ConnectID, developed by payments authority Australian Payment Plus, or AP+ (an amalgam of BPAY Group, eftpos and NPP Australia) is Australia’s only (financial services) industry-led, and government-accredited, identity exchange.
Set to be rolled out across 2023, the solution promises to radically transform the once heavily analogue ID verification process, providing a smoother, more seamless, and more secure way to verify identity, AP+ says. Yet, as the forces of rapid digitalisation sweep through this still document-laden verification process, it will hardly be the only identity service in the game. But does this even matter?
FST Media sat down with Andrew Black, Managing Director of ConnectID, the to-be-deployed digital identity verification network, to discuss how, amongst a plethora of identity solutions hitting the market, ConnectID will stand out and thrive within this surplus of choice, the symbiotic relationship it has developed with Australia’s big four banks, and why ‘frictionless’ isn’t always best when it comes to the digitalisation of customer ID checking.
FST Media: Firstly, if you could, offer us a rundown on the ConnectID solution and how it differs, say, from some of the other government-led digital identity initiatives, like myGovID?
Black: Fundamentally, ConnectID is a digital identity network, which means we operate an identity ecosystem. What we do is pull together those organisations who already know something about you – your identity or your attributes or something else – and connect them to those businesses or organisations that need to verify something about you.
We play that ecosystem or network operator role, which is a mixture of providing the platform or the rails to do that, but also the rules, the governance, and the guidance for the scheme. This essentially mirrors what Australian Payments Plus (AP+) has been doing in payments over the last 30 to 40 years – first with eftpos and BPAY and now with the NPP [New Payments Platform] – so it’s a natural role for us to take.
ConnectID is somewhat similar to myGovID in terms of their thinking but functions in a slightly different role. We don’t serve as an identity provider: you don’t, as a user, set up an account nor set up an identity with ConnectID. We aim to be complementary to the likes of myGovID and, over time, ConnectID is built to enable you to choose myGovID as an identity verification option. You could, for instance, choose a bank or choose a government agency or another private sector provider to prove something about you.
FST Media: There are a few identity solutions currently in development or already released to market. How can ConnectID stand out from the pack, and provide clarity for customers faced with a deluge of choice?
Black: A fair bit of it at the start will be Who do customers look to trust? That’s a core piece when it comes to data, to identity or indeed anything in that sphere, especially given the last couple of years of high-profile data breaches we’ve had in this in this country.
Research consistently tends to show that customers overwhelmingly trust their main financial institution (i.e. banks); while government is up there, an individual’s bank typically tops the bill in terms of personal trust.
For ConnectID, in particular, our goal was to provide that choice. And that’s where we slightly differ from some of those others who are starting to enter the market as well; a lot of identity solutions providers will ask you to set up an identity with them. For us, it’s really about Who do you already use? You choose your agency, you choose your bank, or you choose some other private sector provider, perhaps you choose a company you will work with in the future as well.
It’s giving customers choice – the choice of somebody they trust rather than forcing them to use one specific service.
This way, ConnectID allows customers to decide which provider to verify them in different scenarios – for example, asking a bank to verify their age in a retail setting but choosing a government department to verify their identity on a real estate application.
FST Media: And I guess that’s why your relationship with the banks, particularly in forming ConnectID, is so crucial.
Black: And it’s not just banks! The reason banks score so highly on trust indicators is that they are not only heavily regulated, but you as a customer also choose them; you’re not forced to pick a bank. You also have the option to move as well if the service isn’t ideal or you want to change.
It’s also a choice in the best customer experience and the option to do things the way customers want, rather than forcing them to do it in a particular way.
FST Media: ConnectID, back in September 2021, was the first non-government identity exchange to achieve certification as a TDIF, the federal government’s digital ID accreditation scheme. How has the solution evolved over these last two years?
Black: And that accreditation is such an important milestone! It’s also a recognition of the government’s role in setting those framework rules, as well as giving us greater industry credibility, having gone through a fairly rigorous assessment process twice following our reaccreditation last year.
Continuing to have those really strong sets of rules for the ecosystem is vitally important. Over the last couple of years, we’ve focused not only on building out the platform and the capability that was TDIF-assessed, but also our partners. That’s where you’ve seen, over the last six or nine months, our work with the major banks, the pilots and some of the use cases that have come out that.
We’ve been expanding on the participants in the network as we move towards launching and the sectors where, in particular, we see more demand or customers asking us to help, taking that accreditation foundation and building out and improving the offering for customers.
FST Media: As mentioned, customer identity is core to a lot of financial businesses, and they play a big part in the development of digital identity innovations. What has ConnectID’s collaboration with the big four yielded in terms of digital innovations or capabilities?
Black: There’s quite a bit we learn not just from local banks but from overseas also. When you look at the key ingredients of a strong digital identity ecosystem, that collaboration between public and private sectors is critical. What we’ve seen is, without some of the most trusted organisations in the country being a part of it, there’s a real struggle to get things off the ground. There’s some real strength in use cases from the Nordics, Canada, and Germany that shows that when banks get involved in the network in some way, shape or form, it provides really strong productivity gains.
A key learning from these companies is that they’re the ones that heavily invest in fraud prevention, in cybersecurity and give customers that sense of trust, beyond the also important customer experience within their digital apps. Having those organisations to partner with as we continue to iterate and add new capabilities is really important. And, naturally, financial services as a sector, whether that’s fintechs, the banks or insurers, are always looking for ways to improve the account onboarding experience.
ConnectID moves us from a world where you show up with physical documents, those paper and plastic cards which were then scanned and stored by the merchant, to now being able to provide a truly reusable digital identity with only essential data being shared.
A lot of organisations, not just banks, are looking at how to improve that front-end experience. That allows them to swiftly onboard customers, make a sale friction-free, or improve the experience with a better quality of data, as well as reduce their own data consumption. Again, not just banks, but a lot of organisations over the last nine months have really looked at, ‘Well, do I need to store that driver’s licence or passport anymore, when I only need to verify details on it?’
FST Media: Which is very pertinent in recent high-profile data breach incidents faced by Australian financial services businesses, with the substantial loss of PII data from passports and licences.
Black: The customer sentiment out there is that ‘I feel like I’m oversharing. I feel like I’m being asked things, repetitively, over and over again!’
This is a really strong opportunity for us and for digital identity providers to say, ‘Well, why don’t you just share that “I’m Andrew and I’m over 18”, not my date of birth, but only a verification flag – you don’t need a drivers’ licence, or to know whether it’s for a scooter or lorry, for me to prove that I’m over 18.’ So, it’s really about, how do we move away from that oversharing of information?
FST Media: The NSW Government, in particular (though it is not alone), has made significant progress in developing and rolling out digital licences. I imagine, being able to seamlessly tap this highly validated dataset and verify people without them having to manually upload pictures of their licences – a rather cumbersome process – would be a massive win for any identity-verifying service.
Black: Exactly. It’s initiatives like that that are really encouraging to see. And that’s why we’ve designed the platform specifically to be interoperable. Whether it’s federal or state governments or private organisations, the integration points and ability to let customers choose between them should be fairly straightforward.
It really helps to shift that emphasis away from What information do you need? to What information do you really need? to make sure that we give that privacy-preserving focus from point one.
FST Media: On the experience end, customers, it appears, increasingly prefer that their identity solution be invisible. And, with that, there is an increasing readiness to make use of physical and behavioural biometrics to verify identity. How is ConnectID moving more and more to embrace ‘frictionlessness’ in ID verification?
Black: It’s an interesting question and, actually, one we’ve seen in customer testing and research.
It’s not always completely frictionless experiences that customers are looking for; they’re looking for the right levels of friction.
In particular, when you consider higher-risk use cases or the effect and impact of scams, the right level of friction is sometimes welcomed.
For ConnectID, we make sure that it’s an existing experience – it’s already trusted and it’s familiar to customers. For instance, when you’re checking out in an e-commerce transaction and proving you’re ‘Andrew’, for instance, you log into your provider – say that’s a bank – and you authenticate the same way you would today. We don’t ask you to do anything different: it’s either a PIN/Password, a biometric check, or a face or touch ID – those same known and trusted patterns that you have to prove you are ‘Andrew’ and then provide that express consent as part of that flow.
But that right level of step up in fact gives customers more confidence, because they’re sharing something really personal and pretty private to them with respect to their data and their identity. Express consent and that right level of authentication and friction are pretty crucial. But doing that through an experience customers are familiar with and know, taking it away from having to fill out information and attach photos to just tapping and scanning a face, say, is a far easier customer journey from a UX perspective but still brings with it that sense of trust.
We continue to look at biometric and other identity innovations and work closely with organisations that work in this space. But just having that right level of forced friction is often quite a good thing when it comes to identity and personal data.
FST Media: Promising, then, a – largely – frictionless experience, do you see digital identity being embedded in areas not traditionally associated with on-the-spot ID checks, for instance, entering a secured premises, or in real-time or high-value payments verification or PayTo initiation?
Black: We see a broad range of use cases being enabled across digital and physical experiences, such as in-person age verifications, visitor access to buildings, online account set-up, employee onboarding, or additional authentication and identity checks for payments flows.
We believe we can help anywhere an individual needs to prove their identity or something about themselves.
FST Media: Finally, where would you like to see ConnectID in five years’ time?
Black: I’d like to see ConnectID fulfilling its potential by enabling people across Australia to take more control of their identity, and helping thousands of businesses realise the benefits that digital ID brings their customer experiences, whilst simultaneously reducing their risk and the amount of data they need to collect.
To move to a truly digital economy, ConnectID and its ecosystem is vital to provide that interconnectivity between parties and to help us move away from constantly uploading photos of documents. ◼