Identity verification solutions: How to choose the right one?April 3, 2020
We came to a point where everything is just a click away, with personal information in the center as the most valuable resource. This is why companies feel a lot of pressure to implement procedures and practices that will enable their users to perform almost any task they want in the digital space. How to connect a users’ physical and digital identities in a responsible, secure, and convenient way? What to look for in a rapidly growing market of new identity verification solutions and services? The identity verification market is becoming saturated with numerous companies offering a wide range of solutions. For a company that’s just beginning its digital transition or looking to make its processes remote, it can be challenging to choose a provider that will bring the security and transparency the company requires.
What is a digital identity?
Digital identity as such doesn’t have a universally accepted definition, but rather a set of attributes related to a particular person that, combined together, form a digital identity.
On one side of the spectrum, attributes are simple and can include only a name, email address, and date of birth, necessary for example, for opening a social network account. During this registration process, a user is not required to present any type of identity document to verify their identity further. The verification process stops once the user has confirmed their email address. On the other side of the spectrum are cases that revolve around more complex actions, varying from bank account opening, registering for a new mobile service, money transfer to loan origination. The regulatory framework and compliance requirements are significantly higher for businesses that provide these types of services. Regulations such as anti-money laundering (AML) and Know-Your-Customer (KYC) are put in place to protect, not only the user but the business itself. This includes a higher level of information and verification, such as identity and payment card scanning, data extraction, combined with biometric verification, cross-checking a user’s information against various watchlists, and public/private records.
The user in question has to go through several layers, including document authentication and matching physical characteristics with the document. This is where we started to see new innovative methods that were previously seen only in sci-fi and action movies. As a result of biometric authentication, logging in to a phone with a fingerprint scan or face recognition has become a norm today, and the point of physical and digital connection.
The most common biometric authentication methods use facial and ocular-based recognition, fingerprint, microchip, voice, and hand geometry biometrics. By having AI-based products, an identity verification provider can take in these types of personal attributes and quickly develop a profile to recognize the person.
Digitization came quickly in almost every industry. To keep up but also to insure themselves from any potential damages and frauds, companies began investing a significant amount of resources in digitizing their processes.
Another aspect of the beginning of digital identity was the databases created by government agencies, banks, or other private companies for credit scoring. According to the Risk Based Security breach report, in the first 6-months of 2019, there were over 3,800 incidents reported. Compared to the previous year, the number of breaches has gone up by 54%. In the first two quarters of 2019, the three largest breaches of all time happened (First American Financial Corporation, Cultura Colectiva, and Dubsmash, Inc.), with 3.2 billion records exposed. The business sector was responsible for 84.6% of records exposed.
For the sake of convenience and efficiency, more trust is being placed into various digital platforms. The risk of fraudulent activities will always be present. A bulletproof solution doesn’t exist yet, so the goal at the moment is to minimize the fraud as it can’t be fully prevented. As the value of digital identity grows, more information and layers of validation are required to authenticate the user. But, on the other side, users have high expectations for chosen products or services, which is a clear sign that businesses need to go beyond the traditional scope of identity verification. Companies are rushing to raise trust in their digital services. With more activities available online, the need to protect personal data has become more important than ever.
Step 1: Evaluate needs and processes
It quickly became apparent that not all use cases require the same level of security and validation. If the use case relates to, for example, a simple verification of people checking into your office building, the set of information necessary for verification doesn’t need to be extensive. A biometric fingerprint verification and identity document scanning will probably do the job, without the need for further checks.
However, if you’re a financial provider looking to offer innovative types of loans as part of your services, you would require a more complex set of information to further verify a person and cross-check with multiple data sources. The emphasis here should be on asking the right questions. An internal assessment needs to be done in order to discover what set of information do you, as a company, need in order to verify the user. If your solution doesn’t require, for example, facial recognition and you only need an identity document to confirm the identity of the user, don’t include that unnecessary step. This revolves around use cases such as entering night clubs, liquor stores, and online gaming, where the business needs to make sure their users are of legal age.
Step 2: Figure out the perfect ratio between security and user experience
After a company properly evaluates its needs, an important aspect of the verification process comes into play. How to make sure a user’s identity is valid, while also providing a seamless user experience? The balance between carefully designed user flow and the risk of fraud needs to be achieved. The incentive to fraud the identity verification process is much higher if the result is access to another users’ bank account, rather than access to their social media account. With this in mind, companies need to be able to recognize the value of their service to the user and adapt their processes and user flow accordingly. For example, within the facial recognition system, a certain threshold needs to be established. Any match with a score resulting above the confidence threshold would be considered a match. Everything resulting below would be rejected. This clearly impacts the error rate, the validity of the solution in question and ultimately the user experience. If the threshold is too high, even the good matches will most likely be rejected. If the threshold is too low, a business risks having too many false positives, thereby exposing more vulnerabilities in their system. It’s necessary to design every step of the process while remaining secure and providing a great UX. Because in the end, it all comes down to the users’ reaction to the journey in front of them and how fast they will complete it. Some of them make it through, but others run without turning back.
Step 3: Track user habits and behavior
And last, businesses need to remember the importance of an omnichannel presence and how it impacts their users. Thinking about the user’s habits and whether they are using mobile or desktop platforms is crucial for the overall experience. When planning an implementation of a verification process, it’s absolutely vital to find the right fit for every channel that the company is using. It’s important to take into consideration the unique characteristics and challenges of each platform and adjust the verification process accordingly. Listening to the users, taking their pain points seriously, and acting on it is essential. In both, mobile-first or desktop-first strategy, process consistency must be ensured.
The most important features
When choosing a solution, companies need to do thorough research in the identity verification solution market. Here’s our checklist with the features that need to be considered when looking for an identity verification solution.
- Technology stack
Identity providers offer their solutions in multiple forms. They are ready to adjust their offerings to the unique requirements of a company system. When a company decides the platforms on which the verification process will be deployed, the questions about the development tools and the best way of integrating a 3rd party solution have to be answered. The whole verification process can be packed into a software development kit (SDK), which is integrated within the existing mobile application. The companies should look for SDKs that serve as a simple plug and play solution. Other forms include utilizing a web service, for example, in the form of an API library. In that case, the identity provider offers a company access to their system with an API request to further verify the received information about the user. This can be embedded into any website for quick verification. Identity as a Service (IDaaS) is a third-party solution in the form of a cloud-based authentication that provides identity and access management (IAM) services to their users. Companies who utilize this type of identity verification don’t need to deal with the integration of the service in-house, seeing as the identity provider takes care of the underlying technology, compliance requirements, and safety policies.
- Real-time processing
One of the essential features. This is a point in time where services and products are provided in a matter of seconds. When a solution contains more layers of identity attributes, e.g., mobile & device specification, IP address, or location, it creates a more solid foundation for the company to assess risk. Having the ability to verify a user’s identity right at the exact moment when they’re in the process of a purchase or registration has become an important contributor to the overall safety of the verification process. This was one of the reasons why we, at Microblink, decided to tackle the processing of information in real-time. By enabling our technology to work “in the moment”, we’ve provided a valuable tool that harmonizes with major identity verification solutions and enhances the overall verification process.
- Compatibility and interoperability
Each identity verification provider has their own strictly defined steps and activities on how to verify an identity properly. The regulatory framework requires certain industries to have a higher level of compliance when dealing with sensitive personal information. Cross-checking an identity with government databases, international watchlists, credit bureaus, or even mobile network operators serves as a reminder of previously centralized systems. Businesses need to have a range of different data sources to make sure information is valid. To diminish fraudulent activities and provide a safe system, identity verification providers have to take into account the need for unified data sources. But that’s a topic for itself, and maybe for a future blog.
- Dynamic development & good support system
Identity verification technology develops fast, but fraudsters are keeping up. Choose providers that continuously improve, innovate, keep pace with the regulatory environment, and follow the latest UX trends. It’s important to find a scalable provider that will be able to follow the company’s growth worldwide while maintaining the same levels of security. Frequent and transparent collaboration between all parties is key to maintaining a robust identity verification process. Companies need to invest some time into investigating the support services and levels included within the offered plan.
It all comes down to
Did you notice how, when any technology is trending, every company suddenly has the need for that particular technology? It’s easy to get hooked on various innovative products or services just as long as they’re keeping up with the trends. Identity verification is now mission-critical on both the front and back-ends of business operations, and it shouldn’t be taken lightly. It’s used to attract new users but also to engage existing ones by offering additional services or products. By having a seamless verification process, a user will be more inclined to use your services due to the great first experience they had. A first impression goes a long way. Majority of businesses today dream of scaling big and fast. The verification process plays a crucial part in that dream, taking into consideration unique specifics and expectations, along with potential risks to the company’s system. The best balance can be achieved with identity verification solutions that are made by combining thorough document expertise with machine learning. AI technology has definitely found its place in the identity verification industry and is helping create robust and secure systems.
Within any identity verification solution, there is always a step of document capture and data extraction. This is where our technology comes in. BlinkID is an AI-powered product, dedicated to extracting information from identity documents, while also providing a full document image and a face image of the user in question. Besides data and image extraction, additional features such as data matching (comparing the information from the front to the information on the backside of a document) serve as an extra layer of security. BlinkID is available as a mobile SDK or a Web API, which makes it suitable for integration in both mobile and desktop applications. To try out BlinkID SDK or Web API directly in your app, create an account here.
We would love to hear about your experience with our products and how they blended into your app.
Update: We now have an identity verification solution of our own: Check it out here.