Is your IDV Smart or Dumb? Three Questions You Need to Ask
Identity verification (IDV) is the process of verifying the identity of a person or entity online. It is essential for many services and applications, such as banking, health care, e-commerce and government. However, not all IDV solutions are created equal. In this blog post, we will explain the difference between "smart IDV" and "dumb IDV" approaches and highlight the advantages of smart identity verification practices.
Identity verification has a cold start problem today. There, I said it. The reason identity verification has a cold start problem is because organizations cannot, should not, and do not, generally store or train on personally identifiable information, like biometrics. This practice is mainly to prevent enlarging the attack surface for personally identifiable information. As a result, license-to-selfie matches are becoming the predominant and duplicative process for account opening and verification within organizations requiring KYC. Recent advancements in cryptography and quantum computing are presenting new technologies and approaches to eliminate this friction to enable better, faster and more secure user experiences.
What is Dumb IDV?
“Dumb IDV” invokes the same duplicative process every time. It's high friction to the user and requires a driver's license and a selfie. (In other words, the solution breaks if you do not have your driver’s license or your mobile wallet and verifiable credentials handy.) These solutions do not leverage zero trust, modularization, persistence, or federation. Nor do they dynamically adapt to changing scenarios to securely federate the previously verified identity data downstream. Instead, “dumb IDV” reinvokes the same friction-filled process of identity document to selfie verification every time.
What is Smart IDV?
Smart IDV is identity verification that is zero trust and can be modularized and persisted in a secure way to achieve downstream federation. Here are the four tenants of Smart IDV:
- Zero trust means that no identity data is assumed to be valid without verification.
- Modularization means that different IDV methods can be combined and customized according to the use case and risk level.
- Persistence means that verified identity data can be persisted or re-derived for future use.
- Federation means that verified identity data can be shared across different platforms and services with consent.
A smart IDV solution allows document authentication and biometrics at enrollment but can securely persist those factors for later usage to remove friction and costs. For example, a smart IDV solution can verify a user's identity once using their driver’s license or passport and face recognition, and then use just a face or scan for subsequent logins or transactions. The advantage here is less friction and added assurance that the authenticated biometric has a zero-trust relation to the previously authenticated identity document. A smart IDV solution can also federate the status of the verified identity to other platforms or services like IAMs and SIEMs without storing static PII.
Smart IDV solutions are the future of identity verification because they offer more security, flexibility, convenience, and cost-effectiveness than dumb IDV solutions.
Smart IDV solutions can protect users and businesses from identity fraud and cyberattacks.
Smart IDV enhances user experience and satisfaction by reducing friction and hassle.
Smart IDV saves users time and businesses money by eliminating redundant verification steps and enabling cross-platform integration.
Three questions to help determine if your IDV is a one-trick pony:
1. Does the IDV solution ask for a license and selfie every time?
2. Does the IDV solution enable modular identity verification and access?
3. Does the IDV solution integrate directly with my IAM stack?