The Road Ahead for Identity Verification
The Road Ahead for Identity Verification
By Luis Felipe Segura
By 2027, the global Identity Verification (IDV) market will be worth $18.1 billion compared to this year’s projection of $11.6 billion. Unfortunately, this rapid growth exists because as more ID-related transactions take place online, identity criminals keep upping their game with more sophisticated tactics and techniques. Fortunately, IDV providers are on the case, adjusting their offerings, strategies and focus to meet the ongoing threat.
What do the coming months hold in store for this rapidly-evolving sector? Read on.
Prediction #1: Connections to “sources of truth” will be paramount for IDV solutions
The availability of high-quality fake identity documents has been increasing alarmingly. Fraudsters even use stolen materials to produce fake documents, making it almost impossible to distinguish them from authentic ones. The only way to stop this never-ending race is to connect to the sources of truth, such as DMV or passport issuing databases, to perform a biometric match and confirm the biographic attributes being presented.
The ability to query these databases, as opposed to attempting to triangulate information from credit bureaus or using knowledge-based-authentication (with “knowledge” that has been stolen and is now publicly available) adds the ultimate layer of security into the IDV process. Users submit a “selfie” on which a liveness test is performed, together with their biographic information, and the matching engine connected to a government source of truth will either confirm or deny a match. This approach not only counters the sophistication of modern fraudulent documents but also sets a new standard in securing and streamlining the identity verification process.
Prediction #2: Aggregation of identity signals can help compensate for the lack of availability of connections to “sources of truth” in IDV solutions
Grouping signals from a distributed network of authoritative identity sources can compensate the limited availability of connections to government sources of truth, and increase the confidence of the IDV process. This distributed network will provide the ability to confirm with existing databases from trusted institutions. These don’t even necessarily have to be identity databases – it could be a database inside an airline, bank, or insurance agency. The result is that by having connections with those institutions, IDV providers can query and ask, “Hey, I’ve got this information about a user. Does it match what you have?” By aggregating all these signals, providers will have a much higher degree of confidence that a user is who they say they are.
IDV providers looking to secure a percentage of the pie in this up-and-coming marketspace will need to explore every means of strengthening their results or risk falling behind other players.
Prediction #3: Cryptographic security mechanisms will be embedded into physical identity documents
To set the scene with an example, New York is the only state in the U.S. that has cryptographically signed the information included in the barcode on the back of its drivers’ licenses. IDV providers can use a public key from New York to confirm that the information contained within the barcode was signed by the New York DMV, giving much higher confidence that the information from the document is legitimate. There is still a risk of fraud because the photograph is not encoded in the barcode; for this to happen, the barcode standard (PDF-417) would need to change.
Examples of these security measures can also be seen in passports, given the incorporation of the MFC MFT chip in the U.S. passport, which also includes a photograph. With these capabilities, IDV providers can decode it, confirm that it was signed by the Department of State, and then do a biometric match against the photograph that’s on the chip itself. This will likely become the standard for all government-issued identity documents to better secure the digital realm we are headed towards.
Prediction #4: Frictionless UX and reusable identity will be key to prevent lost revenue
Customers today are increasingly overwhelmed by having to navigate multiple layers of authentication, and we’re seeing a rise in what some researchers call “consent fatigue.” To combat this, organizations have to ensure a good user experience. This means that all aspects of the process, starting with onboarding, need to be easy and seamless for the end-user. Being able to re-use a verified identity will also be key to reducing the number of onboardings a person has to go through, offering a differentiated experience. The key for companies to win over customers is offering a secure, frictionless user experience (UX) that can be used across a multitude of use cases and environments.
Staying ahead of bad actors
Given the type and degree of threat, it makes sense that organizations will need to step it up in terms of IDV. Connections to official ID issuers and/or aggregated ID signals will be paramount. ID issuers will take it to the next level with cryptographic security mechanisms, and organizations will need to tighten IDV while creating a frictionless UX. In the battle against identity fraud, only the well-informed and well-equipped will emerge victorious.