IDV: Identity Security Begins with Assurance
-
By
Janer Gorohhov
, Chief Product Officer at Veriff - Best Practices, Featured,
Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Janer Gorohhov of Veriff examines how IDV (identity verification) adds assurance to customers depending on identity security solutions.
“On the internet, no one knows you’re a dog.”
This line from a 1993 New Yorker cartoon heralded a shift in the internet’s history, in two ways: firstly, that the web was becoming both accessible to, and popular with, the general public– and secondly, that it was incredibly easy for the average user to hide, or even lie about, their identity.
The 30 years since the comic’s publication have brought with them significant progress in identity verification (IDV) processes, giving businesses ample capability to authenticate their employees, customers, and more, and providing a solid foundation of security against fraud and identity theft. Businesses need tools to ensure that people they interact with are indeed who they say they are, and they now have no shortage of methods to do so– from biometric data and age or address verification to government registries and documents.
But these advancements have not occurred in a vacuum: alongside them, fraud actors have been hard at work finding ways to skirt around verification processes and KYC (know your customer) regulatory protocols. Just as companies’ security arsenals have grown over the years, the amount of publicly available tools for fraudsters has also increased– particularly with the recent explosive growth of AI technology. As much as a business invests in its cybersecurity defenses and resources, failing to place sufficient priority on IDV can mean it’s all for nothing; there’s no need for a large-scale data breach if a fraudster can simply pretend to be someone with access. Whether it impacts a business’ top-line growth through missed profits and unconverted customers or their bottom line due to fraud-related expenses, failing to prioritize fraud defense is a risk that no organization can afford to take.
While consumers do want verification measures to safeguard their online activity and business, data privacy has become a prime concern in the process. Though there are certainly many factors to be considered when implementing identity-based security for one’s users, it’s one of the most important steps to take toward bringing trust to your online business or communities.
Let’s take a closer look at how businesses can, and should, center IDV in their security strategy– and how to make it work for their users.
Navigating Industry-Specific Regulation Challenges
Organizations have many options at their disposal for how to approach verification, be it for users and customers, employees, or otherwise. While some may implement their own proprietary methods, many turn to third-party vendors to support their onboarding and verification workflows. Biometric data like facial recognition is a popular option, minimizing user friction by allowing them to simply submit a selfie to complete the verification process. Another widely-used practice is the verification of government-issued IDs; in fact, many verification providers employ artificial intelligence to compare IDs against vast databases of government documents (such as passports and driver’s licenses) to automate the analysis of thousands of technological and behavioral variables, completing in a matter of seconds what would take far longer if done manually. Not only are these solutions intuitive enough for the average user, but many providers also ensure that their tools are easily maintained at scale – allowing room for companies to grow without having to regularly adjust their fraud defenses.
Which solution, or solutions, an organization uses is often influenced by the unique requirements of their business. For example, industries such as healthcare and financial services must navigate complex regulatory compliance requirements, which comprise a massive hurdle for many businesses – but one that social security number verification, checks against government registries, or proof-of-address processes can help to fulfill by tying users to a permanent residence. Online companies, such as social media platforms and online video games (particularly those with high proportions of underage users), face challenges with regard to user protection, with strict regulations like the Children’s Online Privacy Protection Rule (COPPA) capable of imposing immense fines against companies that fail to do their due diligence. Authenticating users in the onboarding process, with solutions like age verification and selfie biometrics, removes the precarious uncertainty and liability associated with anonymous accounts.
As companies grow over time and expand to new markets across the globe, or as regulations change and adapt, having an IDV partner that can handle the technical heavy lifting of compliance efforts unburdens businesses and allows them to focus on what matters most to them, like developing new products or refining existing ones. Solutions and tools like those I’ve mentioned above comprise the core of many companies’ fraud defense and compliance strategies and are effective shields against fraudulent activity, but they are far from the sole use case for IDV tech. Though many may consider the anonymity that the internet can afford them to be positive, it also enables a variety of harmful behavior that makes for an unpleasant – and even dangerous – experience for the average user, well beyond business fraud.
In Online Gaming, No One Knows You’re a Bully
Video games are a prime example of this. Gaming was previously a less connected form of entertainment with security a passing concern, centered around local play on an individual’s home system. Video games – in particular, multiplayer ones – have moved increasingly online over the years, and have had to adapt their security as a result. The advent of massively multiplayer online games (MMOs) has connected players of all ages across virtual spaces intended for fun but has brought with it new avenues for cyberbullying and toxicity between players. This has made interpersonal safety in online communities imperative for gaming companies, especially as many popular games, like Roblox and Fortnite, have a majority user audience of minors. For example, Epic Games – the developer behind Fortnite – acquired “kidtech” company SuperAwesome in 2020, and now uses their tools for children’s online safety, like parent verification solutions, across the Epic roster of games.
Putting aside the risk of losing users and profits due to parental concerns, it’s the responsibility of the companies behind these communities to maintain safety and positive gaming experiences for their young and old users alike– and that begins with removing the cover of anonymity that further enables online hostility. Of course, the added level of security and fraud protection that comes with user authentication is a boon to overall user safety, particularly as many gaming industry titans have recently fallen victim to large-scale data breaches and attacks.
While online video gaming is a perfect use case for the adoption of IDV in an industry on the rise, it is, of course, not the only application. As IDV technology continues to advance, it will provide ample opportunities to elevate a range of industries. For example, Starship Technologies is already an innovator in delivery technology through its use of autonomous drones for completing orders; by incorporating IDV into its processes, it was able to expand its roster of deliverable products by including age-restricted items like alcohol. Beyond enterprise uses, IDV is even being employed to streamline global travel and make it more accessible. Many airports across the United States have begun integrating biometric passenger authentication, and countries like Estonia have even implemented entire digital ID programs for citizens, with several U.S. states working to follow suit.
Why Verify?
For any public-facing company worth its salt, verification is becoming increasingly essential. Businesses that are behind in their verification protocols not only put the safety of their users at risk, but also their own security, company growth, and in some cases, their profits. There is a delicate balance between being able to easily convert customers and drive revenue, and losing money to fraudsters along the way. Even broader cybersecurity efforts can be rendered useless by insufficient authentication measures that allow threat actors to waltz through undetected under the disguise of an employee, putting the company’s reputation at risk by opening them up to large-scale breaches.
Business factors aside, however, a central component of the company-customer relationship is that of mutual trust – especially on the internet. Trust is an increasingly important element in a customer’s use of a particular company or product; placing a clear priority on identity security can be a major factor in gaining their trust and retaining them as a customer, just as a lackluster approach can drive them away. As rates of identity fraud and online threats continue to skyrocket (incidents increased 41 percent in 2022), people want to feel safe in their online dealings, and companies of all industries need to be willing to jump through a hoop or two for that assurance. Whether that hoop takes the form of an ID scan, a proof of address, a simple selfie, or any of the other methods available, it’s one that no company dealing online can afford to skip.
- IDV: Identity Security Begins with Assurance - August 2, 2023
Janer Gorohhov
Janer Gorohhov is a tech-savvy innovation enthusiast with over a decade of experience. Gorohhov started his career as a full-stack developer before going on to gain experience in project management, as well as fundraising and finance. He holds a degree in computer and information science from the University of Tartu, Estonia. Janer co-founded identity verification provider Veriff in 2016, where he currently serves as the Chief Product Officer.
