Identity Verification & Validation – Are You Doing it Right?

Identity Verification & Validation – Are You Doing it Right?

Author avatar

by Jimmy Fong

For some companies, Identity validation and identity verification are merely useful. For others, it’s a mandatory part of their KYC process. But there’s more than one way to get the most from your checks.

In this post, we’ll cover the basics, and we will demonstrate why some methods are more effective than others.

Let’s start with a few definitions:

What is Identification?

Identification can come from the customers themselves or from your own system. It’s the information customers provide your business (by filling form fields), or the one you collect (IP address, credit card number, etc.)

What Is Identity Verification & Validation?

Identity verification and validation both refer to the process during which your company confirms a user’s identity. It ensures the identification process is valid, that there is a real person behind an action, and that they are who they say they are.

It is particularly important in the context of fraud prevention, where flagging false identities is often the best way to reduce damage to your organization. 

How Do Business’s Confirm Identities?

This is what every business should put in place to confirm identities, in these three steps:

  1. Identification: gather and log user data at any time.
  2. Identity verification: confirm that the data is valid, not stolen, or fake.
  3. Identity Authentication: ensure the verified data is consistent every time the user reappears on your site.

Identity authentication always happens after verification. While ID validation typically only needs to be checked once, customer authentication may be necessary multiple times, for instance, if a user logs in from a previously unknown device or location.

Why Is Identity Verification Important?

Verifying a person’s identity is vital to prove that there is a real person behind the transaction/process. Fraudsters create fake profiles before abusing your business, whether they want to default on an online loan, create multiple accounts to abuse your promo system or trigger affiliate rewards.

Simply put, fraudsters and criminals do their best not to tie their activities to real-world identities but more importantly, ID verification is increasingly a regulatory and compliance issue. 

While this has long been the case in the world of banking and financial institutions, we’re seeing a more pressing need to perform identity-based authentication in a variety of verticals. This includes online stores, OTAs and payment gateways, to name but a few.

An example includes SCA (strong customer authentication) from the PSD2 directive, or the Patriot Act in the US, which states the minimum requirements for identity verification services.

“(2) MINIMUM REQUIREMENTS —The regulations shall, at a minimum, require financial institutions to implement, and customers (after being given adequate notice) to comply with, reasonable procedures for—

(A) verifying the identity of any person seeking to open an account to the extent reasonable and practicable;

(B) maintaining records of the information used to verify a person’s identity, including name, address, and other identifying information.”

US Patriot Act Section 326

What Are the Consequences Of Poor Identity Verification And Authentication?

Confirming an identity is the cornerstone of risk management. The more a customer appears legitimate, the less likely they are to commit fraud or cybercrime on your site.

An efficient identity verification process at the login stage results in the same benefits but also improves the chances of catching ATO attacks when fraudsters log into legitimate users’ accounts.

Then there are the large fines issued for lack of KYC compliance or AML (anti-money laundering) checks.

How Do You Authenticate Someone?

There are many trusted solutions available to authenticate a user. You can do so via secure document verification, biometrics, or multi-factor authentication. These methods serve as identifying a user and approving or declining the action depending on the quality of the data sources results.

identity verification and validation flow graphics

How To Use Identity Verification For Your Business?

The key point to understand is that it’s generally more affordable and easier to scale when you outsource these services to a third-party company. The maintenance is taken care of off-site, which may make life easier for your developers, but may cause data privacy concerns.

There are broadly four solutions you can deploy for eKYC or Customer Due Diligence (CDD) at your company, but not all of them are created equal.

Now let’s see which solutions work, which solutions don’t, and let’s try to understand why.

Document and Video identity Verification

Document and Video Verification


Customers are prompted to submit high-quality images or videos of their real ID documents. These may include driver’s licenses, passports, identity cards, residency permits, or voter ID cards.

Most of the time, a selfie ID must also be submitted alongside other verification documents. 

Images are then authenticated through a global network of document verification services. 

  • Friction: high. It is a serious obstacle to those who expect a quick user onboarding process or fast transaction.
  • Efficiency: mixed. On the one hand, some customers may feel safer when their online identity is verified, but fraudsters have no problem fooling the process. They can use a plethora of services that create photoshopped selfies. There are many Stolen ID scans also on the dark web. Note that deep fake technology is also making it easier for fraudsters to create videos without someone’s consent.
icon Biometrics for identity verification

Biometrics


Biometrics are body measurements that should point to a user’s unique features. These include fingerprints, face ID and voice recognition. 

From a legal perspective, many countries have yet to adopt biometrics identification as valid, but it’s increasingly becoming commonplace. India, New Zealand, Australia, and Pakistan, for instance, now accept biometrics for both identity-based security and identity verification methods.

  • Friction: low. Scanning your fingerprint or Iris is much faster than submitting documents or using a password.
  • Efficiency: mixed. There can be legal issues, and data privacy is a concern for some users. A false positive (or inaccurate result) can also be frustrating for users and cause spikes in your customer insult rate.
icon 2FA for identity verification

2FA (2-Factor Authentication) and OTP (One Time Password)


2FA, or 2 Factor Authentication and OTP (One Time Password) are both forms of multi-factor user authentication which confirm user identities by linking them with more than one device. 

  • Friction: medium-high. Most of us are already familiar with failed 2FA attempts and struggling to gather the right device at the right time. It’s not always fast or easy.
  • Efficiency: mixed. The rise of SIM-swapping attacks, which sees fraudsters gain possession of a user’s phone messages, is seriously hampering the efficiency of 2FA. 
icon Digital Footprint analysis for identity verification

Digital Footprint Analysis


The concept of digital footprint for identity proofing differs drastically from the aforementioned methods. Your customers have digital lives, and they need to submit information on your site to onboard, log in or process a transaction. 

Why not extract as much information as possible behind the scenes to confirm their identity? While this was a common practice as part of the OSINT (Open Source Intelligence) method, it’s a resource-heavy and time-consuming task.

Last but not least, you can gather social media data linked to the email address and phone number. This is a powerful identity verification tool that lets you gather: social media profiles, including bio, avatar, and date are last seen on the platform.

ID Verification Done Right

When it comes to identity verification, the more data you have, the better. But it’s always a balancing act between gathering information and adding too much friction.

A slow onboarding process, too many obstacles during a transaction, or an astringent authentication system can increase customer churn, and send your users towards competitors.

The answer is automation through solutions such as:

  • Phone number analysis lets you see if the phone number is valid, in the right country, and use virtual sim card detection.
  • With IP analysis you can track identify spoofing attempts from proxies, VPNs and Tor usage, amongst others as well as see if the geolocation changes suddenly.
  • Device fingerprinting detects users who rely on emulators and change their devices too often as they could be considered high risk – especially during the login identity authentication process.
  • Reverse email address lookup which lets you check whether the domain is valid, if it’s from a low-friction provider, or if the name appears suspicious. Learn more in our guide on email check tools here.


At SEON, we believe that digital footprint analysis and reverse social media lookup offer the best of both worlds for your identity-checking process, allowing you to make informed decisions, meet legal requirements, and support a smooth customer journey at the same time.

Try a Fraud Product Demo

You might also be interested in reading about

SEON: Identity Proofing: What is it & How can it Prevent Fraud?
SEON: Guide to Synthetic Identity Fraud & Theft: Prevention & Solutions
SEON: How Email Risk Assessment Can Help Your Business
SEON: Alternative Data for Customer Due Diligence (CDD)

Learn more about:

Data Enrichment | Browser Fingerprinting | Device Fingerprinting | Fraud Detection API | Fraud Detection for Machine Learning

Share article

See a live demo of our product

Click here

Author avatar
Jimmy Fong
CCO

Jimmy is the CCO of SEON and brings his in-depth experience of fraud-fighting to assist fraud teams everywhere.


Sign up to our newsletter