In this day and age, when we are all used to working online with various devices, having a digital tool to store and present identification and other documents is a big plus.
The digital wallet is an app that scans physical cards and stores payment and other personal information on a device.
Almost every airline, as well as every mobile device, now has a single-purpose digital wallet app for storing boarding passes and other documents. The iPhone includes Apple Wallet, and Google has the Google Pay app, which is compatible with both Android and iPhones.
Problems with Identity Verification
For example, airline wallets all use a QR code as an identifier to store information such as ticket and flight number, date of travel, and seat assignment. However, in order to verify the authenticity of the ticket a passenger presents to board, the airline must check its backend system to ensure that the ticket is still valid and the ticket holder’s identity via a driver’s license or passport.
The new vaccine passes that states and municipalities are issuing to verify Covid-19 immunization face a similar challenge. Those can store information such as vaccination dates and which vaccines a person has received, but they still require proof of identity to verify that the pass belongs to the person who is in possession of it.
In the meantime, a restaurant or venue checking a patron’s vaccination status does not need to know their age, address, or whether they are licensed to drive, wear glasses, or wish to donate their organs.
However, these options are not available in today’s digital wallets. They simply bind identity to the document being verified, such as an airline ticket. Identity proofing can be a game changer in making digital wallets more than just a convenient way to avoid flashing a paper document.
Checklist for a Digital Wallet
The digital wallet of the future does more than just store a picture of a document; it also ensures that scanned documents are valid and that they were issued by a trusted source. As a result, identity verification must be the foundation of any digital wallet.
Biometric support, such as fingerprint scanning, facial recognition, and live selfies that require users to blink or make other movements to prevent stolen images from being used to hijack accounts and commit fraud, is a critical requirement for digital wallets.
Every attribute associated with the user’s identity within the wallet, such as the name, address, and date of birth, must be verified and vetted so that when the user interacts with a service, they can selectively choose to present certain elements of their identity required to complete a transaction.
The digital wallet should be able to store and encapsulate all of an individual’s identity attributes and present them as needed.
Identity and security assurance
Security is, of course, an important feature of these new and improved digital wallets. It would be nice to say that we don’t have to worry about digital wallets being hacked, but users should be concerned about security as they are with any other app or device.
Aside from implementing security best practices to protect the data contained in a digital wallet, developers must go through a series of certifications to ensure that the wallet is certified by one of the industry bodies that organizes identity authentication specifications, such as Fast ID Online (FIDO) or the National Institute of Standards and Technology (NIST).
A wallet should be attested and verified to meet the NIST identity assurance levels or the FIDO specifications for validating and vetting signatures. Knowing that a wallet has been certified by a recognized standard body, such as FIDO or the Kantara Initiative, provides consumers with confidence that the wallet they’re using meets accepted security standards.
Digital wallets should also be able to communicate with one another. In an ideal world, one wallet could meet all of our needs, but the environment remains fragmented, as illustrated by the airline ticket example.
To ensure that all digital wallets are interoperable with one another, developers must collaborate with organizations such as the Identity Foundation. As a result, they can give customers the option of using any wallet they want as long as the identity documents contained within them can be shared and verified by other technology platforms.
Digital wallet technology clearly represents the future of transacting business both online and offline, as well as allowing users to control their privacy and the information they want to share with service providers.
To meet these requirements, the current generation of single-purpose digital wallet apps must evolve to support multiple use cases and be interoperable with more than one or a small number of companies.