close
close

TEx system ready to increase security by sharing less data with companies

Posted on by darion

For IT and cybersecurity teams, collecting and storing PII can be a significant burden. With millions of customer records, managing and protecting the data from hackers, as well as dealing with the fallout in the event of a breach, becomes both a costly and risky endeavor.

This could change with the introduction of a new digital verification system in Australia, with a pilot phase due to begin in January 2025.

Currently in the proof of concept stage, the Trust Exchange, or TEx, system will allow Australians to provide their personal information via a digital wallet. PII will not always need to be shared with a company when a customer needs to verify their identity.

The Australian government hopes TEx will reduce the number of Australians falling victim to data breaches. For businesses, the system could offer a more streamlined and secure way to interact with customers.

What is the planned trust exchange in Australia?

Australia’s Trust Exchange system will enable Australians to prove their identity or share selected details about themselves using information already held by the government in their centralised MyGov account. MyGov is the central portal and data repository through which Australians access government services such as tax, health or social security.

SEE: What Digital ID in Australia means for businesses and citizens

For individuals, the government promises greater control over personal data. For businesses, it offers benefits such as the ability to streamline customer registration and minimise data risks. The Trust Exchange is being developed as a separate project alongside Australia’s existing Digital ID project, which will create a digital ID for Australians.

How will the TEx system work in practice?

The government has so far distinguished three categories of transactions for TEx:

  • Proving a person’s identity without providing information.
  • Sharing Selected Personal Information.
  • Sharing verified credentials.

TEx will verify information with a “digital thumbs up”

In cases where TEx only verifies information such as a person’s identity, the system will provide businesses with a digital token instead of sensitive private information such as a driver’s license.

Using a tap-to-pay style system with a QR code, the system would “digitally shake hands” with the company or service provider. While it wouldn’t provide actual information, the system would provide assurance that the data was correct without having to look at it.

People will choose what to share

When individuals need to provide data to a company or entity, TEx allows them to choose what information they provide and make sure they consent to the exchange of information. It also keeps a record of what information has been shared with which companies, allowing individuals to track their digital information.

Verification will be based on government dataset

The verification will come from a pool of data held by Australian government agencies, in addition to information held by Australian state governments, centralised through MyGov. The government has said that rather than being in a central database, it is exploring a new decentralised model for citizen data that would have strong security and protection features.

What use cases will Trust Exchange have?

Information verified or shared using the TEx system will include:

  • Age and date of birth.
  • Address.
  • Citizenship status.
  • Visa status.
  • Professional qualifications and authorizations.
  • Working with children is testing.
  • Veteran Status.

The government has outlined potential applications for the TEx system, including:

Contracts and invoices:Large enterprises such as telecoms companies and banks will be able to integrate with TEx to verify identities when people sign new contracts or create new accounts.

Pubs, clubs and hotels:TEX can prove a person’s age. Australians may not need to hand over identification documents such as a driver’s license or passport to have them copied and stored.

Rental Applications:When a person rents a new apartment, key applicant details can be provided and verified by the real estate agent using the TEx system.

Applying for a jobThe government has suggested the system could be expanded to include elements such as qualifications and certificates, making it easier for employers to vet job applicants.

What significance will the Trust Exchange have for businesses?

The Australian government believes businesses will see TEx as a “win.” While businesses’ systems will need to be configured to work with the system, it could lead to operational efficiencies, reduced data risk and data management savings.

Companies will outsource identity verification to external entities

The TEx system would free companies from the operational burden of identity verification, which sometimes required multiple forms of identification. It could increase process efficiency in many areas, streamlining the way companies sell certain products and services.

Companies will reduce some of the data risk

When companies hold PII, they take on risk. Since the government holds the identifying information and data sharing is limited to what is required, companies will reduce the risk in their data assets. They may end up with less data they don’t need, consistent with best practices, or reduced fines or legal costs from data breaches.

Business systems will need to work with TEx

Any information verified by the system will still need to be collected, stored, and managed. While it’s unclear how this process might work—and it may require IT to configure internal systems to work seamlessly with TEx’s public digital infrastructure—it’s likely to become a feature of most third-party products.

Companies may have less customer data

In some cases, companies may have less customer data than they would like. For example, if a company only needs to verify that someone is over 18, the TEx system can verify that they are without providing the company with a date of birth. This can limit the collection of demographic data that can help with marketing segmentation strategies.

Companies will still need to work with non-TEx customers

TEx will not be mandatory for consumers or businesses. Therefore, businesses that adopt the system will need to be configured for customers who use TEx and those who do not. While this may introduce further complexity, businesses are finding enough value in TEx customers to make it worthwhile, especially as the number of TEx users grows over time.

What impact will this have on personal data protection?

Personal data can be safer in fewer locations

The Trust Exchange system could reduce the number of times Australians need to provide PII to identify themselves. As the number of companies holding data decreases, individuals may welcome a reduced risk of their data being breached.

SEE: Is Australia’s public sector prepared for a major cybersecurity incident?

TEX can be a trap for hackers

Some experts worry that Trust Exchange and MyGov will be attractive to criminals because they will essentially create a centralized location for data. While hacks of Australian companies like Optus and Medibank have been problematic, the TEx breach could be even more devastating.