What is identity proofing and how can it help prevent fraud?
David Thomas
In our increasingly digital world, businesses need to welcome and support new customers that they will never meet in person.
Organistations operating online must take more stringent steps to ensure that an identity arriving at their site is genuine and that they know who they are dealing with. This is a process commonly referred to as ‘identity verification’ or ‘know your customer’ for regulated industries.
Data-centric methods of identity verification are often sufficient to provide assurance where a risk-based approach permits it. Well-established identity data verification techniques involve the matching of name, date of birth, and address information to reputable data sources such as credit references, electoral rolls and mobile data.
What do we mean by identity proofing?
Identity proofing is a process of affirming to a high degree of assurance that the person presenting themselves online is who they claim to be.
It requires evidence of three things: Firstly, that the identity being presented exists; secondly, that the person claiming the identity is the legitimate owner of that identity and finally, that she or he is genuinely present at the time. This last requirement to evidence ‘genuine presence’ limits the type of identity verification that can deliver a high degree of assurance in digital channels to document-centric ‘identity proofing’ methods which include successful biometric authentication of presence.
The complete buyer’s guide to identity proofing
Digital identity proofing, step by step
There are five steps to document-centric identity proofing which together assess the authenticity and genuineness of the identity evidence presented, provide the basis to confirm the presence of the person claiming the identity and help preserve the overall integrity of the proofing process.
For a comprehensive guide to these steps and performance metrics, download the Buyer’s guide to identity proofing.
1. Document image capture
To begin, the identity claimant is asked to capture and submit a good-quality image of their government-issued identity document. The document image capture process will typically take place on a mobile device or laptop and should initiate a seamless, guided identity-proofing journey, optimised for the highest completion rates.
Robust identity-proofing systems offer successful and secure document image capture with clear user guidance as well as closed process control to ensure the origin of the image and that no image editing takes place. With the increasing power of generative AI and the threat of deepfake images and videos, document image capture must be securely controlled.
“The GBG global library of government-issued ID document templates contains more than 8,500 document templates across 196 countries and territories.”
2. Document assessment
The document assessment stage of identity proofing comprises two key processes: classification and authentication.
Classification examines the document image capture and compares it to the document types – or ‘templates’ – catalogued in a document reference library to determine which type of document is being assessed. For example, the GBG global library of government-issued ID document templates contains more than 8,500 document templates across 196 countries and territories and is growing all the time.
Authentication then executes a series of between 10 and 50 forensic tests using the images and data captured. Testing varies according to the visible and machine-readable security features specific to that document type.
Tamper detection
Alongside document authentication tests, identity proofing should check if the document has been tampered with or modified. For example, a picture may appear in the correct location on the identity document, but was it placed there by the issuing authority or a fraudster?
3. Document data extraction
The identity-proofing process extracts identity and other encoded data contained in OCR readable text, 1D or 2D barcodes, magnetic strips or contactless chip fields from our government-issued ID.
As well as being used in some document authentication tests, this identity data can be retained in a standard data set for use in downstream customer relationship management with a customer’s consent.
4. Face recognition
Once a prospective customer’s identity document has successfully passed authentication and tampering checks, we next need to determine if the person presenting the document is the genuine owner.
Facial recognition is a machine-assisted process that employs matching algorithms to automate the face-matching process; it uses our facial biometrics as a unique identifier which can be used for comparison with the identity document. At GBG, we FaceMatch your visitor by asking her to provide a selfie, which is programmatically matched with the image extracted from her identity document.
Genuine presence
Liveness or ‘presentation attack’ detection is an important security measure for remote identity proofing; it ensures that the person submitting biometric data is real and genuinely present at the time the data is detected and captured.
5. Liveness detection
A determined fraudster may attempt to use virtual cameras to ‘inject’ AI-generated deepfake images or videos, or use printouts or silicone masks to fake biometric authentication.
We securely control the image capture process and run a ‘liveness check’ on the selfie image submitted. Liveness checks or ‘presentation attack detection’ ensure that the person submitting the selfie was genuinely present and facing the camera at the time the image was captured. This prevents the use of deepfakes or masks when submitting a selfie, ensuring the biometric data is real and the person is genuinely present at the time the data is detected and captured.
“One in seven consumers reported they have been a victim of fraud in the past year and 85% of consumers we surveyed said they prefer brands with advanced identity verification.”
Security and speed matters
Speed and convenience matter as much as security for successful brands looking to build customer relationships based on trust. So, a great onboarding experience and a safe onboarding experience both matter, to business and consumers.
Best practice digital customer onboarding optimises customer journeys for speed and security, responding to trust and fraud signals and dynamically adjusting between data-centric identity verification and identity document proofing routes, to maximise customer conversion while reducing the risk of fraud.
Fast, simple and secure identity proofing
By taking a multi-layered approach to digital identity, trusted third-party identity data verification can be added to the proofing process; by adding data, a business can establish trust in the longer term existence and credibility of the identity or red flag that no such history or confirmatory data exists.
Consumers are looking for security as well as convenience, however. One in seven consumers reported they have been a victim of fraud in the past year and 85% of consumers we surveyed said they prefer brands with advanced identity verification.
Brands that display a visible commitment to identity security and deploy a robust identity-proofing process can not only protect against criminals but also build reputational credibility in the eyes of genuine customers who feel safer knowing that they are protected from fraud.
Frequently asked questions
What is digital identity verification?
Digital identity verification is the process of proving that an identity is real without ever having to meet someone face-to-face. It helps to provide assurance that a person is who they say they are and that the personal information they have provided isn’t fake or stolen.
What is digital identity proofing?
Identity proofing is process of affirming to a high degree of assurance that the person presenting themselves online is who they claim to be. It requires official document evidence that the identity being presented exists, that the person claiming the identity is the legitimate owner and that she is genuinely present at the time.
What is biometric authentication?
Biometric identity authentication is the process of verifying identity by comparing known and trusted biological characteristics against those presented by someone claiming an identity. These biological characteristics traditionally include facial characteristics, fingerprints, irises, and voice prints.
What is identity fraud?
Identity fraud is the intentional use by one person of another person's personal identifiable information or identity credentials, with or without the express consent of the legitimate holder, to commit a crime or to deceive or defraud another person or organisation.
Sign up for more expert insight
Hear from us when we launch new research, guides and reports.
