ID verification ‘not the responsibility of banks, FSIs’

Panel Grae Hollard Digital ID identity
Grae Meyers-Gleaves, CISO, Hollard Insurance (pictured second from left)

Banks and financial services businesses “should not be responsible” for maintaining and supporting separate digital verification systems, with Hollard chief information and security officer (CISO) Grae Meyers-Gleaves urging the Federal Government to progress the development and rollout of its centralised digital identity solution that would ensure individual businesses will no longer have to hold onto data used for identity verification.

“For Australia to really get ahead, we’re going to have to solve the ID challenge,” Meyers-Gleaves said during a featured panel discussion at FST’s Future of Security, Sydney 2023 event today.

Development of a digital identity solution must, he added, be “driven by our government, but working in consultation with industry”.

With individual Australian businesses increasingly in the crosshairs of cyber hackers, the risk of losing customers’ personally identifiable information (PII) from a targeted breach is, he argued, too high.

Health insurer Medibank was last October exposed to a major cyber breach which saw the loss of PII from more than 9.7 million current and former customers, including Medicare numbers, dates of birth, passport numbers and visa details. Earlier this year, Latitude Financial, a major credit provider, suffered a major cyber breach that resulted in the loss of more than 14 million customer records, including 7.9 million Australian and NZ licence details. A significant number of these records were used by each business for identity verification.

“We’ve got to find a way to get some form of identity service in place within Australia that means that customers [won’t] have to provide us with a whole bunch of PII and sensitive personal information that we’re going to have to store because we’ve [had to identify] them – and, for legal reasons, we have to ID them,” Meyers-Gleaves said.

Citing the Australian Government’s Digital ID solution and Trusted Digital Identity Framework (TDIF), he urged for further action from the Government to progress the scheme, which he notes only has “only around three to four private companies” and “only a couple of [public] agencies” aboard as accredited entities after several years in development.

Accreditation under the TDIF framework, the Government notes, demonstrates that these entities’ digital identity services “are trusted, safe and secure and built to the standards set by the Australian Government”.

The Government’s Digital ID scheme is slated to launch in mid-2024.

ConnectID, a digital identity exchange developed by payments authority Australian Payments Plus (AP+) with Australia’s major banks, is also expected to be available in the latter half of 2023.

The ConnectID scheme, then overseen by eftpos before its merger with BPAY (creating AP+), was accredited under the Federal Government’s Trusted Digital Identity Framework (TDIF) in 2022.