What’s the difference between identity proofing and identity verification?
The terms “identity proofing" and “identity verification” are sometimes used interchangeably, but they refer to distinct processes — albeit ones often used in conjunction as part of a robust identity verification system.
Identity proofing is a process to help establish a user’s claimed identity is, in fact, their actual identity. Identity proofing is a part of identity verification and takes place during the customer onboarding process (e.g., applications and new account creation), and may also be used as an additional security layer alongside other identity verification processes.
Identity verification is the process of confirming the accuracy of the information provided by an individual. This typically involves cross-referencing provided personal data with authoritative, third-party data sources like credit bureau data or public records. Identity verification is a recurring process applied on every transaction.
What are the key steps in identity proofing?
- Data collection: The individual provides personal information, such as name, date of birth, address and government-issued identification numbers.
- Document verification: Official documents like passports, driver’s licenses or ID cards are submitted and verified using various techniques, such as optical character recognition (OCR) and hologram detection.
- Biometric capture: Biometric data, such as fingerprints, facial images or voice samples, may be collected to enhance the proofing process.
- Validation against trusted sources: The provided information and documents are cross-referenced with authoritative databases (e.g., government records, credit bureaus, mobile phone company databases) to better confirm their authenticity and accuracy.
- Risk assessment: Data analysis helps detect any signs of fraud or inconsistencies, better ensuring the identity proofing process is more secure and reliable.
What are the key steps in identity verification?
- IP geolocation: Helps identify whether the user is coming from a trusted and authorized country.
- Network risk: Better establishes if the user is coming from a known network or masking their network.
- Device risk: Using device reputation, this assesses whether the device is new, known or associated with previously reported fraud.
- Device intelligence: Determines the likelihood the person using a device is who they proport to be by analyzing device history, device reputation and other characteristics.
- Identity verification: Compares user-provided information to authoritative sources to help ensure a user is legitimate and they are who they claim to be.
- Synthetic identity assessment: Compares user-provided information to identity data and known fraud.
- Multi-factor authentication (MFA): Uses additional layers of security, such as one-time passwords (OTPs) sent via SMS or email, to help ensure the individual’s identity.
- Continuous monitoring: Regularly checking for signs of account takeover or unauthorized access through real-time data analysis and alerts.
- Authentication: Verification of users upon account login using credentials (username, password, PIN) or through biometric verification methods (facial recognition, fingerprint scanning).
- Re-verification: Periodic re-verification helps ensure the ongoing authenticity of the user, especially for high-risk or high-value transactions.
What’s the difference between identity verification, identity validation, and identity authentication?
Understanding the nuances between identity verification, identity validation and identity authentication is crucial for implementing more effective identity management systems.
- Identity validation involves checking the accuracy and consistency of the information provided. For instance, verifying if a provided address matches the records in authoritative databases or if a Social Security number is valid. Identity validation is more about better confirming the pieces of information themselves are legitimate and correctly formatted, but it doesn't necessarily confirm the individual is the rightful owner of that identity.
- Identity verification is the broader process of confirming an individual’s claimed identity matches their actual identity. This process helps ensure the identity data is accurate and the person presenting the information is genuinely who they claim to be. It involves tools and methods like identity verification software, device risk, biometric identity verification and online identity verification services to cross-check the information and authenticate the individual's identity.
- Identity authentication involves confirming the identity of an individual when they access a service or system, often on an ongoing basis. This could include logging into an account or conducting a financial transaction. Identity authentication relies on various methods, such as passwords, security tokens, biometric verification or MFA to help ensure the person accessing the system is indeed the verified individual.
What tools and techniques are used for effective identity verification?
Large scale identity verification solutions comprise a range of tools and techniques. Digital identity verification includes the following:
- Device intelligence: Helps distinguish between risky transactions and trusted digital interactions using insights into device recognition and context.
- IP intelligence: Analysis of IP addresses to better differentiate between authentic consumers and potential fraudsters or bots.
- Identity verification: Helping ensure more secure digital transactions through remote verification techniques.
- Document verification: Scanning and validating government-issued IDs and passports.
- Synthetic fraud models: Automated analysis of customer data more efficiently detects synthetic identities while reducing false positive rates.
- Multi-factor authentication: Use of additional layers of security, such as one-time passwords (OTPs) sent via SMS or email.