Why Digital IDs Need A ‘Trust Anchor’

Acuant’s CEO, Yossi Zekri, contributed to this article in PYMNTS.com; you can read the article at its original source here.

Customer experience is the Holy Grail of commerce — especially for eCommerce.

But the ease and speed that consumers demand when transacting online comes with risk, as merchants need to establish identity — in other words, being certain that customers are who they say they are — in a world where buyers and sellers may be continents apart. The fallout hits everyone involved via a fraudulent transaction, and, as the data shows, account takeovers are on the rise.

Establishing identity in the digital world is proving to be a fluid process, as questions are multiplying around the collection, processing and ownership of data.

PSD2 is here, of course, changing the way consumers and companies access data. And recently, legal challenges centered on data collection have begun popping up. For example, the Illinois Supreme Court ruled earlier this year that companies can be sued for biometric data collected without users’ consent.

As Karen Webster noted in an interview with Acuant CEO Yossi Zekri, although technology (and even use cases) are still evolving when it comes to digital identity, some basic “best practices” can be identified and embraced.

“If you think about process overall, it’s all revolving around … [a] balance between risk and friction,” he said. Compliance impacts friction — likely increasing it. That’s especially true along the traditional and current methods of authentication, he said.

Nowadays, verification spans many conduits and data points — including something the consumer is (i.e., ascertained through biometrics), something the user knows (such as a password) and, more recently, something new, which is how one behaves.

But, said the executive, the creation of a “trust anchor” can be accomplished by establishing the authenticity of a government-issued identity document. From there, you can layer on biometrics, embracing what works and shunning what doesn’t.

Forget What You Know — Literally

As for what doesn’t work: You can toss the “something you know” aside. Passwords — and their easily forgotten nature — create friction and the irritation of repeated log-ins, on the best of days. As Webster noted, passwords are likely floating around somewhere on the dark web, pilfered as part of one of the innumerable data breaches seen in recent years — possibly up for sale.

Everybody knows what you know, it seems.

Zekri said the “trust anchor” can carry extra weight through a government-issued credential “that has in it, and encompasses, the complete verification process that went into that credential.” Government-issued documents, he continued, are created using forensics proof, may have chips embedded (for extra security) and have the benefit of “an automated element to establish the validity of that credential.”

Introducing Biometrics Into the Mix

Where biometrics comes into play, he said, is through interactions that link a face to a person and facilitate a sense on the part of the merchant that “you can interact with that identity in an easier way in the future.” In other words, the trust anchor is established at the beginning of the relationship or transaction and carries over into the future — reducing (and perhaps even eliminating) friction.

Heavy lifting is required to create a digital identity solution robust and flexible enough to be ubiquitous across consumers’ preferred channels.

“And it will take some time to get there,” said Zekri, because questions still surround “the philosophy of what is that digital identity, where is it going to be, where is it going to reside and how would it work?”

The User in Control

“I think where the future goes to is bringing that trusted identity, including a biometric layer with a digital ID as the delivery mechanism,” Zekri predicted.

But there’s a twist: “The user should be able to choose how and where the data is shared,” he said.

In this case, it’s the user who takes control of the verification process — deciding what parts of their identity, and data, a company can utilize to establish verification.

Consider the use case where a fingerprint is offered up to open one’s email account, but where a more extensive (and individual) combination of credentials must be established to access the sensitive information contained in, say, tax returns.

The flow of credentials is designed not to create friction, but to provide permission.

Zekri noted that once credentials have been established, it’s possible to have a “permission or scoring system” that allows a user to be approved “across different areas [and activities] up to a certain level, but you are also approved for all things below that.”

Then, he said, interactions truly do become frictionless. By sending a command or showing one’s face, an app can conceivably “know” an email or bank account is accessible because the consumer has already gone through the higher level of authorization built into their digital identity.

When asked what use cases are in urgent need of trusted anchors, Zekri said this: Involve “access management,” where identity is being used with healthcare and hospitality among as many as 15 markets (beyond financial services) that can benefit from digital identity and more robust credentialing methods. In those verticals, there is a continued and growing need to combat crime and terrorism and satisfy an environment zeroed in on anti-money laundering (AML) and Know Your Customer (KYC) regulations.

“As technologies evolve,” said Zekri, “you can layer all these additional elements to that trusted identity.” He offered a range of scenarios: authenticating a driver’s license at home, verifying geolocation that matches the address on the license, capturing and verifying a passport as a second ID and authenticating the chip in that passport (which matches the face). A user’s voice or iris can be layered on, too.

Regardless of the number of layers, “the core is still the same,” he said. There’s no personally identifiable information (PII) moving back and forth along traditional means, but there may be a token traveling between parties with limited information, accessible with a limited key offered up at a single point in time — “and then it all evaporates,” said Zekri.

To make it all ubiquitous, Zekri said Acuant is currently focused on the first piece of the puzzle, tied to enrollment, across all manner of devices and locations. In the end, the transaction is a process marked by frictionless behavior and individual control.

“We are working on something that ultimately we believe is a good methodology to both store and communicate that information” — and though different people will do different things across different digital identity constructs, the trend is to “merge into one” solution.

“Who’s going to provide that one thing?” he queried. “Like anything else, it’s an evolution. We are trying to facilitate the process” for providers that may, at the outset, be competing entities, “and create [a] trusted identity for them.”

Four Digital Identity Predictions for 2019

Identity fraud – which according to Javelin Strategy and Research was an all-time record high in 2017 – has left consumers frustrated with the current identity verification process. As such, identity – and protecting that data – will have greater value than ever before. Trusted transactions are critical to reducing fraud and fueling growth for businesses and governments. When it comes to addressing fraud, digital transformation and improved customer experience are driving change. Here are four changes to expect in 2019 and how business and government leaders should be prepared.


GDPR progress will drive additional identity-related legislation: The progress of GDPR will drive continued adoption of identity-related legislation across the world. The U.S., currently a hotbed of frustration over the mismanagement of personally identifiable information (PII) and lack of protection for digital identity, will begin to adopt similar legislation in 2019. Recent revelations into questionable business practices and Congress’ increasing focus on technology behemoths Facebook, Amazon, Google and others will drive the U.S. government to reign in the industry with compliance requirements, similar to Sarbanes-Oxley after the Enron and Worldcom debacles.


Passwords & KBA will continue to die a slow death: The case for multi-factor authentication continues, but it is 100 percent clear that passwords alone are no longer sufficient. Ongoing and increasingly sophisticated hackings and data breaches are evidence that businesses must do more to safeguard sensitive data and Personally Identifiable Information (PII). There are many ways that identity verification technology today allows for more secure options to layer on or replace passwords and knowledge-based authentication (KBA) altogether. Consumers are catching on while businesses catch up to meet new security standards.


Biometrics will gain more traction, especially in travel: In many industries, but particularly travel, we will see the rapid and expanded adoption of biometrics thanks largely to smartphones. 59 percent of flyers think that using biometrics when passing through TSA checkpoints would make flying safer by increasing identification accuracy and the TSA recently revealed its plans to expand the use of biometric technology across airports in the U.S. We are already seeing the trial and expansion of eGates and ePassports in the US and globally.


Self Sovereign Identity will become popular: Governments and companies are struggling to protect citizen and customer information from escalating cyber-attacks. Self Sovereign Identity (SSI) can increase efficiency for companies to get the identity assurances that they need and prevent the massive data breaches that have become weekly headline news. SSI can also allow people to decide how their data is shared and monetized which is increasingly important as identity will be seen more and more as currency. This notion will drive consumers to advocate for more ownership over how and when their personally identifiable information (PII) gets shared. They’ll expect financial institutions, retailers and government entities to better protect their data while offering greater flexibility around how it’s being used.


Trust is the cornerstone of the economy. Without trust in our system and the ability to transact seamlessly and easily via technology, organizations will be stymied in their ability to innovate and compete. We need to create trusted transactions that put individuals at ease and in control, while simultaneously allowing businesses to address their appropriate level of risk.




security white paper cta

Tech Solutions for Access Control and Visitor Management

With news of massive data breaches in the headlines every other week, it’s no surprise that security threats are a growing concern for businesses. A February 2017 study by Javelin Strategy & Research found that 15.4 million Americans were the victims of identity fraud in 2016, a dramatic increase of more than 2 million people from the year before.

From glittering high-rises to government labs, security professionals want to make sure they’re letting the right people into the building. It’s extremely important for a number of industries, including education, defense and airlines, to prevent security breaches and stop the unauthorized access of sensitive information.

Fortunately, there are a number of quick and easy technology based solutions for access control and visitor management. These solutions can be used to verify the identity of individuals entering your business.

ID Authentication & Scanning

ID scanning is used to authenticate an identity document and determine whether the holder should be allowed entry into the premises. There are several types of ID scanners that verify documents in multiple ways: Some scan the ID’s barcode, while others read the ID’s magnetic stripe like a credit card, and more robust software can perform forensic tests to ensure that an ID is not forged.

Solutions such as this can be facilitated via a desktop scanner, but there are also more modern and efficient experiences via mobile apps and self-service kiosks. These are especially helpful for high traffic environments and also offer a solution for employee and personnel access monitoring in high risk buildings.

In the event of a crime or disturbance, an integrated ID scanning solution can track the history of the documents that it reads in order to identify potential suspects. Scanners allow businesses to capture information such as an individual’s name, age, gender, photograph and other identifying information, along with the date and time of access into their applications. Businesses can easily create and manage visitor logs and even use this technology to facilitate easy badge printing with accurate information. In addition, they can maintain a list of VIP or banned users among the business’s clientele to check against when an ID is scanned, alerting employees of preferred or barred status.

Biometric Security Measures

Although ID scanning is an effective way of controlling access, it doesn’t verify that the ID holder and the ID owner are the same person – after all, IDs can be stolen or fake. To do this, you’ll need to use alternate security measures. One example is biometric security, which identifies a person’s unique traits, such as in facial recognition, fingerprints, voice or eye patterns.

Biometric security measures are more secure than ID scanning because they effectively remove the chance of impersonation. They are automated and extremely quick while leaving very little room for error. Another benefit is that biometric security measures can easily be added to existing security systems that are mobile, desktop or even kiosks, in order to provide secure authentication.

No matter your environment, it does not hurt to think about simple but effective ways to be more secure.

New Call-to-action

Improving Border Security with Better Technology Solutions: ePassports and Acuant CHIP™

Governments are increasingly turning to advanced technology like ePassports to secure their borders and its about time. Some nations like the Netherlands and Brazil use ePassports throughout their countries, but in many cases, it seems like the technology is far ahead of the adoption. With 328 ports of entry, more than 7,000 miles of borderlands and 95,000 miles of shoreline, the U.S. cannot rely on physical barricades and security checkpoints alone. ePassports that contain biometric information can be used by border security to quickly verify the identities of travelers without sacrificing accuracy.

Biometric passports include microprocessor chips that are embedded into the cover. Currently, facial, fingerprint, and iris recognition are the three types of biometric methods used in e-Passports. The chip contains a digital file of each biometric feature, and a comparison of features is performed at the time of crossing. The International Civil Aviation Organization (ICAO) has detailed the specifications that machine readable travel documents should have to create standardization across countries. Public Key Infrastructure (PKI) is used to authenticate the traveler’s identity through the passport chip. PKI makes it difficult for identity thieves and other criminals to forge ePassports.

Facial recognition is another component of ePassport technology that can aid with border security. Canada is already planning to use facial recognition technology within their major airports by the end of 2017. This new technology aims to allow passengers to use self-service border kiosks to assist with clearance. As biometric identity verification becomes more reliable and commonplace, consumers can use this technology through their mobile devices or at self-service kiosks in airports.

The omnipresence of biometric technology will enable more thorough screenings in less time. Chip readers can also be used in more commercialized settings, like in the hospitality industry. International travelers can use ePassports at self-service kiosks in hotel lobbies to bypass the language barrier and check into their rooms. ePassports can expedite the check-in process for hotel guests while leaving hospitality staff free to provide more personalized service.

Our new partnership with Mount Airey Group, a provider of identity solutions to federal agencies, launches the industry’s most comprehensive authentication product that will strengthen border control by minimizing the use of fraudulent passports. Acuant CHIPTM – our chip reader technology will be a core component integrated with Mount Airey Group’s Ozone® ePassport validation product.

The comprehensive ePassport solution is designed to handle a host of issues unique to passports with individualized policies for every country, and complies with all ISO and ICAO standards. We expect demand for these solutions to grow with the continued proliferation of ePassports and chip technology for border control as well as for commercial use. The convenience of ePassports makes them optimal for airports, where long lines at security checkpoints are common. Mobilizing chip reading technology in border environments will also enhance the coverage, responsiveness, and flexibility of field operations. Biometric technology is poised to become a vital component to national security and by converging physical and digital identities through ePassports, border security can improve accuracy and effectiveness.

New Call-to-action

With Over 3 Million Transactions Monthly, Acuant Debuts New and Improved ID Capture and Facial Recognition Technology that Reduces Fraud While Being Customer Friendly

The new economy provides consumers with more ways of transacting than ever before including in-person and person-not present transactions utilizing web services, mobile devices and apps. With transactions becoming increasingly digital, comes the unfortunate rise and sophistication of identity fraud. We are in the age of the biggest data breaches of all time exposing consumer username and passwords to very skilled hackers and fraudsters at large. Identity verification solutions must be robust; businesses and consumers need to take steps to establish trust and ensure protection.

So what does it mean to protect your business from identity fraud today? And how do the solutions you chose affect your customer conversion/acceptance rates and tackle customer privacy concerns? Addressing these questions and the evolving landscape of the convergence of physical and digital identity is the focus of Acuant’s solutions.

Identifying your Level of Risk and Assurance

There is no one size fits all formula for identity verification solutions. The first step is for businesses to identify the level of risk they are willing to accept. For example, a financial institution will have more security concerns than a bike sharing app and a lower security threshold. Once you know what your level of acceptable risk is, you have determined your level of assurance or level of identity verification required. In the past, a simple password and Knowledge Based Authentication question (KBA) that asks something like “In what city were you born?” has been the standard. This is no longer sufficient for secure transactions. Today multi-factor authentication is recommended.

Multi-factor Authentication means that a user has successfully met 2 of 3 categories by presenting:

  • Something You Have (ID or Credential)
  • Something You Know (password, PIN or Answers to Questions – KBA)
  • Something You Are (Biometrics: Fingerprint, Facial Recognition, Voice)

Multi-factor Authentication

Use Cases and Considering the Customer Experience

While it is obvious that certain industries (healthcare, finance, gaming, etc.) must meet industry regulations, there is an important counterpart to consider:  customer experience. Businesses must identify the balance of security and assurance they need with the friction incurred by their customers. For example, a customer onboarding experience could be as quick and easy as scanning an ID from a mobile device or desktop scanner that will prove that an ID is not a fake. Acuant’s AssureIDTM accomplishes this in seconds using the industry’s fastest, most accurate capture technology. AssureID performs over 50 forensic tests in seconds to ensure an ID is valid. If the person is present, standing in front of an employee, this may be sufficient. Retailers, restaurants and other outlets often do a quick visual scan of ID’s, but that method is not validating an ID and does little to prevent fraud. The addition of ID scanning is a quick and easy way to add level of assurance in any environment with mobile, desktop scanner or self-service kiosk options.

What about transactions where a person is not present? These types of transactions are becoming increasingly common as people find it much more convenient transacting digitally and even use apps for things such as opening a bank account. In this instance, businesses may want a mobile capture of an ID to validate the ID and also require a biometric test such as Acuant’s FRMTM (Facial Recognition Match). Acuant FRM is as easy as taking a selfie and comparing it to extracted biometric data contained in the government issued ID.  Results are given in seconds by matching the face biometrics of a selfie to the face image on the ID and authenticating they match. In addition, Acuant FRM provides liveness detection to prevent fraudsters from using static images. This ensures that not only does the face match, but also there is indeed a live person in front of the camera. This provides two separate authentication factors and offers a higher level of assurance- that a person possesses a valid ID and that they match the photo on the ID. There may, however, be an instance where all you require is facial match for ongoing transactions such as a car sharing service app. In this instance you want to ensure the person driving the car is the one who signed up for the program by engaging Acuant FRM each time they use a vehicle. Both workflows are simple and speedy for customers.

Whether you are capturing an ID, engaging facial recognition match or both- you can be sure that Acuant provides the most user-friendly experience with the highest speed and accuracy. Acuant provides the utmost security for local, mobile and cloud services. No images or data is stored on devices, which means that customers do not have to worry about misuse of personal information with Acuant.


The Acuant Advantage

In addition to being a leading identity verification provider for over 20 years, Acuant possesses the largest ID document library in the industry recognizing ID’s from over 200 countries (including but not limited to passports, driver’s licenses, visas and military ID’s) which enables our unparalleled accuracy ratings. Our solutions are made for mobile and desktop environments, compatible with Windows, iOS, Android, Hybrid and HTML 5 and built to allow meeting the highest level security requirements and regulations such as KYC, PII, HIPAA and AML. Download our apps to see Acuant in action and test your selfie skills with Acuant FRM!

iOS App

Android App


Biometrics Boom: Juniper Predicts 600M+ Mobile Devices will use Voice and Facial Recognition by 2021


Biometrics is one of the hottest security topics in 2017. Businesses are realizing they must supplement basic login credentials with much stronger authentication methods, such as fingerprint and facial recognition technologies. Juniper Research study, Mobile Biometrics: Consumer Markets, Opportunities & Forecasts 2016-2021, finds that biometric authentication is ready to move beyond fingerprints alone and use several different identifiers, including facial recognition and voiceprints.

The research notes that these methods will increase from being installed on an estimated 190 million mobile devices in 2016 to exceed 600 million devices by 2021. As biometric technology becomes more commonplace in the business environment and more accepted by consumers, industries can leverage it to ensure stronger identity security.

This will likely begin to transform security in a host of industries that are especially vulnerable to cyber-attacks. With the increase in popularity of mobile payments and mobile healthcare, the finance and healthcare industries in particular can benefit from using biometric technology to verify identities.

Here’s what to expect in 2017:

Consumers will Quickly Adopt Biometrics

When biometric technologies first rolled out, consumers were apprehensive and sometimes refused to use them.  However, this apprehension towards biometrics is being steadily broken down through consumerization. Technologies that were previously used only for official purposes are now available on the market for consumers to buy.

For example, in the US, the use and collection of fingerprints is often correlated with law enforcement, but Apple now allows users to unlock their devices through their fingerprints, which has helped break down the apprehension of using biometrics for everyday use. The use of selfies in general has allowed people to use photos in a variety of ways, and Facebook and Instagram have capitalized on that by using facial recognition. Biometric technologies that consumers once rejected have become the norm for many consumers, paving the way for much tighter security processes.


Companies will Seek to Build Stronger Authentication Continuums

As consumers embrace and adopt new technology, it’s beneficial for that technology to be more interconnected. Businesses are able to leverage this interconnected technology by using it throughout the enterprise or with their products. Utilizing biometric technology with their products, allows consumers to have a higher degree of customization and personalization. Further, an authentication continuum based on biometrics will result in a higher level of overall security, which is key for companies that prioritize robust security.

For example, just doing facial recognition by itself isn’t sufficient most of the time. Tying facial with identity, document authentication, other attributes and biometrics will build a stronger authentication continuum that will lead to a greater level of security.

With biometric technology continuously evolving and the increasing sophistication of hackers and identity thieves, the future of identity verification may more closely resemble science fiction than our current reality.

Identity Fraud Prevention in Today’s Digital Economy

With cyber criminals becoming increasingly sophisticated and hackers making headlines regularly, it is imperative that businesses employ advanced security technology. Identity proofing is a term for identity verification that is being adopted by analysts such as Gartner. From Gartner’s study1:

Identity proofing, a process that demonstrates with sufficient confidence that the user is who he claims he is, helps to establish and maintain trust in the identity throughout the relationship.

Identity Proofing Process

Collecting and verifying information about a person, provides businesses with another layer of assurance. Financial institutions can use identity proofing to prevent financial fraud and money laundering, while ecommerce companies can rely on it to combat card-not-present fraud. And with today’s technology, businesses can ensure that their processes are user-friendly, adopting technology that users are familiar with (i.e. fingerprints and selfies for facial recognition).

According to research by Aite Group, card-not-present (CNP) fraud in the U.S. is expected to reach $7.2 billion per year by 2020. Government agencies need sophisticated identity proofing for security clearances. Identity proofing also helps organizations in the healthcare industry prevent HIPAA violations. As identity fraud becomes a concern across industries, identity proofing solutions are needed to establish trust in digital relationships.

Organizations that need to proof identities are turning to third-parties to build solutions. According to the Gartner study1, third-party solutions have come up with various options for companies to use to verify identities, including:

  1. Knowledge-based verification: In this approach, the user is asked a series of questions that they would need to know the answer to in order to confirm their identity. Examples of these questions include past mailing addresses, mortgage amounts, and lender names. Knowledge-based questions aren’t entirely secure, though, since the answers to these questions can be obtained through a hack. Back in 2015, scammers were able to steal tax refunds by figuring out the answers to these questions.


  1. Secondary passwords: ID proofing services can issue temporary one-time-use passwords to verify identities. Users are sent a one-time password via an “address,” like a home address or email address. They then have to enter the one-time password to verify their identities. Organizations may ask users to bind themselves to an identity associated with a known trusted online account, like their social media accounts. The risk with these other accounts is that social media profiles and email addresses can be hacked.


  1. Biometrics: In countries with fingerprint registries, organizations can require fingerprint scans to verify identities. However, some users may take issue with this method if they are concerned about privacy. Organizations can also use voice recognition and facial recognition to verify identities, although facial characteristics change throughout life. As biometric technology becomes more commonplace in the business environment and more accepted by consumers, industries can leverage it to ensure stronger identity security.

Proofing identities in other countries can be challenging since different countries use varying forms of government-issued IDs. According to the Gartner report1, some of the problems global companies can run into are:

  1. Social Security Numbers Create Vulnerabilities: In the U.S., citizens are often identified by their Social Security Numbers, but this method of identification doesn’t translate over into countries. Some countries also do not have official national IDs. Instead, these countries will issue out IDs for specific purposes like access to healthcare or tax collection, which may not be considered sufficient for identity proofing.


  1. Different Global Standards: Privacy and data protection legislation vary between countries, which limits the information identity proofing services can capture, gather, and store. This legislation can even block companies from sharing data across borders.


  1. Technology Verifications Often Falls Short: Technology limitations and regulations can prevent identity proofing providers from being able to conveniently verify information against government lists like registries of births, marriages, and legal permits.

Although fraud is an increasing concern for global companies, the good news is that options for solutions are also increasing with a wide range of identity proofing services that can be adjusted to fit different industries.


1Source Gartner Identity Proofing Is the Cornerstone of Trust in a Digital Relationship, October 2016

Five Ways to Protect yourself from Identity Theft During the Holiday Season & Beyond

Holiday season means consumers are on the prowl for perfect gifts. The problem is that identity thieves are also on the prowl and taking advantage of the busy shopping season.

In 2015 the Federal Trade Commission received over 490 thousand complaints related to identity theft, almost doubled from 2014. Identity theft and the associated spike in activity during the holidays impacts millions of people. According to the 2016 Javelin Identity Fraud report, identity theft cost consumers more than $15 billion in 2015.

The good news is that there are ways to protect yourself. Certain behaviors during the holidays leave consumers more exposed and at greater risk of identity fraud. Learn what you can do now!

    1. Conduct your Business with Institutions that Verify Identity

Taking the step online and in-person to verify an identity saves millions. Verification solutions range from fast and easy (show your valid ID) to cumbersome and time consuming (enter your password and answer 3 questions, etc.), but they are rapidly changing. It is in businesses’ best interest to adopt verification solutions that are fast and customer friendly, encouraging loyalty and trustworthy transactions. We are past the days when a password meant you were covered and manual ID checks by untrained employees were sufficient. Proper document authentication via a quick card scan, biometric matching via a selfie, fingerprint or voice to match a person to their ID- these are solutions that are available today to institutions of all industries. Find businesses that are adopting this technology.

    2. Don’t get lost in the Holidaze: Monitor Accounts & Secure your Smartphone

It’s easy to get distracted this time of year with a flurry of activities, travel and many transactions. All the more reason to be vigilant; monitor your accounts and make sure to report any unusual activity right away. Also, don’t discount the value of securing your device. As we move increasingly into a mobile world where your smartphone holds most of your life, why wouldn’t you take the time to safeguard these targets for cyber crooks? Apply software updates when they become available, use protection on Android and iOS devices, such as a passcode or biometric lock (fingerprint), and engage the ability to encrypt and remotely wipe the contents of the device in the event it is stolen.

    3. Mind the Data Breaches

One in five data breach victims suffered fraud in 2015, rising notably from one in seven in 2014. 2016 was unfortunately a banner year for data breaches. There was no shortage of major hits including the U.S. Department of Justice, LinkedIn, Snapchat and a contender for the biggest data breach to date Yahoo. Chances are, if you’ve ever had a Yahoo account, your information has been leaked.
The first step is to pay attention and update your security information on any site that has been breached. Follow instructions from the institution and keep up to date on recommended actions. Find out from the company what information was stolen, even if they tell you that your stolen information was encrypted. You might consider calling credit bureaus to alert them you are a victim of identity theft as well as banks and credit cards companies- doing so will lock your accounts and prevent further transactions.

    4. Go Private with your Wi-Fi

If we know that major companies are susceptible to hacks, you can be sure that your local coffee shop’s Wi-Fi is also a target. Best to keep any activities that require your personal and credit card information for secured internet connections only.

    5. Don’t be a Sucker for Scams

When it comes to suspicious special offers in your inbox and tempting links to click for crazy good deals, just say no. This is prime time for email phishers. Thieves are becoming more and more sophisticated using branding and names of trusted retailers to look like a legitimate source- mind the URL’s, when in doubt do not click! And never give personal information to an untrusted site or source. Scams can be related to shopping, false charities, and even utilities during the cold winter months, so be on guard!

    Identity Verification Solutions Help Businesses and Consumers to Transact with Trust

As hackers become more sophisticated, identity fraud is turning into a primary concern for consumers and companies alike. Companies should be showing consumers that they are taking measures ensure identity validation and document authentication.

Manually checking ID’s by untrained staff and comparing information from the document to the ID’s barcode doesn’t cut it today. Proper document authentication is a key investment for companies. An automated authentication solution can have multiple benefits including accurate information capture from ID’s for CMS and database management, streamlining staff workflows and preventing unintentional errors or oversights.

Companies should adopt layered approaches to identity verification: trusted authentication software to authenticate documents like driver’s licenses and passports and identity verification technology (that goes beyond passwords and knowledge-based questions that can easily be hacked) such as biometric options for facial, fingerprint and voice matching. Be sure that solutions are fast and customer friendly!

Acuant Maintains 100% Uptime During Dyn DDoS Attack

On October 21, 2016, a DDoS attack on Dyn, a major provider of DNS services, affected many major, high traffic sites including Spotify, Twitter, Netflix, Reddit, and The New York Times. While many companies were scrambling, Acuant services remained intact during this attack. This was not merely good fortune, but due to our investment in redundancy and continuous deployment.

At Acuant, our goal is always 100% uptime. In fact, our uptime has been 100% for the past 24 months. Holding ourselves accountable leads us to building redundancy into our architecture. Redundancy means that if one component fails, another can take over.

Some of the steps we have taken to provide high availability are:

  • Our services are hosted at 10 different locations across USA and EU. If one location fails, data is automatically transferred to another location within the region.
  • All the data is filtered by a Web Application Firewall which weeds out all malicious traffic.
  • We use a highly available and scalable cloud Domain Name System (DNS).
  • We use a global content delivery network (CDN) service that accelerates delivery of our APIs to our customers.

Investment is a key concept here. All these architectural choices cost us time and effort to deploy and maintain. These efforts are very important to us because we know how critical our uptime is for our customers.

Agility is crucial for a modern engineering organization to respond quickly to bugs, security vulnerabilities, or the next attack on Internet infrastructure. For this reason, our team and processes are set up to deploy new versions of our service on short notice. We regularly deploy several times a week, and sometimes multiple times a day.


When your identity provider is down, your business is down and financial losses may be incurred. Beyond revenue loss, your reputation suffers and in turn erodes your brand. Even though the recent DNS attack did not impact our customer base, we continue to be vigilant to ensure that our service remains available during future attacks. We achieve this through rigorous accountability paired with thoughtful technical investments and agile practices.

5 Reasons Why Every Business Needs Identity Solutions

Gathering information from customers and verifying the identities of those who provide it is becoming a simpler task, with the advent of identity solutions that enable businesses to capture, process and verify information in a single step.

Most identity solutions combine hardware systems, software and even cloud-based solutions to make capturing information as easy as swiping a credit card. No more paper forms to fill out. No manual typing of information. It sounds almost magical when you think about it.

But is this new technology simply the latest fad or something your business should seriously consider? Here are 5 reasons why your business should be investing in identity solutions now:

1. Streamlined Processes & Greater Accuracy


Whether they are paper-based or computerized, using forms to gather customer information has its limitations. Customers spell things wrong, leave things blank or mistype information. Handwriting can be difficult to read on paper-based forms, leading to data entry errors. Even your own employees can make mistakes when typing information or merging it with other data in the system.

By contrast, the technology behind identity solutions virtually eliminates manual input of information for greater accuracy.

A simple swipe of a driver’s license, state-issued ID, passport, or other ID easily captures relevant information, intelligently populates the fields for use in third party databases, and verifies the identity of customers in a single step. This saves time, money and frustration by simplifying a formerly complex process.

2. Better Customer Relationships

By eliminating the annoying pile of paperwork that most customers fill out on their first visit, you’ll be one step ahead of your competition, making your business more customer-friendly from the start.

Furthermore, the additional time you can spend with your patients, clients or customers when you eliminate the lengthy check-in process becomes a great way to start customer relationships on a positive note.

Even customers who shop online will appreciate the streamlined process that identity solutions allow, enabling them to proceed through to checkout with minimal input of information.

Finally, you’ll build trust with customers when you take the time to verify their information. Customers will appreciate your attention to safeguarding their identity, building rapport and brand loyalty.

3. Increased Security

With threats of domestic terrorism on the rise, it’s more important than ever to verify the identities of customers and other visitors that enter your store, facility, practice, or campus. Identity solutions are a great tool to instantly verify the identity of any visitor quickly and easily, making both customers and employees feel safer.

The integrated technologies of many identity solutions can give your business the ability to process and verify visitors quickly, while capturing detailed information and images from visitor ID’s, business cards, or passports.

4. Deter Fraud

lexis nexis

Excerpted from LexisNexis.com

By verifying the identity of shoppers both in-person and online, you’ll decrease fraudulent transactions which lead to lost merchandise and chargebacks that cut into your bottom line.

Identity solutions don’t just verify that the credit card or other payment method is valid. They also verify the identity of the card user, effectively preventing transactions from lost or stolen credit cards.

5. Regulatory Compliance


Using identity solutions is a great way to comply with legal requirements imposed by state and federal laws. For example, if you serve alcohol or sell other products that cannot be sold to minors, identity solutions enable you to verify the identity and age of potential customers, so you stay in compliance with the law, avoiding costly fines and even lawsuits. Financial service providers can ensure that their customers have a fast, positive experience when opening accounts while meeting the Know Your Customer (KYC) and Customer Identification Program requirements.

Identity solutions are also a great tool to help medical practices and other businesses comply with growing HIPPA regulatory compliance requirements.

Emerging identity solution technologies are changing the way business is done for the better, leading to reduced paperwork and greater accuracy, increased security, less fraud and better compliance with regulatory requirements, while providing a better customer experience all around. If you’re interested in moving your business forward, while saving time and money, it’s time to consider identity solutions for your growing business.