What Credit Unions Should Know About Mobile Driver's Licenses

In the wake of some recent isolated fraud in Louisiana, questions may arise about digital IDs and specifically mobile driver’s licenses (mDLs).

What are their implications for credit unions?

I’ve spent a decade of my career bringing mDLs into existence following Privacy by Design principles. I can appreciate the anxiety credit union leaders and technologists might have about yet another sea change in government and consumer technology. However, a well-implemented mDL program can actually improve citizen control of their ID and privacy while decreasing fraud. There are nearly 20 states where mDL is now an option.

From the vantage point of successful work on Utah’s mDL implementation, including partnering with two notable credit unions on accepting mDL in their branches, my organization has gleaned insights that credit unions nationwide can consider. The launch in Utah was well planned, is security and privacy-minded, and continues to gain momentum, particularly when tied to key acceptors coming online like the Transportation Security Administration. And, according to our research and feedback, the convenience of mobile ID has real appeal – if it’s tied to a program that is safe and secure.

Here is what a credit union should know:

Proper mDL implementation is important. Credit unions have a strong history of understanding and influencing policy. That’s helpful, because you can influence your individual state’s implementation of its mDL program for maximum security and usability.

There is no blanket, federal rollout or funding – this will be state-by-state adoption­. That has advantages because mDL can’t be tied into a nationwide database, which reduces the chances for privacy violation and should increase a U.S. citizen’s trust. Still, an adherence to international standards for digital interaction is crucial so that people can use their mDL everywhere. You want to look for the ISO/IEC 18013-5 standard, the International Mobile Driver’s License (mDL) Standard, versus proprietary implementations that will limit use cases in the future. ISO/IEC 18013-5 compliant mDLs are becoming interoperable across state and international boundaries.

You don’t accept mDL visually as a “flash pass.” One should also be wary of security and privacy issues that can create loopholes for fraudsters to exploit, jeopardizing the security of all stakeholders. The clearest sign of trouble: Visual acceptance. Mobile driver’s licenses should be accepted by electronic means (QR, Bluetooth, NFC or similar) rather than by visual inspection. You never hand over your phone or flash your screen contents. You select the data to share, and the recipient can verify digital signatures.

It must be accurately provisioned to the right person. Provisioning an mDL must involve multifactor security, including ID photo matching, to prevent fraudulent use. Inaccurate provisioning was at the heart of the initial fraud in Louisiana, and has since been addressed for new mDLs. It might seem like an annoyance, but a few additional authentication steps will increase security for all.

The user gets additional control over data. Utah’s mDL program is a case in point for effective implementation. Managed by the Utah Department of Public Safety’s Driver License Division, the program gives users a high degree of control over their data. Users can limit what they share with businesses, law enforcement and others. Built-in privacy protections ensure that no entity can track mDL activity. The mDL back-end is provided by a third party (full disclosure; my firm), but data sharing and collection are not a part of the mDL ecosystem. The program is also entirely optional.

Now is the time to grab your “first mover advantage.” In many ways, this shift to mDL mirrors what occurred a decade ago during the transition from magnetic stripe to chip cards, and then to digital wallets. Mobile driver’s licenses are an offering that can enhance security, convenience and privacy all at once. That’s a rare combination. Credit unions can use mDL to overcome the perception that only the largest institutions can offer the best mobile experiences.

Taking a “first mover” position is worth considering. Accepting mDL is a clear, cost-efficient signal to current and prospective members that you are forward-thinking, tech-savvy, and committed to delivering a mobile-first user experience that prioritizes both convenience and security. And, because mobile driver’s licenses are being implemented state-by-state, they’re a natural fit for credit unions with state charters and single state footprints in particular.

Two of Utah’s most prominent credit unions, America First Credit Union and Utah Community Credit Union, were pioneers in accepting Utah’s mDL. Their successful integration was driven by a tech-first mindset and a desire for the security benefits of these digital licenses, which all but eliminate the possibility of fake IDs and decrease fraudulent activity when accepted correctly. mDL makes for a smooth in-branch authentication experience where IDs don’t change hands and no personally identifiable information is shared verbally.

A good indicator: If the TSA accepts your state mDL, you are likely at a point where there is enough program momentum to be a first-mover.

How to Move Forward With mDL in Your State

Proper mDL implementation means investing in a safer, more efficient future for your credit union and members who opt in. I suggest checking out the AAMVA website to see where your state is at in terms of implementation and then get in touch with your state’s driver’s license division. They can provide insights into the particulars of their mDL program, from user control to privacy provisions. It’s also important to connect with any private entities supplying back-end mDL technologies to ensure that data use and collection are strictly off limits.

Next, credit unions should build a strategy to communicate what mDL acceptance means for members. mDL acceptance is about more than just keeping up with technology – it’s about enhancing member experience and affirming your commitment to privacy, security and convenience. Leveraging the experience of peers – like the two credit unions mentioned earlier – can build a clearer understanding of advantages and challenges.

David Kelts is Director of Product Development, Mobile Identity at the Waltham, Mass.-based secure ID solutions provider GET Group North America.