How do users securely revoke or disable a lost or stolen state digital ID credential?
This fact-check may be outdated. Consider refreshing it to get the most current information.
Executive summary
States and vendors are building “remote revocation” and interoperable revocation mechanisms into mobile driver’s licenses (mDLs) and digital IDs so users can deactivate credentials if a device is lost or stolen; advocates and policy proposals call for certified wallets and uniform revocation systems to make that reliable across jurisdictions [1] [2]. Adoption is growing — roughly 14–15 states had mDL support in late 2025 — making revocation practices immediately relevant to many Americans [1] [3].
1. Why revocation matters now — the rise of mobile IDs
Digital driver’s licenses and state-issued digital IDs are moving from pilots into production across many states, and federal-level attention has pushed states to deploy mDLs; that increases the stakes for secure revocation when a phone is lost or stolen [1] [3]. Reports note about 14–15 states supporting mDLs or Apple Wallet integration by late 2025, a scale at which failures of revocation would create real, widespread identity risk [1] [3].
2. “Remote revocation” is the commonly cited solution
Journalistic and industry coverage highlights “remote revocation” as a key feature: the ability for a user or issuing authority to deactivate an mDL centrally so the credential cannot be presented from a compromised device [1]. This is presented as an advantage of digital IDs over paper — a lost plastic card can’t be remotely disabled, but an mDL might be [1].
3. Technical and policy sticking points: interoperability and standards
Policy analyses urge a federal role to define assurance levels, certify digital wallets, and create interoperable revocation mechanisms so a revocation action in one system actually prevents misuse in another [2]. Reporting also flags inconsistent state implementations and the absence of uniform standards as limiting factors — a revocation in one state or wallet design might not propagate to other verifiers if systems aren’t aligned [1] [2].
4. Practical user flows reported in sources
Available reporting describes features that would let users or agencies deactivate mDLs when devices are lost or compromised; it implies users should expect a combination of user-initiated actions (app controls, account portals) and issuer-driven revocation from DMV/secretary-of-state systems [1]. Specific step‑by‑step instructions for users to revoke a particular state mDL are not provided in the materials reviewed; state DMV guidance on replacing physical IDs exists but isn’t the same as digital revocation instructions [4] [5].
5. Where guidance is explicit — replace, report, and seek issuer help
For traditional lost/stolen physical IDs, federal and state guidance advises reporting and requesting replacement through official channels [4] [5]. By analogy and per industry writing, digital-ID systems supplement that with remote revocation features so users should report the loss to the issuing authority and use any wallet/app “disable” functions where available [1] [6]. Exact procedures vary by state and vendor, and the sources do not enumerate uniform steps.
6. Competing viewpoints and limitations in reporting
Sources promote remote revocation as an improvement [1] while policy papers warn that revocation is only effective if wallets, issuers and verifiers follow interoperable standards [2]. Coverage notes federal attention and executive orders to improve digital ID security but also documents slow, uneven implementation across states—creating a gap between promised revocation capabilities and guaranteed, nationwide effectiveness [1] [7] [2].
7. What users should do today, based on available reporting
Report the device lost to local authorities and to your state DMV or issuing agency, request credential suspension or replacement, and use any in‑app or account controls to disable the wallet credential — all measures recommended or implied by the reviewed sources [4] [5] [1]. Because implementations vary and interoperability is not yet universal, keep a physical ID or understand replacement timelines for your state [1] [5].
8. What policymakers and vendors must deliver for real security
Analysts demand certified wallets, common assurance levels, and interoperable revocation mechanisms so a revocation action reliably prevents misuse across jurisdictions and vendor ecosystems; without those, users’ remote revocations may be partial or ineffective [2]. The reporting shows federal and state actors recognize this need but have not yet completed uniform national standards [1] [2].
Limitations: reporting reviewed here describes concepts, policy goals, and state rollout counts but does not provide exact step‑by‑step revocation commands for a particular state’s app or wallet; available sources do not mention specific in‑app menu names, phone settings, or a universal hotline number for digital‑ID revocation [1] [4].