security for the personal data under consideration.
A trickier problem is proof of residence. The opportunity here is to replace the document with a signed assertion. Instead of a utility bill, the utility provider could provide a signed statement that you’re a customer along with your address on file. This could then be verified against a Certificate Authority (CA), much like the ones maintained for NFC identity cards. Alternatively, the utility provider could be bypassed altogether and the rental agencies, estate agencies, or land registry could assume the role of the nominated agent to assert proof of address.
In the meantime, remote certification of these documents can be done by a professional person, such as a solicitor; providing most of the benefit and data protection, without requiring coordination or participation of the entity which generates the document.
Bringing it all together
Finally, you need a way to tie that identifying data to a user-generated public key. You will often need proof that the user has authorized an action such as use of their data, and the most secure way to do that remotely is a public key signature.
While in the past, this was cumbersome and error-prone, modern smartphones make generating and signing keys straightforward to use in a secure manner, like when we send encrypted messages via WhatsApp. Done right, you don’t need to know the details of how public key cryptography works, you just have to know that your ‘electronic signature’ is just like your physical signature, and you unlock it with (for example) your fingerprint.
All of the aforementioned solutions - verifying a person’s identity using a mobile phone to scan their passport, demonstrating proof of residence through a digitally signed assertion, and digital signatures with the use of a biometric confirmation through a mobile phone becoming the accepted standard - are technologies that are available to most UK residents today. While we still have a considerable distance to cover with regards to digital inclusion, it is not inconceivable to imagine a world where most people are able to drastically cut down the time, cost, and risk involved in verifying their personal data, all while raising the quality and security of the information you are receiving and processing.
This will not be a catch-all that works for every person in every scenario, but reducing the need for interaction in the ordinary case frees up capacity for those who fall through the cracks. In a world where long, winding queues need to be a thing of the past, this can make a large difference.
Nick Williamson is CEO at Qadre
To read more from #procuring4growth Campaign Week visit our landing page by clicking here.