CIFAS (the UK fraud prevention service) estimate that over 60% of fraud is data driven identity crime, so there is enormous value to customers, service providers and identity providers in account takeover prevention.
The Open Identity Exchange UK investigated how a ‘shared signals model’ might reduce fraud and improve online safety through a discovery project with Experian, Mydex CIC, Digidentity, Post Office, Telesign, Confyrm, the Home Office and the Government Digital Service.
This Shared Signals project explored whether signals could be shared between GOV.UK Verify Identity Providers (IdPs). The project explored if, in the event that an IdP suspects that an identity might be compromised, ‘it is possible to share signals between IdPs whilst minimising disclosure of personal data  to better prevent fraud.’
The project was delivered in the context of GOV.UK Verify, which has been developed for users wishing to access public services digitally. However, the principles which the project developed could be applied to other subsets of the UK ecosystem, such as service providers or relying parties.
In this context, the group defined signal as ‘a communication sent by a trusted body over a trusted mechanism conveying pertinent details of an event or circumstance that the trusted recipient can use that may change the outcome or the status of a completed process.’ These signals relate to events or circumstances that are detected at one IdP, which can be sent or signalled to other IdPs to, for example, to further prevent fraud or account takeover.
It is reasonable to conclude from the research that a real-life mechanism to share signals with the appropriate governance, and aligned to open standards where available, might better prevent fraud – and provide the shared, timely intelligence to improve the security and privacy of the GOV.UK Verify platform, as a first example of the implementation of a shared signals layer.
On basis of the research findings, it is recommended that an Alpha project is scoped to build a prototype to test the ‘shared signals model’ in collaboration with IdPs.
The findings are published at www.oixuk.org
Authors: Andrew Nash, Confyrm & Sarah Walton, Cabinet Office