Identification, Verification and Authentication – Cut from the same cloth
The modern era of technology has brought so many frauds to light. The digitized world has urged business to take measures to stay at a safe side. Increasing ratio of data breaches, compliance regulations, and identity theft have made it an uphill task for businesses to establish trust online. But due to these reasons it’s more important than ever to have a sound verification system. The ubiquity of users on the internet has significantly raised the number of digital frauds. Due to many available digital identity solutions manual checks have long been forgotten.
From the start of the identification of an individual to the recurring authentication procedure to validate that the person trying to access the system is the same person you think he is. Identification, verification, and authentication play a crucial role in keeping online channels free from fraudsters, to comply with KYC/AML regulations, and to provide enhanced customer experience. In this blog we’ll be discussing the differences between identification, verification and authentication in context of online identities.
What is Identification?
Identification means the procedure of someone claiming to be a certain person. They can identify themselves with their names. It is simply like we assign different names to the folders in our computer and then differentiate or identify each folder by its name. For instance, when a user goes to a bank to open an account he can identify himself with his name, email address, or phone number on form. Same is the case with online shopping, when purchasing something online by entering your credit card detail and billing address you are giving an identification of you.
Using identification process alone is like asking someone what is your name or who are you and considering the information as truthful and taking the answer as face value. Identification alone is never adequate in this world of fraudsters. Having someone declare their identity without actually verifying it is nothing more than a suffice. How can we be sure that the person who is on the other side of the computer is who he says he is? That is where verification comes on the stage.
What is Verification?
Verification is something more than just asking who you are. It takes another level and validates if you are actually who you say you are. This step provides a high degree of confidence that the identity is accurate. Identity verification process is basically building bridges between who someone claims to be and who he really is. It establishes a trustworthy link to embed into the onboarding or account opening process.
The process starts with the verification of government issued ID cards/ documents. With the use of document verification experts and latest technologies like OCR for automated data extraction and machine learning one can confirm that the provided document is authentic and valid. It can be validated if the document is fake or tampered. So verification is the next step to actually ensure that the provided information is right and accurate.
It takes effort to verify someone’s identity to a high degree of certainty. If a business does not have stringent standards to verify an identity they can rely on traditional methods of verification such as knowledge-based verification. But such information is less reliable these days due to the prevalence of private data on the dark web. Such businesses lacking proper verification solutions are at the risk of falling into the pit of fraudsters as they do not know who they are actually dealing with. At the time when businesses want to provide a frictionless onboarding process, they may cut corners and want a low barrier to entry. Social media accounts, for instance, ask the user only to provide email address, username, password, and phone number for good measures. This information is not sufficient unless it is properly validated.
The verification requirements are more stringent for online bank account opening though. In the financial sector there are numerous regulatory acts to prevent scammers from opening false bank accounts for criminal activities like money laundering and terrorist financing. Businesses are beginning to make a shift to biometric technology to verify customer’s identity at the time of onboarding to comply with regulations. Only by clubbing identification with verification can you be confident that you know who you are dealing with in the future.
What is Authentication?
Verification is a one time process, but once verified identities should be authenticated each time the individual is accessing the system. If you know someone you can authenticate him by looking at him but in this digitized world most of the transactions occur online or with people we don’t know personally so businesses need to put a system in place to authenticate the fact that person is who he says he is and not an imposter. Such a system validates that they are the same person who registered for services. Authentication is as simple as providing credentials such as a password which is associated with a certain username.
These are the three types of authenticators systems rely on:
- Things that customer knows (e.g., security question, password)
- Things the customer has (e.g., ID card, license)
- Things the customer is by features (e.g., facial recognition, biometric data)
There are certain number and quality factors incorporated to strengthen an authentication system. The higher are the factors employed and levels the more efficient is the authentication system. For instance for a social media login you have to provide username and password (things that you know) but for bank account you need to go through a form of authentication (things you have). So the level of authentication differs with different services.
However the first two types of authentication are no longer counted as valid due to the availability of excessive amounts as a result of massive data breaches. So the most authentic system requires you to validate things you are by verifying identities paired with biometric technology using facial recognition, fingerprint scanning, iris scanning, or voice recognition as proof for your authentication.
In a nutshell, these are like stages to actually answer the question that the person is who he says he is. Digital identity verification solutions are paramount to assuring the authenticity of digital identities across public and private sectors and to put a halt on pervasive scams like identity theft, data breaches and other digital scams. These solutions should be a part of both authentication and onboarding of clients.