GOV.UK
Verify (RIP) "finding the right company to verify you" as
at 24 September 2017
|
|||||||||
Experian | Digidentity | Post Office | Verizon |
Morpho
(previously owned by Safran, now sold to private equity investors,
no announcement made by GDS) (no longer called "Morpho", now Idemia, no announcement made by GDS) |
Barclays | GB Group, also known as CitizenSafe | Royal Mail | PayPal (never turned up, no comment from GDS) |
|
IDaaS | Identity Provider service for Verify | Identity Assurance (IDA) Service Applied for tScheme approval 24 February 2014, application lapsed |
Universal Identity
Service |
SecureIdentity (Morpho still shown as owned by Safran) |
Identity Assurance and Provisioning service (must be over 18 to register) | ID3global Service, subject to confirmation also known as CitizenSafe | Identity Verification Service | ? | |
Service
trustworthiness approved by tScheme
(not one single "identity provider", not even Verizon, is approved for attribute registration) Not all identity assurance services are equal |
Yes | Yes | No,
application lapsed No base approval, not approved for identity registration or cedential validation or credential management & not approved as an "identity provider" |
Yes, but Verizon no longer functioning as a GOV.UK Verify (RIP) "identity provider" while continuing to support the Barclays "identity provider" service. No explanation from GDS | Yes, finally, but should SecureIdentity be re-assessed now that Morpho has changed hands? | Yes, finally | Yes, but low-grade pass, not approved as an "identity provider" and not approved for credential management | Yes, finally | No, never applied |
For a long time the Government Digital Service used to say that Safran Morpho/SecureIdentity in particular are unlikely to be able to verify your identity even if you are one of the easy cases, over the age of 20, more than 12 months in the UK, passport, photo-id driving licence and a mobile phone onto which you can download apps (viruses). An odd thing for them to say. That seems now largely to have stopped. | |||||||||
Currently registering new users
(behind
the scenes, some "identity providers" use someone else's system)
|
Experian Yes |
Digidentity Yes |
Post Office Yes, despite not being certified |
Verizon |
Morpho Yes |
Barclays Yes, despite their service relying on Verizon |
GB Group Yes |
Royal Mail Yes |
PayPal No, pulled out |
Experian England, Scotland, Wales, Northern Ireland |
Digidentity The Netherlands |
Post Office England & Wales |
Verizon Now ungoverned, as far as you know, but while Verizon were still an "identity provider": England & Wales |
Morpho England, Scotland, Wales, Northern Ireland |
Barclays England & Wales or Scotland or Northern Ireland, as appropriate |
GB Group England or Northern Ireland or Scotland but not Wales |
Royal Mail England, Scotland, Wales, Northern Ireland |
PayPal ? |
|
Experian We will hold your personal information connected with this website for as long as you have an account with our identity service; and then for a period of no longer than 7 years following the closure of the account |
Digidentity Your information will be encrypted and stored in accordance with legal requirements for a period of 7 years for audit purposes. After 7 years the data is permanently removed from our systems. |
Post Office Your information will be retained for audit and record keeping purposes for a period of seven years following the date your account is closed. |
Verizon Now you have even less control over the personal information handed over but while Verizon were still an "identity provider": In the event that you no longer receive services from us and we are required to retain your data for longer, we will retain your data in a manner which will mean we are unable to use it further for this service. |
Morpho seven (7) years beginning on the later of the first day after the termination of the Identity Service, or such longer period as is necessary for the resolution of any litigation, claim, negotiation, audit or other inquiry involving Your Data. |
Barclays We are required to keep your data while you are registered with us and for a further period of 7 years after your account is closed or expires, subject to our obligations to comply with the record retention requirements under the Data Protection legislation. |
GB Group ... if you should close Your account then the data retained is for audit purposes only and then for no longer than is necessary for the purposes described in this Privacy Policy and as permitted by the Data Protection Act 1998. |
Royal Mail If you should close your account, then the data retained is for audit purposes only and then for no longer than is necessary for the purposes described below. |
PayPal ? |
|
Experian anywhere, unspecified, "we endeavor to take all reasonable steps to protect your personal data" |
Digidentity in accordance with the Dutch Personal Data Protection Act and the UK Data Protection Act |
Post Office within the EEA |
Verizon Now, who knows, but while Verizon were still an "identity provider": outside the EEA |
Morpho outside the EEA but only in compliance with the Data Protection Act |
Barclays outside the EEA |
GB Group within the EEA |
Royal Mail within the EEA |
PayPal ? |
|
Experian your title, forename, middle name or initial, surname, date of birth, any other names you are known by, gender, time at address, current address, previous addresses, plus home telephone number, mobile telephone number, email address, passport details, driving licence details, and other information necessary to verify your identity |
Digidentity Name, forename and middle name, Title, Gender, Date of birth, Current and previous addresses, Telephone numbers, e-mail addresses, Passport Number, Driving Licence number, Credit Card number (only the last four numbers are kept), Photos of you that you provide in our app (Selfie) |
Post Office Name, Title, Gender, Date of birth, Current and previous address(es), Mobile phone number, E-mail address, Passport details, Driving licence details, Debit or credit card number, Digital selfie of you |
Verizon While Verizon were still an "identity provider": title, forename, middle name or initial, surname, date of birth, any other names you are known by, gender, time at address, current address, previous addresses, plus home telephone number, mobile telephone number and email address. Verizon may also request your passport details (including photograph), and driving licence details (including photograph) |
Morpho |
Barclays name, address (with 3 years of history), email, mobile phone number, gender, details of your passport, driving licence and bank account, IP address, browser type and version, device type, operating system and version, locale, a unique visitor cookie, user ID, time, URL + We may receive information about you if you use any of the other websites we operate or the other services we provide. We also work closely with third parties to provide aspects of the Identity Service (including sub-contractors, analytics providers, search information providers and credit reference agencies) and we may receive information about you from them. |
GB Group title, forename, middle name or initial, surname, date of birth, any other names You are known by, gender, current address, previous addresses and the time spent at those addresses, home telephone number, mobile telephone number, email address |
Royal Mail title, first name, middle name or initial, surname, any other names you are known by, date of birth, gender, current address, previous addresses in the last three years (and the duration at each address), home telephone number, mobile telephone number and email address. We will also ask you to provide details of official identity documents, such as your passport or driving licence. |
PayPal ? |
|
Experian Driver & Vehicle Licensing Agency (DVLA), HM Passport Office, other companies within the Experian group, companies that perform services on our behalf, we may share aggregated and anonymised data with third parties |
Digidentity the suppliers that we work with to deliver the service to you |
Post Office Callcredit, Her Majesty's Passport Office, the Driver & Vehicle Licensing Agency, ID Checker (who?), WorldPay, the third party that hosts our website |
Verizon No telling who Verizon may pass your personal information to now but while Verizon were still an "identity provider": a company within the Verizon Group or other affiliated entity , Equifax, ID Checker (who?), Driver and Vehicle Licensing Agency and Her Majesty's Passport Office, Zentry LLC (who?), Techmahindra Ltd (who?), Expert Solutions Support Centre (who?) |
Morpho GDS, DVLA, HMPO and any other relevant HMG Department, Morpho sub-contractors including third party fraud-prevention agencies and credit agencies, law enforcement and tax authorities, the head office of the Morpho Group, Morpho SAS, based in France |
Barclays a credit reference agency (including Equifax), a fraud prevention agency, other member organisations of the fraud prevention agency, other Barclays companies, Barclays business partners, suppliers and sub-contractors, HM Passport Office, DVLA, Verizon, GOV.UK Verify, anyone who buys a Barclays business or Barclays assets |
GB Group selected third party organisations including credit reference and fraud prevention agencies and their other customers, Equifax, CallCredit and DVLA, HMPO and any other relevant Department, the Police and/or other relevant authorities, any company in the GB Group group, business partners, suppliers and sub-contractors, analytics and search engine providers, other companies and organisations for the purposes of fraud protection and credit risk reduction |
Royal Mail GB Group, credit reference agencies or fraud prevention agencies such as Equifax and CallCredit, HM Passport Office, Driver and Vehicle Licencing Authority (sic), GDS |
PayPal ? |
|
Terms & conditions
|
Experian Ts&Cs |
Digidentity Ts&Cs |
Post Office Ts&Cs |
Verizon No longer available |
Morpho Ts&Cs |
Barclays Ts&Cs |
GB Group Ts&Cs |
Royal Mail Ts&Cs |
PayPal ? |
Privacy policy
|
Privacy | Privacy | Privacy | No longer available | Privacy | Privacy | Privacy | Privacy | ? |
Contact
|
No longer available | Telephone 0333 202 7479 | Telephone 0333 566 8000 | Telephone 0345 266 0116 | ? | ||||
Timpson/ArkHive | Timpson is an admirable company in many ways which looked into joining the GOV.UK Verify (RIP) death march and seems now to have thought better of it no activity on their Twitter account since 24 January 2017. It's not clear how they would have fitted in to the GOV.UK Verify (RIP) framework. GDS made no comment on the matter. Security? Privacy? Payment? Liability? No idea. | ||||||||
Mvine & Sitekit | These two companies are supposed to provide hubs to test how retailers and financial services could use GOV.UK Verify (RIP). The security of GDS's own hub has been questioned. No comment on the security of Mvine's and Sitekit's hubs has been made by GDS. And yet it now transpires as usual, no announcement made by GDS that both Mvine and Sitekit are offering services for sale on the Digital Marketplace which give the purchasers and who knows who else access to the personal information of GOV.UK Verify (RIP) accountholders. | ||||||||
UK local authorities | 19 UK local authorities were inveigled into testing GOV.UK Verify (RIP) on two applications, concessionary travel for the elderly and residents parking permits. That was back around October 2016. There are now just 8 of this incredible shrinking band left. Their services may at some stage an agile year later go into private beta. | ||||||||
OIX, NIST, GDS, eIDAS, HMRC, legal persons, DWP & the NHS | OIX, the Open Identity Exchange, continue to try to help GDS
by testing to see if GOV.UK Verify (RIP) is any use to the financial
services sector. "No",
seems to be the answer. And "no". Hardly surprising if NIST, the US National Institute of Standards and Technology are right they say that the level of assurance offered by GOV.UK Verify (RIP) is no better than self-certification. The "completion rate" of GOV.UK Verify (RIP) as measured by GDS hovers around the 40% mark. I.e. the failure rate is 60% or so. GDS specified 6 conditions for going live with GOV.UK Verify (RIP). #3 was a minimum 90% success rate on opening accounts. Never achieved, GDS went live anyway. 4ฝ years after it was meant to be working, over a year after it went live, GOV.UK Verify (RIP) has 1.49 million accounts. If each accountholder has seven accounts, one with each of the 7 remaining "identity providers", that could be just over 200,000 people. GDS are committed to having 25 million people on the system by 2020. Unrealistic. The odds on GOV.UK Verify (RIP) being notified under Article 9 of eIDAS are lengthening. Which accommodating EU country would rely on a GOV.UK Verify (RIP) verification of identity? Meanwhile one of GOV.UK Verify (RIP)'s major prospective relying parties is developing its own identity assurance scheme Her Majesty's Revenue & Customs (HMRC) is concentrating on a new version of the Government Gateway and all but ignoring GOV.UK Verify (RIP). Remember, GOV.UK Verify (RIP) can't register companies, partnerships, trusts, ... It's not very good 60% of the time at registering natural persons but it can't register legal persons at all. The Department for Work and Pensions (DWP) and the National Health Service (NHS) also have yet to be convinced to rely on GOV.UK Verify. RIP. |