An mDL stores fixed data points like birth date, home address, height and eye color. But states and their constituents generate many more data points that modern identity tools can use to streamline public services and thwart fraudsters. That’s why states are creating other identity services such as digital IDs. Ohio’s OHID, for example, gives residents one digital credential to file for unemployment benefits, pay taxes and participate in other state programs.
Here’s how mDLs and digital IDs differ and why states should consider a broader perspective on digital identity.
mDLs: AN OVERVIEW
Physical drivers' licenses are trustworthy credentials for verifying Americans’ identities for a range of transactions. Similar cards for non-drivers ensure everyone has reliable credentials.
An mDL replicates the functions of a physical driver’s license. About a dozen states have active mDLs, which typically operate within smartphone apps like Apple Pay, and many more states have mDL projects in the pipeline.
ADVANTAGES OF mDLs
Built-in foundation. State DMV offices are already identity experts. “Eighty percent of our population has gone to a DMV office with documentation in hand to demonstrate they are who they say they are,” says Torre Jessup, North Carolina’s chief deputy state CIO and the former commissioner of his state’s Division of Motor Vehicles. With so many of the core processes already in place, Jessup says, it’s prudent to have state DMVs play a key part in digital identity, including the issuance of mDLs.
Automation. Jessup notes that mDLs can be part of a state’s digital verification solution, helping them optimize identity processes to boost speed and efficiency.
Privacy. Agencies and private companies can tweak the settings on mDL applications to filter out personal data in specific use cases like age verification for alcohol purchases.
Accuracy. Identity data contained in mDLs can be more timely and accurate because of instant updates on mobile apps.
Fraud protection. Unlike static physical cards, mDLs can react dynamically to evolving threats. “Fraud can strike at any time, and fraud looks very different over time,” says Matthew Thompson, senior vice president and general manager for public sector with Socure, a leading digital-identity and antifraud platform provider. The ability to upgrade mDLs to meet new threats is a big advantage over printed IDs, says Thompson, who has years of hands-on experience helping states implement mDLs and other identity technologies.
CHALLENGES WITH mDLs
Fixed format. mDLs contain only a fraction of relevant identity data. “My identity as a resident is much more than what the North Carolina DMV has on file,” Jessup says. Income data from the Department of Revenue, for instance, could streamline approvals for Medicaid applicants.
Cost and complexity. States must invest in technology upgrades and work out the nuances of making mDLs trustworthy and interoperable.
Slow adoption. The ecosystem of mDL issuers, users and organizations that accept them is just now taking shape. This creates a “chicken-or-egg” scenario — mDLs need adoption to grow, but residents won’t adopt them if they can’t use them somewhere. “It’s going to take a decade-plus for mDLs to become mainstream,” Thompson says. States, meanwhile, have identity challenges that need to be addressed now.
THE DIGITAL IDENTITY SPECTRUM
The limits of mDLs oblige states to employ a spectrum of digital identity strategies and processes to streamline services, improve trust and discourage fraud. Digital ID verification and authentication can take multiple forms, such as:
Portals. A statewide online portal (such as OHID) can remove annoying duplication of effort for residents working with multiple state departments. “Why should the state burden the public with providing a copy of a document containing information it already has?” Jessup asks.
Processes. Even if they don’t deploy a portal, states and their technology partners can develop custom processes that collect data from multiple sources to simplify ID verification.
Applications. “Not every government use case requires heavy vetting of identity,” Thompson notes. A lightweight app, for instance, can verify or authenticate based on simple data points like age, email or home address.
Digital ID apps can also make identity interoperable across state lines. Sophisticated identity management software can apply multiple technologies and data sources to authenticate transactions and fight fraud in ways an mDL can’t.
IMPLEMENTATION ADVICE
Digital ID solutions must reach 100 percent of constituents to ensure equity and fairness. Making that happen starts with convincing leadership to provide enough funding. “We need to inform our lawmakers that secure digital accessibility is just as important as making sure bridges and roads are safe,” Jessup says.
States need frameworks for regulating digital IDs and making them fraud-resistant, interoperable and easy to use. Jessup says legislation isn’t always the best route for regulating rapidly evolving technology like digital IDs and mDLs. Like many states, North Carolina has a part-time legislature. If a major identity challenge occurs after a legislative session ends, passing new laws to address the problem would not happen until the legislature reconvenes.
If there are places where we’re sure legislation is required, then I think we should do that, but I’m not a fan of saying we should pass laws just yet, Jessup says.
Regulations on AI applications must protect private data without hamstringing the technology in ways that help fraudsters, Thompson says. “If policymakers limit the use of AI in this area, it’s going to leave governments behind and continue to expose us to advanced identity fraud attacks,” he adds.
BEST PRACTICES
■ Create a digital identity working group to develop a road map based on core privacy and fairness principles.
■ Engage stakeholders and keep users in mind when developing solutions.
■ Educate staff and the public about digital ID fundamentals; work on digital literacy to improve accessibility.
■ Determine the proper amount of verification complexity for specific use cases.
■ Test technologies and monitor performance for continual improvement.
TAKING DIGITAL IDs INTO THE FUTURE
Jessup says states need interoperable digital IDs and mDLs that improve remote identity verification and approval scenarios for all residents. He points to the advantages of virtual credentials when, for example, people lose their identity documentation in a fire or flood.
“Ultimately, this is an opportunity to make sure people in that type of situation don’t have to re-create their identity by producing paper documents that may be difficult to obtain,” Jessup says.
The stakes for identity protection are just as high.
“We’re seeing in real time the amount and sophistication of fraud hitting governments,” Thompson cautions. “The fraudsters will double down on states using outdated approaches.”
Socure is the leading provider of digital identity verification and fraud solutions, with more than 1,500 customers across the financial services, government, gaming, health care, telecom and e-commerce industries. Learn more about digital identity.
