eftpos has become the first non-government accredited operator of a digital identity exchange in Australia, as the federal government prepares to introduce legislation to expand the scheme.
Employment minister Stuart Robert announced the accreditation of the payments provider’s connectID brokering solution under the trusted digital identity framework (TDIF) on Monday.
connectID sits between identity providers and so-called "relying parties", much like the only other accredited exchange operated by Services Australia.
The solution can be used to verify a person’s identity for a number of different reasons, including to confirm proof of age, address details or bank account information.
eftpos has been piloting the solution since mid-2020, including with Australia Post's Digital iD and the Queensland government's credential, following an earlier proof-of-concept with 20 businesses.
It applied for TDIF accreditation in March and set the brokering solution live in June – around seven months later than it had originally planned.
TDIF is a series of policies and standards that underpin the government’s national federated identity model, including the accreditation of government agencies and private sector organisations.
Accreditation requires an organisation to meet strict requirements around privacy, security, risk management and useability.
Robert, who oversees the government's digital agenda, said “eftpos has demonstrated that connectID is trustworthy, safe and secure and has met strict usability and accessibility requirements”.
“I congratulate eftpos for being the first private identity exchange to be accredited under the TDIF,” he said in a statement.
Robert added that eftpos’ connectID is not currently seeking to operate as part of the government’s digital identity system.
Other private sector organisations that have previously been accredited like Australia Post and OCR Labs are also yet to begin operate within the identity system.
The government is preparing to release the draft exposure of its Digital Identity Bill before introducing the legislation to federal parliament in the Spring sitting.
Passage of the bill – which will enshrine governance and privacy protections in law – is necessary for the digital identity scheme to expand to businesses and state and territory governments.
Meanwhile, Mastercard has also applied for accreditation under TDIF for its digital identity service called ID, which it has been scaling up in Australia since 2019.
Mastercard hopes to become a TDIF accredited exchange, identity provider and credential provider and also plans to collaborate with the Digital Transformation Agency on using ID for age verification.
It is also looking to partner with more local organisations to roll out ID more broadly, building on existing partnerships with Optus, Deakin University, Australia Post, Samsung and Microsoft.
“Connecting with trusted third-party digital identity platforms is key to scaling digital identity more broadly,” Mastercard Australasia division president Richard Wormald said.
“Without interoperability, it’s very hard to build beyond local developments.
“This is why Mastercard continues to collaborate with like-minded organisations, giving citizens new ways to verify their identity without having to hand over any physical documents or surplus information.”
