What is identity verification?
Identity verification
Identity verification is the process of confirming that the person is who they claim to be through the verification of personal information and documents against authoritative sources. The easiest way to check a person’s identity is to see their documents.
Chances are you are taking part in the identity verification process on a daily basis, whether by showing your government ID at a grocery store to buy wine or taking a photo of your ID to open a bank account online.
Government agencies and private businesses alike use similar identity verification processes to prevent identity theft and fraud, the creation of fraudulent or multiple accounts, and data theft. So how is it done?
How does the identity verification process work?
The easiest way to determine someone’s identity is to ask them to show you their passport, driver’s license, or other government-issued identity document. If the person hands you a legitimate ID and their photo is on it, their identity has been verified. However, it’s important to consider driver’s license fraud. This issue involves creating or changing these documents to take on someone else’s identity or to make a fake identity.
However, when a person is not physically present, for example, when they are trying to open a social media account, their identity must be verified digitally. In this case, service providers use different digital identity verification methods that vary in their level of security.
What is digital identity verification?
Digital identity verification is the process of using digital solutions to obtain proof that the user is who they claim to be. Digital identity verification methods are used to compare something that a user provides (a government-issued ID, an ID photo, a password, etc.) with some data that has already been verified by the service provider (such as an ID document, the photo of the document holder, or a password) and is stored in its database.
Online service providers use different methods to gather proof of their user’s identity and determine the legitimacy of the information provided. So what are the methods?
How do you digitally verify identity?
Each company chooses specific verification methods to add an additional layer of protection to its online platform. The main digital ID verification methods are listed below.
ID document verification
Financial institutions use this method when onboarding new clients to check whether you’re really the person who submitted the government-issued identity documents (passport, ID card, or driver’s license) and if the documents are legitimate. That’s why they ask you to take a picture of your ID document and a selfie and upload both to their website.
Their artificial intelligence software (sometimes designated staff members as well) checks the uploaded images to verify the authenticity of the ID document and to make sure the selfie and the image on the document are of the same person.
Knowledge-based authentication (KBA)
This method involves answering security questions, for example, when you are trying to create a new email account. They are usually personal questions, so the email provider assumes that you are the only one who knows the answers.
If you forget your email password, the email provider asks you these questions to establish if it’s really you, the owner of the account, who is initiating password recovery.
Biometric authentication
Biometric authentication recognizes you based on your unique physical features – your biometric identifiers. This security feature is present on many personal devices and is used in highly restricted areas.
Out of 16 biometric identifiers, the five most commonly used are:
- Face
- Fingerprints
- Voice
- Eyes
- Palm
But how does biometric authentication work ? Let’s examine fingerprint scanning.
Remember when you enabled this security measure on your smartphone? Well, your phone system stores your initial fingerprint scan and compares it to the one you provide each time you try to unlock your phone. If a thief gets their hands on your phone, it will remain locked because their fingerprint will not match yours. The same goes for facial identification, speech recognition, and iris identification: no match — no access.
However, biometric authentication has its risks. Here’s more on facial recognition and why it could be dangerous.
Database methods
Database methods involve comparing the information you submitted against authoritative and trusted databases to confirm your identity. Most common database methods are email and phone verification, mobile app authentication, social verification, and digital signature.
Email verification
It’s common practice for the service provider, such as banks, to send a test email that includes a verification code that you are asked to submit on the bank’s platform to set up an account. The bank also sends you an email with a code if you forget or want to change your password, need to make changes to your account, or delete it altogether.
Phone verification
Mobile phones are also used for identity verification purposes just like emails. The service provider sends you an SMS with a verification code. You then submit the code in the service provider’s system to prove you are the owner of the phone number.
Mobile app authentication
This method involves using trustworthy authentication apps like Google Authenticator, Authy, or LastPass that you download on your smartphone. Whenever you attempt to access a resource, the app generates a time-sensitive code that you submit on the service provider’s platform to authorize the login attempt. For example, this is done when you want to change the master password on your password manager application.
Social verification
If you already proved your identity to a social media platform provider and gained a verification badge or label, it is enough for you to be logged in to your social media account to be able to create and/or access another service provider’s account. You might have done so if you ever registered with a service provider using your Nord Account, Google, or Facebook account.
Digital signature
A digital signature is an alternative to a handwritten signature. It uses cryptographic keys to attach your identity to a document in a transaction. Each key is unique to each signer and difficult to forge. Better yet, you must verify your identity before receiving the key, which makes the process even more secure. The signed document cannot be altered. Otherwise, the signature becomes invalid, which protects all parties of the transaction from document forgery.
Do not mistake a digital signature for an electronic signature, which can be any electronic data that carries the intent of a signature, like your name typed at the bottom of an email. Even though e-signature technologies provide some security, it’s an outdated and risky verification method because e-signatures are easy to copy and forge. So do yourself a favor and opt for a digital one.
Trusted identity network
A trusted identity network is a secure, digital ecosystem where trusted entities, such as bands, government agencies, and healthcare providers, share verified identity information to make the process of identity verification easier and faster.
For example, if you applied for a loan, your bank could use the trusted identity network to verify your identity using the data from your government digital ID, without you needing to submit physical documents.
Liveness authentication
Liveness authentication, also known as liveness detection, is a security measure for ensuring that the individual presenting an identity is physically present at the time of verification and not a spoof or a recorded image. Basically, liveness authentication determines whether a selfie is genuine.
This technique uses biometrics to identify spoofing attacks in which cybercriminals use face masks or photos of photos. For example, when setting up an account, a digital bank might ask you to blink or nod your head while taking a selfie to ensure it’s really you and not someone using your photo.
One-time passcode (OTP) verification
One-time passcode verification process involves sending a time-sensitive, single-use passcode to your registered mobile phone or email, which you must enter to confirm your identity or complete a transaction.
If you’re using online banking services, you might have encountered OTP verification when logging in to your account or completing a payment – your bank sends an OTP to your phone or email, and you must input this code on the bank’s website to complete the process.
The digital identity verification service is part of the online activities of financial institutions and government agencies. Even private businesses and corporations apply verification methods for fraud prevention and account security. However, some methods hold their ground better against hackers than others.
The importance of identity verification
By verifying the identity of their users, organizations and businesses can significantly reduce the risk of impersonation and unauthorized access. Authentication processes and fraud prevention build trust and reassure users that their identities and personal information are safe with the service provider.
Identity verification is a cornerstone in complying with regulatory requirements such as Know Your Customer (KYC) standards and Anti-Money Laundering (AML) laws. These regulations require businesses in the financial sector to perform due diligence in verifying the identity of their clients to avoid fraud, corruption, money laundering, and terrorist financing.
If implemented correctly, digital identity verification is on par with physical verification and in most cases even quicker.
- Tighter security. Especially true in the case of a 2FA or MFA.
- Physical presence is not required. Simply put — it’s done online.
- Lower risk of human error. Unlike with humans, little gets past identity verification software.
- Better customer experience. To lower abandonment rates and make the account opening process as simple as possible, digital identity verification services are developed to be quick and easy.
Which digital identity verification methods are the most reliable?
The most reliable methods are as follow:
- Biometric verification. Biometric verification technology is based on machine learning and comes equipped with a liveness detection feature to prevent criminals from assuming your identity by using your photo instead of your selfie or the recording of your voice instead of a password uttered in real time.
- Authentication apps. An authentication app sends temporary authentication codes available only to you to provide additional security.
- Digital signature. It encrypts the data of your transaction, serving as an extra layer of protection. We also have a blog post on how to create a digital signature and sign your online documents.
- A combination of secure methods. This is the best way to verify your identity. Depending on the number of factors employed, this combination is called either two-factor authentication or multi-factor authentication.
Two-factor authentication
Two-factor authentication (also known as 2FA or two-step verification) is a security feature that adds an extra layer of protection to your resources and data.
You must provide two forms of identification to access your account, such as a password and a security code, or a password plus some form of biometric authentication like a photo of yourself. In case the first identification step is breached, the second will hold the fort.
Multi-factor authentication
Multi-factor authentication (MFA) works the same way a 2FA does, but it requires at least two types of authentication instead of just two. To keep your online activities as secure as possible, NordVPN advises you to use trustworthy authentication apps and security keys for your multi-factor authentication.
Which digital identity verification methods are the least reliable?
The least reliable ways to verify your identity are:
- Password. A password alone can be cracked, especially if it’s weak or used for multiple accounts.
- KBA. Someone else might know the answers to your security questions.
- Phone verification. It’s not that difficult for hackers to intercept text messages along with security codes.
- OTP verification. This method is susceptible to various forms of attack, like SIM swap fraud, phishing, and interception of communication channels.
Therefore, opt for more reliable methods, like TFA, MFA, email, or social verification. Or take your account security to another level and choose the top methods described above. For more on personal data security, check out our article on how to detect and prevent identity theft.
The future of identity verification
The digital identity verification industry is moving towards biometrics as the primary means of verification, which allows for a high level of security and diminishes the need for a physical ID.
Traveling without a physical passport, paying without a credit card, or renting a car without the physical driver’s license at hand might become the new normal if the digital identity verification technologies keep developing at the same pace. Your smartphone and/or your biometric features might be enough.
It is difficult to say exactly what the future holds for digital identity verification, but one thing is certain — digital identity verification is the future.
Online security starts with a click.
Stay safe with the world’s leading VPN