The addition of IdentityMind has revolutionized Acuant’s Trusted Identity Platform. This recent blog from IdentityMind expands upon challenges in Identity Proofing.
What does Identity Proofing Mean?
Identity Proofing refers to the ability to verify the identity of an individual or a business with a reasonable level of accuracy. Identity Proofing is performed both online and offline. The techniques for achieving reliable proofing can be somewhat different with different levels of accuracy in each scenario. The real motivation behind it is to both comply with regulatory requirements and protect your business from fraudulent actors. The proliferation of identity data breaches has rendered many identity verification services less reliable when used in isolation, so the concept of identity proofing usually implies a set of mechanisms that work together to raise the protection level against fraud.
What are the best mechanisms to perform online identity proofing or the best methods to validate an online identity?
There are several mechanisms and methodologies that must work together for increasing the accuracy of the identity proofing and identity verification process. These mechanisms include:
- Government- Issued Document Authentication
- Biometric Facial Recognition Match & Liveness Test (e.g. selfie)
- Identity Verification
- Geolocation and IP address Risk Analysis
- Phone Data Verification
- Email Reputation Analysis
- Social Media Analysis
The key is to build a user experience that balances the use of these techniques. This is one of the main reasons for using a robust orchestration layer. Now, let’s talk about the challenges we are seeing the market and our clients face that drive going into an orchestration layer to validate online identities and achieve identity proofing.
The Challenges of Identity Proofing:
Without a doubt, the most important challenge is dealing with multiple point solutions. This represents a challenge in many dimensions:
The cost associated with maintaining a vendor relationship is steep:
- Integration: each one has its own set of APIs and user interfaces
- Procurement: each one has its own contract with different termination clauses, SLAs, etc.
- Minimum Volumes: in most cases each vendor has a minimum requirement/price incentive
Now multiply that by at least 3-5 times for the average compliance operations. To put this into perspective, in the recent AITE Group Report: “Fraud, Authentication, and Orchestration Hubs: A Path to Greater Agility”, the group interviewed executives at Financial Institutions. They responded that vendor management can add at least six months to the implementation process.
Then, there is the issue of making sense of the data. The values coming from a vendor’s API need to be put together into a system that can make sense of it. In order to accomplish this, you need to normalize the data. And use a “similar” normalization across all vendors.
The value that vendors of a point solution provide may degrade over time, and new vendors may arise with better capabilities. Trying to justify that the investment on a particular solution is going to be lost is, at the very least, a difficult conversation. Now, effectiveness degradation doesn’t necessarily imply that the vendor performs poorly, but it may be that it is no longer applicable to your business needs. The Acuant platform offers a single API to access our orchestration layer with 30+ vendors of data and technology. Every integrated vendor goes through a careful process of integration into our unified identity data model that allows us to leverage abstraction layers where we can swap providers when these perform poorly for given use cases. This is, in most cases, transparent to our clients, and they can test performance of every vendor’s solution with a simple configuration change. Imagine that you want to test five different vendors to see which one provides the best verification data, how long do you think this process will take you if you go to each vendor separately? Well, you can perform this exercise at no additional cost other than the cost of the queries to these vendors.
Build vs Buy: Limited Technical Resources
We have had this conversation with so many of our clients. Many believe they can build and maintain a platform of their own. Unavoidably their biggest challenge is to secure the technical resources required to execute on it. Success depends on the organization’s commitment to dedicate technical resources for long periods of time. In our experience, compliance officers get very frustrated in this process, and almost never get what they want in the long run. Most organizations struggle to maintain the IT infrastructure required for their business requirements. Adding requirements to build and maintain the needed platform to manage risk and compliance on top of it is a tall order for most organizations. Technical resources are better focused on the business needs. Our job is to provide you with a solution so you can spend your technical resources on your business. Of course, there is a need for technical resources to integrate into our Platform, but those are far less than those required to build and maintain your own. Furthermore, when you work with a vendor like us, you are also leveraging the inputs and insights from many other organizations that have requirements just like yours, and in many cases that are pushing us to deliver far beyond your own requirements.
Leveraging Internal Data
This is perhaps one of the most difficult aspects to accomplish for any institution. Chances are that you have systems in place where there is data that would be great for informing your compliance and risk analysis. Sometimes these are legacy systems that are not easy to interact with. Many times, these systems are inherited from acquisitions or organic growth and you may not know enough about how they are put together or how to get the data out. Some clients have migrated into digital onboarding and they have built it on top of open systems where data access is (now) available. As we face these challenges along with our clients, we have developed two frameworks that are instrumental in achieving the business context their risk and compliance operations require. Modern platforms with open APIs allow for intake of data that can inform and enhance risk and compliance modeling. In particular, one of these frameworks is intrinsically connected with our supervised machine learning algorithms, which makes these techniques far more accurate.
It is not easy to keep up with ever evolving risk and the evolving requirements of your business. New risks require new solutions, and new solutions may imply upending the whole process again. Compliance and risk professionals have a hard time justifying the changes, and even if they are able to, it is hard to justify dedicating resources “again”. Orchestration layers are built to support these changes and processes.
The biggest challenge, technically speaking, is putting all the information together into a single framework where you can make sense of all the pieces. This is not an easy task for many reasons, but fundamentally because you have to think about how to build a scalable system that can handle large amounts of data and make decisions in real time — but also evolve as things change. Furthermore, it is the only way to properly take advantage of big data technologies like machine learning, statistical modeling, and the latest AI techniques you’ve been reading so much about. Orchestration and corroboration hubs fulfill this function and enable an ensemble of risk modeling techniques, leaving room for whichever new technique is necessary.