Australia, 11 October 2017 – Identity verification has come a long way from the days when possession of a birth certificate constituted proof of identity.
Electronic Identity Verification is now the status quo for most businesses and not just because digitisation is more efficient. True Electronic Identity Verification goes beyond replicating old paper-based verification processes and creates a superior means of generating proof of identity. Electronic Identity Verification combines information about the individual, their physical features, the documents they possess, and the devices they use to make an accurate determination about the legitimacy of that individual and the transaction they’re involved in. Electronic Identity Verification is an unrivalled tool for reducing the risks associated with exposure to identity fraud and for reducing the likelihood of identity theft.
Before electronic identity verification
Prior to digitisation, verification of identity relied on possession, authority and recognition. Identity was proven via methods such as in-person presentation of a document provided by a recognised authority (such as a birth certificate or licence), in-person comparison between an individual’s face and photographic evidence on a document from a known authority (such as a driver’s licence), or a reference from someone of high standing in the community to vouch for the individual.
In the early days of technology
Early adopters of Electronic Identity Verification were primarily taking advantage of more efficient processing. Rather than calling the Department of Motor Vehicles to verify a driver’s licence number, a database query could be made to receive an instant response. Rather than posting physical documents (or copies) to physical locations, documents were scanned and uploaded and transmitted electronically. These new capabilities made it quicker and more efficient to verify an individual, but the basic premise was still the same – collect and corroborate an individual’s documents and see them in person to verify their identity.
With widespread technology
As all organisations adopted electronic processing, we started to think about what we could do with it in addition to just moving data around. Electronic Identity Verification gradually started to change.
A greater number of identity-related databases became available and we realised that querying multiple databases at once decreased the likelihood of an identity being false. Being able to simultaneously corroborate the individual’s details against multiple sources at a single point in time added greater credibility to verification than just a single corroboration or a sequence of corroborations over time.
With technological advances
Rather than relying solely on human analysis, we then started using technology to automate verification and reduce fraud risk.
The ability to use Optical Character Recognition (OCR) on a document allowed us to automate some aspects of identity data collection (such as the user having to enter their name and address) but also provides an important fraud-prevention cross-check as the scanned data can be compared to the provided data to ensure the identity is a match.
In addition to verifying the details presented within a document we could also use technology to verify the authenticity of the document itself, for example, that the data was being extracted from a legitimate passport and not a forgery. Detecting fake IDs changed from an art form that only a few well-trained individuals could master to a quick check accessible to anyone who could use a computer.
When verification moved into the self-help space, we were able to start taking advantage of the details provided about the devices used by individuals to carry out the verification transaction. Device details allowed us to detect indicators of suspicious activity that were never before available such as multiple transactions from a single IP address or use of identities already known to be fraudulent. Verification became something that relied not only on the details of the individual and the authenticity of their documentation but also on the legitimacy of the means they use to conduct the transaction.
Depending on an organisation’s appetite for risk, it became increasingly more possible to verify individuals remotely. For those with a low-risk appetite, in-person presentation was still deemed the gold standard in verifying an identity – that the person present in front of you is depicted in a photograph on an authorised document (such as a passport or licence) and they are in possession of the necessary documents or identifiers. But humans are actually quite poor at facial recognition of individuals who they do not already know.
And then came biometrics
Biometrics introduced the capability to better identify an individual than in-person presentation. There are multiple biometric factors that are unique to an individual, such as their face or voice or fingerprint. Detecting the subtle differences in these identifiers is very difficult for a human to do consistently and accurately. Computers have greater success, using sophisticated algorithms and pattern matching on the thousands of points that need to be analysed to determine if a biometric measure is unique to an individual. Computers can also determine the difference between a biometric which is captured live and one which is recorded, preventing fraudsters from using video or audio to fake a biometric identifier.
Biometric factors are now incorporated into Electronic Identity Verification systems to further reduce the risk of fraud. For example, in greenID Mobile, an individual can capture a photo of their photo ID and provide a selfie as proof that they are the individual depicted in the document and they are the person requesting the verification. Biometric verification can therefore be dual purpose – allowing for identification of an individual as well as assurance that the individual being verified is the person carrying out the transaction.
Protection against identity theft
Modern Electronic Identity Verification provides a level of fraud risk prevention for organisations but also provides a degree of protection against identity theft for individuals. Electronic Identity Verification allows individuals to better represent their identity with a combination of unique identifiers. It may be possible to falsify any one of those identifiers, but the unique combination of multiple identifiers (photo ID, accounts, documents, biometrics) is very difficult to fake and therefore very difficult to steal. Unique combinations of identifiers is an underlying principle of multi-factor authentication. An identity can be represented by something you know, something you possess, or something you are. Multi-factor authentication requires two or more of these factors for a valid identity.
For the future
It will take some time to fine-tune the technology involved, but as the various identification methods become more tightly integrated, a future where identity verification and multi-factor authentication are seamlessly combined looks increasingly more possible.