FAQ

A participant is a legal or digital person and may act in one or more of the following roles: issuer, attributer, and relier.

An issuer is a participant that enrols their customers on the YuTru platform to issue them a digital ID. Once their customers are enrolled the customers are referred to as subscribers.

An attributer is a participant responsible for linking and managing these linked attributes to a subscriber’s digital identity and manages access to resources based on those attributes.

A relier is a participant that depends/relies on a subscriber’s digital identity before they can authorise access to resources (information, goods and/or services).

YuTru differs from the National ID (NID) program in a number of ways:

Functional versus Foundational

YuTru is a functional identity meaning it has an immediate use for the individual who obtains it. Like a driver’s license allows an individual to prove they are legally allowed to operate a motor vehicle, a YuTru digital ID allows an individual to be identified at any business, government department, or by another individual, to assert who they are and that they can be trusted because all reliers in the country can verify the individual in real time and without the need for a face-to-face interaction. 

The national ID is mandated by law for each individual in PNG to have. Citizens carry a card to express their identity and the card contains their personally identifiable data. It is not accessible online for verifying individuals’ identities and is not yet accepted widely by government departments. There have been numerous instances where one individual has multiple NID cards in different names and there is no method of de-duplicating individuals in the system or binding the card they carry to the biometrics of the person carrying the card.

Optional

YuTru is optional and participation is not mandated in any way. Whereas the NID program has brought about a legal requirement (under section 37C of the Civil Identification Registration (Amendment) Act (17/2014)) that a person who fails to register in the NID is guilty of an offence and can be penalised PGK500 and/or imprisoned for up to six months.

Introducer-Based

YuTru aims to unlock the value of informal relationships in the economy by formalising referrals, so long as they originate from someone who is fully identified, according to know-your-customer (KYC) due diligence standards in an existing regulated financial services institution.

Based on Standards

YuTru Digital Identity platform is operated by the Digital Identification Bureau Limited (DIBL), and is based on open, international standards, same as the standards employed by digital ID schemes in well-established economies around the world. The YuTru platform is independently certified by an international consortium of accreditors, guaranteeing its interoperability. This means that your YuTru ID, once issued, is accepted internationally amongst the 180 or more member countries, who use the same international standards for data protection, user privacy, information security, IT cloud governance, computer security management, biometrics, digital identification, and is technology agnostic and vendor independent.

The Document is ‘Yu’

YuTru proposes to link multiple biometric ‘imprints’ with identity attributes (biographics) claimed and vetted by participants – rather than requiring a government-issued document as the source to which attributes are linked. Your physical person becomes the ‘source document’. Single biometric factors can still prove problematic and result in false negative and false positive identity matches, whereas multi-modal biometrics (i.e., using multiple biometric imprints that include gait, palm, 2D and 3D face, fingerprint, iris, and voice imprints) drastically reduces the occurrences of these problems.

Cutting Edge

Finally, YuTru will provide internationally-acceptable levels of assurance over a person’s identity. The aim of the scheme is to provide PNG with an opportunity to leapfrog into the modern digital world in a way that is customised for the unique PNG environment. Using distributed ledger technology, modern appliance-like cryptographically-secured credential containers (i.e., the something you ‘have’), new lower-cost authentication technologies (i.e., the something you ‘are’), smart contracts for enforcing access to attributes; will be uniquely combined to create a world-first digital trust framework in PNG.

Offers to own the YuTru business were made to a number of the well known financial institutions in PNG. Kina Securities Ltd and Kumul Consolidated Holdings are the current owners of the business.

At different stages of the development of YuTru, the stakeholders who are most active will vary. The stakeholder map explains the key actors in each of the three phases of formation of the Digital Identification Bureau in PNG: formation, operation, and governance.

The YuTru platform will mean that institutions who are registered participants on the platform, i.e. either the issuer responsible for following the digital identity management rules set out by the operator and issuing YuTru-compatible credentials, as well as the reliers who will trust the credentials and the identity claims made by customer; will display a brand mark in their window, on their credentials, and on their product and service marketing material.

The value of displaying the brand mark will grow as users develop good experiences with establishing their identities and using them to obtain goods and services. Reliers will develop trust with customers and be able to engage with them on better terms. Participants should only have to enrol a user once and then be able to rely on that identity thereafter.

Biometric technologies are falling in price and improving in reliability, but they are not foolproof.  In other words, they can be fooled into reading or scanning something that is not an actual person (spoofing) or they can scan an actual person and then match that imprint to the wrong person in the system (false positive) or fail to match the imprint to a properly registered person in the system (false negative).

To reduce the impact of these problems, most large-scale systems use multiple biometric modes, which dramatically improves reliability. Biometric modes can include gait, palm, 2D and 3D face, fingerprint, iris, and voice imprints.

Once a biometric ‘imprint’ is taken, the user is asked to make claims about attributes that are then vetted and, once validated, linked to the biometric identity. If a person makes false claims, those attributes will ‘follow’ the user in the system indefinitely. Steep penalties will need to be levied where a user makes false claims about identity attributes.

For most honest users, however, the linking of attributes to a biometric imprint makes their physical body the equivalent of a source document. Each time a user is then scanned and authenticated, by presenting themselves to a biometric reader or scanner, the system identifies the user and matches that user with the corresponding biometric imprint in the database and then retrieves the identity attributes. In this way, a relier can then make decisions about what the user is permitted to do.

The PNG central bank, the Bank of PNG, and the Australian Government’s Department of Foreign Affairs and Trade initiated the development of the YuTru scheme.

Once the YuTru platform has been fully initiated and in operation, and the market function for formal financial identity management established, the role of the BPNG and DFAT will be largely complete.

BPNG performed a similar role back in 2008 when it initiated the establishment of the PNG Credit and Data Bureau (CDB) operation. The CDB still functions in a sustainable way to provide members with access to credit history and checking services. The BPNG is still a shareholder of the CDB, and has a delegate on its board of directors, but is not involved in the day-to-day governance of CDB.

Becoming a YuTru relier means you get to display the YuTru logo in your marketing and advertising collateral and you can validate YuTru credentials presented by customers. In accepting the YuTru-branded credential, you trust that the issuer of the credentials, i.e. licensed financial institutions or business in PNG, has followed the YuTru Digital Identity platform rules.

For a relier, the ability to identify a customer quickly and with a high level of confidence provides a way to engage in higher-value transactions with their customers and lowers the cost of customer acquisition because the relier does not have to incur the expense of validating the identity of a new customer.

It will be important for a number of reliers to be enrolled in the YuTru scheme from the outset. These need to be reliers that can provide users with services they need and value.

A user is only likely to want to obtain a YuTru credential if their experience in the economy is better because they have it. It will take time for these positive experiences to emerge, but the enrollment of reliers who as a whole represent a wide range of services will be crucial to forming that experience for the user.

At the outset of the platform’s launch, we are working to include mobile network operators, utility service providers, all regulated financial services institutions in PNG, and a number of foreign development assistance projects and programs operating throughout PNG.

No. The YuTru scheme will be a contractual agreement among regulated financial services institutions to manage the identification of customers in a consistent way.

It is expected, however, that some of the ways in which the YuTru platform operates will form the basis of regulation of digital identification in PNG. Especially, as the BPNG will need to respond with national regulations in response to the recent draft directives from the Asia-Pacific Group on Money Laundering (APGML) and the local chapter of the international Financial Action Task Force (FATF).

The YuTru platform can be thought of as an electronic KYC (e-KYC) protocol, designed to implement the existing revised Prudential Standard BPS253 (BPS243) , on Customer Due Diligence (BPNG 2014) more robustly.

Most countries around the world who have implemented a digital Identity system or framework did not have an overarching policy specifically for the use of Digital Identity and processing and storage of user data at the start. However, they depend on International Laws and best practices at the implementation stage, then they look at developing Digital Identity policies and regulations. Countries also depend on policy and acts such as  Digital Government Act,  Cybersecurity policy, Data Protection & Privacy Policy or Cloud Governance Policy. 

Yutru trust framework in itself  is built on international best practices of data protection, data privacy and data security. Which was designed using “privacy by design” and user centric control of digital Identities. PNG does not have an overarching Digital Identity Act, however YuTru abides by BPS243 Standard, The Cybercrime Code Act 2016, National Cyber Security Policy 2021 and the Digital Transformation Policy 2020.  At this phase of implementation, these policies are sufficient to support the use of the Yutru Identity framework and ID.

YuTru ID enrollment will be at registered businesses (participant) usual customer touch points. What this means is that every time you interact with your service provider, who displays the YuTru trademark, you have an opportunity to enrol for a YuTru ID. Your interaction could be:

1. at home, remote and unsupervised via a computer/tablet/mobile browser or app
2. remotely with the assistance of a customer representative
3. via a kiosk in the service provider’s branch
4. via a kiosk, in the branch, with the help of a customer service officer
5. over the counter, in the branch, mediated by a customer service officer.

These five (5) use cases are described in detail here.

This method is the direct opposite of the technique employed by other ID rollout programs, such as PNG NID, that involved a “big bang” approach.

No. It costs absolutely nothing for a user to get and use a YuTru ID. A user does not even have to travel or queue up for one. A user applies online and the ID is granted in minutes. A user registers of their own free will and can even do so over a 3G mobile data connection. It is simple to do and can be used within seconds of getting one. The relier that asks an individual to identify themselves is the one who pays for the identification and verification service from the DIBL and so it will always be free for users. We will never ever charge you to be able to say with confidence, I am who I say I am.

If you are a new customer of an issuer, you will be required to provide identifications and supporting documents  to register on the YuTru platform. Or a fully trusted YuTru identity can vouch for a new customer without identifications and supporting documents.

If you are an existing customer at an issuer, all you need is to present your physical self in front of a biometric scanner and enrol.  You can, at any time, sign up for a YuTru ID at an issuer. 

No ID is required for YuTru enrolment if you are already a customer of an issuer. Your physical self is good enough to enrol with. Once your biometrics are captured, you will be challenged, the next time you wish to access goods or services from an issuer, to claim attributes on record. After your claim is vetted to be successful, your attributes will be tied to your biometrics. This essentially registers you with a YuTru identity at the lowest level of assurance. 

For new customers, you will provide ID documents recommended by the issuer.

This could best be described here.

An initiative spearheaded by the international organisation called OpenID, in collaboration with the APEC Business Advisory Council (ABAC), is focusing on introducing a digital identity for companies or businesses called a Legal Entity Identity (LE-ID) in order to prove themselves when transacting digitally, with one another or with their customers. This concept is still in its early stages.

YuTru, however, is aimed at giving the opportunity to PNG citizens to have a secured and harmonised method of identification.  

YuTru can be utilised by the Register of Companies to identify business owners, directors, investors, association groups executives, cooperative society leaders, among others. Either by relying on the YuTru ID presented by each of these individuals, or having them enrol with YuTru, easily identifies and links them to the venture.

Speed, efficiency, privacy through zero-knowledge proofs of personally identifiable information, security, uses sector specific identity information to prevent profiling, single-source-of-truth, avoids data custody risk, can be verified in real time, permits one set of credentials to be re-used, gives control back to the user, credential can be carried on a smartphone or held in the cloud, no chance of transcription errors, travel can be avoided, no opportunity for repudiation.

• No more carrying around paper-based copies of ID.
• No more converting digital to paper-based copies when providing it to a relier.
• Less travel to a branch in-person to do everyday business 
• Elimination of errors while transcribing paper-based documents to the digital system of relier.
• Saves you the cost of possible loss or theft of physical ID documents.
• Less time to process Digital ID in the relier’s organisation.
• Cannot be forged 
• Eliminate the need to remember different username and password at each and every relier’s online property.
• Eliminates the risk of sharing Private information to strangers in the process of being identified.
• Your private information is only disclosed by you
• Eliminates silos of information that are repeated at each institution which distributes and multiplies risks.
• Easy to update your information at any issuer in real time and on the go
• Can be verified in real time by reliers 
• Locally owned and operated
• Interoperable with any system
• Assessed and certified by international recognised Digital Identity trustworthiness organisation