The use of so-called two-factor authentication systems (something you know and something you have) that send disposable codes via SMS is widespread in the private sector (banking, social media, etc.) and also in the public sector. (idCAT Mobile. Cl @ ve PIN).
Citizens value mobile-based digital identification services very positively, as is the case with idCAT. This is backed by the around 400.000 citizens who already use it, more than a million actions carried out and the excellent results of satisfaction surveys in terms of its use.
However, the use of these services pose some problems:
- SMS is not considered a sufficiently secure channel in accordance with the recommendations of the United States National Institute of Standards and Technology (a world-leading public body on security issues) and the recommendations of the European Commission for the financial sector. These bodies recommend looking for alternatives to SMS that are more robust and secure.
- 80% of the citizens are regular Internet users, but only 35% of the actions with the Administration are made by electronic means due to the lack of an easy, secure, usable and useful digital identity that can be used globally in the public sector and private.
- For the Administration this is a serious disadvantage because the citizens only make 3 formalities a year with all the administrations and they do not have the habit or need to have a public digital identity. Instead, citizens do dozens of actions every day with the private sector.
- On average, a user has 70 digital identities with different public or private providers. For the private sector, this is a serious problem because it is very expensive to manage and secure the security of so many identities.
Promote a pilot with the Mobile Connect digital identification solution, developed by GSMA (association of the world's largest telecommunications operators) and supported by Mobile World Capital.
This service as set out in the Mobile Connect in local governments of Catalonia session, of the Mobile World Congress, had the following advantages:
- Replaces SMS messages with push notifications in apps saved on mobile SIMs, which are encrypted and more secure.
- It has the support of the main telecommunications operators to make its deployment in the private sector. In Spain it is being promoted by Movistar, Vodafone and Orange.
- It proposes synergies in digital identification in the private and public sector, very interesting for the Administration.
- Each push notification has a reduced cost.
Development of a pilot with City Councils
In September 2017 we started a pilot project of digital identification with the Mobile Connect solution, developed in the Town Councils of Manlleu, Esparraguera and Castellar del Vallès. The results of security, usability and satisfaction for the citizenry have been positive. Its use is currently low because it does not currently add any substantial value to SMS messages and because Mobile Connect is rarely used in the private sector: only the operators themselves.
On the other hand the harsh initial recommendations of the NIST and of the European Commission on finding alternatives to SMS messages, they have been softened and there is no urgent need to look for other solutions.
In Europe, there is the experience of France that is working quite well. It is called Mobile Connect and Me, and is powered by Orange. It can be used in many public services as well as in private services.
The continuity of the project in Catalonia is being considered due to the low implementation in the private sector which means that the service does not add differential value to current SMS messages. On the other hand, the operators have not completed their improvement plan and the current solution has shortcomings that do not make it advisable to deploy it throughout Catalonia.
Status of the project
Discontinued. From GSMA we are informed that they have decided to discontinue the integration platform that allowed us to provide this service and, therefore, we are forced to discontinue it. According to the information provided, the Mobile Connect service has not met the expectations of deployment in the private sector. Consequently, we proceed to deactivate the digital identification option with the Mobile Connect solution of the VALID service for the collaborating municipalities in the pilot.
Innovating involves risks and not all initiatives are successful. However, we believe that learning from experience has been enriching for future collaborative initiatives with companies.