Digital Identity Wallet: what you need to know
You may have read about the new wave of ‘Digital Identity Wallets’ that are about to be offered to consumers in mass markets. But what exactly is a ‘Digital Identity Wallet’? This blog aims to explain what it is, what it does and some key things for individuals to consider when using a digital wallet.
Digital wallets are a software service on a device that enable you to store your private bank details. Examples include your Apple/Google/PayPal mobile app, where you can store payment credentials; these wallets have been around for some time now. However, the new wave of Digital Identity Wallets will build on this capability by enabling individuals to add the storage of verified (or ‘verifiable’) personal/identity data (e.g., name, date of birth, address, nationality) to the wallet, so that information can easily be reapplied at a future date. They could almost be thought of as ‘data wallets’.
What is a Digital Identity Wallet?
In the EU, the regulation known as eIDAS2 will give every person eligible for a national ID card the right to have a digital identity that is recognised anywhere in the EU. This will enable “a simple and safe way to control how much information you want to share with services that require sharing of information”.
The eIDAS regulations define a digital wallet as such:
“(42) ‘European Digital Identity Wallet’ is a product and service that allows the user to store identity data, credentials and attributes linked to her/his identity, to provide them to relying parties on request and to use them for authentication, online and offline, for a service in accordance with Article 6a; and to create qualified electronic signatures and seals”
Outside the EU, there are wallets appearing in the UK that store ID data (bank apps, ‘reusable ID’ wallets). Find out more about the eIDAS 2.0 regulation in our other blog here
What does a Digital Identity Wallet do?
A Digital Identity Wallet with identity credentials will enable the user to easily and securely present that data to a new third party to carry out a task, e.g.,
Use public services such as paying tax, or claiming benefits
- Open a bank account
- Sign documents
- Applying for university
- Store medical prescriptions
- Prove your age and/or confirm your identity
- Renting a car using a digital driving licence
- Checking into a hotel
All of these activities will become easier and safer with the use of a digital ID. Existing ‘payment wallets’ will add ‘data wallet’ features and new ‘data wallets’ will add payment features over time.
How does a Digital Identity Wallet work?
There are three key parts of the process of setting up a digital identity wallet.
1. Firstly, an ‘evidence check’ - the wallet or ‘identity provider’ should collect your identity evidence. It could include either or both of the following:
Physical evidence of the claimed identity (e.g., a passport or driving licence)
Digital evidence of the claimed identity (e.g., a bank account)
2. Next, a ‘validity check’ - the provider should check that the evidence is genuine or valid, how long it has existed and whether there are any known frauds associated with the identity.
3. Finally, a ‘verification check’ that the identity belongs to the person who’s claiming it. This is typically done by taking a selfie or other biometric check to confirm that it matches the evidence source – this checks that it is really you who owns the passport or bank account.
Once you have set up a Digital Identity Wallet, a critical way of protecting the wallet security is by using what are known as valid ‘authenticators’. There are different types of authenticators, which will usually be a combination of the following:
What was previously known as ‘two factor authentication’ is now becoming ‘multi-factor, or strong customer authentication’ (MFA/SCA). There are other rules for payments in the EU, for instance, that define what SCA should look like. Banks and payment service providers already do this to keep you safe.
For an eSigning use case, using a Digital Identity Wallet to verify that the right person is signing the contract improves upon existing ‘2FA & sign’ methods.
What to look for in your Digital Identity Wallet provider
The number one thing to check from your wallet provider is their security credentials; this is your personal identity information they are protecting, after all. Do they have industry credentials that show they have been audited to provide safe IT systems (e.g., ISO27001, CyberEssentials)? Is it a company/service that you can trust?
Next, do they have the right certifications to offer the identity service? ID services normally operate under a set of rules called a ‘trust framework’ that defines the roles and rules for providers, and who to call if things go wrong. In the EU this is the eIDAS framework. For the US, the National Institute of Standards and Technology (NIST) sets standards for organisations that offer ID services.
A good digital identity service should increase your privacy online, by showing you who has what data and what for, whilst minimising both the number of parties who have the data and the amount of data needed by each party. This reduces the risk that your relationships will be compromised in the event of any data leakage.
Identity data is sometimes over-shared in today’s transactions. Digital identity enables ‘selective disclosure’, where you consent to share only the necessary details.
- Will your wallet provider help you to get up to speed in using the service?
- Will they help you if something goes wrong?
- Can they help to contact other parties you have accessed, to protect you against fraud?
Your wallet provider should help you with all of these things.
DocuSign’s partnership with OneID
Since July 2022, DocuSign has partnered with OneID and tightly integrated the solution into the DocuSign workflow. As a result, senders with ID Verification enabled on their account are able to send out envelopes requiring signers to, amongst other options, verify their identities by successfully logging into their own bank account before having access to a document to review.
In the UK, OneID is a digital identity provider that enables your existing bank app to act as a Digital Identity Wallet. The data has already been verified to be yours by the bank when you opened your account. The bank protects your data in the same way that it protects your money, and OneID enables you to share data (but doesn’t store it). So, no need to choose a new ID provider, you already have the service on your phone! You can use the same familiar bank log in and strong customer authentication to access your data, and then consent to share it with the new third party – putting you in complete control of your data. OneID has all of the security, certifications and privacy model to fully protect your data as you would expect, with your trusted bank underpinning the service and storing your data.