Digital identity and access delegation for businesses
Problem.
Identity: we didn’t have a consistent way to identify a business across New South Wales government in Australia. It caused the issues where business customers where asked to provide different documentation to verify themselves every time they have to interact with government.
Fraud: impersonalisation and inconsistency in how government identify businesses and business owners often lead to fraud, and put personal customer data under risk.
My role.
I led the design team from 2021 when I just joined Service NSW. I was involved in running, coordinating and directing design activities for the team. I worked alongside engineers, content designers, business analysts and product managers.
The team shipped two foundational capabilities (business identity verification & role-based access delegation), before I moved up to the lead role in August 2022. My focus was shifted to product strategy, negotiating with stakeholders and promoting the capabilities.
Outcome.
In 2 years, we’ve build 3 complex capabilities related to business identity. These products became the foundation of an intricate business authentification ecosystem.
8164 early adopters are onboarded within 3 months of soft-launch of business identity verification.
We decreased engagement with front-line staff due to improved name-matching algorithm for business identity verification enquiry.
We decreased time spent on average government transactions for over 50% users: from 1 week to 2 days.
Understanding the definition of business in Australia
This project kicked off as a business requirement of a state Australian government. Government agencies were looking for a consistent way of identifying and verifying Australian businesses. It took the team 6 months of discovery before the first MVP was build (this is where I joint). The complexity of this solution required us to integrate with several government applications to process a person’s identity, business attributes and establish relationship between a person and a business.
We used existing Service NSW design system to build first prototypes.
Usability testing
We ran two usability testing on our first product. One with integration with another agency (Revenue NSW) for what we called a “service linking“. This integration is meant to enable business customers to access government services all in one place - Service NSW Business Profile.
The second testing was in relation to enabling business customer identification within Business Profile with the functionality of customers saving and re-using their status when applying for government grants and vouchers.
Expanding “plug and play” solution
The main goal of business identity products was to be reusable, so that every government product, service or program can consume the authentification token and allow a customer to access information they are authorised to access. We used several existing government scenarios to ensure that the component we produce meet business requirements, while not blocking the customer.
During the second stage of our project, we started the development of a role-based access delegation capability.
Role-based delegation access
The role-based delegation system allows business owners to delegate access to people they trust, when interacting with the state government.
It also allows our product teams and government agencies to set-up their own permissions within their services by using our role-based delegation framework.
Our first two slices of value was to add verification and delegation flows into existing Business Profile onboarding journey, and to allow access to these functionalities to existing Business Profile users.
To get a better understanding of how the users want to delegate access to existing products, we ran quantitative studies (card-sorting) with users and product teams, and qualitative studies with users.
Off the back of our research, we created our customer archetypes and prioritised first value we will deliver as a new product.
Future of digital identity
Our hopes that soon enough business customers won’t require to provide any paper work to be able to identify themselves and their relationship with a business. In an alignment with an overarching government strategies, we will be exploring the ways customers might use their credential tokens outside of government, such as when dealing with banks and other private organisations. This will save their time and provide our partners peace of mind that the identity of their customer is legit.
