Spotlight Features

What’s in Store for Next-Gen Digital Wallets

In this day and age when we are all used to working online with various devices, it is a big plus to have a digital tool to store and present identification and other documents.

The digital wallet has emerged as an app that allows for scanning physical cards and storing payment and other personal information on a device.

Practically every airline today has a single purpose digital wallet app to store boarding passes and other documents, as does every mobile device. The iPhone comes equipped with Apple Wallet, and Google has the Google Pay app which is compatible with both Android cell phones and iPhones.

Identity Proofing Issues

Airline wallets, for example, all use a QR code that serves as an identifier to store information, such as ticket and flight number, date of travel, and seat assignment. But to verify the authenticity of the ticket a passenger presents to board; the airline must look in its backend system to ensure that the ticket is still valid and identity proof the ticket holder via a driver’s license or passport.

The new vaccine passes being issued by states and municipalities to verify Covid-19 immunization face a similar challenge. Those can store information, including vaccination dates and which vaccine the person received, but still require showing proof of identity to verify that the pass belongs to that person who possesses it.

Meanwhile, a restaurant or venue checking a patron’s vaccination status doesn’t also need to know their age, address or whether they’re licensed to drive, wear glasses, or wish to donate their organs.

However, today’s digital wallets don’t offer these options. They simply bind identity to the document presented for verification, such as an airline ticket. This is where identity proofing can provide a killer app to make digital wallets more than just a convenient way to avoid flashing a paper document.

Digital Wallet Checklist

The digital wallet of the future is not about just storing the picture of a document, it’s also about ensuring that scanned documents are valid and provides assurances that it has been issued by a verified source. Therefore, identity proofing must be the cornerstone of any digital wallet.

Biometric support is a key requirement for digital wallets, including fingerprints, facial recognition and live selfies that require users to blink or make other movements to prevent stolen images from being used to hijack accounts and commit fraud.

Digital wallets need to verify and vet every attribute that’s associated with the user’s identity within the wallet, such as the name, address, and date of birth, so that when the user interacts with a service, they can selectively choose to present certain elements of their identity needed to complete a transaction.

The digital wallet should be able to store and encapsulate all identity attributes associated with an individual and present them on as-needed basis.

Security and Identity Assurance

Of course, security is another important characteristic of these new and improved digital wallets. It would be great to say we don’t need to worry about digital wallets being hacked, but as with every other app or device, users need to be concerned about security.

Apart from adopting security best practices to protect the data contained in a digital wallet, developers need to go through a series of certifications to assure consumers that the wallet is certified by one of the industry bodies that organizes identity authentication specifications, such as Fast ID Online (FIDO) or the National Institute of Standards and Technology (NIST).

A wallet should be attested and verified to comply with NIST identity assurance levels or the FIDO specifications of how signatures are validated and vetted. Knowing that a wallet has been certified by a recognized standard body like FIDO or the Kantara Initiative gives consumers the assurance that the wallet they’re using complies with accepted security standards.

Digital wallets should also be compatible with one another. In an ideal world, one wallet should be able to meet all our needs, but the environment is still fragmented, as in the airline ticket example.

Developers need to work with organizations such as the Identity Foundation to ensure that all digital wallets are interoperable with each other. That way, they can give consumers a choice of using any wallet they want, as long as the identity documents that contain it can be shared and verified by other technology platforms.

Conclusion

Digital wallet technology clearly represents the future for transacting business online and in the physical world, and for enabling users to take control of their privacy and the information they want to share with service providers.

To meet these requirements, the current generation of single purpose digital wallet apps need to evolve to support multiple use cases and be interoperable with more than just one or a select group of companies.

Rohan Pinto

Rohan Pinto is CTO of 1Kosmos. He previously architected security infrastructure for the Government of Ontario and the Health Information Access Layer for the Province of British Columbia, and is involved in establishing the United States Department of Defense's Security Access Layer using Common Access Cards (CAC). Rohan is also an active member of the Decentralized Identity Foundation and the FIDO (Fast Identity Online) Alliance.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

E-Commerce Times Channels