February 9, 2021 | Veratad Resources | File under: Identity Verification
Exploring the Top 5 Identity Verification Methods
Identity verification is an essential part of onboarding for many businesses. But with so many acronyms and technologies to remember, it can be hard to know which route to take. In this post, we review the top five identity verification methods – and how to determine which ones are right for your business.
What Are Identity Verification Methods?
Businesses need to know with certainty that their online customers are who they say they are. This makes online identity verification a crucial component of protecting the business from fraud, chargebacks and regulatory penalties. When we speak of online Identity verification methods, we are referring to the broad categories of technology that identity providers use to accomplish the task of verification.
There are a wide range of methods available to achieve a verified identity, each with their own strengths.
Top 5 Identity Verification Methods
Identity verification solutions that are built around the identity data method process user-provided personal identity data such as name, address, date of birth or other personal identity data elements, to verify a customer’s identity.
This method usually leverages trusted and verified data sources for comparison that may, depending on data availability by jurisdiction, offer coverage on billions of citizens worldwide.
The customer data is collected and compared to the trusted data sources where an identity provider can deliver back to the business a variety of responses, including a confidence score, based on how well the data matches.
This approach allows the business to decide whether or not they are comfortable to continue with the onboarding. They can alternatively refer the request for further consideration either by another method or a manual intervention.
Knowledge-based authentication (KBA) for onboarding of new customers is a subset of the identity data method. While this method has become challenged as the result of widespread data breaches, it is still used as an additional layer alongside the other methods.
The oldest form of KBA is based on “secret questions” (i.e. agreed questions and answers that are provided by the customer which are created after a successful onboarding). However, when this method is deployed for onboarding, the process is based on non-public identity data found in trusted and verified data sources to generate “out-of-wallet” challenge questions that only the customer should be able answer.
Most KBA providers can deliver up to eight multiple choice challenge questions in a single session and the most effective KBA is delivered with questions randomly generated that include synthetic questions to trick fraudsters.
The identity document method allows businesses to collect a government issued ID online, such as a driver’s license or passport. Then depending on the level of service, process the document images and the data extracted to verify identity.
While this method is relatively new, significant improvements to the automated analysis of a document collected online have enabled providers to better determine authenticity. This has made identity documents a more widely accepted method.
For documents where image quality may be poor or other questions arise as to authenticity, most providers also offer an expert manual review service. Providers offering this manual service employ teams of document inspection professionals qualified to visually inspect document images to make a determination as to authenticity.
Alongside this method, most identity providers allow for the data on the document to be extracted and then to be verified as with the identity data method. A further check can also be offered to be sure the document and identity are owned by the person asserting them online. This can be accomplished by deploying our next method, Biometrics.
Biometrics are a controversial subject these days mostly based on privacy concerns. That said, the use of this method online is gaining in acceptance for onboarding new customers usually used in the form of a real time facial comparison (as opposed to a facial recognition or authentication- a post for another day).
The facial comparison is made when the customer is asked to upload their photo ID. The ID document is first validated as authentic thus making the photo on the collected ID a trusted source for comparison. The customer will then be asked to provide a selfie so the system can analyze the biometrics between the selfie face and the picture provided. This process assures they are the same.
When taking the selfie, most providers allow for a “liveness” check to be sure the capture of the face in the selfie is that of a live person.
Combining biometrics with your document verification process provides an elevated confidence level that your customers are who they say they are.
Two-Factor and Smart 2FA Authentication
First, some background. 2FA, short for two-factor authentication, requires users to provide two different pieces of evidence that they are who they say they are. A solution is only considered 2FA if it uses both something you know (eg. username and password) and something you have (eg. possession of a device).
After the user enters their password during login, the authentication service sends a message – often via SMS – to their device. Users then use the device as a soft token that unlocks access.
By adding a second layer of authentication to login, 2FA makes systems, accounts and IT infrastructure more secure from account takeovers and fraudulent actors. Related to 2FA is multi-factor authentication (MFA), which is any technology that uses more than one factor to authenticate a user.
Smart Two Factor Authentication
There are any number of 2FA and MFA solutions on the market. But these solutions all have one limitation in common: You can’t use them to onboard customers.
Smart 2FA℠ is a new Veratad solution that introduces 2FA to the customer onboarding process by combining two-factor authentication with identity verification. This provides confidence that the person on the other end of the screen is who they say they are, with a great balance of certainty and friction.
It does this by introducing two new authentication factors:
- What You Own – ownership of the device
- Who You Are – verifying identity through data
Identity and phone records are incredibly difficult to impersonate. The combination of these factors allows you to verify and authenticate a user at the highest confidence levels.
Identifying the Right ID Methods
So, now that we have reviewed some high level descriptions of the methods, let’s discuss how to choose which are right for your business.
Depending on your objectives, you may find that your process requires more than one method. Most verification providers can suggest a best method, or combination of methods,after a review of your objectives.
First, we suggest you determine the specific broad categories that are driving your need for verification. Here are the most common ones:
- Regulatory Compliance such as KYC, AML, CCPA or GDPR Data Subject Requests
- Fraud Prevention and Chargeback Prevention
- Preventing Underage Purchases
- Combating Medical Identity Theft
Then, determine factors that may impact your options for deployment of the methods. These include:
- Availability of Data Sources
- Risk Tolerance
- User Experience and Friction
- Security Requirements
- Industry Best Practices
With this information in hand, reach out to a verification provider that can offer all the methods and ask for a needs analysis to fine tune your options. Many times one method alone won’t meet your objectives; so in that case, you can combine two or more verification methods and reap the benefit of using any or all via a single provider.
For businesses looking to verify their customers’ identity, it’s important to consider all the available identity verification methods and their use cases . By understanding the methods and your options, you’ll be able to deploy an identity verification solution that’s right for your business.