The Minister for Government Services makes these Identity Verification Standards (the Standards) which were gazetted on 23 February 2021.
In accordance with section 41(3) of the Service Victoria Act 2018, in making these Standards I have had regard to the guiding principles set out in section 42 of the Act.
THE HONOURABLE DANNY PEARSON MP
Minister for Government Services
1.1. This instrument commences on 18 February 2021 or the date of the Standards being gazetted, whichever is later. This is the third version of these Standards, and replaces the Standards issued on 1 March 2020.
The Standards are a legislative instrument made by the Minister administering section 41 of the Service Victoria Act 2018 (the Act).
2.2. Under section 41 of the Act, these Standards deal with issues including, but not limited to:
a) digital and non-digital methods for verifying identity;
b) determination of the level of assurance of an identity verification function required for a transaction;
c) identity information required for each level of assurance;
d) the process for applying any exceptions if an individual’s identity cannot be readily verified; and
e) any terms and conditions that apply to the issue, use, reuse, or increase in level of assurance of an electronic identity credential (EIC) and renewal of an EIC.
2.3. These Standards must be read together with the Act and any other regulations or standards made under the Act. These Standards are not intended to limit or restrict the operation of the Act.
2.4. The Minister may update these Standards at any time.
3.1. These Standards establish a consistent and secure identity verification framework for individuals transacting with the Victorian government through Service Victoria. The guiding principles for making and using these Standards are set out in section 42 of the Act as follows:
a) User choice – individuals may choose whether to have a temporary electronic identity credential or an ongoing electronic identity credential;
b) Minimal data is to be requested and stored – individuals must not be asked to provide more information than necessary in order for Service Victoria to verify the individual's identity and personal information can only be stored with the individual's consent, unless required by law;
c) Risk-based approach to identity verification – a consistent and evidence-based approach is employed to determine the level of assurance of identity required for transactions;
d) Security, transparency and accountability – Service Victoria, and any external service providers engaged to provide identity verification services, are to be regularly audited by an independent entity to ensure compliance with privacy and data security requirements;
e) Flexibility – the Standards must, to the extent practicable, be able to adapt to new technologies or methods of identity verification;
f) National consistency – the Standards must, to the extent practicable, align to national requirements, as set out in any relevant national framework or guidelines as in force from time to time.
These Standards use the following terms:
a) MUST indicates something that is required in order to meet these Standards;
b) SHOULD indicates something that is recommended but not required in order to meet these Standards (that is, these recommendations should be implemented unless it is unreasonable to do so, or an alternative process which provides an equivalent LOA is used);
c) MAY indicates something is permitted but is not required under these Standards;
d) SHOULD NOT indicates something that is not recommended under these Standards, unless circumstances make other approaches unfeasible;
e) MUST NOT indicates something that is not permitted in order to meet these Standards.
4.2. Except where otherwise specified, these Standards adopt the definitions contained in section 3 of the Act.
5. Service Victoria levels of assurance
Level of assurance (LOA) is a way of describing the degree of confidence that an individual is who they say they are:
a) in relation to an EIC, the LOA is the degree of confidence in an individual’s identity that the EIC is taken to provide;
b) in relation to an identity verification function for a transaction, the LOA is the degree of confidence in an individual’s identity that is required for the purposes of that transaction.
5.2. Under the Service Victoria (General) Regulations 2018, there are four LOAs:
a) LOA1 — basic level of assurance;
b) LOA2 — medium level of assurance;
c) LOA3 — high level of assurance;
d) LOA4 — very high level of assurance.
5.3. Before a transaction involving an identity verification function is conferred on Service Victoria, a risk-based LOA assessment of the identity verification function required for that transaction must be undertaken, and an LOA assigned. The assessment must be jointly completed by the service agency and Service Victoria.
5.4. Where an EIC is issued to an individual, Service Victoria must record the LOA on the EIC, as well such other information as needed to facilitate the use of the EIC at the relevant LOA.
5.5. To use an EIC to satisfy an identity verification function in a transaction, the LOA of the EIC must:
a) be the same as, or higher, than the LOA required for the identity verification function for the transaction; and
b) comply with all relevant re-use requirements under Standard 14.
6. Identity documents
Identity information collected by Service Victoria when verifying identity under these Standards must:
a) be obtained with the consent of the individual;
b) be provided in the form and manner determined by the Service Victoria CEO;
c) be consistent with the LOA of the identity verification function for which it is collected;
d) achieve identity verification purposes using no more than the information that is required, recommended or permitted under these Standards; and
e) be validated by a document verification service, at document source or through other service providers, to check that the information provided by the individual is legitimate.
6.2. Identity documents serve three purposes:
a) Commencement of identity: to confirm the individual’s identity has been legitimately created in Australia;
b) Use in the community: to confirm that an individual’s identity has been active in the community over time, to safeguard against the creation of fictitious identities; and
c) Photo bind: to confirm that the person presenting the documents is the legitimate owner by checking that the photo on the identity document matches the individual’s face.
6.3. Identity documents must come from high-integrity and known sources, and have robust, risk-assessed identity verification practices attached to the issuing of the document.
Commencement of Identity
6.4. Subject to these Standards, the following identity documents are satisfactory Commencement of Identity documents:
a) A full Australian birth certificate (not a birth extract or birth card) in the individual’s name or former name issued by a State or Territory registry of Births, Deaths and Marriages (does not include a photo);
b) A full Australian passport in the individual’s name or former name which is current or has expired within the last three years (includes a photo);
c) A foreign passport with a valid Australian visa in the individual’s name or former name (includes a photo); and
d) An ImmiCard issued in the individual’s name or former name by the Department of Home Affairs (includes a photo).
Use in the Community
6.5. Subject to these Standards, the following identity documents are satisfactory Use in the Community documents:
a) An Australian driver licence issued by the Victorian Roads Corporation established under the Transport Integration Act 2010, or a comparable authority (includes a photo); and
b) A Medicare card issued by the Commonwealth Department of Human Services (does not include a photo).
Difference in Name
6.6. Subject to these Standards, the following identity documents are satisfactory Difference in Name documents:
a) A change of name certificate issued by a State or Territory registry of Births, Deaths and Marriages; and
b) A marriage certificate issued by a State or Territory registry of Births, Deaths and Marriages.
7. Identity verification for LOA1
7.1. Service Victoria does not verify an identity for LOA 1 transactions.
8. Identity verification for LOA2
The individual must provide attributes from two satisfactory identity documents. Each document must be either a satisfactory Commencement of Identity document or a satisfactory Use in the Community document.
8.2. There must not be a material difference in the customer’s name as it appears on both documents, as defined in Standard 12.5.
9. Identity verification for LOA3
The individual must demonstrate the claimed identity:
a) is legitimate;
b) has been active in the community over time; and
c) there is a link between the claimed identity and the individual claiming that identity.
9.2. The individual must provide:
a) a satisfactory Commencement of Identity document; and
b) a satisfactory Use in the Community document,
including at least one document containing a suitable photo that can be used to complete a photo bind to the individual.
9.3. Where an individual seeks to be issued an EIC, or to use an existing EIC, in relation to a transaction for which a nationally coordinated criminal history check is required, the Service Victoria CEO may require the individual to provide additional identity information for the purpose of processing such checks as specified from time to time by the relevant agency of the Commonwealth.
9.4. The individual must provide a satisfactory Difference in Name document in relation to any material differences in the individual’s name as it appears on the Commencement of Identity document and the Use in the Community document provided to Service Victoria (see below).
9.5. The individual must pass a photo bind. This could involve a visual or digital liveness and likeness check, matching an image or a live video of the individual to a suitable photo on an identity document.
10. Identity verification for Service Victoria LOA4
10.1. To verify an identity for LOA4, an individual must satisfy the requirements of LOA 3 that are set out in Section 9 of these Standards and must also complete an in-person biometric check.
10.2. Service Victoria does not currently verify an identity for LOA4 and does not offer these transactions.
11. Non-digital methods
11.1. Where considered reasonable and practicable in the circumstances, Service Victoria may use non-digital methods for identity verification.
11.2. Non-digital methods must provide a reasonably equivalent degree of assurance at each LOA as set out in these Standards, as determined by the Service Victoria CEO.
11.3. Without limiting section 11.2, when using a non-digital methods, the Service Victoria CEO may determine, for a given LOA:
a) that individuals must provide certified copies of non-digital identity documents; and/or
b) that non-digital identity documents received, and identities claimed, must be able to be validated through the Service Victoria digital platform; and/or
c) individuals submitting a non-digital application must utilise a referee meeting the requirements determined by the Service Victoria CEO and provide information verifying the referee’s identity as required.
11.4. Service Victoria may require individuals submitting a non-digital application to provide further information, or to re-submit their application (as required), if the individual did not complete any required part of the application pack for the transaction to be performed for the individual.
12. Difference in name
Before issuing an individual an EIC at LOA3, a link must be established between the name on the Commencement of Identity document(s) and/or Use in the Community document(s), provided to support the verification of an individual’s identity.
12.2. A difference in name occurs where an individual’s first, middle and/or last names are not identical on their Commencement of Identity document(s) and/or Use in the Community document(s).
12.3. A difference in name is either:
a) a minor difference; or
b) a material difference.
12.4. A minor difference occurs where:
a) the first and last names are an exact match, and the middle name (if available) is represented by an initial that is consistent with the correct full name; and/or
b) the first and last names (and middle, if available) feature inconsistently applied or missing punctuation that is minor (e.g. hyphens or apostrophes) and the names are otherwise an exact match.
12.5. A material difference occurs where the names on the provided documents are not an exact match and cannot be explained as a minor difference.
12.6. At LOA3, if there is a material difference in name on the Commencement of Identity document and Use in the Community document provided by the individual, the individual must provide a satisfactory Difference in Name document to explain the difference in name.
There are options available to individuals who cannot provide the documents required to verify their identity in accordance with these Standards.
13.2. Service Victoria may use an exceptions process for individuals who otherwise have difficulty having their identity verified under these Standards.
13.3. When using an exceptions process, the Service Victoria CEO must be satisfied that it is reasonable in the circumstances and does not substantially reduce the reliability of the identity verification process.
13.4. The exceptions process may involve the use of alternative methods to gather necessary information to verify an individual’s identity, including:
b) information provided by verified referees or other responsible persons; and/or
c) other information provided by the individual.
13.5. Where possible, information provided by individuals or referees should be checked with a record checking agency or with other appropriate people or organisations.
13.6. Service Victoria may require the individual using an exceptions process to utilise a referee meeting the requirements determined by the Service Victoria CEO and provide information verifying the referee’s identity as required.
13.7. Where an individual cannot provide one of the satisfactory identity documents, Service Victoria may request the individual to provide an alternate reasonably equivalent identity document that has come from high-integrity and known sources, and have robust, risk-assessed identity verification practices attached to the issuing of the document.
13.8. Where an individual cannot provide one of the required identity documents, Service Victoria may direct the individual to the relevant issuing authority to obtain one.
13.9. Individuals may also be given the option to complete transactions through existing digital and/or non-digital service delivery methods with service agencies including Service Victoria.
14. Ongoing Electronic Identity Credentials
Consent and account creation
14.1. An individual may consent to the continuation of a temporary EIC as an ongoing EIC in accordance with provisions of the Act and/or any relevant subordinate instrument made under or pursuant to the Act, including these Standards.
14.2. An individual who consents to an ongoing EIC must establish and maintain a Service Victoria account.
14.3. Service Victoria may set up a Service Victoria account for customers transacting non-digitally with Service Victoria. Service Victoria may delete an account set up in this way if the relevant individual does not take required steps to make the account active within 90 days of the account being set up.
14.4. If an individual to whom an ongoing EIC is issued deletes their Service Victoria account, or the account is deleted by Service Victoria under Standard 14.3, their ongoing EIC expires upon deletion of the account for the purposes of sections 27(7)(b) and 30(6)(b) of the Act.
Issuing an ongoing LOA3 EIC
14.5. If an individual consents to the continuation of a temporary EIC of LOA3, then in addition to being satisfied that the individual has complied with Standard 14.2, Service Victoria must be satisfied that the following conditions are met before issuing an ongoing EIC of LOA3 to the individual:
a) the individual must provide a photo that is suitable for reuse in accordance with paragraph (c) below (the Photo);
b) Service Victoria must be satisfied that the Photo matches the photo bind performed under paragraph 9.5 and determine that the Photo is suitable for future digital identity verification; and
c) the individual must consent to the Photo being retained as an attribute of the ongoing EIC at LOA3.
14.6. Saving a photo to an ongoing EIC as outlined above enables the individual to reuse a verified photograph linked with their EIC, and may be used to verify the individual is the true owner of an EIC.
14.7. To avoid doubt, the condition described in paragraph 14.5 confers a function on the Service Victoria CEO in the nature of an identity verification function as defined in the Act, and which necessitates the collection of a photo.
14.8. If the individual is unable to comply with the conditions outlined in paragraphs 14.2 or 14.5, then this does not invalidate the individual’s temporary EIC.
Maintaining and using an Ongoing EIC
14.9. Service Victoria must take reasonable steps to ensure each ongoing EIC issued to an individual under the Act continues to satisfy all requirements and conditions that apply to the issue of an ongoing EIC of the same LOA, as set out in the latest version of the Standards
14.10. If an individual’s ongoing EIC no longer meets the latest requirements and conditions, then Service Victoria must decrease the LOA recorded on that EIC to the appropriate LOA, and notify the individual at the appropriate time.
14.11. Service Victoria should check with an individual that their name as recorded on their EIC has not changed before permitting the individual to re-use that EIC.
14.12. If the individual’s ongoing EIC has a lower LOA than is needed for the transaction, the individual may apply to Service Victoria to verify their identity at the higher LOA needed in accordance with the Standards and if successfully verified at the higher LOA, choose to either:
a) obtain a temporary EIC at the higher LOA; or
b) increase the LOA of the individual’s existing ongoing EIC to the higher LOA.
14.13. To be valid, an application for the renewal of an ongoing EIC must be made in the form and manner determined by the Service Victoria CEO in accordance with the Act and these Standards.
14.14. Service Victoria may renew an ongoing EIC in relation to an individual if, having received an application for renewal in the form and manner determined by the Service Victoria CEO, the individual has provided sufficient satisfactory identity information such that the requirements for issuing a new EIC to the individual at the same LOA would be satisfied.
14.15. Use of an ongoing EIC for the purposes of a nationally coordinated criminal history check is subject both to the EIC satisfying ordinary LOA3 requirements and to the individual providing any further information as required in accordance with Standard 9.3.
14.16. Service Victoria should check issued ongoing EICs from time to time and may cancel any EIC issued to an individual who has died subsequent to the issue of the EIC.
15. Reviewable decisions
These Standards are intended to be used by the Service Victoria CEO in making identity verification decisions under the Act, and by VCAT when reviewing decisions made by the Service Victoria CEO under the Act.
15.2. Only the following decisions listed in section 40(1) of the Act are reviewable by VCAT:
a) to refuse to issue an EIC;
b) to cancel an EIC;
c) to refuse to renew an ongoing EIC; or
d) to refuse to increase the LOA of an ongoing EIC.
15.3. Not all outcomes on the Service Victoria platform are reviewable decisions. Where an individual drops out of the identity verification process due to technical reasons, that outcome is not a decision. Service Victoria may offer alternative options to customers who experience technical difficulties in completing digital identity verification, such as referral to non-digital methods.
15.4. Where there is an identity verification decision constituting a refusal to issue, renew or increase the level of assurance of an EIC, the individual must be provided with a notice including, among any other matters, the date of refusal and the reasons for the refusal, in accordance with the Act.