Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Establishing Identity in the Digital Economy

The rise in both the frequency and sophistication of fraud attempts has increased the importance of identity verification. With thousands of identity documents being used globally, and with no common standards in place, establishing and verifying identities has become a difficult and time-consuming process.

Additionally, the rise of digital and mobile usage has increased the difficulty in verifying identity and matching the ID to the person holding the device.

Establishing identities today is not foolproof. There is no perfect solution to protect customers and institutions from sophisticated fraudsters, hackers and data breaches, but as identity has increasingly become a currency for consumers, the need to defend digital identity against bad actors has become an industry imperative.  

As more organizations transact on a global scale, the challenges of global identity management increase. Why is the ID verification process so arduous? There are thousands of identity document templates and types globally, each with unique identifiers and characteristics. Compounding the challenge, most ID card issuers do not take the authentication process (scanning, mobile image capture or human review) in mind when designing the template. 

Cultural differences in languages and spelling also add complexities. For example, the name Mohammad can be written more than 50 different ways, depending on the country. Also take into account country character/space limitations. Asian names often end up truncated on government IDs due to the limited character space on forms.

Now, consider the advent of a mobile-first world and its impact on the methods by which the general population verifies their identity. Forrester’s Mobile Mind Shift Index identifies an evolving preference for mobile use and, as a result, businesses are now required to offer transactions across every channel, especially mobile. Much of this can be attributed to millennials (currently ages 18-34), the generation most likely to own a smartphone, which they check more than 150 times per day.

Some reports show they are deciding to who to do business with based on their mobile capabilities. Therefore, a business only accepting paper documentation for ID verification will not survive.

Verifying IDs via mobile creates more challenges. Mobile ID verification requires a different forensic set and remains largely dependent on image quality. First, the camera quality affects the image – a blurry or distorted image will often result in a fail during any verification test. Then you must add a lot of room for user error here with glaring and cropping issues. Another consideration – the ID holder’s appearance has often chanted sine the photo was taken. Lastly, mobile devices require verification actions are performed in white-ambient light to ensure the integrity of the identity document 

The truth is, linking a person to an ID and establishing genuine presence remains a challenge. Today, solutions must be able to address increasingly sophisticated fraud and presentation attacks while balancing the user experience. Organizations must match the level of risk to the use case: How much friction they should add will depend on the level of security needed.

Linking an ID to a person requires multi-factor authentication. First, you must establish there is a valid ID to establish a trust anchor. You must have a clear image that can be captured via any device and have robust authentication tests (strong forensics). Second, you must verify the person is who they claim to be which can be accomplished with biometric tests such as robust facial match and liveness tests. ID photos must then be matched with a selfie taken in real time for a score or decision. Challenges here include presentation attacks, image and device spoofing, deep fakes and video replay.

Identity verification is not a one-size-fits-all solution; there are solutions that offer a level of certainty for every level of risk. It is up to institutions to decide the amount of security they are providing, and up to consumers to decide how much friction they are willing to bear.

What’s Hot on Infosecurity Magazine?