Shifting gears with Identity Proofing in a COVID19 world

Published on May 20, 2020

By Namith Najeeb, AVP Sales & Operations

In strictly conventional terms, identity verification is the process of establishing a strong/undeniable link between a real person and real-world identity (passport, driver’s license, national ID cards, etc.). This trust is used by organizations for providing services to their consumers.

As services and users moved online, this real-world identity verification took the shape of Know Your Customer (KYC) processes to onboard/register users into organizations’ services. However, these processes only served the purpose of a one-time verification of the real world identity against the digital identity.

It has been left to primitive authentication mechanisms like OTPs to “hold the door” when it comes to security. We have had enough news on data breaches due to weak authentication processes and identity theft.

Old-school approaches do not hold good in the digital-first economy where users register and access services from the convenience of their smartphones. It is no longer a fair expectation that the current generation of users can wait for 5 days to get a new account opened or a credit card approved.

Cybersecurity leaders are adapting by building Customer Identity and Access Management (CIAM) programs which have Identity Proofing as an important first step.

Identity proofing is revolutionizing businesses in the following ways:

What Identity Proofing can do for businesses

1. Enable Digital Leaders

Identity proofing technologies enabled digital transformation leaders to take the plunge by providing innovative ways of validating the 3 key parameters of digital interaction: the real-world person, the real-world identity, and the digital identity.

In a world of digital identities, businesses succeed if they manage to handle the following important aspects:

  • Faster Onboarding: In this example of a UK based digital-first fintech organization’s award-winning user experience journey, consumers could open accounts in just minutes after verifying their identities simply with a selfie with advanced liveness detection.
  • Regulated Onboarding: It is also important to know if the user is eligible to access your services. In this example, organizations have to verify if a user is of appropriate age to consume their services, and in this case, for anti-money laundering (AML) compliance check if the user is on global/regional sanctions and watchlist. These screening mechanisms enable businesses to stay aligned to local & global compliance requirements.

2. Empower Security Practitioners

Form-based logins, 2-factor authentication, and multi-factor authentication have been used extensively by organizations to ensure higher levels of security and trust in user interactions with their services. More often than not, this is done at the cost of user experience and forced upon the user.

For time immemorial, passwords have been our saviors against security risks. While it may have served its purpose, today these passwords are the weakest link in the chain and have been prone to large-scale (& infamous) data breaches. These are two of the most relevant scenarios:

  • Identity proofing of new users: A customer selfie based on certified liveness detection removes the need for creating a password. When “what you are” becomes the password a user no longer needs to remember/manage them which leads to improved security.
  • Corroboration of returning users: The user can return to use the services and using the same mechanism authenticate, allowing businesses to open up a wide range of services to the user, and account for continuous user authentication.

3. Emancipate Operational Challenges

Consider any retail organization that sells services/products to consumers, but can only do so after an identity verification process, like banks for financial products or telecom companies for SIM cards.

  • In the Interim: Businesses can leverage identity proofing technology for low-touch customer experience, and onboard new users seamlessly through existing channels. For e.g. a user could visit a retail store and simply collect a SIM card, without having to hand over documents and spend more time in the store. This can be handled digitally.
  • In the Long-term: New businesses can take shape and leverage these models easier. For e.g. a bike rental service could authenticate users simply using a 3D live map, instead of exiting methods of scanning codes or entering OTPs. Or existing businesses could open new channels of engagements with a seamless UX baked into the user journey, as in the case of telcos delivering SIM cards through self-service kiosks, as explained here in detail.

In summary, identity proofing is quickly moving from a digital business enabler, driving seamless customer experience, to an operational mandate/ solving the challenges accentuated by restrictions on physical interactions in a post-COVID19 world, while still enforcing security.

It is left to the imagination of businesses in terms of how this ‘new reality’ is shifting/will shift the way users interact with their businesses. In any case, the ability to prove or corroborate the identity of a remote user will cease to be a point of differentiation and become a point of parity for most digital businesses including those in Banking, Aviation, Telecom, Retail, and many more.

Namith Najeeb

Namith Najeeb is AVP at Evanssion for Sales & Operations