Electronic Money Association Crescent House 5 The Crescent Surbiton, Surrey KT6 4BN United Kingdom Telephone: +44 (0) 20 8399 2066 www.e-ma.org Matt Warman MP
Minister for Digital Infrastructure
Department for Digital, Culture, Media and Sport (DCMS)
16 March 2021
Dear Mr Warman
Re: EMA responses to DCMS online Survey on the UK digital ID and attributes’ trust framework
The EMA is the EU trade body representing electronic money issuers and alternative payment service providers. Our members include leading payments and e-commerce businesses worldwide, providing online payments, card-based products, electronic vouchers, and mobile payment instruments. Most members operate across the EU, most frequently on a cross-border basis. A list of current EMA members is provided at the end of this document.
I would be grateful for your consideration of our comments and proposals.
Yours sincerely,
Dr Thaer Sabri
Chief Executive Officer Electronic Money Association
EMA responses
Survey Question Response
Do you agree with our trust framework approach for digital identity?
Yes
Do you agree with our open policy making approach of releasing an alpha document?
Yes
Please provide any general comments about the trust framework. If you choose not to complete the rest of the survey, your feedback will only be considered if your answer to this question includes substantive comments on the trust framework.
The Electronic Money Association (EMA) supports the effort led by the department for DCMS to establish a digital identity and attributes trust framework to facilitate secure interactions between persons and government entities/commercial enterprises in online and offline environments.
We suggest that the next iteration of the trust framework specification:
Ensures that access to the framework is attainable for participants of different size and sophistication.
Identifies the owners of the different framework assets (identity, attributes).
Considers the access method/criteria afforded to framework assets by their owners. Addresses requirements related to the secure interaction between framework participants.
Addresses portability/interoperability and accessibility requirements for the digital identity and attributes.
Survey Question Response
Remains outcomes-focused and avoids specifying the use of specific technologies to ensure technology neutrality and to foster wider innovation.
Considers lifecycle management requirements both for the framework assets and for framework participants.
Points to a liability framework that underpins the operation of the Trust Framework. Describes a Certification process that is accessible to a wide variety of participant and business models.
Builds on the significant identification, verification and user authentication infrastructures established by specific sectors (financial services) while avoiding duplication of effort. Includes a cost benefit analysis section.
Do you want to provide detailed feedback? Yes. Which of the following areas should we prioritise
developing in trust framework requirements?
Identity Standards. Attribute Standards. Technical interoperability.
Others (participant communication, secure access, liability, lifecycle management of framework assets and framework participants).
Inclusion
To what extent do you agree that the requirement to submit an annual exclusion
Survey Question Response
report will help to hold companies accountable to be more inclusive?
To what extent do you agree that companies will be happy to produce an exclusion report? To what extent do you agree that the trust framework will make it easier for people without traditional identity documents to access an online service?
What additional inclusion requirements should be included in the trust framework?
Agree
Neutral
Consider offline access Use Cases. Consider accessibility requirements for users with limited access to digital devices and a low understanding of virtual interactions.
Fraud & Security
To what extent do you agree that the counter fraud and security measures will ensure best practice is upheld by trust framework members?
Survey Question Response
What additional counter fraud or security requirements should be included in the trust framework?
Secure onboarding of framework participants. Secure communication between framework participants. Verification of participants’ status. Review/monitoring of participant activities by the framework Governing Body. Lifecycle management requirements for framework assets and for framework participants. Secure access requirements and conditions for all framework assets. Secure attributes’ “binding” requirements.
Interoperability
To what extent do you agree that the trust framework facilitates interoperability, as defined by the ability to use a digital identity created in one context in another?
In order to facilitate interoperability, do you think that the trust framework should:
Agree
Make no reference to technical specifications
Privacy
To what extent do you agree that the TF provides enough protection for users on use of their data?
Are there any obligations or requirements which may harm the interests of users?
Survey Question Response
Are there any obligations or requirements which may make digital identity impossible to implement for your organisation?
The current Trust Framework description does not clearly establish framework asset ownership and secure access requirements/conditions for such assets by framework participants. The user consent conditions are not clearly identified.
There is a lack of clarity on the framework participant communication requirements (specifically security requirements). There is currently also no clear guidance on how to assess whether another scheme participant should receive access to framework assets as part of the attempted delivery of a service. Finally, there is a lack of clarity on the attributes binding process.
Do you want to provide line-by-line feedback on the UK digital identity and attributes trust framework?
No
Members of the EMA, as of March 2021 AAVE LIMITED
Account Technologies Airbnb Inc
Airwallex (UK) Limited Allegro Group American Express Azimo Limited Bitstamp BlaBla Connect UK Ltd Blackhawk Network Ltd Boku Inc CashFlows Circle Citadel Commerce UK Ltd Contis Corner Banca SA Crosscard S.A. Crypto.com Curve eBay Sarl ECOMMPAY Limited Em@ney Plc emerchantpay Group Ltd ePayments Systems Limited Euronet Worldwide Inc
Facebook Payments International Ltd Financial House Limited
First Rate Exchange Services FIS Flex-e-card Flywire Gemini Globepay Limited GoCardless Ltd Google Payment Ltd
IDT Financial Services Limited Imagor SA
Ixaris Systems Ltd
Modulr FS Europe Limited MONAVATE
Moneyhub Financial Technology Ltd MuchBetter
myPOS Europe Limited Nvayo Limited
OFX OKTO
One Money Mail Ltd OpenPayd
Optal
Own.Solutions
Park Card Services Limited Paydoo Payments UAB Paymentsense Limited Payoneer PayPal Europe Ltd Paysafe Group Plaid PPRO Financial Ltd PPS Remitly Revolut SafeCharge UK Limited Securiclick Limited Skrill Limited
Soldo Financial Services Ireland DAC Stripe
SumUp Limited Syspay Ltd Token.io
Transact Payments Limited TransferMate Global Payments TransferWise Ltd TrueLayer Limited Trustly Group AB Uber BV Vitesse PSP Ltd Viva Payments SA
WEX Europe UK Limited Wirex Limited
WorldFirst WorldRemit LTD