There are many identity verification methods, but not all techniques are appropriate for all industries and companies – especially in the wake of major consumer distrust of enterprises that handle their data due to privacy violations from Facebook, Equifax and Capital One. Enterprises must evaluate their current business needs to determine which mechanism (or combination of mechanisms) are best suited for their specific use case.
A failure to do so can lead to inaccurate or incomplete verification that leads to increased fraud, consumer mistrust, and data breaches, all of which can have a massive impact on both traditional businesses and gig economy/marketplace businesses. The following are identity verification methods that every company should be aware of, including those that just won’t cut it in today’s increasingly disordered data economy.
Self-attestation provides the lowest level of assurance because it requires no corroboration with authoritative sources. In this method, an individual self-certifies that they are who they claim to be by photocopying their ID document, signing it, and writing “true copy” or “self-attested.” This verification method is not typically considered sufficient by today’s standards. Even so, many companies use this method – especially enterprises where their employees don’t interact directly with their customers.
The Knowledge-Based Verification (KBV) method will remain wholly insufficient so long as consumer credit reporting agencies continue to experience major data breaches in which peoples’ sensitive personal data (the information that is typically used for knowledge-based answers like “what is your mother’s maiden name?”) is made easily available online and/or cheaply obtained by cybercriminals via the Dark Web.
In June, The U.S. Government Accountability Office (GAO) released a report stating that several prominent government agencies still rely on the three major credit agencies (Equifax, Experian, and TransUnion) to verify a person’s identity with KBV, even though NIST no longer endorses this security method. The government must find a way to eliminate KBV methods to avoid having the individuals they serve become increasingly vulnerable to identity fraud.
Social Media Logins
Nearly every platform has a sign-on integration with Facebook and Google. While it’s convenient, the problem with using social media logins as an identity verification method is that they openly share peoples’ personal data with third parties for marketing purposes, and have experienced multiple serious data breaches in which millions of peoples’ personal data were exposed to cybercriminals. There’s no way to guarantee that the person using a social media login to reset their password on a different platform is in fact the account holder because social media identities aren’t verified––they only ensure that the individual attempting to recover their linked account has access to the email address associated with the social media account.
ID Document Scans
Scanning an ID document is equivalent to finding one piece of the puzzle, as this method can only prove that the document is valid, but not that the individual is the person in the ID. Remote identity verification providers that use ID document scanning alone employ widely different technologies to scan documents, some of which are not as effective and may produce inaccurate results.
Identity verification is usually performed once, but authentication––which proves an individual’s assertion that they are who they claim to be through the corroboration of various identification points––can be performed many times. It’s for this reason that, when combined with similar identity verification methods, authentication can be a powerful tool to validate a person’s identity and credentials.
Biometric Liveness Selfie
An ID is easier to verify when it’s accompanied by a selfie of the applicant who’s submitting the document in question, but recent advancements in artificial intelligence technologies have made it possible to completely fabricate static photos of faces. Biometric liveness selfies can be helpful for preventing fraud, as they rely on unique biological characteristics to verify an individual’s identity, but should ideally be combined with other verification techniques, as this method is still susceptible to “presentation attacks” like spoofing and deepfakes.
Virtual In-Person Verification
The technology behind virtual in-person verification is akin to a virtual meeting via video chat that enables an individual to speak directly with an authoritative official to verify their identity. In-person verifications are typically considered the gold standard because physical faces and fingerprints are much harder to falsify, but as global connectivity continues to progress, virtual in-person verifications will become the next best option.
Identity verification mechanisms and techniques can be used interchangeably to strike the right balance between adding friction and reducing fraud. Enterprises should think critically about which combination is best for their specific business needs, and implement them accordingly to prevent fraud, optimize conversions, and increase revenue. As more businesses undertake comprehensive verification, there will undoubtedly be an increase in consumer trust for the services they provide.