What is a participant on the YuTru platform?
A participant is a legal or digital person and may act in one or more of the following roles: issuer, attributer, and relier.
What is an issuer on the YuTru platform?
An issuer is a participant that enrols their customers on the YuTru platform to issue them a digital ID. Once their customers are enrolled the customers are referred to as subscribers.
What is an attributer on the YuTru platform?
An attributer is a participant responsible for linking and managing these linked attributes to a subscriber’s digital identity and manages access to resources based on those attributes.
What is a relier on the YuTru platform?
A relier is a participant that depends/relies on a subscriberâs digital identity before they can authorise access to resources (information, goods and/or services).
How is YuTru different from the National ID program?
YuTru differs from the National ID (NID) program in a number of ways:
Functional versus Foundational
YuTru is a functional identity meaning it has an immediate use for the individual who obtains it. Like a driverâs license allows an individual to prove they are legally allowed to operate a motor vehicle, a YuTru digital ID allows an individual to be identified at any business, government department, or by another individual, to assert who they are and that they can be trusted because all reliers in the country can verify the individual in real time and without the need for a face-to-face interaction.Â
The national ID is mandated by law for each individual in PNG to have. Citizens carry a card to express their identity and the card contains their personally identifiable data. It is not accessible online for verifying individualsâ identities and is not yet accepted widely by government departments. There have been numerous instances where one individual has multiple NID cards in different names and there is no method of de-duplicating individuals in the system or binding the card they carry to the biometrics of the person carrying the card.
Optional
YuTru is optional and participation is not mandated in any way. Whereas the NID program has brought about a legal requirement (under section 37C of the Civil Identification Registration (Amendment) Act (17/2014)) that a person who fails to register in the NID is guilty of an offence and can be penalised PGK500 and/or imprisoned for up to six months.
Introducer-Based
YuTru aims to unlock the value of informal relationships in the economy by formalising referrals, so long as they originate from someone who is fully identified, according to know-your-customer (KYC) due diligence standards in an existing regulated financial services institution.
Based on Standards
YuTru Digital Identity platform is operated by the Digital Identification Bureau Limited (DIBL), and is based on open, international standards, same as the standards employed by digital ID schemes in well-established economies around the world. The YuTru platform is independently certified by an international consortium of accreditors, guaranteeing its interoperability. This means that your YuTru ID, once issued, is accepted internationally amongst the 180 or more member countries, who use the same international standards for data protection, user privacy, information security, IT cloud governance, computer security management, biometrics, digital identification, and is technology agnostic and vendor independent.
The Document is âYuâ
YuTru proposes to link multiple biometric âimprintsâ with identity attributes (biographics) claimed and vetted by participants â rather than requiring a government-issued document as the source to which attributes are linked. Your physical person becomes the âsource documentâ. Single biometric factors can still prove problematic and result in false negative and false positive identity matches, whereas multi-modal biometrics (i.e., using multiple biometric imprints that include gait, palm, 2D and 3D face, fingerprint, iris, and voice imprints) drastically reduces the occurrences of these problems.
Cutting Edge
Finally, YuTru will provide internationally-acceptable levels of assurance over a personâs identity. The aim of the scheme is to provide PNG with an opportunity to leapfrog into the modern digital world in a way that is customised for the unique PNG environment. Using distributed ledger technology, modern appliance-like cryptographically-secured credential containers (i.e., the something you âhaveâ), new lower-cost authentication technologies (i.e., the something you âareâ), smart contracts for enforcing access to attributes; will be uniquely combined to create a world-first digital trust framework in PNG.
Who are the stakeholders in YuTru?
Offers to own the YuTru business were made to a number of the well known financial institutions in PNG. Kina Securities Ltd and Kumul Consolidated Holdings are the current owners of the business.
At different stages of the development of YuTru, the stakeholders who are most active will vary. The stakeholder map explains the key actors in each of the three phases of formation of the Digital Identification Bureau in PNG: formation, operation, and governance.
Has something like YuTru been done before?
There are hundreds of identity schemes operating in the world today. YuTru is new in PNG, but not new in developed countries. And, for some of the proposed individual components of the scheme, there are also precedents.
For example, introducer-based identification schemes are best known for solving the problem of large populations without government-issued primary documents. The Aadhaar identity program in India permits a referee already identified in the system to vouch for the validity of attributes of someone who has no government-issued documentation. The person making the referral goes âon the recordâ to vouch for someoneâs attributes and there are steep penalties applied if misleading information is supplied by the referrer in the referral.
In India, there are some 130 million citizens without primary documentation who are now registered in Aadhaar and who can access government services and formal bank services for the first time in their lives. On the 20th April 2018, the Reserve Bank of India (their central bank) ruled that an Aadhaar identification, however it was obtained (either by an introducer or by source documents) meets Indian banks compliance with international customer due diligence standards for anti-money laundering and counter-terrorism financing.
The Aadhaar is also a federated identity system with thousands of participants permitted to enrol citizens. Aadhaar links a unique registration number to a multi-modal biometric âimprintâ and in doing so there is no need to attach the information to a government-issued source document. The personâs biometric imprint is their source document.
PNG and India share the problem of large geographically distributed populations with no formal birth records or other government-issued documentation, and this method of identification has proven robust enough for Indiaâs very large population.
In PNG, the YuTru platform proposed, will allow an existing bank customer who has already been identified to meet know-your-customer (KYC) due diligence standards to make an official declaration about someone they know â with full knowledge of the implications should they make a false declaration.
The proposed introducer-based feature of the YuTru platform would effectively unlock value in the economy, by formalising what are presently informal relationships.
What will YuTru look like to users?
The YuTru platform will mean that institutions who are registered participants on the platform, i.e. either the issuer responsible for following the digital identity management rules set out by the operator and issuing YuTru-compatible credentials, as well as the reliers who will trust the credentials and the identity claims made by customer; will display a brand mark in their window, on their credentials, and on their product and service marketing material.
The value of displaying the brand mark will grow as users develop good experiences with establishing their identities and using them to obtain goods and services. Reliers will develop trust with customers and be able to engage with them on better terms. Participants should only have to enrol a user once and then be able to rely on that identity thereafter.
Can I be identified without any kind of documentation?
Biometric technologies are falling in price and improving in reliability, but they are not foolproof. In other words, they can be fooled into reading or scanning something that is not an actual person (spoofing) or they can scan an actual person and then match that imprint to the wrong person in the system (false positive) or fail to match the imprint to a properly registered person in the system (false negative).
To reduce the impact of these problems, most large-scale systems use multiple biometric modes, which dramatically improves reliability. Biometric modes can include gait, palm, 2D and 3D face, fingerprint, iris, and voice imprints.
Once a biometric âimprintâ is taken, the user is asked to make claims about attributes that are then vetted and, once validated, linked to the biometric identity. If a person makes false claims, those attributes will âfollowâ the user in the system indefinitely. Steep penalties will need to be levied where a user makes false claims about identity attributes.
For most honest users, however, the linking of attributes to a biometric imprint makes their physical body the equivalent of a source document. Each time a user is then scanned and authenticated, by presenting themselves to a biometric reader or scanner, the system identifies the user and matches that user with the corresponding biometric imprint in the database and then retrieves the identity attributes. In this way, a relier can then make decisions about what the user is permitted to do.
How is the Bank of PNG involved?
The PNG central bank, the Bank of PNG, and the Australian Government’s Department of Foreign Affairs and Trade initiated the development of the YuTru scheme.
Once the YuTru platform has been fully initiated and in operation, and the market function for formal financial identity management established, the role of the BPNG and DFAT will be largely complete.
BPNG performed a similar role back in 2008 when it initiated the establishment of the PNG Credit and Data Bureau (CDB) operation. The CDB still functions in a sustainable way to provide members with access to credit history and checking services. The BPNG is still a shareholder of the CDB, and has a delegate on its board of directors, but is not involved in the day-to-day governance of CDB.
What are the benefits of becoming a relying party?
Becoming a YuTru relier means you get to display the YuTru logo in your marketing and advertising collateral and you can validate YuTru credentials presented by customers. In accepting the YuTru-branded credential, you trust that the issuer of the credentials, i.e. licensed financial institutions or business in PNG, has followed the YuTru Digital Identity platform rules.
For a relier, the ability to identify a customer quickly and with a high level of confidence provides a way to engage in higher-value transactions with their customers and lowers the cost of customer acquisition because the relier does not have to incur the expense of validating the identity of a new customer.
Why would an end user want to register for a YuTru ID?
It will be important for a number of reliers to be enrolled in the YuTru scheme from the outset. These need to be reliers that can provide users with services they need and value.
A user is only likely to want to obtain a YuTru credential if their experience in the economy is better because they have it. It will take time for these positive experiences to emerge, but the enrollment of reliers who as a whole represent a wide range of services will be crucial to forming that experience for the user.
At the outset of the platformâs launch, we are working to include mobile network operators, utility service providers, all regulated financial services institutions in PNG, and a number of foreign development assistance projects and programs operating throughout PNG.
Does the YuTru scheme come from a new banking prudential standard?
No. The YuTru scheme will be a contractual agreement among regulated financial services institutions to manage the identification of customers in a consistent way.
It is expected, however, that some of the ways in which the YuTru platform operates will form the basis of regulation of digital identification in PNG. Especially, as the BPNG will need to respond with national regulations in response to the recent draft directives from the Asia-Pacific Group on Money Laundering (APGML) and the local chapter of the international Financial Action Task Force (FATF).
The YuTru platform can be thought of as an electronic KYC (e-KYC) protocol, designed to implement the existing revised Prudential Standard BPS253 (BPS243) , on Customer Due Diligence (BPNG 2014) more robustly.
What legislation governs the use of YuTru Digital Identity and trust framework?
Most countries around the world who have implemented a digital Identity system or framework did not have an overarching policy specifically for the use of Digital Identity and processing and storage of user data at the start. However, they depend on International Laws and best practices at the implementation stage, then they look at developing Digital Identity policies and regulations. Countries also depend on policy and acts such as Digital Government Act, Cybersecurity policy, Data Protection & Privacy Policy or Cloud Governance Policy.Â
Yutru trust framework in itself is built on international best practices of data protection, data privacy and data security. Which was designed using âprivacy by designâ and user centric control of digital Identities. PNG does not have an overarching Digital Identity Act, however YuTru abides by BPS243 Standard, The Cybercrime Code Act 2016, National Cyber Security Policy 2021 and the Digital Transformation Policy 2020. At this phase of implementation, these policies are sufficient to support the use of the Yutru Identity framework and ID.
How will YuTru ID be rolled out?
YuTru ID enrollment will be at registered businesses (participant) usual customer touch points. What this means is that every time you interact with your service provider, who displays the YuTru trademark, you have an opportunity to enrol for a YuTru ID. Your interaction could be:
- at home, remote and unsupervised via a computer/tablet/mobile browser or app
- remotely with the assistance of a customer representative
- via a kiosk in the service providerâs branch
- via a kiosk, in the branch, with the help of a customer service officer
- over the counter, in the branch, mediated by a customer service officer.
These five (5) use cases are described in detail here.
This method is the direct opposite of the technique employed by other ID rollout programs, such as PNG NID, that involved a âbig bangâ approach.
Would it cost a user to register with YuTru?
No. It costs absolutely nothing for a user to get and use a YuTru ID. A user does not even have to travel or queue up for one. A user applies online and the ID is granted in minutes. A user registers of their own free will and can even do so over a 3G mobile data connection. It is simple to do and can be used within seconds of getting one. The relier that asks an individual to identify themselves is the one who pays for the identification and verification service from the DIBL and so it will always be free for users. We will never ever charge you to be able to say with confidence, I am who I say I am.
What are the requirements to enrol or register for a YuTru ID?
If you are a new customer of an issuer, you will be required to provide identifications and supporting documents to register on the YuTru platform. Or a fully trusted YuTru identity can vouch for a new customer without identifications and supporting documents.
If you are an existing customer at an issuer, all you need is to present your physical self in front of a biometric scanner and enrol. Â You can, at any time, sign up for a YuTru ID at an issuer.Â
What type of ID documents do I need to present to enrol or register for YuTru ID?
No ID is required for YuTru enrolment if you are already a customer of an issuer. Your physical self is good enough to enrol with. Once your biometrics are captured, you will be challenged, the next time you wish to access goods or services from an issuer, to claim attributes on record. After your claim is vetted to be successful, your attributes will be tied to your biometrics. This essentially registers you with a YuTru identity at the lowest level of assurance.Â
For new customers, you will provide ID documents recommended by the issuer.
How can a digital identity expand financial inclusion?
This could best be described here.
Can a company be identified using YuTru when doing digital transactions?
An initiative spearheaded by the international organisation called OpenID, in collaboration with the APEC Business Advisory Council (ABAC), is focusing on introducing a digital identity for companies or businesses called a Legal Entity Identity (LE-ID) in order to prove themselves when transacting digitally, with one another or with their customers. This concept is still in its early stages.
YuTru, however, is aimed at giving the opportunity to PNG citizens to have a secured and harmonised method of identification. Â
YuTru can be utilised by the Register of Companies to identify business owners, directors, investors, association groups executives, cooperative society leaders, among others. Either by relying on the YuTru ID presented by each of these individuals, or having them enrol with YuTru, easily identifies and links them to the venture.
Why move to digital identification?
Speed, efficiency, privacy through zero-knowledge proofs of personally identifiable information, security, uses sector specific identity information to prevent profiling, single-source-of-truth, avoids data custody risk, can be verified in real time, permits one set of credentials to be re-used, gives control back to the user, credential can be carried on a smartphone or held in the cloud, no chance of transcription errors, travel can be avoided, no opportunity for repudiation.
Why YuTru?
- No more carrying around paper-based copies of ID.
- No more converting digital to paper-based copies when providing it to a relier.
- Less travel to a branch in-person to do everyday businessÂ
- Elimination of errors while transcribing paper-based documents to the digital system of relier.
- Saves you the cost of possible loss or theft of physical ID documents.
- Less time to process Digital ID in the relierâs organisation.
- Cannot be forgedÂ
- Eliminate the need to remember different username and password at each and every relierâs online property.
- Eliminates the risk of sharing Private information to strangers in the process of being identified.
- Your private information is only disclosed by you
- Eliminates silos of information that are repeated at each institution which distributes and multiplies risks.
- Easy to update your information at any issuer in real time and on the go
- Can be verified in real time by reliersÂ
- Locally owned and operated
- Interoperable with any system
- Assessed and certified by international recognised Digital Identity trustworthiness organisation