The Public Digital Identity System (SPID) and e-commerce: Toward a more secure way of purchasing online?

The Public Digital Identity System (“SPID”) has never been so popular in Italy. Launched in 2016 and generally seen as another way to unduly complicate simple procedures — why obtain a digital ID when you can just go to the appropriate government office? — SPID is proving to be a key factor in the COVID-19 era for the public sector. SPID is also available to private companies, which may allow their users to authenticate on their services using SPID.

What SPID is and how it works

SPID — an acronym for the Italian Sistema Pubblico di Identità Digitale — is a system providing individuals with digital identities to be used to authenticate themselves when accessing online public services requiring their identification.

SPID is regulated by section 64 of the Digital Administration Code (Legislative Decree No. 82/2005 — commonly known as the CAD) via an implementing decree that sets forth the characteristics of the system (Decree of the President of the Council of Ministers of October 24, 2014) and by several guidelines and technical rules issued by the Italian Digital Agency (“AgID”).

Basically, SPID works as follows:

  • SPID may be released only by “identity providers,” e., companies registered with AgID;
  • The identity provider identifies the user (either in person or remotely, for instance, using electronic signatures or video), creates the digital identity, and assigns login credentials to the identified user;
  • Subject to affiliation with AgID, public administrations and private businesses may rely on SPID to authenticate their clients for online services offered. In this case, instead of creating an account with the relevant website, clients may log in using their SPID credentials;
  • The identity provider verifies that the credentials entered are correct and communicates this information to the relevant public administration/business, which then allows access to the services;
  • No account is created/managed by the public administration/business offering the online service and the identity provider is the only one who has access to the identity of the user.

There are four different “levels” of SPID, each of which ensures an increasing degree of security. The first two levels are free for users, while public administrations/businesses availing themselves of SPID have to pay a fee to the identity providers. Moreover, under the guidelines published in March 2020 by AgID, SPID may also be used to sign documents and contracts electronically, with the same effects as wet ink signatures.

Advantages of SPID

The key aspect of SPID is the fact that it simplifies life. In fact, using SPID users may authenticate themselves on different websites using the same credentials. To put it simply, it is like having a digital master key for every website allowing SPID authentication.

At the same time, companies availing themselves of authentication systems based on SPID do not need to store users’ log-in credentials. Additionally, they have an easy way to verify users, thereby avoiding the issue of multiple/fake accounts.

More generally, implementation of the SPID authentication system could provide more certainty for online transactions. Indeed, it would be possible to execute online contracts via SPID using electronic signatures that have the same effects as wet ink signatures.

Opportunities for the private sector

Besides being a pivotal tool for the public sector, SPID also constitutes a huge opportunity for the private sector. According to AgID, in August 2020 10 million digital identities were created (4.5 million more than in 2019). Eleven companies (including Lottomatica, Infocert, Acquirente Unico, and Namirial) introduced authentication systems based on SPID.

There are many reasons for this success. One of these is probably the fact that many government payments and services were accessible only via SPID, since government offices were closed to the public during the COVID-19 lockdown and gatherings are still to be avoided.

A similar boost is being experienced by ecommerce, with 1.3 million consumers added during lockdown (data from Consorzio Netcomm).

In this context, companies should consider strengthening their e-commerce channels. Among the various potential strategies, implementing an authentication system based on SPID should at least be taken into consideration.

Follow us on