MyDigital ID has a secure and trusted layer for verification, says Deputy CEO

“Who here has downloaded and installed MyDigital ID?” asked MyDigital ID’s Deputy CEO, Ts. Azrin Aris, to the conference hall, and it was met with only a few raised hands. 

MyDigital ID is national initiative aimed at transforming Malaysia into a digitally driven, high-income nation. 

Aris was speaking at the Cyber Defence and Security Exhibition and Conference (CYDES) in July, Putrajaya, Malaysia, where GovInsider was invited as a media partner. 

His simple question captured the core challenge Malaysia has faced in recent years: how to build adoption, trust, and seamless integration of digital ID.

Since its launch in November 2023, MyDigital ID has only 2.8 million registered users out of 22 million MyKad (Malaysia’s official identity card) holders. 

To reassure conference participants, Aris explained that MyDigital ID has developed a secure and trusted layer for identity validation. 

“It allows banks, telecommunications operators, and government agencies to onboard users with greater confidence and reduce the risk of fraud,” he said. 

Using three parameters - name, national identification number, and facial scan - MyDigital ID ensured that individuals registering are indeed who they claim to be, without collecting unnecessary personal data. 

“We don’t ask for your address. We don’t ask for your income data. We just want to ensure you can navigate the digital world safely,” he added. 

During the panel session titled National Digital ID: Unlocking Trusted Digital Services, panelists from the public and private sectors who addressed the challenge of public trust in the national digital identity system. 

Joining Aris on the panel were Personal Data Protection (PDP) Department’s Assistant Commissioner, Muhammad Sufyan Basri; MSC Trustgate’s Director, Syed Mohd Razaleigh; and CTOS Data Systems Sdn Bhd CEO, Eric Chin.  

The panel was moderated by MyDigital Deputy CEO, Rita Irina Abd Wahab. 

Giving back control to citizens 

Malaysia-based licensed certification authority Trustgate’s Razaleigh said that to encourage wider adoption of MyDigital ID among citizens, the most critical elements were security and trust.

He suggested Malaysia to take inspiration from Estonia, where more than 99 per cent of citizens use e-ID (Estonia’s digital identity) for healthcare, elections, and daily transactions. 

“The key is to give our citizens control over their data - what can be seen, what cannot be seen, who can access it, and even who has viewed it. This will enhance trust,” he said. 

Beyond transparency, seamless data exchange between the public and private sectors also played an important role in building trust, he added. 

To subscribe to the GovInsider bulletin, click here.

PDP Department Malaysia’s Basri added that the practical implementation of the PDP Act is critical amid the rising frequency of data breaches, phishing attacks, and privacy violations. 

“This law ensures that even when data is processed or shared, it is done transparently, securely, and within a legal framework,” Basri said. 

According to Basri, Malaysia’s PDP Act was based on seven core principles: user notification, choice, disclosure, security, retention, data integrity, and access, which guide how MyDigital ID manages personal data. 

“MyDigital ID can provide privacy notifications and allow users to agree or decline data collection. Collected data is also not stored longer than necessary,” he added. 

Challenges from the private sector 

Credit reporting agency CTOS’ Chin highlighted that while the government sets the vision, private sector players and licenced digital verification service providers form the operational backbone of Malaysia’s digital ID initiative.

“Trust is not just about systems. It is also about a shared commitment between the government, industry, and the public to create a secure, transparent, and inclusive digital identity ecosystem,” he said. 

Chin noted that a key challenge to address now is how to seamlessly integrate the digital ID system with private sector infrastructure.  

He cited the example of Bank Negara Malaysia’s e-KYC project, which required six to seven months of testing before implementation due to the complexity of internal systems.  

Furthermore, Chin highlighted the transformative potential of MyDigital ID for Malaysia’s economy, particularly in accelerating credit access for underserved populations and promoting financial inclusion. 

“Digital ID has the potential to be a game-changer in expanding credit access, enabling banks to reach the unbanked and underbanked efficiently.” 

Developing alternative verification schemes 

Amid discussions on technology and policy, the moderator raised a critical question: “What about those without smartphones or stable internet connectivity?”

Addressing this challenge, Aris explained that registration kiosks have been placed at post offices, allowing citizens to register using their MyKad and biometric verification through devices provided at the kiosks. 

“If someone claims that if you don’t have a smartphone, you cannot access digital services, that is not true,” he emphasised.  

In addition to utilising post office kiosks, MyDigital was also piloting alternative verification options that do not require mobile devices, ensuring that citizens can still participate in government digital services without device barriers, he said. 

Moreover, other biometric challenges are also being studied, such as how to verify individuals with skin conditions or register those with faded fingerprints due to excessive touchscreen use. 

“We need a second layer of biometric verification – facial or iris scans – to ensure inclusivity while maintaining security,” said Aris.