It only takes a quick Facebook search to find out the name of someone’s pet (which many use as their password!); but scanning someone’s face without them noticing is much harder. As transactions move increasingly online, and with it the increased cyber risk of identity theft, demand for trusted remote digital verification and authentication is growing exponentially.
We believe every single person will eventually have to be biometrically authenticated to be able to transact online. This is not only to protect them, but also the organisations they are transacting with.
Verification and authentication are often confused, and yet there is a clear difference between the two. In this blog we discuss identity verification and authentication concepts and highlight the advantages of each when planning compliance or fraud prevention measures for your business.
Digital Identity
This is the foundational layer of understanding who a person is. Generally, this begins with identifying information, such as birth date, identification number or physical address. Digitally, this can include a digital footprint, like an IP address, or browser.
Verification
Verification is confirmation of a person being who they claim to be – typically this would be by providing documentation which can be verified. This can be a superficial check to ensure the email address supplied is confirmed, or it can take on a more extensive, often laborious, search of credit checking, criminal records and other examination of official data to check that the information supplied is verified and valid.
Authentication
Authentication is the continued validation of a verified digital identity. This is a further check to ensure that the person who is providing the information and the proof thereof, is truly who they say they are, and that they are the rightful owner of that claimed identity.
Authentication factors fall into three categories:
- Something you know – also known as a “knowledge-based challenge”, for example a user name and password or a security question.
- Something you have – also known as a “possession challenge”. Often this is a one-time password from an authenticator app or an SMS to a verified phone number.
- Something you are – this is where the biometric magic comes in. Facial recognition and fingerprints are the most common factors here.
To summarise:
- Digital identity: A person claims they are this person.
- Verification: A company verifies the claim is true using identifying documents and/or supporting factors.
- Authentication: When that person accesses their account, they authenticate their identity using one or more factors to confirm they are the rightful owner of the account.
What’s the difference between verification and authentication?
Essentially, verification and authentication seem different but are closely related. Verification verifies the information that a customer is providing is true. Authentication ensures that the person accessing an account should be allowed to access the account.
Deciding how much information is required to verify – and when and how you need to authenticate –depends on the regulations in the industry and specific country of operation, and the risk profile of the company, its products and its customers.
KYC and AML regulations
Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations were established to reduce the impact of money laundering, fraud and other forms of economic crime. KYC and AML regulations are mandatory in many countries – and each country has its own particular laws like AML6 in the EU and the Bank Secrecy Act in the US.
Protecting customers against identity theft and fraud
The more stringent the authentication process, the more the organisation and customer can be reassured of legitimacy. However there is a price to pay with increased customer frustration and friction caused by tedious authentication processes. It’s necessary to inject layers of authentication to ascertain trust, and balance that with the risk of identity theft and customer churn. Monitoring patterns and signalling unusual, risky behaviour through artificial intelligence and machine learning can supplement the requirement for stringent authentication, while flagging when anomalies occur.
The advantages of having iiDENTIFii as an identification verification and authentication partner:
- 4D LivenessTM – the assurance of genuine presence, including proof of liveness – the ability to confirm that an individual is a real person, present right now
- Facial authentication – which matches faces to trusted images using machine learning technology
- Identity document verification – the capability to onboard any identity documentation and extract the data
- Facial biometric verification – triangulation of information & biometric images with Government authoritative databases
Need help planning out your remote digital biometric authentication strategy? We can help – book a demo today.
