August 22, 2024
August 22, 2024

TEx System Poised to Boost Security By Sharing Less Data With Businesses

Advertisements


For IT and cybersecurity teams, collecting and storing PII can be a significant burden. When dealing with millions of customer records, it becomes both a costly and risky endeavor to manage and protect data from hackers, as well as to handle the repercussions if a breach occurs.

This may change with the upcoming launch of a new digital verification system in Australia, which is set to progress to a pilot phase in January 2025.

Now in the proof of concept stage, the Trust Exchange, or TEx, system would allow Australians to provide their personal information via a digital wallet. PII would not always need to be shared with a business when a customer needs to verify their identity.

The Australian Government hopes TEx will reduce the number of Australians who are falling victim to data breaches. For businesses, the system could offer a streamlined and safer way of interacting with their customers.

What is Australia’s planned Trust Exchange?

Australia’s Trust Exchange system would allow Australians to prove their identity or share select details about themselves using information already stored by the government within their centralised MyGov account. MyGov is the central portal and data repository through which Australians access Government services, such as taxation, health, or social security.

SEE: What Australia’s Digital ID means for businesses and citizens

For individuals, the government is promising more control over personal data. For businesses, it is offering benefits such as the ability to streamline customer onboarding and minimise data risks. The Trust Exchange system is being developed as a distinct project alongside Australia’s existing Digital ID project, which will see the creation of a digital ID for Australians.

How will the TEx system work in practice?

Three transaction categories have so far been identified by the government for TEx:

  • Proving a person’s identity without handing over information.
  • Sharing select pieces of personal information.
  • Sharing a verified credential.

TEx will verify information using a ‘digital thumbs up’

In cases where TEx is only verifying information, such as a person’s identity, the system would pass a digital token to businesses rather than sensitive private information, such as a driver’s licence.

Using a “tap-to-pay” style system with a QR code, the system would “digitally shake hands” with a business or service provider. While it would not pass on actual information, the system would provide assurance that the details are correct without needing to view them.

Individuals will choose what to share

When individuals need to pass data to a business or entity, the TEx system allows them to select what information they hand over and ensure they consent to the information being exchanged. It also maintains a record of which information has been exchanged with which businesses, allowing individuals to track their digital information.

Verification will be based on government’s data pool

Verification will come from the pool of data held by Australian government agencies, in addition to information housed by Australian state governments, centralised via MyGov. The government has said that, rather than being in a central database, it was exploring a new decentralised model for citizen data that would have strong safety and security features.

What use cases will there be for Trust Exchange?

Verified or shared information using the TEx system would include:

  • Age and date of birth.
  • Address.
  • Citizenship status.
  • Visa status.
  • Qualifications and occupational licences.
  • Working with children checks.
  • Veteran status.

The government has put forward potential applications of the TEx system, including:

Contracts and accounts: Large businesses like telcos or banks will be able to integrate with TEx for identity verification when people take out new contracts or create new accounts.

Pubs, clubs, and hotels: TEx can prove a person’s age. Australians may not have to pass over ID documents such as drivers’ licences or passports to be copied and stored.

Rental applications: When a person rents a new apartment, key details about the applicant could be provided and verified by a real estate agent using the TEx system.

Applying for a job: The government has suggested the system may extend to include things like qualifications and certifications, making it easier for employers to verify job candidates.

What will the Trust Exchange mean for businesses?

The Australian government believes businesses will see TEx as a “win.” Although a business’ systems will need to be configured to interface with the system, it could lead to operational efficiencies, reduced data risk, and savings on data management.

Businesses will outsource identity verification

The TEx system would relieve businesses of the operational burden of verifying someone’s identity, which had sometimes required multiple forms of ID. This could create process efficiencies in many areas, streamlining how businesses sell certain products and services.

Businesses will reduce some of data risks

When businesses hold PII data, they take on risk. With the government holding identification data, and the exchange of data limited to only what is required, businesses will be reducing risk in their data estates. They could end up holding less data they don’t need, in line with best practice principles, or seeing less fines or legal costs due to data breaches.

Business systems will need to interface with TEx

Any information verified by the system will still need to be collected, stored, and managed. While it is unclear how this process might work — and it may require IT to set up in-house systems to operate seamlessly with TEx’s public digital infrastructure — it is likely to become a feature in most third-party vendor products.

Businesses may have less data on customers

In some cases, businesses may have less data on customers than they may want. For example, if a business only needs to verify a person is over 18, a TEx system may verify this is the case without providing the business a date of birth. This could limit the collection of demographic data that may help with marketing segmentation strategies.

Businesses will still need to deal with non-TEx customers

TEx will not be compulsory for consumers or businesses. Therefore, businesses that adopt the system must be set up for customers using TEx and for those who are not. While this may create further complexity, businesses find enough value from TEx customers to make it worthwhile, especially as TEx uptake increases over time.

What will it mean for personal data protection?

PII data could be safer in less locations

The Trust Exchange system can reduce the number of times Australians need to hand out PII to identify themselves. As the number of businesses storing data reduces, individuals could warmly welcome a reduced risk of their data being breached.

SEE: Is Australia’s public sector ready for a major cyber security incident?

TEx could be the honeypot for hackers

Some experts fear that the Trust Exchange and MyGov would be attractive to criminals because they would essentially create a centralised location for data. Though hacks of Australian businesses like Optus and Medibank have been problematic, a breach of the TEx system could be even more disastrous.



Source link

61 Bridge Street
Kingdon
Herts
Top locations – from restaurants and clubs, to galleries, famous places Local Business Directory - Events - Jobs - Classifieds and so much more...
© 2023 All Rights Reserved By StepInto Group Ltd
crossmenu