Eftpos granted government accreditation as first private ID exchange operator
Eftpos has become the first accredited non-government operator of a digital identity exchange under the federal government's Trusted Digital Identity Framework (TDIF).
By becoming an accredited operator, Eftpos connectID can now facilitate online transactions requiring a digital identity from Australians.
Eftpos sent connectID live in June as a fully-owned subsidiary of the organisation and as a standalone fintech company. It's been set up to act as "broker" between identity service providers and merchants or government agencies that require identity verification, such as proof of age, address details, or bank account information.
It has been designed to work within the federal government's Trusted Digital Identity Framework (TDIF) and the banking industry's TrustID framework.
Although the Australian government has its own digital identity solution with myGovID, Eftpos has previously said its solution could provide a "smoother, faster, and more secure onboarding experience, including for government services".
Eftpos has also assured that connectID does not store any identity data.
"A safe, thriving digital economy is the best way we can grow the Australian economy. A safe, thriving digital economy is not possible without digital identity -- that is, a safe, secure, and convenient way for Australians to prove their identity online," Minister for Employment, Workforce, Skills, Small and Family Business Stuart Robert said.
"Through accreditation, we make sure Australians and Australian businesses can have trust and confidence that their personal information is safe and secure.
"As an accredited provider, Eftpos has demonstrated that connectID is trustworthy, safe, and secure and has met strict usability and accessibility requirements. I congratulate Eftpos for being the first private identity exchange to be accredited under the TDIF."
Eftpos applied for accreditation in May. The federal government's myGovID was the first to be granted a TDIF accreditation, followed by Australia Post's Digital ID. Last month, OCR Labs became the first accredited non-government operator to provide digital identity services to the private sector.
"TDIF accreditation is a big step forward for Eftpos and industry to help bring the benefits of digital identity to more sectors of the economy. It is a significant and tangible milestone in the rollout of Australia's digital identity ecosystem and comes after months of rigorous assurance evaluations and privacy and security testing," Eftpos CEO Stephen Benton said.
Since last year, Eftpos has been piloting connectID with 20 "well-known" Australian brands, including Australia Post and Yoti.
According to Eftpos digital identity managing director Andrew Black, the company is looking to use connectID to help businesses address issues in areas such as commerce onboarding, recruitment, responsible gaming, anti-money laundering and identity verification.
The news follows Mastercard and the Digital Transformation Agency (DTA) announcing plans to scope out how the former's digital identity service could enable Australians to digitally verify their age and identity.
Mastercard is also seeking accreditation under the TDIF.
If granted, Mastercard said it would enable consumers to create a reusable digital identity using official identity documents, such as passports, driving licences, as well as protect digital identity data using encryption and facial biometrics.
In June, the Australian government published a consultation paper on digital identity that indicated legislation would enter Parliament later this year to allow non-government entities to provide digital identification services to Australians.
Under the TDIF, the set of rules can only be applied to Australian government entities -- it can't be applied to states and territories, or to the private sector – which is why legislation is required.
The Digital Identity Legislation is hoping to ensure privacy safeguards are in place, such as limiting access to biometric information, but it will include the ability for users to consent to their biometric information being accessed for fraud or security investigations.