Skip to main content

Doing global business: Verification challenges to prove ID across borders

(Image credit: Image Credit: Dom J / Pexels)

he global village runs to a great degree on trust. Trust in financial solvency and willingness to uphold contracts, and trust in identity. 

Having trust has never been easy. The route for increased trust between the UK and Europe has been made murkier by Brexit. While the EU and the UK face each other across a no man’s land of ‘red, white and blue’ lines of indeterminate meaning and applicability, it’s very unlikely that the United Kingdom will remove itself from every cross-border agreement or pan-European standard. 

Interestingly, just eight days after the 52 per cent decided to leave, the European Union's new Electronic Identification and Signature (eIDAS) regulation came into force, promising a new way to standardise the way electronic signatures are enforced across the EU. 

The new regulation is to be welcomed, as we urgently need to improve cross-border interactions for citizens and businesses across the continent – and beyond. As the world shrinks and trade intensifies among the global village, it’s critical that entities are able to prove their identity – and also to protect themselves against identity theft. But the new eIDAS regulation is only a step towards the goal of establishing an effective system for cross-border identity verification; there are several obstacles standing in the way of achieving this. 

Identity? It’s unBritish! 

The UK has always been reluctant to embrace the type of all-encompassing identification cards common in other European counties. Britons have always been uneasy about identity cards and voiced widespread opposition to the government’s attempt to implement the Identity Cards Act 2006. 

Partly as a consequence of the No to ID movement, the UK has developed its own systems for checking identity, but in terms of providing a single, trusted identity that can be used across all sectors they currently fall short of a universal solution. The GOV.UK/Verify programme is however moving the UK in the right direction. It’s possible, of course, to use electronic proof of identity from credit bureaux or other authorities – there are regulations to enable this – but this is a far-from-practical option for many transactions. 

Other measures of verification require people or organisation to submit copies or original documentation – a costly and time-consuming process that is completely unsuitable for today’s fast-moving world. It’s also not a certainty that the postal system will return them. Driving licences are accepted as both proof of address and proof of ID, but in effect these are ‘pseudo IDs’: they simply don’t go through enough checks to be considered robust identification. They are not truly ID, but literally, a licence to drive. 

In Europe and the wider world 

The EU’s eIDAS regulations provides a common legal framework for e-transaction and other documentation that requires some element of digital signature, but this only accounts for a fraction of all day-to-day verification that takes place within and between countries. 

Other European legislation enables countries to accept electronic IDs (EIDs) commonly in use across the EU when a foreign citizen wishes to access another country’s government services. For example in Estonia, where all government transactions and most financials ones are done electronically, citizens have EIDs which they can use to verify their identity in the UK and in other member states. This is by no means universal – countries such as Spain, France and Portugal are still some way away from implementing similar systems. 

Looking further afield and we will see that there is no electronic ID interoperability standard in the world. Even in the United States, eID is still lagging behind many other countries, although the Open Identity Exchange (of which Experian is an executive member) is working to correct this. 

As it stands, however, we are still a long way off from unifying the many disparate verification technologies in use around the world into a single, unifying standard. But, seeing that we have managed to muddle along reasonably well without one, should we really be that worried about developing a common policy and technology for ID verification? 

Time, trust and total costs – what does poor ID mean to society? 

The lack of any common standard for fast, effective and fool proof ID verification hinders trade within and between nations. It’s difficult and time-consuming it is to establish people’s identities so that they can access services in another country; we also need to consider the costs of identity theft and fraud that our fractured verification landscape is enabling in-country. 

There’s the immediate cost to business that result from poor verification techniques. Experian’s research has found that around half of UK consumers abandon an online transaction due to length and complicated ID validation and security checks.   

Finally (and for most people, this is the most important issue) there’s the problem of safety. It’s easy to forget the consumer in all of this, and it’s vital that the world of business can keep their customers’ or users’ trust.   

This requires a focus not just on technology fixes, but equally on establishing guidelines for trust. A good example of this is Facebook logins being used across multiple online services. This is a robustly technological standard, but there is nothing to verify if the user is the person actually linked to the account, or what data is being used where. 

Here we come to the heart of the matter: It’s not just about technology, but also about culture. Creating a worldwide system of cross-border identities is a difficult enough task within the EU without having to factor in the rest of the world’s own cultural approaches to identity and data.   

We believe it can be done, and we have seen tremendous progress towards our goal in just the last few years. But there are still many obstacles to overcome and questions to be resolved: for example, how safe will our virtual identities be? How do we standardise levels of security? Who is liable for data breaches and wide scale identity theft? How do we translate the vast nuances of language and its interpretation when it comes to validating an overseas identity? 

It will take time, but industries and business across the world are increasingly united in their determination to arrive at a solution. The prize, if we achieve it, will be the most powerful weapon against fraud ever developed in the online age – and the most powerful trust shield ever given to people around the globe to go about their lives to the fullest. 

Nick Mothershaw, Director ID and Fraud Solutions, at Experian

Image Credit: Dom J / Pexels

Nick Mothershaw is the Director of Fraud and Identity Solutions at Experian, wherehe has been for over a decade. He is responsible for the strategic development of Experian’s fraud and identity solutions for both the public and private sectors.