Mastercard's Digital ID Service Accredited by Aussie Government

Mastercard has become the third credential provider to be accredited under the federal government’s digital identity system, joining Australia Post and the Australian Taxation Office.

The credit card giant revealed its accreditation as a credential provider and as an identity proofing level 1+ provider through the government's trusted digital identity framework (TDIF) on Tuesday.

It means Mastercard’s digital identity service, ID, is now accredited for three out of the four roles supported by the TDIF, more than any other private sector organisations under the framework.

The company’s identity exchange – which brokers authentication and identity requests using OpenID Connect 1.0 – was accredited in mid-June.

Mastercard has been seeking to accredit its digital identity service, ID, as an exchange, identity provider and credential provider under TDIF since September 2021.

TDIF is a series of policies and standards that underpin the national federated identity model, including the accreditation of government agencies and private sector organisations.

Accreditation requires an organisation to meet strict requirements around privacy, security, risk management and useability.

Many of the governance and privacy protections are expected to form part of a planned Digital Identity Billwhich the former government failed to introduce before parliament was dissolved in April.

Mastercard’s accreditation as an identity provider will allow it to create, maintain or manage information about a person’s identity, and offer identity-based services.

It is the only provider under the scheme to be accredited IP1+ (basic). OCR Labs and the ATO’s myGovID are accredited IP3 (strong), while AusPost’s Digital iD is accredited IP2 (standard).

“Accreditation for identity proofing levels up to 1+ means users will need only an email address or mobile phone to prove their identity,”

the company said in a statement.

“For some services they may also need an acceptable identity document, which includes full name and date of birth.”

As a credential provider, Mastercard can generate, bind and distribute credentials to individuals or can bind and manage credentials generated by individuals using the ID mobile app.

The company will now need to demonstrate the ID service meets TDIF obligations on an annual basis.

Mastercard’s head of cyber and intelligence solutions and digital identity for Australia, Mallika Sathi, said the accreditation coincides with an increasing need for digital identity verification.

"As many parts of the world begin to return to a sense of normality... the need for more effective and streamlined identify verification has never been so important,”

she said.

“Australia is leading the way when it comes to this step change, and Mastercard is excited to continue its collaboration with the public and private sector to build a national identity ecosystem where citizens have trust and confidence that their personal information is safe and secure.”

Since launching ID in Australia in 2019, Mastercard has partnered with Optus, Deakin University, Australia Post, Samsung and Microsoft to roll out the service.

In August 2021, the pilot of ID moved beyond sales and customer support channels, with the telco launching a trial of the service via the My Optus app.  

“Digital identity not only has the potential to vastly improve the consumer experience, but also provide organisations with additional peace of mind when it comes to customer onboarding and relationship management,”

Sathi added.

“What’s more, its potential is global in scale – enabling citizens to create one identity that can be used with partners in Mastercard’s ID network, anywhere in the world. That is the end goal.”