Government to test social media identity verification

Critics think method could actually increase cases of identity fraud

Government

The Government Digital Service (GDS) is testing the use of social media accounts to verify the identity of people using government services to stamp out the risk of identity fraud.

Currently, the service called verify uses personal information such as a person's credit history or electronic passport details to verify the identity of someone accessing the services, but it doesn't work for everybody, the GDS explained.

It decided to test the use of social media and discovered that the system's ability to identify adults would increase by nine per cent if social media was used, while for 16 to 25-year-olds, this would increase by 38 per cent.

"Our research suggests that people appear to be becoming more amenable to using online activity verification and allowing certified companies access to their personal online accounts to acquire a verified identity that gives safer, faster access to government services," said the GDS's Industry Engagement lead Livia Ralph wrote in a blog post.

However, not everyone agrees the methods of using social media accounts to verify identities is safe, despite it being a 'compelling' way of making sure the person accessing services is who they say they are.

"In theory, the government's idea of using social media accounts as a means of authenticating a consumer's identity is compelling after all, the vast majority of the population is now signed up to one or more of Facebook, Twitter, Instagram, etc.," Lee Munson, security researcher at Comparitech.com said.

"In practice, however, I am concerned that the increasing use of social sites as proof of identity could actually lead to an increase in identity theft. Given how many people re-use simple, easy to guess, passwords across all their online accounts, it would only require a data breach at one large social media company to leave an awful lot of people in big trouble."

He suggested that if the details were stolen, not only could criminals access the person's social account, but they could also use the details to access government portals to and falsely claim for benefits or apply for a new driving licence under the victim's name, for example.

"While using social accounts to prove who you are to other types of website may be an effective means of authentication, I for one would not trust an association between my Twitter account and the HMRC account I use to pay my taxes," Munson continued. "Instead, I would actually feel far more secure doing things the old-fashioned way, sending documentary proof of who I am via snail mail which is a totally secure alternative isn't it?"

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

JEDI contract's future becomes murky after AWS court win
Policy & legislation

JEDI contract's future becomes murky after AWS court win

11 May 2021
Government and industry look to cryptocurrency regulation to slow ransomware
cryptocurrencies

Government and industry look to cryptocurrency regulation to slow ransomware

29 Apr 2021
US lawmakers call for restrictions on software exports to Chinese chip companies
Hardware

US lawmakers call for restrictions on software exports to Chinese chip companies

16 Apr 2021
Ministers seek powers to block foreign takeovers retrospectively
Policy & legislation

Ministers seek powers to block foreign takeovers retrospectively

11 Nov 2020

Most Popular

Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021
Fastly blames software bug for major outage
public cloud

Fastly blames software bug for major outage

9 Jun 2021
GitHub to prohibit code that’s used in active attacks
cyber security

GitHub to prohibit code that’s used in active attacks

7 Jun 2021