Every now and then I do something that requires me to provide “proof of address”.
There’s starting a phone contract, applying for security jobs, signing on, etc. For whatever reason these companies need “proof” of my address, either a utilities bill or bank statement and unfortunately for me I struggle to provide it.
My utilities and council tax is included in the rent. My banking is purely online. Until recently I “bought” my internet from my housemate. Now I buy my internet directly, I finally have an “addressed bill” to use. But that stops me from taking up Virgin’s offer to discount me £1.50 a month if I switched to e-billing instead. All in all, having to have paper proof of my address is a nuisance!
It can’t be fun for these businesses either, having to chase the paperwork, check for fraud (which must surely be easily done!), to process, file and store with potential for errors along the way? And if they come across a customer who cannot provide such proof (such as myself 2 years ago when dealing with Orange), they potentially alienate and lose such a customer.
Wouldn’t it be so much easier if I could just log in to my online banking or broadband account, type in a code, and have the necessary information automatically sent to organisation that needs it?
Could ID Verification be done Online instead?
We’d need a system that:
• Allows a user to share information with minimum effort.
• Is fully automated, requiring minimal work to operate.
• Is secure and doesn’t allow information to be shared unless explicitly permitted by the user.
Perhaps it could work as follows:
1) The user securely logs into their account for the company that holds the information they want to share.
2) This website would have a section called “share my information”. This section would have two text boxes, one for a code, another for a reference number.
3) The code would determine what information was required and which company required it. The reference number would be supplied by the company requiring information for their own reference, so when they received the information they’d know what it related to.
4) The company gives the user a code and reference number to put in. After the user has done so, a confirmation screen explains exactly what will be shared with who, ensuring that the user knows exactly what they’re doing before they hit “submit”.
5) The automated system then sends the information to the company that needed it, alongside the reference number they supplied so they can see what it related to.
• Clearly this is much more efficient and convenient for both the customer and the companies involved than sending/scanning documents/certificates.
• So long as the websites are suitably secure, there’s much less scope for fraud and error.
• With banks and companies looking to move away from expensive practices of printing and posting of paper bills and statements, it’s increasingly necessary that methods of proving a person’s address also move with the times.
So what could Vince and Norman do about it?
Such an idea doesn’t really need legislation. All it would take would be an organisation to set up and maintain the automated system, and to ensure that it wasn’t abused or allowing unwarranted access to private information. Such an organisation wouldn’t even need to be government funded. If Vince could get the business leaders of affected industries together, perhaps they’d even be willing to fund the implementation themselves, given the improved security it’ll give them and the savings they’ll make on processing paper-based “proofs”.
Improved security and increased convenience for both customers and companies? Surely a win/win for everyone involved?
Should we request Vince and Norman to get this sorted? If so, anyone know the best way to get it to ‘em?
* Daniel Henry is a member in Leicester.
10 Comments
I believe the technology for such a scheme already exists, this suggestion being similar to both OpenID and OAuth, as used by Twitter, Facebook, etc. for authorising third-party websites or applications to access your data without giving those third-parties your login details, which are held and managed in Secure Location™.
There’s a question of where the details are held and managed. Do you store your details on a internet-connected set-top box or computer in your home, managed through your TV or PC, or do you use a third-party, either with a Trusted Company™ or a government departmental database. Self-hosting the data in your own home would probably be the most trust-worthy solution for those who are wary of giving companies or government departments (greater) access to their sensitive data.
I should think there are a few issues here, but one of them is the legal status of the company holding the information. Prhaps it is simple to sort out but worth mentioning anyway. In effect that company is providing a sort of guarantee that their information is correct and reliable. What happens if you run up a bill at the company requiring information, and it turns out that the address provided by the company providing the information is erroneous due to their mistake, or because of your fraud? Who is legally responsible? This doesn’t seem to be an issue in the paper system.
I agree this stuff should be easier but I don’t think you can brush past “for whatever reason” and jump directly to a solution. The reason why a company is asking is critical because whatever the solution it must fulfil their requirements.
For example your idea depends on the bank as a trusted authority. However once your account is opened the bank never checks your address again. Production of a posted statement at least proves you have access to the address your bank has on record. The on-line solution doesn’t provide that security so it is a fundamentally weaker offering. Is it good enough? Perhaps in some cases but probably not universally.
@ Richard Shaw
The company e.g. utility providor, will already have your address. The automated system would simply share their record with the checking company so the checking company can verify that you are who you say they are, just as they do by checking a bill from said utility company.
@Richard Dean
The scenario assumes that the company with your information has a website that you can log in to. When you log in to your accounts on these websites, you normally have the option of checking your information. Also, the “confirmation screen” before sending off any information would give you a chance to ensure the data being sent was correct.
@John Richardson
You’re quite right there actually.
The reason I think companies value bank statements for ID purposes isn’t that they trust your bank to be omniscient with its knowledge, more that they want to ensure that your address is the one you pick up bank statements at. Banks perhaps would no longer be a suitable proof of address under this system.
Utility companies, on the other hand, will clearly know the address that they’re providing water/electricity/broadband to, so would remain suitable. In my case, I’d be able to log in to my “Virgin Media” account to provide proof of address through this system.
When I sold my business and retired I bought a large yacht for my home and set out on an unending holiday to make up for the good times I missed through being tied to my business. Although a law abiding credit worthy citizen all my life I now found myself classed by credit agencies alongside hippies, gypsies and homeless drop-outs. If I tried to circumvent the problem by offering cash up front I would be told that the system does not allow for this. We as Lib-dems are the champions of freedom for the individual and I applaud Daniel Henry for drawing attention to the plight of the unorthodox and eccentric who do not ” fit into boxes” and exercise a right to be different:
A pension fund ‘underpaid’ me last year. Although they regularly pay my pension into a UK bank they required, for me to receive the ‘underpaid’ amount (which apparently could only be sent as a cheque), a current bank statement, a utility bill and proof that ‘ I am still alive’ (as I live in France my local mayor obliged)…..A phone call asking why, as they were still paying my pension into the bank, couldn’t the outstanding amount be paid the same way was met with umpteen references to ‘financial regulations’.
If a major financial orgaisation needs such a ‘rigmarole’ for a regular client what hope for the’ irregulars’?
I’ve found no one questions the address details provided on HMRC communications (its a good reuse of all those “Notice to complete a tax return” letters HMRC so kindly sends me).
From a business viewpoint, being VAT registered means that anyone can put your VAT number into a website ( http://ec.europa.eu/taxation_customs/vies/vieshome.do ) and get address confirmation.
As for applications for security related jobs (or jobs requiring CRB checking), a current BPSS certificate should be more than sufficient. It also gives you feedback on the potential employer as if they don’t know what a BPSS certificate is then they don’t know much about security.
@ Michael
And I thought I had it bad!
Unfortunately, my suggestions of an electronic system might not have helped you either, as it still relies on the common institutions people use. Did you have an address for mail correspondence?
@Jason
The system wouldn’t help ease the crazy bureacratic demands of some of these companies but it would at least make it a bit easier to fulfill them. (Although the proof of being alive is quite a strange one that even my suggestions couldn’t help with!!)
Or you could print out a PDF statement from whatever supplier you have?
Chris
@John Richardson the problem with that is that a lot of us are now on paperless billing and print out a PDF when we need a proof of ID – so even the paper one doesn’t actually prove that we have current access to correspondence at our address, just that we once were able to present a proof of address to the satisfaction of the bank or utility.