We recently wrote about the impending Real ID legislature that will take effect October 1, 2020 to shed some light on the what, why and when of the new ID, one of the accepted forms of ID that travelers will need to use in place of a regular driver’s license for domestic flights. However, most Americans still do not have a Real ID, so we are here to tell you all you need to know about how to get one.
Here is your comprehensive checklist on what you need to bring to the DMV and what you can expect upon arriving at the DMV:
1.) First, make an online appointment and expect delays in larger cities. Time frames can vary from weeks to months, being flexible on your location will help. You do not need to go to your nearest DMV.
2.) It is recommended to fill out the online application prior to your DMV visit. This will save you the time from having to fill it out in person during your visit.
3.) Gather the following mandatory documents to bring with you to the DMV:
4.) There will be a fee to pay for the license at the DMV, fees will vary by state.
IS A REAL ID ABSOLUTELY REQUIRED?
A Real ID will be required for domestic travel (not driving) when the law is enacted. However, there are other forms of acceptable identification in addition to the Real ID:
Here is a checklist to ensure you only make one visit to the DMV!
A survey from the U.S. Travel Association found that 72% of Americans do not have a REAL ID-compliant license or are unsure if they do. Furthermore, more than half (57%) are unaware of the October deadline and it is estimated that 39% of Americans do not hold the proper identification to board an airplane starting next October.
So what so you need to know? Nearly 20 years after the terrorist attacks on Sept. 11, 2001, the REAL ID Act of 2005 is becoming a reality. Beginning on October 1, 2020, anyone traveling on commercial airlines in the U.S. will need to produce identification that meets the minimal security standards set by the federal government. Examples of compliant identification include REAL ID-compliant driver’s license or ID card, passport or passport card.
U.S. Travel economists estimated if REAL ID standards were to be fully enforced immediately, at least 78,500 air travelers could be turned away at TSA checkpoints on the first day, costing the U.S. economy $40.3 million in lost travel-related spending. That is just one day!
Between now and October, state agencies will be taxed to deliver REAL ID-compliant documents to meet demand. The Act compels states to require additional paperwork such as proof of residency and social security number. It is not uncommon for applicants to make more than one trip due to not having all the necessary paperwork on the first visit. Scaling up to meet that demand is no easy feat in an economy with record low unemployment rates.
Given those grim statistics, next fall could be fraught with delays and headaches for all travelers. As the U.S. Travel report stated “we need all hands on deck to avert a big problem next October.”
While we are in agreement that stronger security standards for IDs are a necessary measure to reduce fraud, there are new technologies that can help improve the process that weren’t available in 2005 when the Act was passed by Congress. For example, in 2008 when the DHS defined REAL ID standards the iPhone had been introduced just months before. Today, smartphones are ubiquitous and are now used to verify identity and secure documents – even for sensitive industries such as healthcare and banking.
As such, it is time to modernize the REAL ID Act and leverage today’s modern identity verification solutions to better prepare for the October deadline.
If the U.S. hopes to avoid a disaster for air travelers next fall, it will take innovative new technology solutions to smooth the process for everyone involved.
As we predicted last year, GDPR progress has driven additional identity-related legislation. Consumers want to know that steps are being taken to put value on their identity and politicians are enacting legislation around digital IDs. Consumers have also been driven to advocate for more ownership over how and when their personal information gets shared.
Mastercard recently released a study revealing that the overwhelming majority of individuals and business leaders (90%) feel data privacy is universally important. As a result, digital identity is at the forefront of conversations about the future of privacy, legislation and how PII can be protected.
Multiple studies have proven that consumers are not only ready, but they are requesting digital IDs to authenticate their online engagement with government agencies and businesses alike.
Research from the DIACC (Digital ID and Authentication Council of Canada) revealed that 70% of Canadians want to see governments and the private sector come together to collaborate on a joint digital identity framework in Canada. This digital ID platform would enable the increased and inclusive access to government benefits, healthcare, e-commerce, and financial services. Respondents believe that this model will help better safeguard their personal information and create a more efficient user experience.
Just last month, Colorado’s Gov. Jared Polis signed an executive order supporting the widespread adoption of “digital personal information technology.” Colorado residents will now be able to create a digital ID that can serve as proof of age, address or identification through the state’s myColorado mobile app. Theresa Szczurek, chief information officer since January, is helping lead the effort. Since the launch, about 20,000 Colorado residents have digitized their IDs.
Colorado is one of the early state adopters of digital identification – Washington D.C. also announced a forthcoming pilot program. The service is becoming a trend as state governments attempt to offer digital services on par with those offered by private companies.
The EU also recently extended the deadline for the revised Payment Services Directive (PSD2), which enables bank customers, both business and consumer, to give third-party providers permission to retrieve their account data from their banks. This push towards Strong Customer Authentication (SCA) is comprised of “an authentication based on the use of two or more elements categorized as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is).”
A growing number of international, national and US state laws and regulations seek to govern the collection, safeguarding and sharing of consumer data, specifically to give consumers visibility and control over how their data is used. GDPR, which took effect last year, is among the most notable and compressive of these regulations.
The California Consumer Privacy Act (CCPA), which will take effect in January 2020, is currently the strictest data privacy law in the US. In the absence of preemptive federal law, many U.S. states, including New York, are considering laws similar to the CCPA. Congress has also begun to consider what a national data privacy law might look like.
But privacy and data security experts suggest this may be just the tip of a very large iceberg. Many countries have passed or are considering similar laws. Brazil, for instance, has passed its own General Data Protection Law, which comes into force in 2020. Earlier this year, the EU announced tighter security for ID cards, making biometric data mandatory for ID cards. Under this new legislation, documents must include the two fingerprints of the cardholder, stored in a digital format, on a contactless chip.
One thing is clear – the future of digital identity is here. With consumers demanding a solution, and politicians clamoring to address security and data privacy concerns with the appropriate legislation, businesses must be prepared to comply with current and forthcoming privacy laws.
In less than 60 days, the California Consumer Privacy Act (CCPA) will take effect. Security and privacy experts say it is the strictest data privacy law in the US and requires protections similar to GDPR. This law grants California residents new rights with respect to personal information collected about them by companies. They have the right to know what information is being collected and to tell a business not to share or sell their personal information.
In addition, CCPA states that consumers have a right to access their information and a right to delete personal information. Businesses must honor consumer requests to access their information at no charge and send that information digitally or via snail mail. The costs for not complying with CCPA are serious and steep.
Non-compliant organizations can be penalized with an array of fees. Government entities can inflict a fine of $7,500 per violation. Consumers receive statutory damages between $1,000 and $3,000 and can file class action lawsuits without showing loss of property or money. In the event of a data breach, consumers can recover damages of $100-$750 per incident. A sizeable breach of tens of thousands of customers can add up quickly and run into the millions.
As this law goes into effect on January 1, 2020, you may have some misinformation about some key aspects of the law and its impact on businesses around the globe. We want to let you know the #facts and bust some myths that might be giving you a false sense of security.
While CCPA only applies to California residents, it includes companies that have California customers. These regulations are expected to apply to more than 500,000 U.S. businesses. If your company receives personal data from California residents AND if it—or the parent company or a subsidiary—meet one of these three criteria, you must comply with CCPA regulations:
CCPA isn’t limited to social security numbers or other Personally Identifiable Information (PII). Personal information is much broader in scope than most companies might think. It includes identifiers such as a real name, postal address and geolocation data, Internet Protocol address, email address. CCPA also covers records of purchase or consuming history, browsing and search history, employment and education information, biometric information, as well as audio, visual or thermal information.
It is difficult to imagine a business that doesn’t retain some information on their customers such as an email address or purchase history. Therefore, if you meet one of the three criteria above, you are likely impacted by CCPA.
Another way CCPA goes beyond GDPR is how it defines “sale” – under the California regulation, it’s any form of disclosure, in any format, to any other third party in exchange for money or other valuable consideration. Consumers have the right to opt out of such sales with no repercussions. “Other valuable consideration” could arguably include providing your data to an analytics service for your own benefit, as that is valuable business intelligence.
On a more positive note, CCPA gives business up to 45 days – 15 days longer than GDPR – to verify the identity of requesting individuals and respond to disclosure requests and California residents can only make two requests every 12 months.
As noted above, businesses need to verify the identity of the person requesting the data. Your business can only supply personal data if it is a verifiable request. The fact that there are 40 million residents in California, dozens of large-scale data breaches, account takeover fraud and a disturbingly growing trend of synthetic ID fraud means that your business needs to work with a company who can quickly, securely and seamlessly verify the identity of your customers. You don’t want to disclose personal information to a fraudster in an effort to comply with CCPA.
Acuant technology is designed to protect Personally Identifiable Information (PII) and addresses data privacy. We have a solution for every use case and problem you want to solve when it comes to identity verification. With Acuant, you can enhance security, prevent fraud and meet regulations – including CCPA and GDPR. All workflows are privacy minded, using encryption in the cloud with no images or data being stored.
To learn more about the Acuant Trusted Identity Platform, schedule a demo.
Mobile commerce, by any measure, is booming. Forrester estimates that sales made via smartphones is expected to reach $209 billion by 2022 and in 2018 accounted for approximately 23% of all online sales. For businesses selling age-restricted products such as tobacco, e-cigarettes and cannabis, selling online is more challenging. Retailers must verify a customer’s age to meet federal regulations. In fact, it is the responsibility of retailers to ensure they do not sell age-restricted products online to people who are under the minimum legal age, and failure to set up reasonable measures to confirm the age of potential purchasers can result in fines and even possible jail time.
New laws that permit the sale of cannabis in certain states have started a whole new industry for online sales and distribution – including home delivery via “Uber” like apps. At the same time, e-cigarettes and vaping are becoming increasingly popular, particularly among teens. In 2018, more than 20% of high school students reported having used e-cigarettes in the last 30 days.
Access to these products is easily available via online sources and online retailers often rely on the purchasers to confirm that they meet the minimum age requirements by simply checking a box or providing a date of birth. Requiring a credit or debit card isn’t enough for proof of age either, as minors can obtain these cards as well. For today’s boundary-testing and technology-savvy teens, these techniques are not adequate and fail to limit access to age-restricted products. In one study, underage buyers were able to use their real ID and a prepaid Visa card to order alcohol online and have it delivered to their home without anyone verifying their age.
As a result of online and mobile sales of restricted products and the proliferation of these products among minors, the U.S. Food and Drug Administration (FDA) announced in November 2018 that new steps to restrict illegal underage use of e-cigarettes would be coming. One proposed measure would require that online stores implement better age-verification measures – far stricter than the self-verifying measures that are common.
California has already enacted the STAKE Act, which prohibits the sale of tobacco products to anyone under the age of 21 and imposes mandatory steps for online retailers to verify the age of prospective buyers. These steps include matching the customer information to a database of verified individuals and if they cannot be verified requiring the purchaser to submit an age-verification kit with valid government identification.
To better comply with current and potential future legislation while still providing a positive customer experience to of age purchasers, retailers should implement improved online and mobile identity verification solutions, as well as in store when applicable. This will protect them from legal implications and guard their reputations in the communities they serve.
There are now technologies that can help merchants accurately verify a customer’s age using their mobile device or desktop camera in seconds. The customer can simply submit a photo of their government-issued ID for forensic authentication to ensure it is a genuine, unaltered ID. The speed of verification means that legal buyers can be assured of a quick, painless experience. On premise, this can be accomplished with either a mobile device or a scanner connected to a desktop or even a self-service kiosk solution.
For an extra layer of protection with remote transactions or for initial sign up to make recurring transactions easier, merchants can employ facial recognition technology to confirm that the person making the purchase is the same person in the ID. The buyer can take a selfie and compare it to the extracted biometric data from the ID. Again, results are given in seconds. In addition to these offerings, Acuant provides liveness detection which confirms that there is a live person in front of the camera – not a static image. Retailers can also use that information for future transactions (using only facial recognition to verify and transact), as well as for records management and marketing to age-appropriate customers.
While age-restricted products like e-cigarettes should not end up in the hands of children, legitimate buyers should be able to purchase products with ease. At the same time, retailers must protect themselves from fraud and fines due to increasing regulation. Acuant’s ID verification solutions allow merchants can take advantage of the boom in mobile commerce while staying on the right side of the law and delivering a superior customer experience.
The 2nd annual Know Identity Conference just took place in Washington DC and Acuant was in attendance to catch this year’s buzzworthy topics. A major one was how firms will establish consumer identity especially in the digital world and how/when most consumers would use digital identity. Enter SSI. The industry has unified around the term self-sovereign identity (SSI) to represent both the digital identity credential and the right for the consumer to control access to it and who gets what portion of their identity.
So how do we test whether digital identity is ready for the consumer mainstream? One line of thought by David Birch of Consult Hyperion, was that by taking care of 3 audiences of online consumers (the 3 W’s), that would be enough to ensure the right amount of protection to make business transactions secure. The 3 W’s are witness protection, whistle blowers and people who browse explicit material (wankers in his informal British prose). If digital identities allow the 3 W’s to browse anonymously and protect their transactions, then we can all have an appropriate level of security in the digital world.
Scott Galloway, a professor at NYU Stern School of Business, worries about the ever-increasing control of personal information in the digital world by four companies: Google, Facebook, Amazon and Apple. He calls these firms the brain, heart, stomach and libido of the digital world. These four companies each create more revenue each year than the GDP of all other nations except USA, China, Japan and Germany. Scott argued these companies are already monopolies and innovation could gather renewed energy if these companies were broken into smaller entities, further pondering that they may have just too much information about individual consumers. In the backdrop of the recent Facebook debacle and the pending European GDPR laws, protection of consumer information was at the forefront of many conversations.
The General Data Protection Regulation (GDPR) goes live May 2018. The hardest part of compliance with this new regulation mentioned by many of the panelists, is compliance with the laws mandating the right for a consumer to be “forgotten” by any company. With the size and breadth of systems in many companies, the right to erasure of a consumer may prove a daunting task. The days of selling consumer contact lists will be over in the EU come May and the UK is currently racing down the path to adopt similar laws as GDPR by the end of 2018.
Biometrics and its various forms was also highly visible at the conference. Most sessions and panels discussed biometrics whether it was facial recognition, iris, fingerprint or voice as the natural next step in security. Most experts suggested a multi-modal approach to biometrics (more than one biometric) as there always needs to be a fallback when something does not work quite right. The fear factor of biometrics is much lower now and with adoption rates increasing we should all expect to see more usage across industries.
Lastly, there was a theme of hope as digital ID was seen as a solution to the unbanked and underrepresented for many parts of the world. Many areas where government IDs are made available at birth (but other forms of identification are scarce, unreliable or inaccurate), could benefit from digital IDs backed by initial ID documents. With Washington DC as a backdrop, new ways of proving identity with low friction, high confidence and mobility shined through.
Since the US Congress passed the Real ID Act in 2005, it has taken over 10 years to get states to comply with the new requirements. Even now, extensions for various states have been set until October 2018. The enforcement of the Real ID Act has been making headlines in travel-related news. Domestic travelers in the US are beginning to see signs at airports that a new type of driver’s license will be needed to get through airports and board planes. While many states are issuing Real IDs, confusion is rampant as to whether or not a Real ID is necessary, especially since a few years ago, many states were vocally in opposition to the law and even passed laws to reject the federal measure. Today, however, all states are complying with the legislature and here is what you need to know.
The Real ID Act was born from a recommendation by the 9/11 Commission after it was determined that hijackers boarded planes by presenting their driver’s licenses at security checkpoints. It is meant to provide stronger security around establishing the identity of a person.
This new form of identification is harder to forge, machine-readable, and is an effort to create stronger security measures around state-issued IDs. One way to identify compliance is from a small gold or black star that will be on the new IDs. All states must be able to issue new compliant IDs. However, it is up to the individual to apply for a compliant ID.
A visit to the DMV is required to apply for a Real ID card. Applicants need to present the following documents:
Other documents that would be helpful include proof of name change in the case of marriage, divorce, or court decree. Some states require multiple documents proving residency in the state, so it would be best to check with the DMV of the state for a checklist of required documents
Starting January 22, the TSA is requiring travelers to present a compliant ID or other forms of approved ID such as a passport. However, most states have received extensions to comply with the law, so for most people, a new form of ID is not needed to board a commercial flight until October 2020. As many states are still in the process of implementing and issuing new IDs, it would be wise to check ahead of any travel to make sure whether or not your ID is Real ID compliant.
In addition to domestic air travel, a compliant driver’s license is needed to enter certain federal facilities which require ID such as military bases. Visitors and vendors will be turned away if the ID card presented is not Real ID compliant, so if your business is looking to establish military contracts it will be crucial for your employees to have compliant IDs.
A Real ID is not needed to:
Some groups such as the ACLU and libertarian-leaning states have voiced concerns about possible consequences. The new license is, some have argued, a national ID card and causes concerns that the federal government will create a database and track individuals. Another issue would be the demarcation of compliant vs. non-compliant licenses. In states such as California, driver’s licenses can be issued to undocumented individuals. However, these licenses will not be Real ID compliant. One hypothetical situation that is troubling is whether not carrying a compliant license may become a cause for detention or checking immigration status. Other groups that might be affected include the Amish and other religious communities, or the LGBTQ community such as a transgender person’s birth certificate not matching to other documents. As the roll-out continues, the effect of implementing the Real ID law across the country remains to be seen.
This election year has been full of shocking moments and highlighted many concerning issues. Voting registration laws is one such issue that has not been very front and center, but certainly will be after election day when the world will want to know who made it to the polls and why.
The U.S. lags behind other developed nations in voting ease and turnout rates, partly because the current registration processes in most states are confusing, slow, and poorly administered. This year’s federal election is the first since a 2013 court decision voided key provisions of the Voting Rights Act. There are 14 states with restrictive voting laws that have gone into effect since the last presidential election. Wisconsin residents have been complaining about the state’s recently changed voter ID laws due to disenfranchisement. Across the nation, changing and confusing voter ID laws could mean that in upcoming elections, millions of eligible voters will be disenfranchised by registration problems, and errors on registration lists.
Many politicians justify registration and voting restrictions as necessary to preventing voter fraud, but several major studies have shown that impersonation fraud is rare and does not threaten election integrity. There is evidence that the ensuing spate of voter registration and election laws passed by states were veiled attempts to make it harder for certain groups to vote. On the other hand, many states have sought to remove any such barriers, hoping to encourage higher turnout among “swing” demographics.
Voter ID laws that require showing up at a government office during the work week with paper records in hand can be too cumbersome for elderly, students, working class, rural, and poor. States with more restrictive voter ID laws need to provide streamlined ways for voters to register.
Employing existing identity verification technology would provide a solution to address the concerns of identity fraud, and eliminate restrictive and controversial regulations. Streamlining the process with digital technology can simultaneously improve voter access and turnout.
The same logic can be applied to other government run processes including TSA and border control. Imagine simply walking through gate check security on your next flight. This is already happening with ePassports and electronic gates and automated border control systems that utilize biometrics such as facial recognition- just not in the US. Let’s hope that day is not far away. Technology providers such as Acuant have the solutions, it is time the US government starts deploying them.
Identity verification is an integral part of the gaming industry. Preventing fraud and minors from gambling are priorities and the way to do this changes as the landscape of gaming changes. There are many formats of gaming today: casinos, online gaming websites, gaming apps and state lotteries. Each faces their own challenges in remaining complaint when it comes to accurately verifying players.
When it comes to state lotteries, some states are allowing people to buy lottery tickets online through smartphone apps. The smartphone app Jackpocket lets New York lottery players use their phones to play the lottery and collect their winnings. The state of Virginia allows users to register online through an official website to play the lottery. States have seen ticket sales fall despite high jackpots, so smartphone apps and websites offer convenience to players who want to buy tickets without going out of their way to a retail location. These mobile methods are designed to appeal to millennials, who don’t play the lottery regularly. Lottery apps enable users to skip long lines at retail locations, and it guarantees that players won’t lose their winning tickets. Although mobile gaming allows for easier participation, states still have to verify that none of the lottery players are underage. Acuant’s ID authentication technology allows states to make sure that no lottery players are under 18.
If casinos fail to accurately ID their customers, they face large fines. The Sands Casino Resort in Bethlehem, Pennsylvania has already paid $341,000 to the state due to seven instances of underage gambling. Pennsylvania’s Gaming Control Board is eager to stop underage gambling, especially since it has issued out $2.2 million in total fines to various casinos. Fines from underage gambling can clearly result in huge financial losses for casinos, which is why casinos should invest in ID verification technology. This technology is also applicable for making loyalty program sign ups fast and easy, as well as payouts in the cage safe and accurate. Nobody wants an identity thief walking away with someone else’s winnings.
Acuant’s technology readily verifies IDs when gamblers want to collect their winnings, which speeds up the cash-in process. Solutions also provide a less invasive way to collect information for winners to submit to the IRS and allow for easy compliance for casinos with state and federal regulations. Acuant’s innovative software can also be integrated into jackpot software to make reporting wins simple for casinos.
There are multiple benefits and uses for identity management technology to gaming. When it comes to gambling, there is no need to take a chance on proper ID and age verification.