Tag Archives: mobile driver's license

In-person mDL Acceptance is Weak. Online Acceptance is Weaker.

Perhaps it’s different in Louisiana where the mDL is long established and supported, but in California the only place where I’ve used my mDL is at a TSA checkpoint. And last Friday I couldn’t even do that because the reader was down.

But at least mDLs are available to a large number of people. deepidv provides this good news…and the bad news.

“As of mid-January 2026, the American Association of Motor Vehicle Administrators tracks 21 US states plus Puerto Rico issuing ISO/IEC 18013-5 compliant mobile driver’s licenses. That includes California, New York, Virginia, Arizona, and most of the largest population states. Industry analysis puts the figure at roughly 41 percent of Americans now living in a state with an active mDL program, and 76 percent in a state where the program is live or in development.”

So at least many of us can get mDLs. But as I noted, it’s a challenge to use them in-person, despite a standard outlining how it can be used.

“ISO/IEC 18013-5 covers proximity presentation. The mDL holder shows the credential to a verifier device that is physically nearby, typically over Bluetooth Low Energy or NFC. That works for airport security, in-person retail age checks, and traffic stops.”

Google Gemini.

But it’s a greater challenge to use mDLs online.

“It does not work for online onboarding because there is no proximity. For online flows, the standard is ISO/IEC TS 18013-7, published in 2025, which defines remote and online presentation. Adoption of Part 7 is, in the words of the people building these systems, “limited and inconsistent.””

Google Gemini.

This is where the benefit of decentralized identity falls apart. In a decentralized identity system, the user controls where the identity is stored. (I have two California mDLs on my phone, because decentralized is very decentralized.)

deepidv has concerns with this:

“Device-side verification means the cryptographic check that establishes whether the credential is authentic happens in an environment the relying party does not control. A rooted phone, a compromised app, a tampered SDK, a man-in-the-middle on the verification flow, all of these break the trust model. The relying party is being asked to trust a yes-no answer it cannot independently verify.”

deepidv describes server-side verification, as well as other issues with mDL adoption, in its LinkedIn article.

Though not referenced by name, deepidv cites Regula’s support of server-side processing:

“Malware, rooted phones, tampered apps: User devices such as smartphones can pose risks to identity verification, as these environments are difficult to control against fraud.

“Regula says it has a solution. The identity verification firm has introduced server-side reprocessing of mobile driver’s license (mDL) data in its document reader software, Regula Document Reader SDK. The capability means that mDL data is processed on the backend in a controlled, trusted environment rather than relying solely on user devices, which also helps preserve the integrity of the identity signal across the verification flow. Data captured on the user’s device is revalidated through a PKI check and signature verification on the server.”

But will the decentralized identity people insist that server-side verification is evil? And how will the decentralized proponents convince others that a decentralized identity is really really secure?

If your company has a decentralized or centralized solution and you need to communicate its benefits to prospects, Bredemarket can work with you.

Stop losing prospects! Use Bredemarket content for tech marketers

Why Does California Support Two Separate Digital Wallets For Its Mobile Driver’s License?

This morning I was attending a NIST webinar on mobile driver’s license use at financial institutions, and began looking at the services I could access in April 2026 with my California mobile driver’s license—financial and otherwise.

Of course I already knew that I could use my California mDL at the Transportation Security Administration checkpoint at Ontario International Airport. In fact, the mDL in my Apple Wallet (obtained in 2024) recorded the fact that I used my mDL at the airport on August 31, 2025.

Google Gemini.

But today I learned that some services are NOT available with the mDL in my Apple Wallet, but ONLY while using the “CA DMV Wallet” app.

So I downloaded the app, which I last used in my initial unsuccessful attempt to obtain an mDL. (I finally used Apple’s facility to get one.) I assumed that since I already had my mDL in my Apple Wallet, it would automatically show up in the app.

You know what happens when you assume. My buddy Google Gemini pointed it out to me.

“It’s a common point of confusion, but the Apple Wallet and the CA DMV Wallet app are actually two separate “containers” for your digital ID. Because California uses a secure, decentralized system, your mDL doesn’t automatically sync between them. Even if it’s already in your Apple Wallet, you have to go through a separate enrollment process to “provision” it into the DMV’s official app.”

Which meant that I had to enroll again and get another decentralized mDL, which I did. (After some difficulty; it took four separate attempts to capture my facial image, which was only successful when I went into a very dark room.)

Now that my mDL is in this second wallet, I could go ahead an enroll in the TruAge program for age verification at a private retailer.

Google Gemini.

As I type this, TruAge hasn’t processed my application.

And now for a word from our sponsor

Mobile driver’s licenses are a digital form of “something you have,” which is a factor of identity verification and authentication.

Would you like to learn about all six of the identity verification and authentication factors? (Not three. Not five.)

Learn more about the six identity factors.

Six identity factors. One Bredemarket ebook. Total identity protection. Purchase “Proving Humanity: The Six Factors of Identity Verification and Authentication.”

Four pages from "Proving Humanity: The Six Factors of Identity Verification and Authentication" by John E. Bredehoft, Bredemarket., Click on the image to purchase.

Knowledge of Age Without Birthdate Does Not Provide Complete Privacy

In the past, I have gone on ad nauseam about how mobile driver’s licenses are more private than physical driver’s licenses. Here is how I stated it in July 2024:

“When you hand your physical driver’s license over to a sleazy bartender, they find out EVERYTHING about you, including your name, your birthdate, your driver’s license number, and even where you live.

“When you use a digital mobile driver’s license, bartenders ONLY learn what they NEED to know—that you are over 21.”

Which is extremely limited information.

But some age verification systems may provide your age in years, without necessarily revealing your exact date of birth.

That single number—whether it is 17, 27, or 57—reveals a lot more than we realize.

Let’s say that we know that Jill is 57 years old. This means that she was born in either 1968 or 1969. If Jill has lived her entire life in the United States, we immediately know several things about her with some certainty.

  • First, we know that she is part of Generation X, which means she may exhibit skepticism rather than corporate loyalty, and a comfort level with email rather than Telegram or what we now refer to as “voice calls.”
  • Second, we know the types of experiences she probably had in her childhood and teenage years. She probably played with Star Wars toys as a kid. She knew a little bit about Billy Carter, the funny Presidential brother. She feared for the lives of the hostages in Iran.
  • Third, we know the types of experiences she didn’t have. She never saw a cigarette commercial on TV. If she watched Star Trek, she saw it on an “independent” station, not on NBC during prime time. She never feared for the lives of the Israeli Olympians in Munich.

It’s not a lot to go on, and it may not be 100% accurate if Jill grew up in a household that viewed television as demonic.

But it’s enough for a product marketer to shape age-sensitive product marketing.

This isn’t true for all products. Biometric system marketing, for example, isn’t affected by the age of the government procurement officer who is buying the biometric system.

But if your product appeals to some ages more than others, knowing the ideal age of your target audience personas shapes your content. If your target audience is just out of college, “I can’t believe I ate the whole thing” is meaningless to them.

Government Anti-Fraud Efforts: They’re Still Siloed

When the United States was attacked on September 11, 2001—an attack that caused NATO to invoke Article 5, but I digress—Congress and the President decided that the proper response was to reorganize the government and place homeland security efforts under a single Cabinet secretary. While we may question the practical wisdom of that move, the intent was to ensure that the U.S. Government mounted a coordinated response to that specific threat.

Today Americans face the threat of fraud. Granted it isn’t as showy as burning buildings, but fraud clearly impacts many if not most of us. My financial identity has been compromised multiple times in the last several years, and yours probably has also.

But don’t expect Congress and the President to create a single Department of Anti-Fraud any time soon.

Stop Identity Fraud and Identity Theft Bill

As Biometric Update reported, Congresspeople Bill Foster (D-IL) and Pete Sessions (R-TX) recently introduced H.R. 7270, “To establish a government-wide approach to stopping identity fraud and theft in the financial services industry, and for other purposes.”

Because this is government-wide and necessarily complex, the bill will be referred to at least THREE House Committees:

“Referred to the Committee on Oversight and Government Reform, and in addition to the Committees on Financial Services, and Energy and Commerce, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.”

Why? As I type this the bill text is not available at congress.gov, but Foster’s press release links to a preliminary (un-numbered) copy of the bill. Here are some excerpts:

“9 (9) The National Institute of Standards and
10 Technology (NIST) was directed in the CHIPS and
11 Science Act of 2022 to launch new work to develop
12 a framework of common definitions and voluntary
13 guidance for digital identity management systems,
14 including identity and attribute validation services
15 provided by Federal, State, and local governments,
16 and work is underway at NIST to create this guid
17 ance. However, State and local agencies lack re
18 sources to implement this new guidance, and if this
19 does not change, it will take decades to harden defi
20 ciencies in identity infrastructure.”

Even in the preamble the bill mentions NIST, part of the U.S. Department of Commerce, and the individual states, after mentioning the U.S. Department of the Treasury (FinCEN) earlier in the bill.

But let’s get to the meat of the bill:

“3 SEC. 3. IDENTITY FRAUD PREVENTION INNOVATION
4 GRANTS.
5 (a) IN GENERAL.—The Secretary of the Treasury
6 shall, not later than 1 year after the date of the enactment
7 of this section, establish a grant program to provide iden
8 tity fraud prevention innovation grants to States.”

The specifics:

  • The states can use the grants to develop mobile driver’s licenses “and other identity credentials.”
  • They can also use the grants to protect individuals from deepfake attacks.
  • Another purpose is to develop “interoperable solutions.”
  • A fourth is to replace vulnerable legacy systems.
  • The final uses are to make sure the federal government gets its money, because that’s the important thing to Congress.

But there are some limitations in how the funds are spent.

  • They can’t be used to require mDLs or eliminate physical driver’s licenses.
  • They can’t be used to “support the issuance of drivers licenses or
    identity credentials to unauthorized immigrants.” (I could go off on a complete tangent here, but for now I’ll just say that this prevents a STATE from issuing such an identity credential.)

The bill is completely silent on REAL ID, therefore not mandating that everyone HAS to get a REAL ID.

And everything else

So although the bill claims to implement a government-wide solution, the only legislative changes to the federal government involve a single department, Treasury.

But Treasury (FinCEN plus IRS) and the tangentially-mentioned Commerce (NIST) aren’t the only Cabinet departments and independent agencies involved in anti-fraud efforts. Others include:

  • The Department of Justice, through the Federal Bureau of Investigation and the new Division for National Fraud Enforcement.
  • The Department of Homeland Security, through the Secret Service and every enforcement agency that checks identities at U.S. borders and other locations.
  • The Federal Trade Commission (FTC).
  • The Social Security Admistration. Not that SSNs are a national ID…but they de facto are.
  • The U.S. Postal Inspection Service.
  • The Consumer Financial Protection Bureau.

These agencies are not ignored, but are funded under mandates separate from H.R. 7270. Or maybe not; there’s an effort to move Consumer Financial Protection Bureau work to the Department of Justice so that the CFPB can be shut down.

And that’s just one example of how anti-fraud efforts are siloed. Much of this is unavoidable in our governmental system (regardless of political parties), in which states and federal government agencies constantly war against each other.

  • What happens, for example, if the Secret Service decides that the states (funded by Treasury) or the FBI (part of Justice) are impeding its anti-fraud efforts?
  • Or if someone complains about NIST listing evil Commie Chinese facial recognition algorithms that COULD fight fraud?

Despite what Biometric Update and the Congresspeople say, we do NOT have a government-wide anti-fraud solution.

(And yes, I know that the Capitol is not north of the Washington Monument…yet.)

Google Gemini. Results may not be accurate.

ABI Research and Physical Credentials

Those of us embedded in the identity industry pay special attention to mobile credentials. Although I have wondered whether mobile ID adoption will decrease, we’ve assumed that digital identities will advance.

Just like the death of passwords.

You can see where this is going.

ABI Research has shared its predictions on 13 technology trends for 2026. I paid special attention to number 11.

“It is clear that digital-first identity systems are unlikely to become standard. Most governments will still rely heavily on physical credentials through 2026. Physical documents, such as diver’s licenses and passports, have long life spans. Physical security is already a proven technology, making it essential for continued trust and accessibility in the wake of ever-more sophisticated attack methods. ABI Research cybersecurity analysts view mobile ID as more of a companion to physical credentials.”

Oh, and number 12.

“Interest in biometric payment cards has waned due to high costs and complex onboarding. Zwipe’s bankruptcy in March 2025 is emblematic of this latest trend. To extract returns from their prior investments in biometrics, digital payment providers are pivoting to other markets like secure access and cold wallets. Going forward, the technology will shift from mainstream ambition to specialty use cases, with fewer launches expected in 2026.”

To see what these and the other 11 predictions mean, read the ABI Research article.

Modern Airport Identity Security: mDLs at TSA at ONT

Today’s acronyms are TSA, ONT, and mDL.

I finally found a legitimate use for my California mobile driver’s license (mDL) this afternoon.

Ontario International Airport (ONT) allows people without tickets to reserve a day pass to see departing passengers off. The day pass functions as the equivalent of a real passenger’s boarding pass…with appropriate identification.

Both the day pass and my mDL were in my smartphone wallet, so all went smoothly. I wasn’t paying enough attention to know if the Transportation Security Administration (TSA) compared my live face to my mDL, but they probably did.

And I can confirm that Richard Reid rule is gone: no shoe removal required. Belts are another matter.

No true pictures, just an artistic re-creation.

Will There Be FEWER States with Mobile Driver’s Licenses in the Future?

(Imagen 3)

Normally when states adopt a new technology, one state will first adopt it, followed by other states, until eventually all states adopt it. (Take REAL ID.)

It’s rare that a state adopts an emerging technology and then trashes it.

Last year

But that’s exactly what happened in Florida last summer, when the state withdrew support for its Thales mobile driver’s license (mDL) pending the creation of a new mDL from a new vendor.

Update as of June 2025…there isn’t one.

“The Florida Smart ID applications will be updated and improved by a new vendor. At this time, the Florida Department of Highway Safety and Motor Vehicles is removing the current Florida Smart ID application from the app store. Please email FloridaSmartID@flhsmv.gov to receive notification of future availability.”

This year

But hey, I’m sure Florida is working behind the scenes to develop a new mDL. After all, digital identity remains a federal priority.

Um…check Biometric Update.

“At the forefront of the Trump administration’s cybersecurity shift is the categorical removal of Biden-era digital identity initiatives which had encouraged federal agencies to accept digital identity documents to access public benefit programs and promoted federal grants to help states develop secure mobile driver’s licenses.”

Biometric Update is specifically referring to President Donald Trump’s Executive Order issued last Friday, which affects cybersecurity efforts in general. Lots of use of the Q word.

Next year?

But if states aren’t receiving federal funding to develop mDLs, and if states decide that only physical driver’s licenses are in their interest, then will mDL adoption slow?

Or may other states follow Florida’s lead and let their contracts with mDL vendors expire?

SWOT analysis advocates…this is a threat.

Oh, and by the way…don’t forget that moving from mDLs back to physical driver’s licenses leads to a certain loss of privacy

Privacy.

Privacy by John Maus

(AI wildebeest and iguana images from Imagen 3)

Discovered a song about privacy (by John Maus) and had to create a reel that used the song. Note the mDL privacy-preserving features toward the end of the reel.

“Dead bolts and windowed bars

Lowered drapes and screened calls

Headphones on tightly”

https://www.instagram.com/share/_ejtehYyr

Privacy.

Digital Driving Licences With Two Cs

(Imagen 3)

In my country, the issuance of driver’s licenses is performed at the state level, not the national level. This has two ramifications.

REAL ID

The U.S. government wanted to tighten down on identification cards to stop terrorists from hijacking planes and crashing them into buildings. 

But it couldn’t. 

When it told the states to issue “REAL ID” cards by 2008, the states said they wouldn’t be told what to do. 

Today all of them support REAL ID cards as an option, but use of REAL IDs for federal functions such as plane travel won’t be enforced until 2027…if then.

mDLs

For years there has been a move to replace physical driver’s licenses with mobile driver’s licenses, or mDLs.

Again, in my country this has been pursued in a piecemeal basis on the state level. Louisiana has its own mDL, with a separate one in Oklahoma, one in California, others in other states, and none in other states. And one state (Florida) that had one, then didn’t have one.

Some mDLs are in custom wallets, while others are or are not in wallets from Apple, Google, and Samsung.

Oh, and don’t try using your Louisiana mDL to buy a beer in Arkansas.

Meanwhile, in the UK

Things are different in other countries. Amit Alagh shared a BBC article with me.

“Digital driving licences are to be introduced in the UK as the government looks to use technology to ‘transform public services’…. The new digital licences will be introduced later this year….”

Throughout the entire United Kingdom, including Scotland and Northern Ireland, apparently.

In one fell swoop. Entire country done.

California Knows How to Party (California mDL)

Well, it took long enough.

In part because when I first tried to get a mobile driver’s license (mDL), I used my OLD physical driver’s license AFTER I had renewed my driver’s license online (but before I received the new physical license). Data mismatch. Rejected.

And in part because I kept on forgetting to perform the additional steps to confirm my identity.

And in part because I didn’t truly NEED the mDL—I haven’t flown anywhere since April 2023, and for some strange reason no vendor of age-controlled products has insisted on carding me.

California mobile driver’s license (mDL).

But I now have a California mDL. After talking about mDLs for years as a former IDEMIA employee.

I’ve previously espoused the benefits of mDLs. For example, when a retailer DOES check my age before I buy a beer, the retailer doesn’t learn my address or my (claimed) height and weight. The retailer only needs to confirm that I am old enough to buy a beer.

Oddly enough, I had to block out certain information on my displayed mDL in the image above. Because MY privacy requirements obviously don’t conform to California’s privacy requirements.