Before setting up an account or beginning a relationship with a customer, companies commonly want to validate that the applicant is who they claim to be. Identity verification is the process by which a person can prove their identity to an organization or service.
What is Identity Verification?
Identity verification is the process of proving that someone is who they claim to be. For example, when a person opens a bank account or signs a lease, it is important to ensure that they are who they claim.
Without strong identity verification, it is possible that someone could open an account or take out a loan in another person’s name, enabling them to commit financial fraud and ruin the person’s credit score. Identity verification is vital for protecting against identity theft and ensuring that people are who they claim when opening a new account, claiming tax refunds, or applying for government services.
When verifying identity in-person, typically the applicant presents a set of documents that are accepted as proof of identity. Common examples include government-issued identification, passports, and birth certificates.
Identity Authentication vs. Verification
Identity authentication and verification are similar but distinct concepts. Identity verification is the process of proving an individual’s identity. This verification is performed once and used to link a person’s identity to unique information that can be used to uniquely identify them in the future.
User authentication, on the other hand, is repeated whenever a user wishes to prove their identity to a particular application or service. This authentication process uses the unique information linked to a person’s identity to authenticate their identity before providing access to their account.
How is Identity Verification Performed Online?
As online and digital services grow, people are increasingly creating accounts with banks and other organizations online rather than in-person. As a result, it is vital for these organizations to be able to verify the identity of these applicants over the Internet.
Online identity verification can be performed in a variety of different ways. Some of the most common methods of online identity verification include verification using biometrics, identity documents, unique knowledge, or one-time passwords (OTPs).
Biometric data is ideal for user verification. Biometric verification methods include facial recognition, fingerprint scanning, and any other measure of a unique physical attribute of a person.
Biometrics offers the most secure and user-friendly method for user verification or authentication. Biometric data is much more difficult to fake, steal, or copy than other verification methods. Additionally, since biometric scanners collect physical attributes, it provides a better user experience because it does not require a user to have access to documents or devices or memorize unique information.
ID Document Verification
In-person identity verification is typically performed using identity documents like government IDs, passports, and birth certificates. These documents can also be used for online verification of a user’s identity. Documents can be scanned or photographed and transferred to the verification authority to be checked for validity and legitimacy.
Knowledge-based verification is another common form of identity verification, especially for verifying identity over the phone or as part of a password reset process. A user may be asked for information that theoretically only they would know such as their Social Security Number, birth date and place, etc. When attempting to verify a user’s identity after a lost password, a service may also use information available to them for verification, such as asking about previous transactions or the sources of deposits into the account.
Knowledge-based verification systems operate under the assumption that the requested information is only known to the legitimate user. However, this is frequently not the case. For example, past addresses and birth places are often public record, and other sensitive information such as a Social Security Number or other government-provided ID may have been exposed in a data breach.
One-Time Password (OTP) Verification
One-time password (OTP) verification is used to verify a user’s identity based on their ownership of a phone number or email address. The service sends a single-use code to the applicant via SMS or email. By entering this code into the website, the applicant proves that they have access to the relevant phone or email account.
OTPs are a common verification technique, but they lack the same level of security as biometric verification. SMS messages can be intercepted, and email accounts may be compromised or shared by multiple parties. Additionally, this form of identity verification is prone to phishing attacks where users a tricked into sending their OTP to an attacker.
What Are the Benefits of Digital Identity Verification?
Digital identity verification provides several benefits to an organization, including:
- Support for Digital Accounts: Customers are increasingly using online services, and it is possible to open even high-risk accounts like bank accounts entirely online. Digital identity verification makes it possible for these companies to achieve strong proof of identity.
- Convenient Verification: In-person identity verification requires customers to visit a dedicated facility to prove their identity. Digital identity verification provides the ability to validate customers’ identity from anywhere.
- Strong Verification: Modern devices have the sensors and cameras needed to collect high-quality biometric information and scan relevant documents. This helps to provide strong proof of a user’s identity.
- Live Verification: Digital identity verification enables the use of one-time passwords and other identity verification tools that prove access to certain accounts, devices, etc. These approaches are rarely used for in-person verification.
Identity Verification Regulations and Standards
Identity verification is crucial for organizations in some industries, such as financial institutions. If a person can open a bank account under a fake identity, they can use it for fraud and other illegal activities.
Multiple jurisdictions have implemented regulations and standards for identity verification. Some of the major ones include:
- 5th Anti-Money Laundering Directive (AML5): AML5 is an identity verification law in the EU designed to prevent money laundering. Affected institutions are required to implement Know Your Customer (KYC) and Customer Due Diligence (CDD) policies.
- Regulation on Electronic Identification and Trust Services (eIDAS): eIDAS is an EU regulation designed to allow EU citizens to use their electronic IDs to access public services across the EU.
- Customer Identification Program (CIP): CIP is a US law requiring that financial institutions have a reasonable belief that their customers are who they claim. This requires identity verification and is designed to protect against money laundering and other financial fraud.
Implementing Strong Digital Identity Verification
While KYC requirements typically only apply to financial institutions, many organizations have a desire or a need to verify their users’ identities before allowing them to open an account. While in some cases ownership of an email address is enough, in others, a stronger proof of identity is required.
Biometrics is an ideal means of implementing digital identity verification and supporting ongoing user authentication. Biometric data is quick and easy to collect, making it extremely user-friendly, but is also difficult to copy or fake, ensuring the security of the user verification or authentication process.