Falling behind the trends always comes with missed business opportunities. However, failing to keep your A-game in identity verification can cause even more serious problems, from huge fines for non-compliance to a complete ban on operations in certain regions, and even criminal prosecution.
In this post, we decided to round up six experts in the identity verification field to get their take on the must-haves of an effective identity verification process.
1. Providing a cross-platform experience
A client may be using any device or platform, be it mobile, web, or anything else. So it’s basically a must now to be as inclusive as possible in terms of platforms and devices. After all, if you want to improve your conversion rate, it’s best to offer your clients the widest range of options. There should also be a proper UX for each scenario so that they can use it conveniently and get the desired result seamlessly.
A challenge today is that there are plenty of mobile solutions, but few for desktops. Many vendors say, "90% of customers come through mobiles, so there’s no sense investing in doing web and desktop options." But in most use cases, you have to be cross-platform. At least, our day-to-day experience of communicating with customers confirms this.
2. Going for an all-in-one solution when possible
In an ideal world, the whole identity verification pipeline is covered by a single platform from one vendor. The logic is simple: the fewer moving parts there are, the less the chance of facing unexpected difficulties at any stage.
As good as it sounds, there’s one challenge: such a solution is yet to come. Currently, identity verification solutions mostly cover some parts of the identity verification workflow. Still, it’s better to choose a provider that covers as much of the process as possible. For example, it’s good when document and biometric verification modules come from one source, as conducting all sorts of cross-checks between the two is more reliable and smooth this way.
Naturally, an ideal solution should be scalable as well. It might be a good idea to check out the vendor’s roadmap for the product to make sure it’s a future-proof asset, not a one-time painkiller.
All your eggs in one basket sounds great if the perfect partner exists and if they will continue to be that partner well into the future. But all your eggs with the wrong partner could be catastrophic. I would suggest looking at solutions and vendors whose technology is best in class and that are complementary to each other to build your ultimate tech stack specific to your needs.
3. Finding a solution that allows you to check against any internal or external database
Checks on external databases, or at least the ability to easily add these checks, are crucial for a reliable identity verification workflow.
An external database is usually a web service where a request is sent in a certain format and a response is received. To be able to add such checks, a vendor ideally should provide an adapter interface, where you can describe what the request and the response should be like for each database, how to execute the request, and how to process the response.
When an IDV solution has such an adapter, you can add a new check within an hour or two. This way, you can add any checks on any database to your IDV workflow, be they checks against a database of personal numbers or social security numbers, databases of stolen or lost documents, or any internal database.
Our identities comprise so much more than what’s printed on an identity document. Fraudsters and bad actors exploit weaknesses in identity verification systems to slip through the cracks with their attacks. Using corroborative and authoritative data sources as part of an IDV process is critical to maximize identity assurance.
If the consumer presents a driver's license or state ID card, does the address on the identity document exist? Is it a residential or commercial address? Can you corroborate the address with the individual listed on the identity document?
Combining document-centric approaches with databases or data graphs is a powerful way to increase trust in onboarding. It also is becoming a necessity to fight sophisticated forgeries and fake documents.
4. Looking for customer support that really cares
The identity verification domain is full of nuances, and new ones pop up all the time: a new ID version is created, new regulations come up, new vectors of attack are devised, etc. Quality support can always answer a customer's question, whether it is a technical issue or a question about documents and related processes.
Ideally, you should try to find not just a tool that works like a black box, but one that includes secure support on all possible issues during the project’s lifetime.
The tricky part here is that quality support is something everyone promises, but few deliver. One way to find out is by asking about the support model the provider sticks to. Is it a traditional “tiered” support structure or a more collaborative approach, like swarming?
Often, support teams serve as a first line of defense that tries to get rid of the customer. “Please refer to the documentation,” or “We don't plan to implement it,” are frequent answers I get myself. Ideally, support teams should be integrated with developers. This way, the length of the chain from the client to the decision-maker is much shorter, so all requests are received and considered
5. Supporting a wide range of IDs
Traditionally, a large volume of supported documents is important, because there is a growing number of digital nomads, refugees, immigrants, and tourists—all carrying IDs from different countries.
At the same time, the quantity of supported documents doesn’t automatically translate into quality. To effectively verify identity, each document sample should be scrutinized down to the smallest detail. This requires both knowing how to decode and process personal information, as well as how to verify every single security feature embedded in the document.
With identity criminals constantly evolving and perfecting their "craft," global companies need a solution to scrutinize documents, catch the slightest discrepancies, and act upon them accordingly. The ability to verify different types of identity documents is now a must for robust IDV solutions. Many of our clients who handle ID documents from passengers and crew members from various nations claim that supporting a diverse range of identity documents makes their jobs easier, quicker, and more reliable.
The best way to combat fraud is at the source. Knowing from the outset who you are doing business with is critical, especially when a person has recently moved and has little financial history in a new country.
In this context, identity document validation is a crucial step in customer onboarding. However, the human eye alone is not reliable enough to identify fraud.
Firstly, countries constantly improve their ID documents by introducing new layouts and security features, making it difficult for individuals to discern what a genuine document should look like.
Secondly, fraudsters are becoming bolder, using AI and other technological advancements to produce convincing fakes.
Today, technology is fought with technology. For this reason, having a robust IDV solution that accepts both domestic and foreign documents is fundamental support for decision-making in business.
6. Implementing a pre-IDV step of device identification and risk intelligence
Even the most reliable identity verification process will benefit from having a robust device identification and risk intelligence as a starting point. This pre-step allows you to identify the root of fraud or malicious activity by accurately identifying the physical devices from spoofed or fake ones as well as the associations to behaviors and activities during sessions.
For example, such technologies will detect if one device was being used to access multiple accounts. It would also raise red flags if this device uses app cloners, bots, or its attributes differ a lot from regular users. By linking these patterns with known fraudulent behaviors, we can thwart fraudulent activities before they flood over your KYC workflow.
If I am a fraudster working with fake or stolen IDs, I am likely not only going to try one fraudulent attempt but rather multiple. And that gets costly if you have to keep using a new device to go undetected. So if you could identify the root device and the multiple fake accounts connected to it you could stop that user. This approach is complementary to KYC and ID verification — only send necessary users on the KYC journey and use the additional data to bolster your authenticity accuracy.
