ISO/IEC 18013-7 extends the mobile driver's license standard to online verification. While ISO 18013-5 defines how mDLs work for in-person presentations, such as at a TSA checkpoint or traffic stop, ISO 18013-7 specifies how they can be presented over the internet for remote services, including account creation, digital onboarding, or online age verification.
Why is online verification different?
In-person verification benefits from physical context. A TSA agent can see the person presenting the credential. Online verification lacks this context, which creates different security and privacy challenges.
ISO 18013-7 addresses these challenges by defining protocols for the remote presentation of credentials. It specifies how a website or application can request specific attributes from an mDL, how the holder's wallet responds, and how the verifier confirms authenticity, all without requiring the credential holder to upload images or share unnecessary data.
What use cases does it enable?
The standard opens mDLs to a wide range of online applications. Residents can use their DMV-issued identity to open bank accounts, access government benefit portals, complete age verification for online purchases, apply for jobs, or sign up for services, without uploading photos of physical IDs.
Financial institutions are particularly interested in ISO 18013-7 for Know Your Customer (KYC) compliance. NIST's National Cybersecurity Center of Excellence (NCCoE) has convened banks, state agencies, and technology providers to demonstrate the secure use of 18013-7-compliant mDLs for identity verification in the financial sector.
How does it protect privacy?
Online verification presents unique privacy risks. Without safeguards, every credential check could be logged, creating a surveillance trail of when and where you prove your identity online.
ISO 18013-7 supports selective disclosure, allowing holders to share only the specific attributes a verifier needs. A website verifying age receives confirmation that you're over 21, not your full birthdate, address, or license number. Combined with appropriate implementation choices, the standard enables privacy-preserving online identity verification.
What's the relationship to 18013-5?
The two standards complement each other. ISO 18013-5 handles in-person, device-to-device verification (attended interactions), while ISO 18013-7 handles remote, online verification (unattended interactions). Together, they provide a complete framework for mDL presentation across all contexts.
States implementing mDL programs increasingly support both standards to maximize utility. California's DMV Wallet, for example, supports ISO 18013-7 for online presentation, allowing residents to use their mobile driver's license for passwordless logins and digital onboarding.
Want to keep learning?
Subscribe to our blog.
