Identity and Access Forum highlights role of wallets, standards in mDL evolution

The Secure Technology Alliance’s Identity and Access Forum (IAF) has released its seasonal market snapshot, which features fresh insights on digital identity, mobile driver’s licenses (mDLs) and the shifting regulatory landscape, collected at its quarterly meeting in Atlanta, Georgia, hosted this year by Fime.

A persistent theme is a call to look “beyond in-person identity checks and toward an integrated future where identity, payments, and authentication operate seamlessly together.” To get there, multiple elements of the ecosystem must evolve and adapt to new laws that are at once accelerating adoption of digital identity, and putting pressure on systems to deliver.

Wallets are a critical component. The snapshot predicts that “the evolution of digital identity wallets will open the door to even more integrated experiences.” Identity credentials of all kinds will find a home in wallets: “professional qualifications (such as bar exam credentials), educational diplomas and scholarships, and proof of eligibility for government benefits.”

Interoperability must go ‘far beyond technical specifications’

The big kahuna of digital credentials, however, is the mDL. According to Lori Daigle of the American Association of Motor Vehicle Administrators (AAMVA), mDL adoption is accelerating, with 90 percent of North America is either deploying or working on mDL programs. Forty percent of U.S. drivers live in states that have already launched mDLs. Options for verifiers are increasing. In Georgia, which has one of the more robust mDL ecosystems in the U.S., House Bill 296 requires law enforcement to accept mDLs by July 1, 2027.

The IAF believes widespread adoption of mDLs will play a “pivotal role in simplifying online authentication flows, facilitating experiences where age-verification, authentication, and payments can happen simultaneously, with one tap or scan of your phone.” It says interoperability and ISO/IEC 18013-5 and ISO/IEC 18013-7 compliance are “paramount to ensure that the industry builds an ecosystem where any mDL, regardless of the state it was issued in, can be used securely and effectively nationwide while realizing the privacy improvements over physical cards.”

Interoperability, however, is complex – and must be so, extending beyond technical specifications to encompass a wider network of trusted entities. It should be considered “at multiple layers,” says Elizabeth Garber of the OpenID Foundation. “Not just standards, but also contractual agreements, liability regimes, record-keeping, and incident management across regions.”

“Progress in interoperable trust will be critical to ensuring adoption scales across borders, particularly as digital wallets and mDLs become tied to high-value use cases like payments and online authentication.”

Nonetheless, public demand is growing. Recent survey data from Thales shows 65 percent of drivers in the U.S. and Canada expressing interest in obtaining mobile driver’s licenses and digital IDs.

Updated NIST guidelines help assess risks in complex threat landscape

Further underscoring the importance of standards and certification in the wider discussion, Teresa Wu of Idemia Public Security, who also chairs the IAF’s Steering Committee, calls attention to the latest NIST SP 800-63-4 Digital Identity Guidelines, recently updated to respond to a more complex threat environment.

The changes, Wu says, “make it easier for agencies and organizations to assess risks before deploying digital identity systems, choose the right assurance level, and align proofing and authentication methods with real-world use cases, from in-person kiosks to remote, unattended digital onboarding.”

Enabling organizations like the IAF provide key resources to further assist those implementing digital ID. It recently published the white papers Mobile Identity Use Cases in Age Verification for Alcohol Purchase and Mobile Identity Use Cases in Financial Services, and is working on additional resources and guidance.

Worries old and new as digital licenses come of age

As mDLs develop, new concerns emerge. The need for speed in enabling businesses to verify mDLs is highlighted in the observation that “consumers may be reluctant to reprovision their mDLs when upgrading to new phones because they don’t have places that accept mDLs in their day-to-day lives.”

And the problem of fraud persists. The industry, says the IAF, must “prepare for existing fraud techniques to migrate into the mDL ecosystem. It will be important to adopt a layered fraud defense model that combines strong binding of credentials to the rightful holder, phishing-resistant authenticators, and secure recovery processes.”

In March, the IAF is hosting its second annual Mobile Driver’s License Technology Showcase and Interoperability Event at the Identity & Payments Summit in Houston, Texas. It follows last year’s inaugural event, and aims to introduce solutions to several problems identified then, including interoperability gaps such as QR versus NFC reader mismatches, protocol variations, app restrictions, and Bluetooth variability.

Article Topics

biometrics  |  digital ID  |  digital wallets  |  interoperability  |  mDL (mobile driver's license)  |  mDL verification  |  Secure Technology Alliance