At times, it seemed it would not get this far: the Real ID Act.
States resisted the post-9/11 authentication law, and sought extensions to its deadlines. Citizens raised complaints to lawmakers about the hassle of collecting birth certificates to prove identity, and the prospect of taking time away from work or personal lives to stand in long lines for the new forms of ID. Confusion spread about how people would board airplanes and enter certain buildings, and what forms of ID would suffice. There was also general annoyance about all the monetary costs associated with the effort.
However, progress continued, and as of Jan. 22, 2018, “passengers who have driver’s licenses issued by a state that is not yet compliant with Real ID, and that has not received an extension, will need to show an alternative form of acceptable identification for domestic air travel,” according to the U.S. Department of Homeland Security (DHS). As of late December, 40 states were compliant with the law (designed to bring a higher level of security, and confidence, to personal ID documents), as Jumio CRO Robert Prigge told Karen Webster in a new PYMNTS interview.
The interview came as deadlines loom for Real ID (by October 2020, all travelers will need IDs that meet the standards, as will people entering most federal buildings), and amid increased attention to the problem of proving better authentication without introducing too much friction into the daily lives of consumers. In addition, as more ID and authentication tasks become digital, there is increased concern about the security of the relevant databases — a concern that is part of the emerging Real ID ecosystem.
It’s been a “slow motion mess for 15 years,” Prigge said in giving a status update on Real ID. “It’s taken decades to get where we are at.” However, during the last two or three years, “pressure has ratcheted up” as those deadlines approach, and there seems little or no chance of any rollback to the goals set out in the federal ID law.
Real ID requires for people to authenticate themselves via birth certificates and Social Security cards. The IDs themselves include such information as name, date of birth, gender, address, the person’s signature, a unique number and a machine-readable bar code. One of the main ideas behind Real ID is to make it easier to authenticate a person’s identity, and to do so according to a single, de facto national standard.
According to a recent analysis out of Pennsylvania, “Over the past 16 months, the state has spent more than $24 million to prepare five free-standing centers, and retrofit six other licensing centers, to issue new cards required after the 9/11 terrorist attacks.” That because “the Real ID facilities require more security than regular driver’s license centers to meet federal standards.”
The effort will also lead to the 50 states linking their ID databases, which can make it easier for authorities to determine moving violation histories for ID holders, among other tasks. However, that can lead to more opportunities for online fraudsters as well.
“Criminals go after the weakest link,” Prigge said. For instance, in a state such as California (home of Silicon Valley), its database will probably be among the most secure in the United States. Criminals would likely seek to break into databases from other states that have deployed weaker security. “The number of points you can attack is now increased fiftyfold,” he said.
Government programs — often by design, often via red tape — are typically slow to roll out, and Real ID is certainly no exception. That means not much has changed in the world of ID and authentication — and security in general — since 9/11 and the first years after that terrorist attack. Webster asked what Prigge might have done differently if he had power over Real ID, and had he known what he knows now.
“Biometrics,” he said. “I think biometrics is probably much more of the future” when it comes to ID and authentication.
Specifically, he talked about facial recognition — about using selfies to compare a person’s face to an image that resides on ID — as a potentially powerful authentication tool.
Indeed, such biometric authentication keeps working its way further into the consumer mainstream. Just recently, for instance, Hertz teamed up with CLEAR to create Hertz Fast Lane powered by CLEAR, a new service that uses facial recognition biometrics to speed up the car rental process. That’s hardly all for biometrics, though. As recent PYMNTS research has demonstrated, call centers are turning to biometrics to combat fraud via not only facial recognition, but other features.
“Biometrics [is] so hard to fool,” Prigge said.
For now, that’s for the future, perhaps a next generation of nationally mandated personal ID. By then, the world of payments and commerce will have likely made significant authentication advances over those rules set out by Real ID. However, make no mistake, it won’t be too long before we are all living in a Real ID world.
——————————–
LATEST INSIGHTS:
Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. Check out the latest PYMNTS report on PSD2