Identity Proofing Challenges: Drivers for an Orchestration Hub

The addition of IdentityMind has revolutionized Acuant’s Trusted Identity Platform. This recent blog from IdentityMind expands upon challenges in Identity Proofing.

What does Identity Proofing Mean?

Identity Proofing refers to the ability to verify the identity of an individual or a business with a reasonable level of accuracy. Identity Proofing is performed both online and offline. The techniques for achieving reliable proofing can be somewhat different with different levels of accuracy in each scenario. The real motivation behind it is to both comply with regulatory requirements and protect your business from fraudulent actors. The proliferation of identity data breaches has rendered many identity verification services less reliable when used in isolation, so the concept of identity proofing usually implies a set of mechanisms that work together to raise the protection level against fraud.

What are the best mechanisms to perform online identity proofing or the best methods to validate an online identity?

There are several mechanisms and methodologies that must work together for increasing the accuracy of the identity proofing and identity verification process. These mechanisms include:

  • Government- Issued Document Authentication
  • Biometric Facial Recognition Match & Liveness Test (e.g. selfie)
  • Identity Verification
  • Geolocation and IP address Risk Analysis
  • Phone Data Verification
  • Email Reputation Analysis
  • Social Media Analysis

The key is to build a user experience that balances the use of these techniques. This is one of the main reasons for using a robust orchestration layer. Now, let’s talk about the challenges we are seeing the market and our clients face that drive going into an orchestration layer to validate online identities and achieve identity proofing.

The Challenges of Identity Proofing:

Without a doubt, the most important challenge is dealing with multiple point solutions. This represents a challenge in many dimensions:

Vendor Relationships

The cost associated with maintaining a vendor relationship is steep:

  • Integration: each one has its own set of APIs and user interfaces
  • Procurement: each one has its own contract with different termination clauses, SLAs, etc.
  • Minimum Volumes: in most cases each vendor has a minimum requirement/price incentive

Now multiply that by at least 3-5 times for the average compliance operations. To put this into perspective, in the recent AITE Group Report: “Fraud, Authentication, and Orchestration Hubs: A Path to Greater Agility”, the group interviewed executives at Financial Institutions. They responded that vendor management can add at least six months to the implementation process.

Data Normalization

Then, there is the issue of making sense of the data. The values coming from a vendor’s API need to be put together into a system that can make sense of it. In order to accomplish this, you need to normalize the data. And use a “similar” normalization across all vendors.

Effectiveness Degradation

The value that vendors of a point solution provide may degrade over time, and new vendors may arise with better capabilities. Trying to justify that the investment on a particular solution is going to be lost is, at the very least, a difficult conversation. Now, effectiveness degradation doesn’t necessarily imply that the vendor performs poorly, but it may be that it is no longer applicable to your business needs. The Acuant platform offers a single API to access our orchestration layer with 30+ vendors of data and technology. Every integrated vendor goes through a careful process of integration into our unified identity data model that allows us to leverage abstraction layers where we can swap providers when these perform poorly for given use cases. This is, in most cases, transparent to our clients, and they can test performance of every vendor’s solution with a simple configuration change. Imagine that you want to test five different vendors to see which one provides the best verification data, how long do you think this process will take you if you go to each vendor separately? Well, you can perform this exercise at no additional cost other than the cost of the queries to these vendors.

Build vs Buy: Limited Technical Resources

We have had this conversation with so many of our clients. Many believe they can build and maintain a platform of their own. Unavoidably their biggest challenge is to secure the technical resources required to execute on it. Success depends on the organization’s commitment to dedicate technical resources for long periods of time. In our experience, compliance officers get very frustrated in this process, and almost never get what they want in the long run. Most organizations struggle to maintain the IT infrastructure required for their business requirements. Adding requirements to build and maintain the needed platform to manage risk and compliance on top of it is a tall order for most organizations. Technical resources are better focused on the business needs. Our job is to provide you with a solution so you can spend your technical resources on your business. Of course, there is a need for technical resources to integrate into our Platform, but those are far less than those required to build and maintain your own.  Furthermore, when you work with a vendor like us, you are also leveraging the inputs and insights from many other organizations that have requirements just like yours, and in many cases that are pushing us to deliver far beyond your own requirements.

Leveraging Internal Data

This is perhaps one of the most difficult aspects to accomplish for any institution. Chances are that you have systems in place where there is data that would be great for informing your compliance and risk analysis. Sometimes these are legacy systems that are not easy to interact with. Many times, these systems are inherited from acquisitions or organic growth and you may not know enough about how they are put together or how to get the data out. Some clients have migrated into digital onboarding and they have built it on top of open systems where data access is (now) available.  As we face these challenges along with our clients, we have developed two frameworks that are instrumental in achieving the business context their risk and compliance operations require. Modern platforms with open APIs allow for intake of data that can inform and enhance risk and compliance modeling. In particular, one of these frameworks is intrinsically connected with our supervised machine learning algorithms, which makes these techniques far more accurate.


It is not easy to keep up with ever evolving risk and the evolving requirements of your business. New risks require new solutions, and new solutions may imply upending the whole process again. Compliance and risk professionals have a hard time justifying the changes, and even if they are able to, it is hard to justify dedicating resources “again”. Orchestration layers are built to support these changes and processes.

The biggest challenge, technically speaking, is putting all the information together into a single framework where you can make sense of all the pieces. This is not an easy task for many reasons, but fundamentally because you have to think about how to build a scalable system that can handle large amounts of data and make decisions in real time — but also evolve as things change.  Furthermore, it is the only way to properly take advantage of big data technologies like machine learning, statistical modeling, and the latest AI techniques you’ve been reading so much about. Orchestration and corroboration hubs fulfill this function and enable an ensemble of risk modeling techniques, leaving room for whichever new technique is necessary.



Acuant Trusted Identity Platform: now with IdentityMind Inside

The New Standard in Identity: Acuant’s Revolutionary Trusted Identity Platform

The rush toward a digital society is accelerating at an unprecedented pace. “The value of digital channels, products and operations is immediately obvious to companies everywhere right now,” says Sandy Shen, senior director analyst, Gartner. “This is a wake-up call for organizations that have placed too much focus on daily operational needs at the expense of investing in digital business and long-term resilience. Businesses that can shift technology capacity and investments to digital platforms will mitigate the impact of the outbreak and keep their companies running smoothly now, and over the long term.”

What does this mean for identity verification? The rise in telehealth, smart city services, distance learning, digital banking and even online grocery retailing is unlikely to reverse course anytime soon. For many organizations, digital transactions begin with establishing a user’s identity. Acuant’s revolutionary platform addresses one of the most difficult challenges we face within our society today: if you truly are who you say you are and delivering the answer with certainty and trust – any time, any place.

Our Trusted Identity Platform now with IdentityMind inside creates a new standard in digital identity verification by allowing for complete identity lifecycle management. Businesses and institutions can now build, proof, monitor and enable re-use of digital identities, all from a single platform while addressing their level of risk. With an unmatched digital identity engine, analyst dashboard, case management and third-party ecosystem, we provide operations ready solutions for every channel.

Identity verification should not be the whack-a-mole game it is today: fix your Knowledge Based Questions (KBA) vulnerabilities with 2-Factor Authentication (2FA), fix 2FA by adding a biometric check, upgrade your spoof-able biometric check and so on. Accessing a platform that solves for more than your current crisis or weakest point is critical. Fraud is only growing and increasingly sophisticated, especially in light of our digital economy. Businesses and institutions must look beyond today’s challenges, identity solutions must allow access to manage identity data points in real time, providing the ability to seamlessly pivot and address fraud head on.

Acuant allows you to establish a trust anchor for an identity from your chosen data point (identity document, biometric, device or email, for example). Once this trust anchor is bound to an identity, you have the ability to build custom data points, rules and alerts to manage the identity and effectively assign it a trust score. The key is making it simple; we do this in one place allowing you to access data (third-party, consortium and ingested business data) via single API integration. Businesses are able to scale and automate more processes to improve onboarding, verification and compliance (KYC, AML, GDPR & more).

Stay ahead of growing fraud challenges, don’t just catch up to them.

Download the White Paper: Graph Intelligence: A Machine Learning Approach to Measure Risk on Digital Identities

The New Buzzword in Identity Proofing: Believe the Hub Hype

There are many factors influencing the need for stronger identity proofing solutions in 2020, but fraud prevention and compliance are two of the leading drivers. A significant increase in digital transactions has created an environment for fraudsters to hide their activities within millions of transactions occurring every day. A report by Experian in 2019 found that 55% of businesses reported an increase in loss online related to fraud in 2018, predominantly around account origination and account takeover attacks. The Association of Certified Fraud Examiners reported that organizations lose approximately 5% of their annual revenues to fraud. Collectively, this is trillions of dollars lost worldwide.

Financial institutions are required to comply with KYC regulations, but the process of verifying customer identities has become more challenging in the advent of bots and synthetic IDs. At the same time, organizations need to balance risk controls with user experience. Being too heavy handed on authentication often introduces unwanted friction into the process and results in fewer customers, while easing back can lead to higher losses.

Organizations are finding that they must use advanced technology to win the fight against fraud. Fortunately, new technology offerings are making it easier than ever before for organizations to achieve that perfect balance between frictionless customer experience and strong risk controls. The technology that analysts are buzzing about is identity and orchestration hubs.

Hubs enable organizations to connect to one vendor via API or on-premises integration, then access multiple point solutions for detection or authentication. Hub solutions are also capable of integrating and orchestrating the detection inputs and subsequent stepped-up authentication via a sophisticated risk engine.

Gartner reported that “by 2023, identity corroboration hubs will displace existing authentication platforms in more than 50 percent of large and global enterprises.

Gartner also states that there is a growing trend toward orchestrating identity proofing, fraud detection and orthodox credential-based methods that are traditionally used to provide confidence in the identity of returning customers.

An identity corroboration hub provides the ability to build and manage one true digital identity. This means that you have established a verified identity via a trust anchor, tied it to a person, and now have access to a trusted identity platform that continuously authenticates this identity through real-time monitoring.

The corroboration hub offers tracking and analysis of true identities linking their connections and their activities in real time, while protecting their privacy. This allows for true identity verification at any point in time, to pinpoint fraud, and also determine when and how to verify an identity, expanding the scope of identity proofing. Identity corroboration hubs prevent new account and transaction fraud, account takeovers, identifying the use of stolen or synthetic identities, and enable compliance with regulations such as KYC.

In its report “Fraud, Authentication, and Orchestration Hubs: A Path to Greater Agility,” Aite Group states that 36% of financial institutions surveyed have already implemented a hub and 45% indicate that they are likely or very likely to implement a hub in the next one to two years.

Acuant is pleased to offer this technology within our award-winning Trusted Identity Platform powered by IdentityMind. IdentityMind creates and analyzes digital identities for KYC, fraud prevention, transaction monitoring, sanctions screening and more. Through a single API, IdentityMind connects organizations with an ecosystem of 20+ partners of data and technology. Read the AITE report to see why IdentityMind ranks at the top and makes a best in class solution combined with Acuant.


Fraud, Authentication and Orchestration Hubs Report

ID Theft Checkup: 4 Ways Medical Organizations Can Better Protect Patient Data

2019 was the worst year in history for healthcare data breaches. Almost 32 million patient records were breached during the first half of 2019 – more than double the number of records breached over the entire 2018 calendar year, according to the Protenus Breach Barometer. Many high-profile organizations such as American Medical Collection Agency fell victim to nefarious attacks.

Criminals are getting through cracks in organizations’ cyber defenses to steal patient data and profit from vulnerable health systems. Why? According to a study published in Annals of Internal Medicine, over 70 percent of hospital medical record breaches compromise sensitive patient information such credit card numbers, social security numbers and birth dates.

This increases the risk of identity theft, as hackers are purportedly willing to pay ten times more for medical information than a credit card number on the black market. Hackers use medical records to solve security questions that are otherwise difficult to answer, gain access to insurance benefits, or even illegally receive prescription drugs.

Healthcare organizations must take preventative steps to better protect patient data and avoid becoming the next front-page headline (and receive a costly HIPAA violation fine!).

Adopt Identity Safeguards

Healthcare providers should take a page from the Know Your Customer (KYC) regulations adopted by the financial services industry. This practice verifies that the customer is who he or she claims to be, confirms that they’re not on any prohibited watch lists, and assesses their general risk factors.

This practice affords medical offices, clinics, hospitals and pharmacies with the ability to approve or deny customer onboarding and online transactions. Once the account is approved, the organization can use identity verification technology to simply compare a current photo against the one captured during onboarding to authenticate the patient.

Protect Access to Medical Records

To avoid HIPAA violations, it is important for the organization to ensure it’s giving the right patient access to their own data. According to HIPAA Journal’s November 2019 Healthcare Data Breach Report, there were three financial penalties imposed on HIPAA-covered entities totaling nearly 7 million dollars to resolve HIPAA violations.

Secure log-in monitoring and device intelligence can help confirm that the person trying to log in is who they say they are.

Educate Staff on Security Threats and Warning Signs

Many breaches are not malicious – they can be filed under “human error.” A current and comprehensive employee training program can better prepare healthcare providers against continually evolving cybersecurity threats. This is especially true for employees within smaller organizations, where there are fewer resources and IT staff is often tasked with managing multiple roles.

Workforce training and management is a requirement for all covered entities under the HIPAA Security Rule. A covered entity must train all workforce members regarding its security policies and procedures and must have and apply appropriate sanctions against workforce members who violate its policies and procedures.

Automate Patient Portal Enrollment

Customer onboarding is a tedious process. The manual input of forms can result in incorrect personally identifiable information (PII) being entered into patient records. Using an automated enrollment process can eliminate the hassle of long, complicated set-ups and reduce errors at the same time.

Acuant MedicScan® provides automated data and image intake of IDs and medical insurance cards. IDs and insurance cards are scanned to directly auto-populate patient PMS/EMR/EHR application in seconds.  Acuant AssureID® provides instant and seamless identity verification to know who your patient is and if they are who they say they are- all in the same step as Acuant MedicScan. Products can be layered or engaged alone.

Acuant works with healthcare providers to prevent medical identity fraud and improve the customer onboarding process. For more information, please visit our solution page or schedule a demo.

Acuant Predictions: All Eyes on Identity in 2020

As we look to 2020, we will see the protection of consumer data become a legitimate business, with the power finally in the hands of consumers evaluating what businesses they trust. Facial recognition authentication will go mainstream as businesses evaluate the best way to ensure each customer’s digital identity matches their real identity. And investments in emerging technology (like blockchain/cryptography) will finally pay off as technologists continue to displace the outdated password with more effective methods of verifying user identity.

A look at what to expect in the coming year:

The protection of consumer data becomes a legitimate business: In 2019 consumers loudly voiced their concerns over companies’ repeated data breaches and the repeated mishandling of their personal data and we saw more legislation than being enacted (GDPR, CCPA, PSD2). Next year there will be serious consequences for organizations that do not secure customer, employee or partner data. Consumers will continue to demand power over their PII and will fight for the right to control and share their information, how and where they chose to. The ‘billionaire boys club’ will continue to bring this reality to light. But who will ‘win?’ The company that figures out how to protect sovereign identity.

The rise of synthetic ID fraud pushes increased adoption of biometrics and identity corroboration/orchestration hubs: Reports of synthetic identity fraud, one of the most challenging fraud types to spot, will continue to grow. Companies – especially those in financial services – will increasingly seek robust biometric screening that cannot be easily fooled by deep fakes and image spoofing. Beyond financial services, biometrics will continue to be adopted across many industries for identity verification. Retailers will turn to biometrics for payments/self-checkout as we’ve seen with Amazon Go or Pay with a Smile, which launched in China last year. Companies – especially those in financial services – will increasingly employ identity corroboration/orchestration hubs to thwart this.

Cryptography will rapidly replace the password: The swift rise and fall of blockchain has some technologists doubting its adoption and importance in 2020 and beyond. But blockchain has brought forth the use of cryptography. This technology will be used to replace the username/password as a method of user verification. Instead, passwords, PINs, SMS codes, and other authentication technologies are replaced with public-key cryptography. Biometric authentication will become the new norm in this brave, new “passwordless world.”

Not sure how to approach digital identity in the coming year? Acuant takes a customer centric approach to identity verification. We empower trusted transactions between businesses and their customers, allowing businesses to address their appropriate level of risk and permitting consumers to remain in control of their personal information. Want more information? Let’s talk!

AI + Digital Identity: Why You Still Need Humans

Today’s data driven world has ushered in an era of constant tracking, monitoring, listening and learning. Customers expect businesses to automate their processes for efficient and positive experiences. Products are created to be tailored to individual’s needs and interests. In response, companies are leveraging data – and Artificial Intelligence (AI) capabilities in particular – to improve customer experiences and make processes more efficient.

AI has quickly transformed every major industry, bringing automation and speed to tasks that normally require human intelligence. A quick scan of headlines shows its reach – from solving a Rubik’s Cube in 1.2 seconds, to advancements that could control a smartphone or computer with just your thoughts.

The Rise of AI in Identity Verification

With identity theft on the rise, businesses are fighting to prevent and deter online frauds and scams. Machine learning and AI are ushering in a new era where identity authentication delivers a smooth experience that doesn’t require users to trade convenience for security. These technologies are increasingly being leveraged for online identity verification to protect consumers and businesses against fraud and account takeover.

AI creates a more efficient and accurate process than relying on a human to examine and verify an ID.  Computer software that is constantly learning and correcting itself can process millions of transactions at a rate unachievable by human experts.

Human Assisted AI: Don’t Extract the Experts

However, IDs are physical documents that endure wear and tear, and may feature manufacturing discrepancies. There are many factors that, if left unobserved, could result in even the strongest algorithms being tested and a genuine ID being flagged as fraudulent. For example, the quality of the camera might not provide high resolution results. Or the image on the ID may be too worn to pass automated inspection. Maybe the lighting is too dim/has shadows, or the image is too blurry and therefore the image cannot be properly identified.

The benefits of AI are best realized alongside a trained professional who can step in if the software rejects a legitimate ID,  apply their expert eye, determine what error occurred and teach the computer how to spot the issue in the future. This allows the learning model to improve through constant input and refinement of data with the oversight of a trusted identity expert.

Acuant has amassed the world’s largest document library of government issued identity documents from over 190 countries. The company combines its deep industry knowledge of country specific ID characteristics and the application of AI to scale and expedite the verification process. This has created the most comprehensive Identity Platform available.

Companies with high risk can rest assured with the Acuant Review which provides human expert manual inspection of identity documents in minutes. Forensic experts manually review and determine document authenticity in real time to ensure the legitimacy of documents flagged by Acuant AssureID suspicious (with the option to review any document or result a company wishes). This marriage of AI and human assisted machine learning results in passing more good IDs/customers (while catching sophisticated fakes) and providing a seamless, low friction customer experience.


To learn more about Acuant’s identity solutions, schedule a demo now:

A Worldwide Approach to Global IDs: Why Setting the Standard is No Easy Feat

Organizations and government entities are struggling on a global scale to determine the best methods for approaching identity management. The conversation around national digital IDs is not new. Governments around the world have expressed both interest and concern, in roughly equal amounts, about adopting these in their countries. However, some citizens of more developed countries such as Australia, Canada, New Zealand, the UK and the US are opposed to the idea of biometric based national ID schemes, mainly on the grounds of privacy.

Setting standards for the global ID verification process is no small task. Beyond the obvious – the need to standardize all identity cards or processes – there is the differences in comfort from country to country with technology advancements like biometrics and other measures.

The UK government introduced the GOV.UK Verify scheme in 2016 as a way for people to prove their identity for online government services, targeting 25 million users by 2020. As at March 2019, it has acquired 3.6 million users. Oliver Dowden MP, the Minister for Implementation, recently announced the creation of a new Digital Identity Unit, which is a collaboration between DCMS and Cabinet Office to ensure the adoption of interoperable standards. The government is also engaging the private sector to establish a commercial framework for businesses to provide digital identity for use with public services. The government hopes to bring this capability online by April 2020.

Singapore has already created a digital ID program with the SingPass Mobile app taking effect in the middle of last year. Malaysia and the Philippines have expressed interest in developing such a program

Africa is taking a less standardized approach to digital identity; each individual county within Africa has rolled out its own approach. For example, Nigeria is moving towards a single, centralized National Citizens Database bringing together various databases for SIM card registrations and driving licenses to be managed by the National Identity Management Commission which issues the National Identity Numbers. And last month (May 2019), Tanzania kicked off biometric verification of mobile telephone numbers. The ID card issued by the country’s National Identification Authority (NIDA) will be the sole document required for the process. Mobile phone subscribers are expected to use the same NIDA offices that capture biometrics for issuing ID cards to verify their fingerprints to register their SIMs.

One of the key issues that Africa is facing in general is a lack of identity management systems or governments not having the ability to identify citizens as there is a large number of the population that is unregistered, or they don’t necessarily have means of biometric verification to prove their identity.

The other issue identified is identity on mobile, because traditionally we have had physical identity documents like passports and ID cards, but the increasing trend is identity moving to mobile phones as there is a very high uptake of mobile usage across the continent, so there is a need to bring the identities of people on mobile phones and make it easier for people to access to government services, as well as authentication remotely.

The U.S. is enacting data privacy laws on a state-level, but lawmakers in the House and Senate are calling for bills aimed at strengthening individuals’ ability to control their data collected by the biggest technology companies, including Alphabet Inc.’s Google, Facebook Inc. and Apple Inc. The California data privacy law, set to take effect in January 2020, is viewed by most as the strictest consumer privacy legislation in the United States. Similar to Europe’s General Data Protection Regulation, which took effect last year, the California measure also includes more provisions allowing consumers to opt out of data sharing as opposed to forcing them to opt in before continuing to use online sites.

Looking Ahead – Why Trust is the Key to ID Verification

The convenience of being able to quickly and easily verify one’s identity comes with the loss of control over where that data is being stored and how it is shared. At Acuant we believe in creating solutions that put the power back into consumers’ hands. Companies are now recognizing that identity data collection and verification is an organization’s biggest vulnerability- and the protection of identity data is paramount. Acuant helps organizations build trust via an identity platform that allows businesses to address security/privacy concerns, regulations and their appropriate level of risk – while at the same time being customer centric.

Learn more about our trusted Identity Platform here:

New call-to-action

Global Challenges with Establishing Identity in Today’s Digital Economy: A Look from a Solutions Provider POV

Acuant CEO Yossi Zekri recently spoke at London’s premiere Identity Week Show. Here is a bit of what Yossi had to say from Acuant’s point of view on the global challenges in establishing identity today.

We are all aware that establishing identities today is not foolproof. There is no perfect solution to protect customers and institutions from sophisticated fraudsters, hackers and data breaches. But as identity is increasingly digital and becoming a currency for consumers — the need to defend digital identity against bad actors is imperative.

Establishing a trusted Identity Anchor is the base for the Digital Identity of the future — and this is at the heart of what Acuant does.

Global Factors

Acuant sees millions of global ID transactions — heavily concentrated in North America, but capturing transactions from virtually every country every month. We see mobile use is increasing across the globe, which has its own set of challenges.

With more than 196 countries, there are thousands of identity document templates and types globally, each with unique identifiers/characteristics and security elements. This presents challenges such as:

  • Data Sets – The need for good (and a lot of) data and quality documents to establish a global document library. Systems must utilize human factors as well as machine learning to have continuous updates to libraries or databases.
  • Design – ID card issuers do not always design with authentication in mind so there are different security features which can present challenges and most have nonwhite light features making them poor or irrelevant for mobile authentication.
  • Language & Culture – There are cultural differences in language/spelling that add complexities. For example, Mohammad is written 50+ different ways, depending on the country, and Asian names often end up truncated due to the limited character space on forms.

In addition, ordering schemes differ among countries and security features on each ID are different with some being easier to forge than others and frequent changes to track. This is a constant battle with incremental fraud capabilities and the methods providers and institutions use to verify IDs are changing.

Device & Method Challenges

It is imperative today for businesses to provide an omnichannel verification solution that includes mobile. The rise in mobile adoption evidenced in Forrester’s Mobile Mind Shift Index identifies an evolving preference for mobile use.

Much of this can be attributed to millennials (currently ages 18-34), the generation most likely to own a smartphone (97% market penetration) which they check more than 150 times per day. A paper document is no longer the only method of ID verification to consider. Some reports show millennials are deciding who to do business with based on their mobile capabilities.

But verifying IDs via mobile creates additional challenges:

  • Solutions must be in real time (seconds)
  • ID holder’s appearance may have changed since ID photo was taken
  • Fraudsters are increasingly sophisticated
  • Camera quality affects the image and image quality is key!
  • Harder to run forensic tests

Solution providers need a strong Algorithm + Big Data Set + Human Oversight = for the Best Results.

Establishing Genuine Presence

Today, solutions must be able to address increasingly sophisticated fraud and presentation attacks while balancing the user experience. Businesses and organizations must match the level of risk to the use case: how much friction they add will/should depend on the level of assurance required and risk involved.

Factors to consider include:

  • Time – consumers will not stand for a lengthy or invasive process
  • Accuracy – how can this process yield accurate/ best results
  • New verification methods to support mobile/digital identity
  • Using a hardware secure element (SE)/chip authentication to securely store a mobile ID credential on a smartphone

Linking an ID to a person requires multi-factor authentication. First, you must establish there is a valid ID to establish a trust anchor. You must have a clear image that can be captured via any device and have robust authentication tests (strong forensics). Second, you must verify the person is who they claim to be which can be accomplished with biometric tests such as robust facial match and liveness tests. ID photos must be matched to be a real time selfie for a score or decision. Challenges here include presentation attacks, image and device spoofing, deep fakes and video replay.

Once you link the ID to the person, additional security features can be layered on:

  • Start building an Identity Score for easy & ongoing verification
  • Watchlist & database crosschecks: OFAC, INTERPOL, AML etc.
  • NIST certified algorithm – ICAO Standards for govt use cases such as border control


Software solutions that use AI & Machine Learning in tandem with human researchers are the best method to detect fraud. Automation cuts down processing time and eliminates mistakes. You must start with an automated solution that uses a strong algorithm, have a big enough data set, then add human oversight (mostly to compensate for image quality and variation) to get the best results and pass more good customers.

While there are no global standards today in identity verification, there are solutions that offer a  level of certainty for every level of risk. It is up to institutions to decide the amount of security they are providing, and up to consumers to decide how much friction they are willing to bear. The burden of proving digital identity is one both must ultimately face.



Beyond Machine Learning

Millennials & Mobile Health: How Providers Can Maximize Convenience & Minimize Fraud

As the largest generation in the U.S., wielding growing purchasing power, Millennials have driven change in all industries – from retail to automotive, banking to healthcare, examples of disruption abound. Their preferences are backed by powerful dollars and any company foolish enough to ignore that fact will be faced with irrelevance in short order. It may be hard to imagine that such a highly regulated and decidedly personal industry as healthcare would be able to evolve to address the unique demands of the Millennial generation. But we are seeing the evolution in myriad ways.

Millennials are used to speed and convenience – even when it comes to healthcare. They inhabit a workforce that embraces freelance work as well as telecommuting, which often means little to no downtime. As such, time is valuable and healthcare, and other routine “adulting,” must be quick and efficient. Millennials don’t accept long wait times, manual processes and slow turnaround.

Due to the great value they place on convenience, Millennials demonstrate a strong preference for “fast health” option, eschewing primary care physicians as a first line of inquiry. A PNC Healthcare study found that they are twice as likely as Baby Boomers to prefer retail clinics and acute care facilities for speed and efficient healthcare delivery. This generation’s penchant for faster and more convenient options was likely a key driver for the recent launch of CVS HealthHUBs, an extension of its MinuteClinics.

Often called Digital Natives, Millennials are keen to use technology to manage their lives. Growing up with smartphones, they are not only comfortable with digital technology but expect it at every turn. As such, they are becoming increasingly comfortable with using mobile devices for more sensitive transactions such as banking and healthcare.

There are now well over 300,000 health apps available on the top app stores worldwide, nearly double the number of apps available in 2015 – and more apps are being added each day.

From wearable sensors to mobile health apps, Millennials often look to technology to create efficiencies in their lives. Beyond mobile apps, they are demanding solutions such as online health portals, online appointment scheduling, electronic medical record access and more. Hospitals and physicians are evolving to meet these needs to provide better service to their patients.

As more Millennials become parents, they are using health facilities more frequently as well. Dayton Children’s Hospital in Ohio built a new wing with features to specifically address the technology needs of Millennial parents. From simple things like having electronic chargers available and providing a robust wireless network, to more critical services like electronic signage that lists patient precautions and connecting medical devices, such as vital sign monitors, directly into the EMR, hospital executives focused on how technology would attract and build confidence with Millennials.

While providing improved patient experiences is often the goal for implementing technology solutions, it is important to understand that patient medical data is the most valuable asset on the dark web. The dark web is a massive marketplace for stolen data and personal information that often is a result of a data breach, and notably, the healthcare industry accounts for up to a third of all data breaches.

Why do fraudsters want medical data?  It contains a trove of personally identifiable information (PII) that can be used for identity theft or to access medical care in the victim’s name. This information is hard to change and unlike a credit card breach, individuals have few options and little recourse when protected health information (PHI) is leaked.

Experian, an Acuant partner, found that a social security number will fetch about $1 and credit card information will garner from $5-110. Yet data-rich medical records – ideal for identity theft purposes – can rake in up to $1,000. Victims often spend more than 200 hours and an average of $13,500 to remediate the damage of medical ID theft.

Since avoiding technology and ignoring the demands of Millennials isn’t an option for organizations that plan to stay in business into the next decade, healthcare providers must find ways to balance convenience and fraud prevention. Here are a few ways to offer an improved patient experience, while protecting the organization from fraud.

Automated Intake Processes

It is possible to streamline and improve the patient experience by using mobile devices to enable credentialing, automate intake processes and power self-check in. Patients don’t want to be bogged down with administrative processes. By accelerating the registration process, the patient wait times are minimized. Something that Millennials will expect when visiting any healthcare provider.

As healthcare providers embrace mobile technology, front line staff can capture critical health data from insurance cards and patient IDs using a mobile device. Patient data can then be auto-populated into an application or EMR, reducing the chance of errors. This is especially true for credentialing, which should no longer rely on outdated, time-consuming, paper-based approaches that are definitely error prone. This is particularly helpful for reducing insurance claim rejections, which are often the result of incorrect or missing information. With an automated process, collected data is more complete and accurate, resulting in increased efficiency and accuracy while leading to faster claim processing and reduced rejections.

Instant Multi-Factor Smartphone-Enabled Identity Verification

Another benefit of using technology to automate processes is the ability to reduce fraud. It is easier to spot medical fraud using technology as compared to paper-based processes. Medical insurance fraud is a growing issue due to the high rate of identity theft. Mobile phones can scan and instantly authenticate IDs to create a trust anchor. From there, you can layer on facial recognition technology to verify a patient matches their ID by presenting with a simple selfie, all in seconds and in the same workflow. It is an easy way and powerful way to combat fraud.

Facial Recognition Over Passwords

Biometric technology can also be used when patients want access to medical test results, to book an appointment, or to pay a bill. Instead of passwords that are often re-used and possibly compromised, patients can use facial recognition technology to verify their identity and access sensitive health information or login to patient portals.

In a world where Millennials can – and do! – look up physician and hospital ratings online, patient satisfaction is a big deal. By embracing technology and putting more power (literally) in the hands of patients, healthcare staff can focus their attention creating positive experiences around patient care while benefiting from improving overall risk exposure. The result will be significant increases in patient satisfaction, reduced fraud, better data security, more efficient and effective patient visits and improved staff productivity.


Learn more about Acuant MedicScan

Federation and Other Trust Models for Cross Vertical Digital Identity Acceptance

Over the past year, digital identity solutions have both matured and newly emerged. Several of the Self Sovereign Identity (SSID) solutions that were first commercially introduced last year, have now made it into pilots. Others solutions are using a metered approach to build a solid credential structure to address a specific vertical use case. Still others are blending these concepts to provide support for both government led digital credential standardization as well as sector specific use cases. Each of these capabilities was presented and widely discussed recently at connect:ID 2019 in Washington, DC.

As all of the solution sets have developed support for valuable identity based processes, there are still a number of challenges for use of any of these credentials across verticals or industries. Most of these SSID solutions are commercial efforts that were instantiated as pilots to address requirements specific to an industry – examples include:

  • Self enrollment & electronic health record sharing, derived from a specific health insurer’s customer base
  • Mobile driving license generation & utilization
  • Seamless traveler initiatives leveraging the Digital Travel Credential (DTC) being defined through an ICAO and ISO partnership for use throughout the travel continuum (booking – airport check-in – baggage drop – security screening – airport vendor services – boarding – arrival – customs – hotel check-in – return trip)
  • Concepts extending the DTC concept from the traveler journey to Visa request, work permit, & law enforcement record verification processes
  • Solutions providing a digital identity to the extremely large population of people without paper identity documents
  • Digital consortium solutions for banking

As can be imagined, each of these capabilities has been implemented using varying technologies and security frameworks. All of the programs describe their offerings as being built with extensive security measures in the generation and protection of the digital credential, and just as importantly, with a Privacy By Design approach. Some of the digital credentials are built through the derivation of data from a physical document (after the performance of automated identity document authentication – often in combination with facial recognition matching of the end-user against the authenticated source document), while others use identity repositories as the data source for the digital credential. As the DTC is a token which leverages the Document Security Object from an ePassport, the initial delivery mechanism of this token to the end user is meant to be managed by the document issuer.

Security of the token also varies. The DTC imposes requirements to perform the same level of authentication for the token as for the document itself, meaning that it needs to be cryptographically assessed to determine its authenticity by the relying party. Other solutions are leverage block chain implementations to both protect and distribute the user data to support access decision processes for both physical and logical access capabilities.

The key to the evolution of a broader, frictionless identity ecosystem is going to be the development of an interoperable security framework that will allow the digital credential from one ecosystem to be fully leveraged by another. While brand loyalty drives many of these initial capabilities, use of a single credential for many disparate functions is what will drive consumer adoption globally. While it seems naive to think that a global, federated trust fabric will be deployed to support any and all of these disparate programs, perhaps the answer is an interoperable identity wallet that understands the protocols required to authenticate an end user to all points within the ecosystem using the appropriate digital credential – without any specific user action other than authentication to the device containing the digital credentials.


Ozone e-Passport PKI