There's nothing more intrinsic to the proper functioning of businesses – both large and small – than knowing who your customers are and in turn protecting that knowledge so it cannot be used against them. In its bid to help facilitate innovation, the Australian Government's Financial System Inquiry (FSI) Report has made an important statement – that secure digital identity is inextricably linked to our ability to move ahead into the digital age and leverage its dynamic resources and assets.
Recommendation 15 of the FSI Report suggests that we need to strengthen Australia's digital identity framework through the development of a national strategy for a federated-style model of trusted digital identities that enhances consumer choice, privacy and security, and balances these objectives with financial system efficiency.
The key overriding benefit is, of course, protection for both consumers and businesses. Consumer fraud currently costs Australians in the region of $89 million per year, according to the most recent data from the Australian Competition and Consumer Commission. And the cost to business is epic. According to The Australian Institute of Criminology, fraud costs some $8.5 billion annually.
With many individuals and businesses affected by losses related to identity breaches, there's a clear need to address the issue. But productivity and innovation are also driving the initiative, with the desire of businesses, government and consumers to move to online and mobile channels demanding a better digital identity regime.
We believe a stronger digital identity framework is absolutely imperative if Australia wants to fully embrace digital consumerism. Together with the Government's Cyber Security Review and the new Australian Privacy Principles, it will provide a more robust economic environment both within Australia and internationally.
Creating a centralised framework has always been a key challenge in Australia. Many will remember the failure of the Australia Card, a national identification scheme. Legislation to support the card failed to pass in the Senate three times in the mid 1980s – a reflection of fear of having just one central source of identity that falls under Government control.
In January 2015, the Government announced myGov would be expanded across federal, state and local governments. While the expanded myGov platform will drive productivity benefits for government and the consumer's interacting with them, this platform will not drive similar benefits for businesses. Furthermore, similar to the Australia Card approach, the centralised nature of the myGov model may see businesses and consumers reticent to engage if it is expanded at a later date.
While myGov adopts a centralised approach, the federated model being pursued under the FSI recommendations should take the heat out of this particular concern. By enabling a number of trusted and approved suppliers to hold digital identities that are chosen by individuals, consumers will retain a sense of control. Under this model, individuals can set up a range of identities with different providers depending on how much or how little they may want to disclose.
The close involvement of business will also help – the scheme will not be seen as a Big Brother-esque Government initiative, but collaboration between business, Government and consumers.
The involvement of business is also imperative to keep the initiative moving at a fast pace. A government-only scheme would lack the firepower that the private sector can contribute.
While there will be some costs involved for business, we don't believe they will be onerous given this framework will facilitate existing KYC requirements under the AML legislation. Costs will also be offset by increased efficiency – verifying identity is very expensive and repetitive. For example, myGov, the online gateway to multiple government services using a single set of digital credentials, is forecast to generate around $547 million in efficiency savings and reduced red tape burden over 10 years.
But it's absolutely critical that privacy and security are baked into the design, development and operation of the federated digital identity framework – the entire framework is likely to be compromised if consumers show any fear that their security will be breached because of poor design or implementation.
Fortunately, we will be able to watch and learn as others move forward with new digital identity models. At the end of 2014 Italy announced regulations to implement the Italian Digital Identity Initiative, called "Sistema Pubblico di Identità Digitale" (SPID). SPID defines a Federated Identity Management system involving individuals, service providers, identity providers, attribute providers and the Digital Agency for Italy, in the role of accreditation and registry authority. At the start of last year, the UK Government also rolled out an identity assurance framework to give people a secure and convenient way to sign in to government services.
Both initiatives will provide fantastic templates for Australia as we move down the digital identity path.
© 2017 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.