Identity proofing is the process of verifying an individual’s identity, either in person or online. It’s sometimes called identity authentication or ID proofing. Identity proofing is helpful for any entity that needs to verify the identities of its customers, contractors, employees, partners, and more.
Identity proofing may be used for any online or physical system that requires authentication, such as credit card accounts or health records. It is also used to grant access to physical locations, such as office buildings or secure facilities.
For instance, when someone applies for a job at a secure government facility, they will likely have to undergo identity proofing before being granted clearance and allowed onto the premises.
You can execute identity proofing in a variety of ways, including:
- Government-issued ID verification
- Official document verification
- Social media checks
- Knowledge-based authentication (KBA)
- Biometric identification
Why Does Identity Proofing Matter?
Identity proofing matters because it helps ensure that only the appropriate parties have access to what they’re supposed to.
When you need to share sensitive information, whether with a single party or everyone in the world, you want to make sure that only the right people can see that information.
This is why identity proofing matters: When we’re able to prove who we are, we’re better able to control who gets access to things like our bank accounts and our credit reports. This also gives us a better ability to control who gets access to personal data about our lives, like our medical history.
It’s essential to know that the company you’re sharing your information with can keep it safe. When using a service that requires identity proofing, make sure that they follow industry best practices—like those set out by regulatory bodies like FINRA and NIST—and use third-party services from trusted companies. That’s how you can rest assured that your information is in good hands.
What Does Identity Proofing Do?
There are several reasons why companies might need to verify the identity of their users, including:
Data security: Many companies are responsible for safeguarding their users’ private information, whether they’re websites that store personal details or medical services that handle sensitive patient records. In these cases, verifying users’ identities is essential to ensuring that only authorized parties have access to this data.
Legal compliance: Many businesses are required by law to verify the identities of their users before providing them with certain services or products. For example, financial institutions must confirm that they’re not doing business with money launderers or terrorists before engaging in money transfers.
Accountability: Companies may also want to prove who uses their services for accountability purposes. If someone signs up under an alias and then uses your service to harass others, you’ll want to know who they are so you can take appropriate action against them.
What Are Examples of Identity Proofing?
There are many ways to authenticate a customer’s identity.
Examples of identity proofing include:
- Knowledge-based authentication (KBA): When a service asks you questions about your background (like “What was your first pet?”) and then verifies the correct answers with public records.
- Two-factor authentication, meaning using a password and an additional code sent via text or email to the customer’s phone or email address
- A one-time password
- Biometric verification such as using retinal scans or fingerprint scans
- Document verification: Document verification requires proof of identity using official documents like a passport or driver’s license. This is typically done by having the user physically present their document at a trusted location for manual inspection. However, some advanced systems can automatically scan and verify the document remotely using optical character recognition software (OCR).
What Industries Use Identity Proofing and Use Case Examples
Identity proofing is typically performed at the onboarding stage of an account creation process. The verification process can be anywhere from basic to highly complex, depending on the level of risk associated with a given transaction.
Banks, for example, use identity proofing to make sure that new customers are whom they say they are. This ensures that people aren’t opening accounts in someone else’s name, and it helps banks combat money laundering and other forms of financial fraud.
Schools and universities also use identity proofing to confirm students’ identities before allowing them access to their campuses. Similarly, the military uses identity proofing to prevent imposters from joining the armed forces.
In some cases, these industries only need to identify someone once, while in others, they may conduct ongoing identity proofing.
Some everyday use cases for identity proofing include:
- Onboarding new customers for financial services (e.g., opening a new bank account).
- Opening a new account with an online service provider (e.g., opening a new email account).
- Obtaining or renewing government-issued identification documents (e.g., driver’s licenses).
- Applying for and receiving benefits from government programs (e.g., Medicaid or SNAP benefits).
Here are some other common use cases:
Password resets: There are many ways to prove your identity when you forget your password—most commonly, by entering the same information that was used to create the account in the first place.
Access control: If you want to take a test and need to prove that you have an account at a specific university (for example), you will be asked to enter personal information like your date of birth, address, or social security number to verify that you are who you say you are.
Debit/credit cards: When someone tries to use a debit or credit card in person, they might be asked for their identification number (PIN) or other data that only they know to ensure that it’s not being used fraudulently. This also applies when trying out new digital services where one’s credit score may affect eligibility.
Loan applications: When applying for loans online, steps typically require users to enter sensitive data like their social security number and bank account details so lenders can confirm their identity before approving any loans.
How Can Companies Implement Identity Proofing?
Identity proofing is a process to ensure that someone is who they say they are before providing them with access to sensitive information or resources. While the concept of identity proofing isn’t new, it’s currently experiencing a renaissance. The rise of digital transactions has made it easier for people to create and hold accounts, and the proliferation of data breaches has made it more critical than ever.
To implement identity proofing, companies should take a tiered approach:
Identify the threats: The first step in any identity proofing program is to determine what needs to be protected and from whom—identifying which actions require additional scrutiny will help you decide where to focus your efforts.
Review internal controls: The next step is to review your existing controls and processes. You can start by identifying and addressing gaps in your current system. You’ll want to ensure that you have policies and procedures in place that describe how you’ll prevent security breaches and fraud while also determining what the appropriate response will be if (or when) a breach occurs.
Assess external controls: In addition to reviewing your systems, you’ll want to assess your vendors’ policies, procedures, and controls. Your vendors handle significant amounts of confidential information; if they don’t have adequate processes, you must consider the potential repercussions.
What is the Latest Identity Proofing Technology?
As criminals are getting smarter, businesses are moving towards biometrics systems to verify customers’ identities.
Biometric data is a distinctive and unique representation of a person’s identity. These include fingerprints, eyes, voice, facial features, and more.
The latest technology in this field is called liveness detection. This refers to recognizing that a person is live and not just presenting a photo or recording of themselves.
To illustrate, suppose someone uses facial recognition to access an office building or online banking. In that case, the system will prompt them to make specific movements with their face (e.g., winking or smiling). The system then verifies that these movements are taking place in real-time.
This ensures greater security for businesses and a better customer experience because customers can feel confident that their information is protected from fraudsters who want access to their accounts and resources.
In addition, some companies already confirm your identity using a selfie.
Pretty soon, you won’t need to remember your password or PIN anymore. Hence, you can take a quick selfie on your phone, which will be used as your unique key for access.
What does this mean for you? It means you’ll be able to complete transactions in seconds—no more trying to remember if it’s “password123” or “password321!” It also means that your chances of getting hacked are going down significantly. Hackers have always targeted passwords, but now they’ll have a much harder time getting into your account since they’d need access to your face, too!
Companies like PayPal and MasterCard are already using this technology.