Blog

Identification, Verification and Authentication – Cut from the same cloth

Richard Marley
March 03, 2020
6 minutes read
12266

The modern era of technology has brought so many frauds to light. The digitized world has urged business to take measures to stay at a safe side. Increasing ratio of data breaches, compliance regulations, and identity theft have made it an uphill task for businesses to establish trust online. But due to these reasons it’s more important than ever to have a sound verification system. The ubiquity of users on the internet has significantly raised the number of digital frauds. Due to many available digital identity solutions manual checks have long been forgotten.

From the start of the identification of an individual to the recurring authentication procedure to validate that the person trying to access the system is the same person you think he is. Identification, verification, and authentication play a crucial role in keeping online channels free from fraudsters, to comply with KYC/AML regulations, and to provide enhanced customer experience. In this blog we’ll be discussing the differences between identification, verification and authentication in context of online identities.

What is Identification?

Identification means the procedure of someone claiming to be a certain person. They can identify themselves with their names. It is simply like we assign different names to the folders in our computer and then differentiate or identify each folder by its name. For instance, when a user goes to a bank to open an account he can identify himself with his name, email address, or phone number on form. Same is the case with online shopping, when purchasing something online by entering your credit card detail and billing address you are giving an identification of you.

Using identification process alone is like asking someone what is your name or who are you and considering the information as truthful and taking the answer as face value. Identification alone is never adequate in this world of fraudsters. Having someone declare their identity without actually verifying it is nothing more than a suffice. How can we be sure that the person who is on the other side of the computer is who he says he is? That is where verification comes on the stage.

What is Verification?

Verification is something more than just asking who you are. It takes another level and validates if you are actually who you say you are. This step provides a high degree of confidence that the identity is accurate. Identity verification process is basically building bridges between who someone claims to be and who he really is. It establishes a trustworthy link to embed into the onboarding or account opening process.

The process starts with the verification of government issued ID cards/ documents. With the use of document verification experts and latest technologies like OCR for automated data extraction and machine learning one can confirm that the provided document is authentic and valid. It can be validated if the document is fake or tampered. So verification is the next step to actually ensure that the provided information is right and accurate.

It takes effort to verify someone’s identity to a high degree of certainty. If a business does not have stringent standards to verify an identity they can rely on traditional methods of verification such as knowledge-based verification. But such information is less reliable these days due to the prevalence of private data on the dark web. Such businesses lacking proper verification solutions are at the risk of falling into the pit of fraudsters as they do not know who they are actually dealing with. At the time when businesses want to provide a frictionless onboarding process, they may cut corners and want a low barrier to entry. Social media accounts, for instance, ask the user only to provide email address, username, password, and phone number for good measures. This information is not sufficient unless it is properly validated.

The verification requirements are more stringent for online bank account opening though. In the financial sector there are numerous regulatory acts to prevent scammers from opening false bank accounts for criminal activities like money laundering and terrorist financing. Businesses are beginning to make a shift to biometric technology to verify customer’s identity at the time of onboarding to comply with regulations. Only by clubbing identification with verification can you be confident that you know who you are dealing with in the future.

What is Authentication?

Verification is a one time process, but once verified identities should be authenticated each time the individual is accessing the system. If you know someone you can authenticate him by looking at him but in this digitized world most of the transactions occur online or with people we don’t know personally so businesses need to put a system in place to authenticate the fact that person is who he says he is and not an imposter. Such a system validates that they are the same person who registered for services. Authentication is as simple as providing credentials such as a password which is associated with a certain username.

These are the three types of authenticators systems rely on:

Things that customer knows (e.g., security question, password)
Things the customer has (e.g., ID card, license)
Things the customer is by features (e.g., facial recognition, biometric data)

There are certain number and quality factors incorporated to strengthen an authentication system. The higher are the factors employed and levels the more efficient is the authentication system. For instance for a social media login you have to provide username and password (things that you know) but for bank account you need to go through a form of authentication (things you have). So the level of authentication differs with different services.

However the first two types of authentication are no longer counted as valid due to the availability of excessive amounts as a result of massive data breaches. So the most authentic system requires you to validate things you are by verifying identities paired with biometric technology using facial recognition, fingerprint scanning, iris scanning, or voice recognition as proof for your authentication.

In a nutshell, these are like stages to actually answer the question that the person is who he says he is. Digital identity verification solutions are paramount to assuring the authenticity of digital identities across public and private sectors and to put a halt on pervasive scams like identity theft, data breaches and other digital scams. These solutions should be a part of both authentication and onboarding of clients.

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
ECB Releases Paper Revealing Financial Crime Risks in Cross-border Payments
What is Identification?
What is Verification?
What is Authentication?
These are the three types of authenticators systems rely on:
ECB has released a paper that reveals the financial risks associated with cross-border payments, suggesting possible solutions via crypto, blockchain or internlinked payments.

In a report examining the present inefficiencies of cross-border payments, the European Central Bank (ECB) makes suggestions for potential solutions using blockchain, cryptocurrency, or connected national payment rails.

The paper, titled “Towards the holy grail of cross-border payments,” discusses the problem that the friction of anti-money laundering (AML) systems is one of the main barriers to tackling payment difficulties. The study asserts that one of the six routes it proposes may be on the verge of achieving the ideal result (the so-called “holy grail”), which is that payments should be prompt, affordable, widespread, and settled in a safe medium like central bank money.

However, ECB experts emphaize that in order for this to happen, it is crucial to make progress in addressing AML and CFT compliance inefficiencies in order to make the outcome attainable.

According to the ECB document, Bitcoin was one of the potential options that the G20 considered. The layer two alternatives for micropayments, the Lightning network, are also explored in the study in addition to the Bitcoin network. The authors see the existence of one large network and the lack of middlemen as relevant advantages in resolving Bitcoin custody issues for end users.

Despite its shortcomings, such as its high energy consumption and uneven application of AML/CFT compliance, Bitcoin is nevertheless seen as a reliable alternative. Not to add, according to the ECB study quoted, “its price volatility impairs its acceptability of means of payment – both for local and cross-border” transactions.

Although less innovative than Bitcoin, the ECB considers stablecoins to be a workable alternative. Due to its possible impact on financial stability, the potential for monopolies to be created, and the opportunity for market exploitation, stablecoins are viewed with scepticism as an all-encompassing answer to cross-border payments.

Given the variance of national CBDC pilots across Europe and the fact that the availability of digital currencies is far from complete at the EU level, the research views multi-CBDC solutions as one of the more theoretical options. Nevertheless, interlinking domestic payment systems and multi-CBDC were ranked as the two most promising directions to pursue.

The ECB also used the opportunity to assess current cross-border payment rails, such as Nexus, a plan for connecting instant payment systems across national borders, TIPS RIX-EUR, which links the Swedish and Euro area TIPS platforms, and P27, as well as the alliance between EBA Clearing and The Clearing House, which aims to link the Euro zone with the US.

Suggested Read: “Crypto Should Be Regulated, Not Prohibited”, Says ECB Vice President

Identification, Verification and Authentication – Cut from the same cloth

What is Identification?

What is Verification?

What is Authentication?

These are the three types of authenticators systems rely on:

The Rise of E-Learning and Crime – A Brief Introduction

Popular Cybersecurity Risks Education Sector is Prone To

How Shufti Pro Can Help

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.