Verify ID service hammered by NAO

Verify third party online ID check
Verify
Share this content

The government’s third party online ID system Verify missed its usage and savings targets by 75%, according to the National Audit Office (NAO).

Verify relies on six commercial providers that control access to online government services. When the private sector solution was launched in 2016 the Government Data Service (GDS) estimated that 25m people would use Verify by 2020 and that it would save £873m.

Instead, the GDS lowered its estimate of the expected benefits during this period to £217m. According to the NAO, the 75% reduction resulted from Verify failing to achieve the take-up targets. For tax users, the initial business case assumed Verify would handle all annual PAYE users. In reality, HMRC estimated that only 4% of taxpayers use Verify to access its services.

In total 3.6m people had signed up for the service by February 2019 and based on current trends the NAO estimated the total would be 5.4m by 2020.

So far Verify has cost the government at least £154m, of which £58m has been paid to commercial providers. The NAO noted that the total cost was likely to be underestimated as it did not include costs for reconfiguring departmental systems to work with Verify.

The GDS expected Verify to be largely self-funding by the end of March 2018, but the low take-up means that government continues to fund it centrally. This arrangement is slated to end in March 2020, when the plan is to pass responsibility over to the private sector. Questions are still being asked in government circles whether this is a viable approach.

Universal credit dependency

Verify is a key ingredient to the roll out of Universal Credits, which prevents the government from closing down the ID portal completely. Universal credits claimants are supposed to use the service to apply for the benefits and manage their interactions.

Anyone who has attempted to use Verify will know how frustrating it can be getting the system to recognise all the information sources demanded to confirm an individual’s identity. Of the 70% of benefit claimants who attempted to use the system to verify their IDs, only 38% were able to do so.

The Department for Work & Pensions (DWP) is working with GDS on an improvement plan to increase the number of claimants successfully verified, and provided £12m to support the continued operation of Verify to March 2020, the NAO reported.

HMRC the biggest user

HMRC has made the most progress with Verify, which opens the door to taxpayers’ online personal tax accounts and self assessment returns.

The Verify project assumed that it would save the need for government departments to build separate identity management verification systems for their projects, and from better fraud prevention. “On the evidence made available to us, we have not been able to replicate or validate the benefits estimated by GDS,” the audit report commented.

The GDS assumed that 46 government services would rely on Verify, but of the 19 that do, 11 can still be accessed through legacy ID management systems, including HMRC’s self assessment tax return, employee PAYE portal, personal tax account and income tax refund claim services.

In fact, the tax department has emerged as one of the main alternatives to Verify. Eight of the departments relying on non-Verify services go through HMRC’s government gateway ID system. The latest implementation, HMRC’s Secure Credential Platform (SCP), has been running alongside the government gateway since October 2017 and has now replaced the old ID mechanism.

HMRC said it did not adopt Verify for all its services, partly because the new system was unable to cope with agents acting on behalf of others. The service was also likely to increase support calls when HMRC was trying to reduce customer contact by encouraging people to go online.

Taxpayers use Verify to log into their personal tax accounts, but the links to that data for commercial tax software that agents use are handled through HMRC’s SCP. As a result, the tax software industry viewed Verify as a something halfway between an irrelevance and an irritant, as commercial developers reported getting calls from taxpayers who couldn’t get the ID system to work.

According to Forbes Computer founder David Forbes, using third party verification is a good idea, but Verify started off on the wrong foot. “It would have made more sense if they had gone to suppliers like banks that have already verified who we are. Instead they went to new suppliers who required you to submit lots of different data types – which often took several attempts.”

If Verify is being pensioned off, Forbes floated the idea of a hierarchical alternative process where HMRC delegated authority to trusted third parties – for example professional advisers who carry out anti-money laundering identity checks on their clients.

Future plans

In May 2018, the Cabinet Office and Treasury were willing to reset of Verify as long as it fulfilled some technical requirements and attained buy-in from government departments. The reset tests were not met, the NAO reported.

A review conducted by the Infrastructure and Projects Authority (IPA) last year concluded, “successful delivery of the project appears to be unachievable” and recommended closing Verify down, while allowing for Universal Credit’s dependency on the service.

In October 2018 the Cabinet Office announced that the government would stop funding Verify in March 2020 and put a cap on further at £21.5m. Transitional contracts have been agreed with five commercial identity providers until March 2020, when GDS expects the private sector to take over responsibility for Verify.

After yet another resounding success for government IT projects – this time going down the outsourcing route – the prospects for Verify surviving as an independent entity are bleak. The IPA will conduct an end of life review of Verify as a government project.

In a somewhat ominous note, the NAO report noted, “This will consider the evidence underpinning GDS’s assumptions that a move to a private sector-led model is a viable option for Verify.”

About John Stokdyk

John Stokdyk, AccountingWEB head of insight

AccountingWEB’s Head of Insight has been with the site since 1999 and likes to spend his time studying accountants’ technology habits. When not nerding out, you can find him exploring obscure indie music and searching for the perfect organic sourdough loaf from his base in Brighton, UK.

Replies

Please login or register to join the discussion.

05th Mar 2019 14:49

I have only used Verify once, for a pro bono case referred in late January where an online SATR was needed quickly. I know why people don't use it twice. Once the process was complete, the tax return process was simple, but taking a photo of the ID document and uploading it in an acceptable format took umpteen attempts (when you have no reasonable alternative but a £100 fine, you keep trying).

Thanks (7)
avatar
07th Mar 2019 12:52

The system just doesn’t work. I used it for my personal tax, and sat alongside a client who thought that they would like to access their tax account personally. The first use went well, but thereafter it proved impossible to access my own account. I went through the whole process a second time, but using the same email address blocked me out. My client had a very similar problem. I spoke to HMRC’s technical team and was told that these problems were “known about”. Fortunately my firm’s access still works perfectly.

Thanks (3)
avatar
07th Mar 2019 14:08

The whole system is fundamentally flawed at a number of levels. 1) There is no legal requirement to have any photo ID in this country. If you don't drive and don't travel (which was the case for my late mother) you are stuffed.
The government wanted to set up a national ID system some years ago but that was scrapped. So how can it be fair to compel you into a system which requires something you are not required to have? 2) The notion of going out to a private company to verify ID is absurd. Basically, if any fraudster manages to con one of these organisations into accepting a fraudulent ID they then have access to all of the government sites. And since they can select the verifying organisation, they are clearly going to select the one they have conned. 3) It is perfectly possible that no credit reference agency etc has ones data, if you have never used credit for example. What then? I positively try to avoid getting on credit reference agencies databases because I don't want personal data bandied about. And GDPR is a joke. A small local golf club can be prosecuted for using data that it has been freely given, if it uses it to send out unapproved info, yet Experian which has data on me which I have never knowingly consented to is allowed to sell that data to all and sundry for marketing purposes without my consent, and which I did not know it had (and if you think that is wrong I have had proof!). The whole system needs a fundamental rethink.
And the government is moving more and more processes that have no alternative to the flawed online systems in so many areas. If I am one of the poorest in society, with no online access, or learning disabled and unable to handle the technology, I am doubly stuffed. Appalling!.

Thanks (6)
avatar
07th Mar 2019 21:58

I will add my voice its useless .

Thanks (0)