4. …serving 20
million people
…with 84,000
employees
…running on
55 million
lines of code
…making 10k
changes to our IT
systems per year
…and handling
200m calls from the
public each year
DWP: One of the UK’s biggest digital transformations...
7. We have a responsibility to
innovate…boldly
To reduce costs to the taxpayer
Improve outcomes for society
To meet our customers’ ever-
changing needs
To stay ahead of digital trends
@CherylJStevens
9. DWP Identity & Trust: Our Vision
9
@CherylJStevens
“Digital Services are able to operate securely with
proportionate, tailored Identity and Trust solutions that
meet both customer and service needs, whilst ensuring that
the person, the data and the transaction are protected”.
13. Trust in the Session
The channel is secure and
we see normal
interactions
Trust in the Action
‘Data’ is verified, we are
confident in what we are
being told
Trust in the Person
We are confident that we are
interacting with the right
person
Attribute based – Identity as the example
@CherylJStevens
14. USER CHANNELS SERVICE REQUEST
TRUST ENGINE
MACHINE LEARNING
CONTEXT
WATCHLISTS
DEVICE
INFO
USER
BEHAVIOURS
TRANSACTION
HISTORY
LOCATION INFO
The transaction risk differs for each
application/service – this
contributes to the trust score
Multi-channel business
applications are decoupled from
authentication
INTELLIGENT AUTHENTICATION
PROPORTIONATE
ACCESS & ACTION
Proportionate, intelligent authentication, based on
trust in person, session, action, and user preferences
A comprehensive real-time trust score is calculated for
every transaction based on an various trust dimensions
Business policies and decision
management
• Password
• PIN
• OTP
• Push Notifications
• Gesture request e.g.
swipe
• Knowledge based
questions
• Behavioural Biometrics
• Fingerprint
• Facial recognition
FEEDBACK
The context and outcomes of the user authentication is
managed within and across sessions, to build user trust over
time while increasing the accuracy of trust scoring models
Achieving a low hurdle - Context, Transaction
Risking & Authentication
@CherylJStevens
16. Customer Journey – Low Hurdle with Transaction
Risking
ID failed or TrX risk
too high Offline process
16
ID Level
achieved
Can we
transact?
Yes Success
Transaction
Risking
ID Level
achieved
Can we transact? No
Additional
Authentication
SuccessTransaction
Risking
@CherylJStevens
17. DWP Identity & Trust: Our Vision
17
@CherylJStevens
“Digital Services are able to operate securely with
proportionate, tailored Identity and Trust solutions that
meet both customer and service needs, whilst ensuring that
the person, the data and the transaction are protected”.
Orchestration of attributes is the key
18. What you do to enable us to serve our
customers really really matters.
Thank you for listening.
18
@CherylJStevens
Editor's Notes
Hi, I’m Cheryl Stevens, Head of Identity & Trust services at the Department for Work and Pensions. I’m really glad of the opportunity to talk to you all today. Its my first Service North event but, all being well in the next 45 mins, it won’t be my last.
Little bit about me, I am a 20 year Civil Servant and joined on purpose
I love what I do and hold the firm belief that I, we make a difference
My passions are My family, holidays, Leadership, Fraud & Error prevention and Digital Identity – not necessarily in that order.
I’m a proud Prestonian, so I thought I’d share the highlights.
Apparently, it’s the cheapest place for a pint according to what I’m sure was an accurate poll by the Daily Mirror
The bus station is the second largest in western Europe and was recently granted Grade 2 listed status – yes, that building in the background is Gov
Finally, the best place ever – Winedown, an underground wine bar and deli where the cheese matches your chosen tipple.
But – I do drink Yorkshire tea. Lancashire tea is rank.
A friend of mine, Gary Barnett, recently compared Gov Depts to biscuits, what he was actually saying was that there is nothing that can’t be resolved over a cuppa and a biscuit.
Can you guess which is which?
We have the special biscuits, I don’t actually know what they taste like because my kids always pinch them – I think they would be interesting and bold and not afraid to stand out
Clearly we also have secret biscuits, so secret that I can’t show them to you, in fact I haven’t seen them.
Then we have the Departments with many many biscuits
Lastly we have the reliable and necessarily resilient to immense dunking
Who is DWP?
One of the UK’s biggest digital transformations...
serving 20 million people
with 80,000 employees
Our systems run on 55 million lines of code
We make 10k changes to our IT systems per year
And we handle 200m calls from the public each year
Our purpose sets DWP apart, what we do really really matters, people only come to us when life has thrown them a curve ball like bereavement or separation or even an expected events like pension. We cover a lot of ground and we are here to:
•Build a more prosperous society by supporting people into work and helping them to realise their potential.
•Ensure financial security for disabled people and people with health conditions and pensioners
•Increase every child’s opportunity to succeed by helping separated parents agree effective child maintenance arrangements and supporting families in distress to reduce parental breakdown and separation.
•Transform our services and work with the devolved administrations to deliver an effective welfare system for citizens when they need it while reducing costs, and achieving value for money for taxpayers.
Our customers - Citizen, Organisation, Third Party, Delegated Authorities
Predominantly going to talk about Citizen ID & Trust today
DWP also deals with organisations such as learning providers
We can’t forget that not all of our customers can manage their own affairs as more services move to Digital, DWP cannot afford to exclude those who need help, often also most vulnerable
Third parties such as charities or welfare organisations and Delegated access to family members for example all need a solution to enable a frictionless digital journey.
So how do we serve such a diverse range of customers?
One size fits all right?
Absolutely not and that’s where proportionality is key.
I’m going to spend a little time walking through how I believe we are heading into better, more proportionate services and solutions in DWP Digital that are context driven, attribute based and enabled by smart orchestration
But why do we need to do that, have we just woken up one morning and decided to do this? No, its wholly user driven.
Currently we have blunt solutions that fulfil a particular purpose, I’m not saying that they are not good at that particular purpose, they are but it becomes a series of high hurdles, each one separate that the customer has to get over. We know in DWP this is really problematic and they give up or fail and end up in a costly face to face situation, often when they actually need the help yesterday.
I’ve talked mainly so far about customers and users, but what about services? Historically high hurdles mean single integrations which severely impacts services, but in order to move away from high hurdles we have to move to potentially more complexity for our services and let me tell you that is not a joyous conversation. So how do we solve the problem of high hurdles and complexity?
So how do we serve such a diverse range of customers?
One size fits all right?
Absolutely not and that’s where proportionality is key.
I’m going to spend a little time walking through how I believe we are heading into better, more proportionate services and solutions in DWP Digital that are context driven, attribute based and enabled by smart orchestration
Talk through each one as they appear
Now, as you can see in order to really achieve that secure service that I talked about at the beginning you need all of these.
The key is that you don’t need them all at the same time – context based proportionality. But how?
Continuing with the Identity example
When you get under the hood, we know that it looks like this
Orchestration of multiple factors to achieve trust in session, action, person
Layers complexity away from services, 1 integration point
Trust engine uses relevant inputs, watchlists, device, behaviour
Context of action is vital Example – View Appt different to changing Bank acc
Not meeting trust score shouldn’t be end
What if any Auth from pantry is needed to increase trust could be KBV, OTP
Achieving vision of proportionality for customers whilst building trust, reducing risk and keeping online
But it still leaves the problem of integration both from a sheer volume perspective but also because as we all know technology is moving at pace so how do we make sure that we don’t get left behind and that we can switch tech in and out without the services having to change all of their processes and wraparounds.
What it looks like for services: In order to achieve truly attribute based orchestration we have to layer the complexity away from services
Answer = Automated Proportionate risk-based citizen services, orchestrated by a dynamic trust model
Orchestration of continuously evolving solutions - interoperable services that are linked by common concepts, standards and purpose
Real-time, automated, intelligent decisions – improved efficiency and accuracy
Omni-channel
Architecture for sustainable development – decoupled from front end services providing flexible configuration for different services / customer journeys with a single integration point
Integrate / build on good work already done e.g. Verify continue to be part of it – improve existing capabilities + enable new ones
We are referring to this new capability as the Dynamic Trust Hub (DTH) and truly believe that this is the start of an exciting chapter for Identity & Trust.
What that looks like for customers
But why do we need to do that, have we just woken up one morning and decided to do this? No, its wholly user driven.