Government Technology

New research, published by information services company Experian provided the backdrop to a recent debate on current identity management processes in government and whether they can be improved through electronic authentication.
    
Chaired by Lord Erroll, director of EURIM and secretary to the All Party Internet Group at the House of Lords, the debate was attended by David Kelsey from Westminster City Council, Colin Fountain from the Department of Work and Pensions (DWP), David Wright, Deputy Secretary General of EURIM, and Stan Matthews, Chris Bartlett, Rachael Taylor and Louise Hart from Experian.
    
Opening the session, Lord Erroll highlighted the important difference between identity management and identity assurance: “I don’t want my identity managed by someone else, I know who I am; I want to manage how people see me. How people see you and the right to have different personas is very important, and I think there is a huge problem when people try to manage other people’s identities.
    
“On the other hand we do need to be able to prove that we have the authority to do certain things. So identity assurance and the ability to prove who you are over the system is very important.”

The cost of fraud
Putting the research into context, Stan Matthews, Key Account Manager for Government at Experian said: “Despite anti-fraud initiatives we still see that benefit fraud cost the government a sum of  £800 million in 2006/07. And yet the types of paper based authentication that is commonly asked for by government organisations still remains driving licenses, utility bills and passports; all of which are easily obtainable over the Internet.”
    
Electronic authentication, on the other hand, tracks the key transactional events in people’s lives, together with their data history, and cross-references them electronically. This means that organisations can be more confident that the customer is who they say they are.
    
“Electronic authentication is not only more efficient than paper, it is more cost effective because it is instant and reduces the timescale for application. It also offers a safer more robust means than the alternative,” added Stan.
    
To substantiate these views, Experian surveyed 189 local government executives responsible for managing services and benefits where proof of identity is required. Typically they were asked about the application process, the time it takes for them to check paper-based proof of ID and the risks involved in storing them.
    
At the same time Experian commissioned YouGov to conduct primary research among 1,143 UK citizens. This study asked individuals how convenient or otherwise they found the process of providing paper documents as proof of their ID, and how they thought their local government could improve the level of trust they placed in government organisations to look after their personal data.
    
The research found that two out of three people want to apply online for benefits and services, such as parking permits and council tax/housing benefits. And a third of citizens admitted to finding paper-based authentication inconvenient. But with 92 per cent of local government respondents owning up to still relying on paper processes to prove identity, and only eight per cent acknowledging that customers may be unhappy with this method, this shows a notable disparity of consumer expectations and what local government is providing.

A big burden
Looking at the length of time it takes to process paper applications, 49 per cent of executives said they think it would take less than one hour for a customer to complete the necessary ID and residence documentation. However, a third said it could take from a few hours up to a week, taking into account the fact that people will turn up without the necessary or correct documents.
    
As well as the time burden this puts on organisations, staff have to be trained to recognise potentially fraudulent documentation.
    
Surely there is still a need to train staff to spot fraudulent electronic applications? And what evidence is there to suggest that electronic authentication is safer than paper proof of identity?
    
“It’s relatively easy to get access to forged documents; all you have to do is search online. A big advantage with electronic identification is that it takes the burden off the individual looking at the document to decide whether it is forged or not,” commented Stan Matthews.
    
Chris Bartlett, Head of Justice, Home Affairs and Security at Experian took up the point: “You’re moving that burden to people that are best able to understand it; not just leaving it to whoever happens to be on the desk at the time to judge whether an ID is fraudulent. Instead the member of staff is being presented with the outcome of a risk assessment done by software that says ‘we believe this person to be who they say they are because we have this kind of evidence to support it’.”

Types of data
“We hold three kinds of data,” explained Chris Bartlett. “Firstly, we have third party data, that is data we are holding on behalf of someone else, typically the financial community, secondly, we hold data that we buy from another source, such as mortality data. The third source is derived data, information that we can work out ourselves from the other data we hold.
    
Louise Hart, Business Development Consultant at Experian, added: “Because we have got that breadth of data on individuals, we’re more likely to have a clear view of their electronic footprints. So what is traditionally considered a strong data source like a passport or driving licence may not be as strong as a significant number of medium strength sources like credit cards, your bank account, and so on. That in itself is seen to be quite significant in terms of stopping identity fraud.
    
Colin Fountain, Team Fraud Investigator (Intelligence) at DWP added: “Exactly, it is that complexity of footprint that can highlight issues such as benefit fraud. Take the case of Jean Hutchinson; she and her cousin had been using the identities of people that had moved to Australia to submit claims for all kinds of benefits. Had we used an electronic way of testing an identity, we would have seen electronic activity that would have raised suspicion.”
    
Concluding the point, Chirs Bartlett explained: “Electronic authentication does not only look at the current situation, but the historic situation. And it is much more difficult to fake an identity over a significant period than it is to fake one in the current time.”
 
And what about storage?
The issue of protecting personal information once it’s in the hands of the local authority was also scrutinised in the report. 40 per cent of local government respondents said they do not have to store customer documentation, even if ‘best practice’ does require organisations to store such information for reoccurring visits or to provide an audit trail.
    
If the local authority does store copies of proof of identity, then this puts an extra burden on them to do so in a responsible and secure way. Controversially, 20 per cent of respondents thought that there is no risk at all in storing customer identity documents onsite.
    
Looking at the trust citizens place in various types of organisation to look after their personal data, central government came out the worst with 32 per cent of those questioned placing “no trust at all” in them. Local government came out slightly better but respondents still needed more reassurance.

Westminster City Council
As a case study to demonstrate how electronic authentication can streamline applications for local government services, David Kelsey, Management Information Manager for Parking Services at Westminster City Council spoke about the council’s new solution that allows residents to renew their parking permit online. He said: “Each year, Westminster City Council issues approximately 37,000 resident parking permits and 85 per cent of these are renewals.”
    
Due to the severe competition for on-street parking spaces, as well as previous experience of fraud, Westminster City Council put in place a procedure whereby residents had to show up in person to renew their permit, with up to seven different pieces of identification to prove their identity and entitlement.
    
“We had a process that was massively unpopular; the customer experience was really poor and the staff were occasionally abused if they were not able to give out the permit. So we wanted to streamline the permit renewable process, make it more cost effective, and reduce the possibility of fraud,” said David.
    
With an estimated 60 to 80 per cent of the borough having access to the Internet, a key requirement was to implement an online solution so that residents wouldn’t necessarily have to turn up with proof of identity in person. Going online also meant the council was making a move towards conforming to the eGovernment agenda.
    
Autenticate, Experian’s online personal identity authentication solution, was implemented in order to verify each resident’s identity and to ensure that they meet the eligibility criteria. The solution positively corroborates an applicant’s identity and residency to provide the council with the confidence that the applicant’s identity is genuine and eligible for a permit.
    
With this solution, the council has been able to replace its old manual system with one that incorporates non-intrusive and robust authentication. “A key indicator of the success of the new process was the silence – the complaints had slowed down. People don’t necessarily write to their council to say when things are going well so when the complaints slowed and people weren’t accusing their neighbours of parking where they shouldn’t, we took this to mean that the new process was being received well.”

Electronic vs paper
Having the final say, Lord Erroll summed up: “People see technology and think it has to be perfect. But whatever system you put in; whether you’re looking at a document visually or whether you’re looking at the result of an electronic risk assessment, it’s not going to be perfect.
    
“At least going down the electronic route might filter out some other suspicious activity along the way. And of course the great thing about doing things electronically is that it enables life to be much easier.”

For more information
For a copy of Experian’s ‘Electronic Authentication: Bridging the Gap’ report, please visit www.qas.co.uk/change