Skip to main content

Why identity and trust are so important for DWP’s digital transformation

The 2-Factor authentication screen from DWP's Authenticate service for third parties who need access to an internal DWP system  which asks people to input a code from an app to gain access to the service
The 2-Factor authentication screen from DWP's Authenticate service for third parties who need access to an internal DWP system

DWP Digital’s 22 million users have diverse and often complex needs, and the difference our services make for them must be a positive one.

As we deliver more and more digital services for them, trust and identity are crucial to our digital transformation.

Trust is a two-way partnership

In DWP, trust is very much a two-way partnership. We want and need our users to trust us to keep their data safe and make sure that they get the help they need, when they need it. But we also have to be able to trust them, based on the information they tell us.

We work closely with GDS and GOV.UK Verify and other government departments, such as HMRC and DVLA, to continually improve our identity and trust services.

Proportionality is crucial

In DWP we have 2 real identity risks - a stolen identity that is used fraudulently and impersonation. By asking users to prove their identity upfront, we’ve traditionally put in place a high bar for them to get over before accessing our digital services.

New legislation, further technological advances, and higher citizen expectations mean that we now find ourselves at another milestone in the evolution of digital identity.

Assuring someone’s digital identity is no longer binary, nor is it solely about one-time verification of credentials. It is about proportionality. It is about continuous authentication.

Building trust is all about building a holistic understanding of digital personas and intelligent real-time decision-making for every transaction, based on context and behaviours.

The 3 components of trust

For us, there are 3 components to what we mean by trust:

  1. Trust in the session: The channel is secure and we see normal interactions
  2. Trust in the action: ‘Data’ is verified, we are confident in what we are being told
  3. Trust in the person: We are confident that we are interacting with the right person

In DWP those 3 areas of trust are vital and are at the heart of our approach to trust and identity.

One size doesn’t fit all

In line with our approach, government is looking to build a suite of solutions so that we can build a richer picture of trust over time in response to the risks that we face.

Managing trust in our users, starting with a lower level of identity or even no identity verification or validation, is a good option for us to explore further, especially for those that may not have identity documentation or previous contact with certain government services.

Furthermore, not every transaction should require the same level of trust – checking a benefits payment date doesn’t bear the same risk as updating payment details, for example.

This is the concept of proportionality, the vital ingredient when it comes to how we secure our services.

Not all services are meeting the same need or even serving the same users and therefore a ‘one size fits all’ approach is no longer sufficient.

Proportionality related directly to the context of the action or service is important.

The sign-in window from DWP's Authenticate service for third parties who need access to an internal DWP system

Working across government to secure our services

We are identifying where we need to develop new capabilities and assets, including solutions that are department-specific as well as those that are truly sharable across departments, like address checkers.

The details of how to implement the vision is a needed and interesting debate. It's one that's happening across government right now with GDS and a number of departments really answering the question of how best we continue to secure government services.

This collaboration will get results that benefit citizens and departments alike, by ensuring that we have a combination of solutions that truly enables digital trust alignment across government services.

Allowing users to interact with us in ways that suit them

It’s also crucial to recognise that online is not the only channel, so how do we reuse what we already have and start to see real interchangeable multi-channel solutions for users?

We need to keep things as straightforward as possible for them and we can’t automatically assume that telephony or face-to-face channels are antiquated. We have users that need those channels to be open to them.

So whilst we already have the flexibility within solutions such as GOV.UK Verify we must come together across government and work with our users on all aspects of trust and identity, to augment what we already have.

Building trust matters. Getting it right will make a difference to real people.

Like this blog? Why not subscribe for more blogs like this? Sign up for email updates whenever new content is posted!

Sharing and comments

Share this page