Fintech Security

Hybrid Credentials: A Methodic and Parallel Journey

A current debate amongst fintech, government and security professionals, is when exactly the physical credential will be replaced by a digital one? Is it 5, 10, 20 years from now? Is it never? Did the global pandemic serve as a catalyst to shift the issuance paradigm to digital only credentials? Or will “hybrid credentials,” those which incorporate both digital and physical offerings, complement each other in the same space to provide a regulated, accepted, and secure path to satisfy citizens and consumers? If so, how long can this exist in harmony?

One thing is certain, it will be a journey. The speed of government and industry acceptance remains a wild card, and although some may think a post-pandemic credential world means less is more, moving quickly to a digital-only environment is improbable. A retrospective look at Government-to-Citizen (G2C) credentialing, in addition to parallel trends in the Payments Enablement space, signal the most likely scenario is one where digital and physical credentials coexist for the foreseeable future. Let’s consider the variables impacting this journey and why the popular technology convergence debate on digital vs. physical has morphed into an extended and methodical ‘hybrid’ one.

A look at the evolution of government credentialing

Look to the very recent past in government credentialing, and we get a glimpse of what might come when perceived convergence has led to co-existence. The International Civil Aviation Organization (ICAO) came into existence as a result of the Chicago Convention ratification in 1947 by 26 countries with a specialized United Nations mission to manage civil aviation, as well as the goal to manage and promote international standards for travel documents. In the late 1990s ICAO began to evolve travel document standards from machine-readable to electronic passports based on an embedded integrated circuit chip. Adoption didn’t start to take hold until the United States Visa Waiver Program (VWP) required participating countries to begin issuing ePassport by October 2006. Failing to meet this date would have required citizens of these countries to apply for conventional paper visa foils.

ICAO is currently debating if ePassports should be mandated under the Doc 9303 standard. In the spirit of ‘no country (or citizen) left behind’, ICAO has maintained ePassport standards as a recommended best practice without it being mandatory. There continues to be a global need for multiple formats (digital and physical), as the pace of implementation of standards varies from country to country.

The next evolution of ICAO travel document standards is the Digital Travel Credential (DTC), which will be introduced in phases. The self-derived DTC standard (Type 1, also known as the Virtual Component) was only just approved by ICAO late in 2020. This allows a DTC to be derived from any existing ePassport. The government-issued DTC (Type 2) standard has not yet been released, so this digital credential progression could take well more than a decade.  The Type 3 version – many years off – will be when ePassport issuers provide only a virtual component and the physical ePassport booklet is no longer issued.

You can see that the rate of innovation in passports is constrained both by the typical 10-year validity of these documents and the policy of being backwards compatible with all valid passports in circulation. Other government identity documents could potentially see faster innovation, especially in areas without the same legacy constraints. Some governments have been successful in launching G2C programs quicker than others, but the adoption period will certainly include a roadmap for hybrid credentialing. Government and security experts would all agree that this journey has been nothing but methodical and time-consuming.

Learning from trends in other industries

The concept of hybrid credentialing isn’t an ePassport or a G2C phenomenon. In a recent survey of 1,000 U.S. consumers, Entrust discovered hybrid payment credentials were the clear preference with 85% of respondents opting for digital payments for online transactions and physical card payments during in-store purchases. Consumers have signaled they want on-demand options and the convenience of choosing between a digital and physical credential depending on the situation and their personal preferences.

While the debate over ‘when’ digital credential issuance will replace physical will continue, in the near-term, hybrid solutions will provide the most convenient, safe and predictable path forward. Adoption of standards meant to protect the vital core of human beings − our identity − is a complex undertaking involving and relying on international stakeholders, multiple agencies, and public acceptance. It’s also a cultural shift which requires the highest levels of confidence, trust and intelligence embedded into our identity security architecture. Although ePassports might offer a glimpse of an ‘extended’ technology adoption timeline, it points squarely at a unified or hybrid offering as the foreseeable norm.

Entrust has been innovating across our Payments and Identity portfolio of solutions for more than 50 years, balancing a parallel approach to hybrid issuance. Learn more about how Entrust can enable your hybrid credential issuance program.

The post Hybrid Credentials: A Methodic and Parallel Journey appeared first on Entrust Blog.

*** This is a Security Bloggers Network syndicated blog from Entrust Blog authored by Shawn Brennan. Read the original post at: https://www.entrust.com/blog/2022/11/hybrid-credentials-a-methodic-and-parallel-journey/

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *