Identity Proofing: What It Is and How It WorksI
Identity proofing provides an effective way to verify that your online customers are who they claim to be. Knowing how to conduct ID proofing can protect you and your clients from fraud, providing a better experience for your customers and building a better reputation for your brand.
Here we’ll walk you through an introduction to identity proofing. First, we’ll start by providing an identity proofing definition and clarifying how identity proofing relates to authentication. Then we’ll consider why identity proofing is important and examine how it works. Finally, we’ll look at three of the top identity proofing methods and offer some resources to help you implement them.
What Is Identity Proofing?
Identity proofing is a method of confirming that a person’s claimed identity matches their actual identity. It is done as a safeguard against identity theft and digital fraud.
Identity proofing involves:
- Distinguishing what identity is being claimed
- Collecting and confirming information about the claimed identity
- Verifying that the person providing the information is the legitimate individual associated with that ID
Completing these steps is done through procedures such as:
- Reviewing ID documents
- Using biometric identifiers such as facial recognition
- Performing tests to authenticate that the person making the identity claim is legitimate, such as asking them to answer a secret question or sending them a confirmation code
For maximum effectiveness and to reduce customer inconvenience, these steps are best executed using identity proofing service software.
What Is the Difference between Identity Proofing and Authentication?
Authentication is the last step in the identity proofing process. After you’ve validated the authenticity of the ID credentials a person has provided in the first two steps, you still need to check whether the person attempting to use those credentials is the rightful owner of that ID. Authentication is performing this check when someone tries to use ID credentials for an action such as logging into an account, conducting a banking transaction, or authorizing a credit card purchase.
A conventional way of doing authentication tests is asking a person the answer to a question only the legitimate account holder would know, such as their favorite place to visit as a child. However, such information can be stolen, so newer authentication methods attempt to be more difficult to bypass. For example, a person may be required to use a biometric identifier such as a fingerprint or selfie, or a code may be sent to the legitimate account holder’s cellphone.
Why Is Identity Proofing Important?
Identity proofing benefits companies in multiple ways, helping with:
- Meeting compliance requirements for Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations
- Fulfilling responsibilities to protect your organization and users against security threats
- Prevent rising costs of identity fraud for individuals and companies
- Building customer trust that you take necessary security measures to protect your clients’ Personally Identifiable Information (PII)
The benefits make identity proofing in your company’s and customers’ best interests.
How Does Identity Proofing Work?
The National Institute of Standards and Technology (NIST) Digital Identity Guidelines define three steps in the identity proofing process for credential service providers (CSPs):
1. Resolution: Collecting evidence of identity
2. Validation: Checking the authenticity, validity, and accuracy of the evidence provided and its association with an individual or business
3. Verification: Linking the evidence to a real person or business
Let’s look at what each of these steps involves:
This step involves collecting two categories of data from an applicant. First, the applicant supplies personal identifying information such as name, address, date of birth, email, and phone number; or for businesses, business name and address, date of incorporation, business email and phone, and so on. Second, the applicant supplies ID documentation, such as a driver’s license and passport.
This step checks that the data collected in the first step represents legitimate identification credentials. The applicant’s identifying information is checked against known information, such as government or private databases. Elements of ID documents are checked by procedures such as reviewing images, inspecting documentation format, looking for alterations, and checking with issuing agencies.
In this final step, credentials validated in the previous step are authenticated to confirm that the person presenting the credentials is their legitimate holder. For example, a person may be asked to supply a live selfie to check against their ID photo, and a verification code may be texted or emailed to the legitimate account holder.
Top Three Identity Proofing Methods
The identity proofing process may be implemented through a wide variety of methods. Three of the most popular are:
1. Knowledge-Based Authentication (KBA): asking the user to provide an answer to a question
2. Identity Document Verification: validating the legitimacy of an ID document
3. Biometric Verification: checking distinguishing individual features using methods such as facial recognition, fingerprint analysis, and voice analysis
Let’s look at how each of these methods works and what its pros and cons are:
1 Knowledge-Based Authentication (KBA)
With KBA, a user is asked to provide an answer to a question whose answer would only be known to the legitimate account holder. For example, a user trying to log into an account may be asked to provide their mother’s maiden name, elementary school name, or favorite pet’s name.
While this method has some value, a drawback is that a thief who knows their victim or has researched their background may be able to steal or guess answers to questions. This risk is increased when a careless account holder uses the same secret answers on multiple accounts, which is frequently the case.
2. Identity Document Verification
This method involves checking an ID document to validate that it is a legitimate document. For example, the text information on a driver’s license can be extracted and checked against a computer database for accuracy. At the same time, the photo can also be checked, and the document can be reviewed for signs of incorrect formatting or tampering.
This method also provides some protection, but it is vulnerable to the risk of an ID document being lost or stolen. Just because an ID document is legitimate does not mean that the person presenting it is its legitimate holder. This can be especially difficult to determine online when a person’s photo ID can’t be visually compared to their face.
3. Biometric Verification
Biometric verification overcomes some of the limitations of the above methods by relying on unique physical characteristics which are more difficult to fake. For example, artificial intelligence can analyze a person’s facial features, fingerprint, or voice pattern.
This method is more secure than KBA or identity document verification because it relies on a user’s unique physical characteristics rather than something they know or something they have. While biometric identifiers aren’t impossible to fake, this takes considerably more resources to accomplish, significantly reducing the risk of identity theft.
Biometrics also can enhance the strength of other methods. For example, checking a photo ID with a facial recognition software program makes it easier to spot discrepancies that the naked eye might overlook.
Implement Identity Proofing the Easy Way with Incode
Identity proofing protects against the risk of fraud by collecting identifying information and ID documents, validating the legitimacy of collected information, and verifying that the person presenting the information is the same person whose identity is being claimed. This involves asking users to answer knowledge-based questions, checking the authenticity of ID documents, and inspecting biometric identifiers. Since knowledge-based answers can be guessed and ID documents can be stolen, biometrics is considered a more secure method.
In addition to being less secure, traditional identity proofing can be costly, time-consuming, and not user-friendly. Implementing an automated solution like Incode, backed by AI and certified by NIST, can simplify compliance, cut onboarding costs, and deliver better customer experiences which increase conversions. Request a demo to see how easy it can be to get started with our simple, secure identity proofing platform.