Skip to main content

Keeping GOV.UK Verify secure from identity crime and fraud

Posted by: , Posted on: - Categories: GOV.UK One Login

a mobile phone showing the GOV.UK Verify sign in page

GOV.UK Verify is a way to prove you are who you say you are online. By doing this, you can access government services, such as checking your income tax or state pension and viewing your driving licence information.  

As these are services that contain confidential data, we are committed to making sure our users’ digital identities are secure.

We work with a list of identity providers who will check your identity and confirm it to the government service you are using. This means the government service doesn’t know which identity provider you have chosen and the information is not stored in one place.

Our work protects user data and means criminals cannot masquerade online as someone they’re not. With identity fraud costing the government between £1 billion and £4 billion a year, we must continually evolve and grow our security measures to counter identity crime.

We are keeping GOV.UK Verify secure through cross-government collaboration and sharing knowledge with selected private sector organisations that are facing similar challenges.

Mitigating identity crimes  

We have written before about the kinds of fraud our identity standards prevent and how we keep data safe on GOV.UK Verify.

As more people sign up for digital identities and the Verify programme evolves, we need relationships with others facing the same challenges, to counter crime caused by identity misuse at the earliest stage possible.

The Counter-Fraud and Threat Intelligence team sits within the wider Verify team and specifically works to counter identity-enabled and identity-dependent crime and fraud.

Identity-enabled crime and fraud refers to traditional criminal activity which is exacerbated by the misuse of identity, for example identity theft. Identity-dependent crime can only be committed by the misuse of identity.   

Keeping GOV.UK Verify secure

Working with the cyber security community

We have formed an Identity Misuse Group on the National Cyber Security Centre’s Cyber Security Information Sharing Partnership (CiSP) platform. If you work in government or industry and are interested in preventing identity misuse, you can join the group via CiSP’s website and request to register your organisation if you’re not already a member.

Learning from academia

We have created an Identity Risks and Identity Standards Consortium, which is made up of leading UK academic institutions and chaired by Professor Tim Watson from the University of Warwick. We hold quarterly meetings to share knowledge and expertise.

Collaborating across government

It is important that we work across government to make sure we counter shared threats and ensure security information is shared with relevant departments.

Collaboration is done through workshops and meetings with teams in other organisations. We ran one such workshop earlier this month. Attendees included staff from central government departments and a wide range of public sector organisations.

Sharing our knowledge with the Verify programme  

As part of the Verify programme, we can gain insights from our colleagues working at GDS. And, our team of specialised identity crime and identity fraud experts can feed back information into the government’s identity standards, which helps make them as robust as possible.

Ongoing work

The use of digital identities will increase as GOV.UK Verify is opened up to the private sector.

This means we must keep working to counter identity crime and fraud. By spotting fraudulent transactions early, we save the government money and we protect our users.

All our work within government, and also with the wider private sector and academia, will help counter fraud and reduce the misuse of identity.

Don't forget to sign up for updates.

Sharing and comments

Share this page

1 comment

  1. Comment by alan chaplin posted on

    Can you list the selected private sector organisations you share knowledge with please.