"Our ability to manufacture fraud now exceeds our ability to detect it." Al Pacino
In September of 2021, IT World Canada ran an article titled “Ontarians are getting digital ID this fall”. While we’re still waiting for Ontario’s digital ID, should we expect a government issued digital identity credential to help with online fraud? Both history and current trends would say “no”.
We are in the middle of a digital migration with new waves of growth on the horizon. Effective delivery of real-time payments, digital currencies and open banking depend on reliably verifying the identity of connected parties. Despite numerous initiatives, and over ten years of effort by the Digital Identification and Authentication Council of Canada (DIACC), reported rates of scams, identity theft and accounts opened with synthetic identities continue to rise. We remain no closer to a fully reliable system of digital identity verification, no closer to curtailing fraud in this arena.
There are two ways a government issued digital identity credential could reduce fraud. First, it could confirm the identity of anyone opening an online account, helping identify and contain accounts created with stolen or synthetic identities. Second, it could help verify the identity of anyone accessing an account online, helping reduce fraudulent access and account takeover. To succeed, the identity credential would have to be widely adopted, easy to use and more secure than credentials provided by commercial services and tech companies.
While there are examples of widely adopted government identity programs, such as the current Estonian ID-card and the former Soviet internal passport, government issued identity credentials have struggled with adoption in societies with a history of respect for individual freedom. Moreover, they have been no more resistant to identity theft than other credentials. The history of identity cards in Great Britain teaches both lessons.
During the First World War, Great Britain issued identity cards to better manage human resources for industrial and military purposes. Despite support for the war effort, there was little enthusiasm for the cards, little understanding of their significance and no sense of personal benefit. In Modern Horrors: British Identity and Identity Cards, Jon Agar writes “The British identity card of the First World War had a quiet death, and a nearly forgotten grave. The movement of people and the loss of cards led to numerous applications for new cards from the citizenry, but new cards were often not matched to old cards. The rapid growth in number of records in the National Register caused by this process of “inflation” led to the system becoming first unwieldly and later useless.”
To avoid the same fate, identity cards during the Second World War were linked to food rationing. In addition to ration books, cards were proof of identity for a passport, a bank account or the retrieval of a parcel from the post office. When food rationing came to an end, opposition to identity cards began to build. A request for an identity card was viewed as bureaucratic bullying. Newspapers wrote anti-card editorials, such as that published in the Daily Express: “Except as a wartime measure the system is intolerable. It is un-British . . . It turns every village policeman into a Gestapo agent.” Once again, public resistance killed the program.
Without widespread public support, the top-down effort required to enforce and maintain a government identity program is unacceptable in a free society. Even if supported and well maintained, it does not contain fraud. While all British citizens were entitled to an identity card, many collected more than one, under different names, for extra rations. No solution was found to prevent people from pretending to be someone else, pretending to be more than one person or pretending that a fictitious person existed.
Today, many people would view a government digital ID program with suspicion and concern related to privacy and surveillance. With businesses not willing to turn customers away, other means of identity verification would be needed. Allowing the government credential to be bypassed would undermine its ability to contain fraud.
The need to make a credential universally available also makes it hard to keep it out of the hands of fraudsters. There are over six thousand different entities issuing original and replacement birth certificates in the United States, making them easily obtainable. The US Office of the Inspector General has reported that between 85 and 90 percent of the birth certificate fraud encountered by the Immigration and Naturalization Services and Passport Services staff is the result of genuine birth certificates held by imposters.
Finally, there is no reason to believe that government credentials would be less likely to be counterfeited than others. In Onfido’s recently issued annual fraud report for 2024, passports and national ID documents are listed as the most commonly encountered fraudulent documents. Interestingly, Onfido, a global identity verification provider, names the Ontario Driving License as the most commonly encountered fraudulent document in North America.
Today, opening an online account can require layers of identity verification. There are ways to verify identify by presenting personal information, by scanning documents, by presenting photo ID and taking a selfie, even by logging into a bank account and allowing access to bank records. Fraudulent account openings still occur. Multi-factor authentication that references verifiable hardware, such as a mobile phone, in addition to information or images remains the most reliable way to minimize identity related fraud. New, government issued, digital ID, once available, will facilitate access to government services, but is unlikely to have an impact on the arms race between fraudsters and service providers.
Sehgal, Pragya “Ontarians are getting digital ID this fall: All you need to know”, IT World Canada, September 21, 2021, ITWorldCanada.com.
Agar, Jon, “Modern Horrors: British Identity and Identity Cards”, Documenting Individual Identity: The Development of State Practices in the Modern World, Princeton University Press, Princeton, New Jersey, 2001, page 106.
"Identity”, Daily Express, March 12, 1945, as quoted by Agar, Jon, ibid. page 110.
Office of the Inspector General, Department of Health and Human Services,”Birth Certificate Fraud”, September 2000, 0EI-07-99-00570.
Onfido, “Identity Fraud Report 2024”, page 28.