There’s been a fair amount of speculation as to who else would join the supplier framework for Identity Assurance. We are happy to confirm that the eighth successful supplier is PayPal.
As a founder member of the Open Identity Exchange (OIX) which provides a structured conversation between the Cabinet Office on behalf of the UK Government and a market of providers committed to interoperability, PayPal adds their high profile and expertise in the online transacting space. They join the recently announced suppliers that includes The Post Office, Cassidian, Digidentity, Experian, Ingeus, Mydex, and Verizon.
Of course, this is just the beginning of the process. The real work of realising our ambitions for identity assurance services can now begin. We’re working closely with departments to develop an identity assurance process that can be adapted and reused right across government, benefiting users and and service providers alike with a simpler, faster, better and safer way to access and transact with government services.
Comment by Catherine posted on
It has been a while since you told us anything about this ID Assurance project. Is there anything new to report? Identity is only one part of eligibility; whether one is entitled to a public service normally depends on several factors such as where you live, your age, your citizenship, your health, your dependents etc. A private organisation providing an online identity may be able to judge whether a user has control of a credit or debit card in a particular name but it will have difficulty – or may not have the right – to know or confirm this other personal information. It therefore seems to me that public services will still need to gather and confirm other information (attributes) about the people they are dealing with over the internet. Consequently I do not understand how these private sector identity providers are going to save costs for the public services. Yes, the ID Providers will be enrolling people, issuing them with credentials (username and passwords, physical tokens?), dealing with problems when users forget or lose their credentials but that still leaves a lot for the public services to do. By that I mean checking all those other eligibility criteria and whether a persons circumstances have changed. Furthermore, when members of the public ring up or visit the office of a public service will this online Identity help the individual identify themselves to the public service? I don't see how, in which case the individual still needs another means of proving their identity. Online Identity Assurance is only one part of the jigsaw, until you describe the rest of the picture it is hard for us to have confidence in this proposal. Remember citizens have several different interests in this initiative – we want it to be safe and reliable for our own use, but also to be robust enough to prevent excessive fraud (you can't stop it all) and we want it to be efficient and helpful for the public servants who are running the services for us.
Comment by paulclarke posted on
Thanks for your comments and questions.
Identity assurance is intended to help the government move services online, while making the process of accessing those services as simple and convenient as possible for the user.
Credentials will be reusable so you won't need a new username and password for every government service you need to sign in for (it's worth noting that it will not be all services, just those that need to know who you are - typically high value ones or those involving payments and important documents - we're aiming to keep things as simple and user friendly as we can). Moving as much as possible to digital and having reusable online identity services will reduce costs through saved time/man hours, lower administration and resources costs and reduced fraud.
Departments delivering services will still need to manage information relating to eligibility; identity assurance provides them with a means of ensuring they know who they are dealing with online as they do this.
Comment by UK Govt proposal for PayPal identities | Internet Ganesha posted on
[...] that PayPal has become the eighth accredited provider for the UK Government’s Identity Assurance service, prompted me to investigate what’s [...]
Comment by Register For New Universal Credit Using Your PayPal Account | Welfare News Service posted on
[...] commentators on the Government Digital Service site have welcomed the move, but it may prove unpopular as PayPal’s parent eBay has been [...]
Comment by Steve K posted on
PayPal is not secure. It's not even a valid form of identification - all you need is an email address, and those only require Internet Access.
This is a BAD idea! Did someone else listen to Keith Vaz? STOP IT! The people making these grandiose "plans" obviously do not have Clue One about how the internet functions.
Comment by This week at GDS | Government Digital Service posted on
[...] Another busy week at GDS, including the release of the Transactions Explorer and the announcement of Paypal as the eighth supplier for the Identity Assurance programme. [...]
Comment by Aegir Hallmundur posted on
What does this mean? What is 'Identity Assurance'? What are these companies doing? What is 'a structured conversation'? When I 'transact with' a government service, what exactly will I be doing?
Could you rewrite this so that it's in plain English and follows your own excellent style guide? Because this is largely incomprehensible for those of us outside government.
Comment by stevewreyford posted on
Thanks for your questions. Identity assurance is a complex area and we have tried to explain it as clearly and simply as possible. Our other blog posts on identity assurance explain some of the principles and how we are working with private sector companies to provide a safe and easy way for users of government services to prove their identity when accessing public services digitally, both to protect users from phishing and other types of identity fraud and to ensure that only citizens who are entitled receive benefits etc. You might also find the Good Practice Guides on the Cabinet Office website helpful in understanding how it will work.
There's also a definition of identity assurance in Wikipedia.
Comment by Phil posted on
Great post. I'm interested to see how this develops.
Can I ask what you have planned for the login security of this? A solution which does away with email and password would be great - something I know my parents would benefit from for sure.
Comment by stevewreyford posted on
Thanks for your comments. The precise details of the solution are yet to be determined, but if it were a user name and password, the idea is that you would only need one for all of the government services you'd need to access, rather than a different one for each. That should make things simpler and easier for users like your parents.
Comment by Ray Porter posted on
Steve, Government Gateway GG already provides level 0-2 identity assurance for up to 70 government departments including LA's with access to approximately 180 services. On top of that some departments operate the level 3 verification as indicated DWP, HMRC and LA's. The level of authentication being determined by security requirements. How is current IDA thinking adding to the GG approach? How do you see the GG approach changing?
Comment by PhilT posted on
Sounds promising. The confusion of usernames and passwords is too much for many of our older computer users who frequently fail to differentiate between their email password and the password on their amazon account (for example). Need creative thinking in this area for sure.