Digital identity models: What’s next for secure and seamless travel?
Several countries are beginning to accept digital travel credentials in place of physical passports, as predicted by Accenture’s Tech Vision 2023. Indeed, global events, including the COVID-19 pandemic, irregular migration crisisand climate change, are raising the need for innovative digital solutions to facilitate a more efficient, touchless, safe, and secure travel experience.
With limited time, space and resources, the travel industry needs to find new ways to adopt risk-based assessment of travellers and move away from manually checking every individual. Most travellers are compliant and low risk. With that in mind, the industry should be able to focus resources on detection of risks and threats.
A risk-based approach, powered by sophisticated AI, will require trusted, high-quality, and verifiable data across the entire traveller experience. This cannot be achieved in a system that involves manual checks of paper-based credentials. Credentialing the entire traveller experience will give individuals a simpler, safer, and improved travel experience, and keep borders more secure and protected.
Digital credentials
The COVID-19 pandemic has also accelerated the adoption of digital credentials and identity wallets that enable travellers to use mobile devices for identification, authentication, authorization throughout their travels. According to an IATA Global Passenger Survey, 83% of travellers would share their immigration information to speed up the airport arrival process and 93% are interested in a programme for trusted travellers to expedite security screening. The need for digital credentials to facilitate travel is clear.
Despite multiple solutions emerging to address the challenges of sharing and verifying travel documents and credentials, the vision of a globally interoperable, trusted, and widely adopted identity framework is far from complete. So far, increased digitization of travel credentials hasn’t necessarily created a more efficient/agreeable travel journey. For instance:
The ecosystem of digital travel solutions remains deeply fragmented or tightly controlled – the only globally accepted trust framework is from The International Civil Aviation Organization (ICAO) and that is restricted to Member State use for cross-border travel. Different solutions and approaches are used across (and within the same) countries that are not interoperable.
The market often prioritizes speed to market over user experience, solution scalability (e.g., no vendor-lock-in), privacy or fraud prevention. This can lead to digital “passes” (such as using QR codes) falling short of user expectations, prone to fraud and not enabling users’ protection of their data.
Border authorities spend a significant amount of time and resources, checking and validating travellers’ identities and declarations. According to Accenture’s “Borders 2030: From Vision to Reality”, 54% of travellers say that security checkpoint wait times need improvement.
However, over recent years, standards-based solutions for identity verification and digital credentials have advanced significantly. We outline three identity models that, we argue, will play a fundamental role in the future of secure and seamless travel.
ICAO released the Digital Travel Credential (DTC) that presents an opportunity to accelerate seamless travel using a global standard with a clearly defined ICAO governance. This virtual credential is an exact representation of the ePassport, containing the holder’s facial image, biographical data, and security features. Once generated, DTC can be securely stored on the holder’s device and shared with travel service providers (e.g., border agencies) ahead of travel to provide required information.
The International Organization for Standardization (ISO) is developing mobile driving license (mDL) standard that is gaining a lot of traction, especially in the US, where the number of states offering mDLs is rapidly growing due to increasing demand for contactless forms of digital ID. This mDL specification supports privacy-preserving techniques like selective disclosure where only required information and not the whole credential is shared.
Finally, W3C standards for decentralized (or self-sovereign) identity and verifiable credentials (VCs) re-envision the way we share, access, control, and manage our online personal information. Decentralized digital identity gives individuals full control of their digital identities and has privacy by design at its core. With the right governance and trust frameworks in place, this new wave of digital identity credentials could be accepted across sectors and borders, support a wide variety of interactions, and help move towards a fully digital travel experience.
Currently, all the key emerging identity models have some important limitations. DTC, for example, is designed for a very specific use case (cross-border travel) and it does not yet support privacy preserving techniques such as selective disclosure, nor does it support more than one issuer. The current mDL specification is designed to support only in-person use cases, where the verifier uses a physical reader to verify the mDL. Like the ICAO model, the mDL specification presumes a single issuing authority. Decentralized Identity, while allowing for cross-border and cross-sector scalability, is dependent on robust trust frameworks and governance. Such frameworks and governance require multi-stakeholder collaboration and may take a long time to establish for cross-border travel.
Depending on the travel use case and business requirements, some identity models will be more suitable than others – and that’s okay. It’s unlikely the whole world will ever agree on a single digital identity construct to facilitate every traveller’s interaction, even if there is broad consensus around the key design elements. Therefore, we should focus on alignment around a common vision, collaborating across geographies and use cases, and interoperability between the different specifications and exchange protocols.
Solutions will need to emerge that can support a mix of digital identity credentials, for exchange both in-person and across the internet, that can be under the control of the traveller and managed from their private and secure digital identity wallet. Such multi-purpose wallets would reduce complexity for travellers, giving them a “one stop shop” for their trusted identity information.
Source: World Economic Forum