News & Resources

Who Are You? Identity Verification and Authentication

Dec 18, 2018 Philip Burgess

Who Are You? Identity Verification and Authentication

The digitization of commerce and finance has introduced new levels of efficiency and convenience into the economic landscape, but with these benefits come a number of unique challenges. The improved (and extensive) connectivity offered by modern systems has created unfamiliar points of failure, leading to greater concern about the risks of engaging with online marketplaces. While consumers, businesses, financial institutions and government organizations have always had to contend with monetary risk, a fully networked economic system has created a need for stronger security and assessment tools.

"Organizations in every sector have developed extensive identification, verification and authentication techniques."

To help mitigate the possibility of fraud and identity theft, organizations in every sector have had to develop more extensive identification, verification and authentication techniques. While these terms are often used interchangeably in common discourse, they do have noticeably different meanings in practice.

What is identification?
Identification seeks to answer the question, "who is this person?" Often referred to as a 1-to-n matching system, the process of identification attempts to discover the identity of an unknown person through the analysis of captured biometrics, which are then compared to a database of thousands (even millions) of possible identities. The Department of Homeland Security defines biometrics as "unique physical characteristics that can be used for automated recognition," including data points like:

  • DNA
  • Fingerprints
  • Handwriting and signatures
  • Retina and iris patterns
  • Voice waves
  • Hand geometry

Once obtained, biometric data can help narrow the scope of an identity search, though the biometrics must already be within the database for a match to be made. For example, law enforcement officials often run fingerprints through government databases to identify potential suspects involved in a crime. This sort of forensic work can also be utilized in financial investigations, as almost every online transaction leaves a trail of information, such as a user's IP address. The difficulty of this process is that organization's need to check the biometrics against every profile in the database, which can take a lot of time without several corroborating data points.

What is verification?
Verification seeks to answer the question, "is this person who they say they are?" This 1-to-1 matching system is also called identity proofing, as it involves checking information that has been voluntarily submitted (usually) against a specific identity profile within a given database. This process is much faster than identification because the identity of the person is already known, making it easier to compare the provided information with what is already on file. Financial institutions frequently verify their customers' identities as a protection against fraud and identity theft, both for the benefit of the consumers and to protect their own investments. 

Since it has become quite easy to obtain someone's name, address, phone number and date of birth via the internet, many organizations have started requesting specific documentation as proof of identity. For example, applying for a new bank account or credit card may require consumers and businesses to supply a range of personal information, including:

  • Social security number
  • Tax return information
  • Birth certificate
  • Driver's license
  • Passport
  • Utility bills
  • Medical records

The submitted documents and/or information are then compared against internal identity profiles or authoritative sources, like credit bureaus and government agencies. Most verification procedures are regulated through federal laws and compliance guidelines, which can cost financial institutions if they don't uphold the highest standards of inspection.

What is authentication?
Identity authentication is a protective measure that combines features of both identification and verification as an added layer of security; it can almost be thought of as "identification verification." The process seeks to ward off fraud and identity theft by confirming the authenticity of a user's provided information through biometrics and documentation. Examples of identity authentication tools include:

  • Usernames and passwords
  • Physical/digital signatures
  • Personalized security questions
  • Face recognition software
  • Fingerprint scanners

These security measures lock a user's personal information and accounts behind protective networks to prevent unauthorized access, though no system is completely foolproof. Cybercriminals with extensive experience and strong technical skills are sometimes able to steal the information they need to gain access, though biometric-based systems are a bit harder to crack.

Authentication tools help financial institutions protect their customers' sensitive information.

The benefits of identity verification and authentication
Organizations rely on identity verification to avoid financial loss and mitigate the risks of money laundering, bribery, identity theft and fraud. Since financial institutions can be held liable for these illegal activities, it's in their best interest to remain proactive about validating their customers' identities. These processes are also important for businesses, as vetting customers and vendors can prevent fraudulent transactions from harming their reputations. There are two important policies most organizations adhere to, often referred to as AML and KYC.

  • Know Your Customer (KYC): These guidelines were established as part of the Patriot Act and require financial institutions to identify and report any suspicious behavior in their networks. They detail the responsibilities that banks, lenders, creditors and some businesses have concerning the collection and verification of their customers' personal information and identities.
  • Anti-Money Laundering (AML): This policy is part of the broader KYC guidelines and is regulated through the Bank Secrecy Act. The program holds financial institution liable for the legality of customer accounts and financial transactions, which often requires organizations to track and report any monetary behaviors that might suggest securities fraud or market manipulation.

The broad goal of these regulations is to prevent illegal activity by constantly assessing the intentions of every business relationship within financial networks, whether business to consumer or B2B. Another goal is to ensure a business's proposed partners, consultants, or distributors are compliant with anti-bribery laws.

How serious is identity theft?
Identity theft comes in many forms, though all involve the unauthorized use of personal information (name, address, Social Security number, credit card number, etc.) to commit fraud or finance-related crimes. What complicates this type of crime is that many individuals and businesses do not realize they've been targeted until after an incident has occurred. Typically, fraudsters will utilize personal information by opening up new credit card and/or bank accounts, filing false tax returns or even selling personal information online. As more consumers embrace digital technology, eCommerce and online banking, these types of illegal activities are expected to rise in prevalence.

In 2017, the Federal Trade Commission reported it had received complaints from 2.68 million consumers concerning identity theft and fraud, which resulted in a net loss of $905 million. Identities can be stolen as a result of many different interactions, including data breaches, credit card theft, mail theft, phishing scams, malware, ATM skimmers and more. Some common signs of identity theft include:

  • Frequent contact from debt collectors about unknown purchases
  • Unexplained charges to credit cards or checking accounts
  • Unexpected credit card statements
  • Undeserved denials of credit

The financial consequences of identity theft tend to vary case by case, but most incidents have a lasting effect on the individuals and businesses involved. For example, credit card theft can lead to a massive accumulation of debt for the identity associated to the fraudulent accounts, which may cause serious credit score impact. If the amount of debt is extreme and the identity theft goes unnoticed or unreported, it may even cause the IRS to take action. Luckily, there are ample protections in place to ward off these severe consequences, but it's up to individuals and businesses to make sure their identities are safe and secure from theft and exploitation.

Microbilt specializes in helping business owners, lenders and consumers manage financial risks, monitor signs of identity theft and secure their long-term economic well-being. With other 35 years in the risk management business, our innovative approach has empowered thousands of organizations to make smart, informed financial decisions when it mattered most. Our product and service offerings like Enhanced People Search can help you collect critical identity and contact information, while our ID Verification and Bank Account Verify will keep you one step ahead of online fraudsters.