Identity Verification vs Authentication: What’s the Difference?

Faced with the threat of data breaches and identity fraud, many organisations are turning to identity verification and authentication technology to minimise risk. But although both approaches can help keep systems and resources safe, there are some very important differences.  

In this blog, we’ll compare both approaches and explore some of the ways that identity verification services help organisations prevent fraud and ensure compliance with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations.  

What is Identity Verification? 

During the customer onboarding process, organisations need to know who they are dealing with. ID document verification is an important step to make sure new customers are who they say they are.  

Digital identity verification solutions help organisations verify identity data presented within official identity documents or submitted by the customer. Typically, solutions authenticate ID in two ways: 

• ID Verification: Official identity documents like bank statements, driving licenses or passports are checked for a range of features such as holograms, watermarks, stamps, fonts, or other security features designed to verify that the document is genuine.  
• Identity Checking: Personal data, such as name, date of birth or postal address, is checked and validated against third party data sources. Often this data is presented within official identity documents or submitted by the customer when applying to open a new account.  

By consulting multiple data sets, identity verification helps significantly reduce the risk of identity fraud taking place when onboarding customers or processing transactions. But that’s not the only reason why organisations use identity verification solutions. It’s also an important part of ensuring compliance, particularly for organisations that sell age-restricted products or services, like alcohol.  

What is Identity Authentication? 

Identity Authentication offers a different approach and is typically used to prevent fraudsters from taking over genuine accounts for illegal purposes. It works by asking customers to do something that only they can do, like providing a series of letters from a memorable word. However, this is largely reliant on customers supplying this information when opening an account and remembering it.  

There are three common approaches used to authenticate customers. These include: 

• Security Information: Customers are required to submit information that only they should know so that it can be compared to information provided at an earlier point. For instance, a password, memorable word or an answer to a question such as where did you go to school. 
   
• Security Devices: Customers are authenticated using a device that only they should have, such as a personal mobile phone or a card reader. Typically, the customer will be asked to supply a one-time password provided by or sent to the device. For instance, via SMS. 
   
• Biometric Data: The customer is authenticated using unique biometric data that only they can provide, such as facial recognition, iris recognition or fingerprints. In most cases, customers are asked to take a photo, so it can be checked against one submitted previously. 
   

Different Approaches: Identity Verification and Authentication 

In the case of identity verification and authentication systems, more is more. The level of security increases in line with the number of checks carried out as well as the robustness of those checks. Put simply, the most comprehensive set of tests is best. But, that’s not the only factor at play. It’s also important to consider the customer experience. While customers appreciate that organisations must carry out security checks to protect them, they also expect those checks to be quick and easy. 

To strike the right balance between minimising the risk of identity fraud and delivering an excellent customer onboarding experience, these tests must be appropriate to the level of risk. For example, when opening a personal email or social media account, you may just need to create a password and answer security questions in case you forget it.  

Comparatively, when applying for a bank account, a higher level of security is required. This might feature a combination of official documents and personal information, as well as security devices and biometric data. In addition, identity verification systems are often used to verify the authenticity of ID documents or information against third party data to ensure an even higher degree of security.  

However, with data breaches increasing, a growing amount of private information like passwords and addresses isn’t so private any more. This raises the question: if fraudsters can freely access security information on the dark web, just how secure are authentication systems that rely on this?  

To minimise the risk of identity fraud and money laundering, the most secure identity verification solutions require users to verify their identity in additional ways, such as uploading a photo or short video to prove likeness. That’s one of the reasons why organisations with more stringent security standards, such as banks or financial organisations, typically use identity verification systems.