How digital driver's licenses may replace the password

More states are adopting mobile driver’s licenses, sparking hope of creating a shareable consumer-driven digital ID to power e-commerce and data sharing among banks, fintechs and merchants.

Starting with Iowa in 2015, about a dozen states have added or are developing mobile licenses, or mDLs, which store a digital version of the traditional driver’s license or non-driver ID card. The mobile versions of licenses, usually built by vendors such as Gemalto and Idemia, are usable anywhere a traditional license can be used, and potentially opens the door for the type of public/private digital identity that could power e-commerce, transit ticketing, building access and government services.

There are numerous initiatives around the world to replace usernames and passwords with a more flexible digital key that’s portable to different venues.

One of the missing links is a trusted baseline that different stakeholders recognize as reliable, and don’t have a competitive reason to ignore. Organizations such as the American Association of Motor Vehicle Administrators and the Secure Technology Alliance have formed groups to push adoption of mDLs and a standardized ecosystem in which mDLs can exist as one element of multi-factor authentication.

In the U.S., one of the more likely sources of a government-backed ID is driver’s licenses, which have been transferable across state lines with myriad use cases for generations.

“There’s always been lots of ways to store a digital identity, but the challenge is who’s the source that provides that single identity. It’s a question of trust,” said Randy Vanderhoof, executive director of the Secure Technology Alliance, who in his payments career has also worked to boost digital transactions for mass transit, cross-industry collaboration for EMV chip card technology, and mobile-driven authentication for digital payments.

There’s a need for retailers, financial institutions and health care companies to accommodate digital records and transactions as a primary way of doing business, Vanderhoof said, and mDLs could be part of the equation, provided companies get up to speed on an innovation that’s still in the early stages. “State driver’s licenses are the de facto national ID in the U.S., and they’re used by everyone, including the federal government,” Vanderhoof said.

In that way, mDLs play the same role as national governments in facilitating a federated ID, though with some differences. In Canada, for example, the country’s banks and technology companies are partnering to support a transferable omnichannel ID as part of a government-backed project. In the U.S., standardizing state mDLs as part of a multi-factor shared ID system would be a larger project than in Canada, with more moving parts. And it would also be opposite from Canada, in which the banks are providing the baseline.

“In Canada the government trusts the bank-issued IDs more than other sources,” Vanderhoof said. “But in the case of state mDLs, the states are trying to address the problem. By using mobile ID, there’s a digital version with more control than the physical ID, which protects against theft or counterfeit.”

State mobile IDs will have to fit in with dozens of corporate projects that are pushing new authentication. Bank of America, for example, just filed a blockchain patent application that could serve as the basis for digital ID. Apple in June released a new sign-in that covers apps with third party logins that could push digital ID; and the recent large mergers between bank technology companies and payment processors also combine authentication technology with merchant acquiring to build scale.

“Digital ID initiatives will benefit from the increased adoption of state-issued digital driver's [licenses],” said Trace Fooshee, a senior analyst at Aite. But the trend is a journey, Fooshie said, particularly since it’s unlikely states will mandate the use of mDLs.

“It will also require investment among the institutions that seek to take advantage of enhanced identity verification and authentication controls and while those investments will pay dividends they’ll have to contend with an inconsistent client experience,” Fooshee said.

The Secure Technology Alliance just finished a meeting of more than 60 motor vehicle agencies, merchants, global payment providers, government agencies, payment terminal manufacturers and standards bodies to work on how to meld mDLs into larger initiatives to replace passwords with interoperable digital IDs.

Part of the work is building a framework to fit ISO 18013-5 specifications, which cover data extraction from mDLs for other uses, such as boarding passes; and the AAMVA's mDL implementation guidance.

“There will need to be an ecosystem to do this when the states start to add mDLs,” Vanderhoof said, likening the process to NFC specifications that accompany the growth of contactless payments. “That took a few years to build to make mobile payments usable. We want to encourage the standards-based buildout of the identity ecosystem the same way.”