Jun 07, 2019 MicroBilt News
Identity verification has become an essential component for many of today’s businesses, especially financial institutions and e-commerce companies. Know Your Customer (KYC) and Anti-Money Laundering (AML) rules are driving the development of identity verification techniques throughout the world, although each country has its own regulations and organizations to enforce these rules. For example, the Financial Crimes Enforcement Network (FCEN) is one of the many agencies responsible for regulating identity verification methods in the United States. These techniques generally fall into one of the following five categories.
- Knowledge-based authentication
- Two-factor authentication
- Credit bureau-based authentication
- Database methods
- Online verification
Knowledge-based authentication (KBA) verifies a person’s identity by requiring an answer to security questions. These questions are generally designed to be easy for that person to answer, but difficult for anyone to answer. Additional safeguards for KBA include a requirement to answer the questions within a specified time limit. The biggest advantage of KBA is that it’s the easiest verification method for users to understand. Its biggest disadvantage is that it’s getting increasingly easy to discover the answers via social networking and other more traditional forms of social engineering.
Two-factor authentication generally requires users to provide a form of personal identification, also known as a token, in addition to the usual username and password before they can access an account. The token should be something users have memorized or in their possession such as a code they have received from the authenticating agency. The need for a token creates a strong deterrence for fraudulent activity. Two-factor authentication is particularly useful for creating accounts and resetting passwords. However, this method typically requires users to have their smartphone with them during the authentication process.
Credit Bureau-Based Authentication
A credit bureau-based authentication method relies on information from one or more of the three major credit bureaus, which include Equifax, Experian and Transunion. These companies store a large amount of credit information on consumers, including name, address and social security number. Credit-based authentication uses a score to create a definitive match without compromising the user’s experience. However, it may not be able to match users with thin credit files, such as young people and recent immigrants.
Database ID methods use data from a variety of sources to verify someone’s identity. These sources include online databases from social media as well as offline databases. Database methods are often used to assess the level of risk a user poses since they significantly reduce the need for manual reviews. The biggest disadvantage of these methods is that they don’t ensure that the person providing the information is the person conducting the transaction, largely due to the proliferation of false online identities.
Online verification uses techniques to determine if a government-issued id belongs to the users, including artificial intelligence, biometrics, computer vision and human review. This verification method typically requires users to provide a picture of themselves holding an ID, thus ensuring the person on the ID is the same person holding the ID. Online verification is very secure, but some users find submitting an image of their face and ID to be inconvenient or intrusive.