The Special Minister of State makes these Identity Verification Standards, which were gazetted on 27 February 2020.
In accordance with section 41(3) of the Service Victoria Act 2018, in making these Standards I have had regard to the guiding principles set out in section 42 of the Act.
GAVIN JENNINGS MLC
Special Minister of State
1.1 This instrument commences on 1 March 2020 or the date of the standards being gazetted, whichever is later. This is the second version of these Standards, and replaces the Standards issued on 30 September 2018.
2.1 The Identity Verification Standards (the Standards) are a legislative instrument made by the Special Minister of State (the Minister) under section 41 of the Service Victoria Act 2018 (the Act).
2.2 These Standards should be read together with the Act and any other regulations or standards made under the Act.
2.3 Section 57 of the Act provides for independent review of the operation of the Act after three years.
2.4 The Minister has the discretion to review and update these Standards at any time.
2.5 Section 56 of the Act provides that the Minister may require an audit of compliance with the Act, which would include these Standards, be undertaken by an independent auditor.
3.1 The Standards establish a consistent and secure identity verification framework for individuals transacting with the Victorian government on the Service Victoria digital platform.
3.2 The Standards may deal with issues including:
a) digital and non-digital processes;
b) the levels of assurance (LOA) and the process of deciding the LOA of an identity verification function required for a transaction;
c) identity information required for each LOA;
d) the process for applying any exceptions if an individual’s identity cannot be readily identified; and
e) terms and conditions that apply to the issue, use, reuse, increase in LOA and renewal of an electronic identity credential (EIC).
3.3 Except where otherwise specified, these Standards adopt the definitions of terms contained in section 3 of the Act.
3.4 For the avoidance of doubt, these Standards are not intended to and shall not limit or restrict the operation of the Act.
These Standards use the following conventions:
a) MUST indicates something that is required in order to meet these Standards;
b) SHOULD indicates something that is recommended but not required in order to meet these Standards (i.e. these recommendations should be implemented unless it is unreasonable to do so, or an alternative process which provides an equivalent LOA is used);
c) MAY indicates something that may be done or considered when under a service transition arrangement but is not required under these Standards;
d) SHOULD NOT indicates something that is not recommended under these Standards, unless circumstances make other approaches unfeasible.
4.2 The audience for these Standards is intended to include:
a) Service Victoria; and
b) the Victorian Civil and Administrative Tribunal.
4.3 The Act requires the Service Victoria Chief Executive Officer (Service Victoria CEO) to comply with these Standards when performing identity verification functions. The Service Victoria CEO must use the Standards to the extent that they are relevant when deciding whether to issue, refuse, permit use/reuse, renew, suspend or cancel an EIC, and to determine assurance levels for those credentials.
The Victorian Civil and Administrative Tribunal
4.4 The Standards will be relevant to any Victorian Civil and Administrative Tribunal (VCAT) review of a decision made by the Service Victoria CEO.
5. Non-digital methods
5.1 Where considered reasonable and practicable in the circumstances, the Service Victoria CEO can use non-digital methods to verify an individual's identity. The non-digital methods employed must provide a reasonably equivalent degree of confidence at each LOA to the processes that are set out in sections 9 to 12 of these Standards.
6. Guiding principles
6.1 The guiding principles for making, using and applying these Standards are set out in section 42 of the Act as follows:
a) User choice – individuals may choose whether to have a temporary electronic identity credential or an ongoing electronic identity credential;
b) Minimal data is to be requested and stored – individuals must not be asked to provide more information than necessary in order for Service Victoria to verify the individual's identity and personal information can only be stored with the individual's consent, unless required by law;
c) Risk-based approach to identity verification – consistent and evidence-based approach is to be employed to determine the level of assurance of identity required for transactions;
d) Security, transparency and accountability – Service Victoria, and any external service providers engaged to provide identity verification services, are to be regularly audited by an independent entity to ensure compliance with privacy and data security requirements;
e) Flexibility – the Standards must, to the extent practicable, be able to adapt to new technologies or methods of identity verification;
f) National consistency – the Standards must, to the extent practicable, align to national requirements, as set out in any relevant national framework or guidelines as in force from time to time.
7. Service Victoria levels of assurance
7.1 The definition of LOA depends on its context:
a) in relation to an EIC, an LOA is the degree of confidence in an individual’s identity that a credential is taken to provide;
b) in relation to an identity verification function, the LOA is the degree of confidence that is required for the purposes of that function.
7.2 LOA is a way of describing the degree of confidence that has been achieved that an individual is who they say they are. The LOA that is required will depend on the identity verification function required in the particular transaction.
7.3 There are four LOAs:
a) Service Victoria LOA 1: requires basic level of assurance in the individual’s identity;
b) Service Victoria LOA 2: requires medium level of assurance in the individual’s identity;
c) Service Victoria LOA 3: requires high level of assurance in the individual’s identity;
d) Service Victoria LOA 4: requires very high level of assurance in the individual’s identity.
7.4 The LOA of an identity verification function required for a transaction is determined through risk assessment.
7.5 Before a transaction is conferred on Service Victoria, an LOA assessment of the identity verification function required for that transaction must be undertaken and an LOA assigned. This risk assessment must be jointly completed by the service agency and Service Victoria.
7.6 An EIC must record the LOA of the EIC which may be increased or decreased from time to time in accordance with the Act and any relevant subordinate instrument made under or pursuant to the Act including the Standards.
7.7 The LOA of the EIC must be the same as, or higher, than the LOA required for the identity verification function for the transaction, and the EIC must comply with all relevant requirements for that EIC as set out in the Standards current at the time of the transaction.
8. Identity documents
8.1 This section outlines the requirements for identity documents that will be used by the Service Victoria CEO to verify identity.
8.2 Identity documents required by the Service Victoria CEO should (as relevant):
a) be obtained with the consent of the individual;
b) be provided in the form and manner determined by the Service Victoria CEO;
c) be consistent with the LOA of the identity verification function required for a transaction;
d) achieve identity verification purposes using the minimum information needed;
e) where possible, be validated by a document verification service, at document source or through other service providers, to check that the information provided by the individual is legitimate.
8.3 Identity documents can serve three different purposes:
a) Commencement of Identity: to confirm the individual’s identity has been legitimately created in Australia;
b) Use in the Community: to confirm that an individual’s identity has been active in the community over time, to safeguard against the creation of fictitious identities;
c) Photo bind: to confirm that the person presenting the documents is the legitimate owner by checking that the photo on the identity document matches the individual’s face
8.4 The Service Victoria CEO may require a minimum number of identity documents, as well as specific types of documents in specific combinations, in order to fulfil one or more of these purposes.
8.5 An identity document may fulfil multiple purposes.
8.6 Documents should come from high-integrity and known sources, that have robust, risk assessed identity verification practices attached to the issuing of the document.
8.7 Commencement of Identity documents:
a) a full Australian birth certificate in the individual’s name or former name issued by a state or territory registry of Births, Deaths and Marriages (does not include photo). Birth extracts or birth cards cannot be accepted;
b) an Australian passport in the individual’s name or former name which is current or has expired within the last three years (includes photo);
c) a foreign passport with a valid Australian Visa in the individual’s name or former name (includes photo);
d) an ImmiCard issued in the individual’s name or former name by the Department of Home Affairs (includes photo).
8.8 Use in the Community documents:
a) an Australian driver’s licence issued by the Victorian Roads Corporation established under the Transport Integration Act 2010 or a comparable authority (includes photo);
b) a Medicare card issued by the Commonwealth Department of Human Services (does not include photo).
8.9 Difference in name document (if required):
a) a Change of Name Certificate issued by a state or territory registry of Births, Deaths and Marriages; or
b) a Marriage Certificate issued by a state or territory registry of Births, Deaths and Marriages.
9. Identity verification for Service Victoria LOA 1
9.1 Service Victoria does not verify an identity for LOA 1 transactions.
10. Identity verification for Service Victoria LOA 2
10.1 To verify an identity for LOA 2 transactions, an individual must provide the attributes from two identity documents from the list set out at sections 8.7 and 8.8.
10.2 In addition to the requirements of section 10.1, the Service Victoria CEO must require that there not be any material difference (as described in section 13.6) in the name on each document and each document be successfully verified through Document Verification Service.
11. Identity verification for Service Victoria LOA 3
11.1 The acceptable number and type of identity documents for LOA 3 is outlined in this section.
11.2 To verify an identity for LOA 3 transactions, the Service Victoria CEO must be satisfied that the claimed identity:
a) is legitimate;
b) has been active in the community over time; and
c) there is a link between the claimed identity and the individual claiming that identity.
11.3 To satisfy the Service Victoria CEO of the requirements of section 11.2, the individual must provide the following two identity documents:
a) a Commencement of Identity document listed in section 8.7; and
b) a Use in the Community document listed in section 8.8.
11.4 In addition to the requirements of section 11.3, the Service Victoria CEO must require:
a) one of these documents to include a photo that can be used to bind to the individual;
b) each document be successfully verified through Document Verification Service; and
c) each document to be in the individual’s current, full name.
11.5 If one of the documents is in the individual’s former name, the individual must provide one difference in name document listed in section 8.9, to demonstrate the link between their current and former name and the names shown on the Commencement of Identity document and Use in the Community Document. This difference of name document must successfully be verified through Document Verification Service.
11.6 Service Victoria must accept the identity documents listed below to verify an individual’s identity to LOA 3, in accordance with the objectives set out above.
11.7 Confirmation of photo bind
a) Photo bind between an individual and a photo document will be established through:
i) comparison of a photo on an identity document to the individual; and
ii) a liveness and likeness check to match a live video or image of the individual to a photo identity document.
11.8 The Service Victoria CEO may at their discretion perform other checks of identity documents to determine authenticity (for example to determine if identity documents have been tampered with or may be fraudulent).
12. Identity verification for Service Victoria LOA 4
12.1 To verify an identity for LOA 4, an individual must satisfy the requirements of LOA 3 that are set out in section 11 of these Standards and must also complete an in-person biometric check.
12.2 Service Victoria does not currently verify an identity for LOA 4 and does not offer these transactions.
13. Difference in name
13.1 An individual’s true and correct name must be checked when verifying an individual’s identity, to ensure that services are provided to the right person.
13.2 Individuals must provide evidence to support any name change. This includes providing evidence that an individual’s documents have not been updated to reflect their new name. A difference in name occurs where an individual’s first, middle and/or last names are not exactly the same on multiple documents.
13.3 Before issuing an individual an EIC, the Service Victoria CEO must be able to confidently establish a link between the name on the commencement document and the additional identity information provided to support the verification of an individual’s identity.
13.4 The difference in name will fall into two categories:
a) a minor difference; or
b) a material difference.
13.5 A minor difference must be one of the following circumstances:
a) where the first and last names are an exact match, and the middle name (if available) is represented by an initial that is consistent with the correct full name; and/or
b) where the first, (middle, if available) and last names feature inconsistently applied or missing punctuation that is minor (e.g. hyphens or apostrophes) and the names are otherwise an exact match.
13.6 A material difference occurs when the names on the provided documents are not an exact match and cannot be explained as a minor difference.
13.7 Where the Service Victoria CEO determines there is a material difference in name, for an LOA 3 identity verification only the individual may provide an accepted linking document (as set out at section 8.9) to explain the difference in name.
14.1 This section outlines the options available to individuals who cannot otherwise verify their identity in accordance with these Standards.
14.2 The Service Victoria CEO may use an exceptions process for individuals who otherwise have difficulty having their identity verified under these Standards.
14.3 The Service Victoria CEO must be satisfied that it is reasonable in the circumstances and does not substantially reduce the reliability of the identity verification process.
14.4 The exceptions process may involve the use of alternative methods to gather necessary information to verify an individual’s identity, including:
a) interviews; and/or
b) information provided by referees or other responsible persons; and/or
c) other information provided by the individual.
14.5 Where possible, information provided by individuals or referees should be checked with a records checking agency or other appropriate people or organisations.
14.6 An individual having trouble verifying their identity can access the Service Victoria digital support channel to help guide them through the process.
14.7 Where an individual cannot provide one of the documents required in section(s) 8.7-8.9 above, they may be directed to the relevant issuing authority to obtain one.
14.8 Once the required document has been obtained from the issuing authority, the individual may be able to return to the identity verification process.
14.9 Individuals may also have the option to complete transactions through existing digital and/or non-digital service delivery channels with service agencies.
15. Ongoing Electronic Identity Credentials
Consent and account creation
15.1 An individual may consent to the continuation of a temporary EIC as an ongoing EIC in accordance with provisions of the Act and/or any relevant subordinate instrument made under or pursuant to the Act, including these Standards.
15.2 An individual who consents to an ongoing EIC must establish and maintain a Service Victoria account. If an individual to whom an ongoing EIC is issued deletes their Service Victoria account, their ongoing EIC will expire for the purposes of subsection 27(7)(b) of the Act, or in the case of a renewed ongoing EIC subsection 30(6)(b) of the Act, upon deletion of the account.
Issuing an ongoing LOA 3 EIC
15.3 If an individual consents to the continuation of a temporary EIC of LOA 3, then in addition to being satisfied that the individual has complied with section 15.2, the Service Victoria CEO must be satisfied that the following conditions are met before issuing an ongoing EIC of LOA 3 to the individual:
a) the individual must provide the Service Victoria CEO with a photo verifying that person’s identity of a quality that is suitable for reuse in accordance with section c) (Photo);
b) the Service Victoria CEO must match the Photo to the photo bind performed in section 11.7 and determine the Photo is suitable for digital identity verification; and
c) the individual consents to the Photo being retained as an attribute of the ongoing EIC of LOA 3. This enables the individual to reuse a verified photograph linked with their EIC, and may be used to verify the individual is the rightful owner of the claimed EIC.
For the avoidance of doubt, the condition described in section 15.3 confers a function on the Service Victoria CEO in the nature of an identity verification function as defined in the Service Victoria Act, and which necessitates the collection of a photo.
15.4 If the individual is unable to comply with the conditions outlined in sections 15.2 or 15.3 then this does not invalidate the temporary EIC.
15.5 If at any time during the three calendar months immediately after the commencement of this instrument, it is not possible for the condition described in subsections 15.3 – 15.4 to be imposed, the Service Victoria CEO may in their discretion issue an ongoing EIC of LOA 3 to an individual who is otherwise able to comply with all relevant requirements under the Standards and the Act.
If Maintaining and Using an Ongoing EIC
15.6 The Service Victoria CEO must determine whether each ongoing EIC issued to an individual under the Act continues to satisfy all requirements and conditions that apply to the issue of an ongoing EIC of the same LOA, as set out in the latest version of the Standards. If an individual’s ongoing EIC no longer meets the latest requirements and conditions, then in the interests of maintaining a consistent and secure identity verification framework, the Service Victoria CEO must decrease the LOA recorded on that EIC to the appropriate LOA, and notify the individual at the appropriate time.
15.7 If the individual’s ongoing EIC has a lower LOA than is needed for the transaction, the individual may apply to the Service Victoria CEO to verify their identity at the higher LOA needed in accordance with the Standards and if successfully verified at the higher LOA, choose to either:
a) obtain a temporary EIC at the higher LOA; or
b) increase the level of the individual’s existing ongoing EIC to the higher LOA.
15.8 An application for the renewal of an ongoing EIC must be made in the form and manner determined by the Service Victoria CEO in accordance with the Act and these Standards.
16. Reviewable decisions
16.1 These Standards are intended to be used by the Service Victoria CEO in making identity verification decisions under the Act. These Standards may also be used by VCAT when reviewing decisions made by the Service Victoria CEO under the Act.
16.2 Only the following decisions listed in section 40(1) of the Act are reviewable:
a) to refuse to issue an EIC;
b) to cancel an EIC;
c) to refuse to renew an ongoing EIC; or
d) to refuse to increase the LOA of an ongoing EIC.
16.3 Not all outcomes on the Service Victoria platform are reviewable decisions. Where an individual drops out of the identity verification process due to technical reasons, that outcome is not a decision.
16.4 Where there is an identity verification decision, an individual must be provided with basic information, such as the time and reasons for the refusal, and information about the individual’s rights for review.