One of the main problems plaguing the financial and government sectors with regard to remote enrollment is identity verification. When a remote customer wants to open a new bank account, register to vote, or set up a government benefits account, their identity needs to be verified with the utmost scrutiny. Luckily, innovations in biometrics technology and the rapid development and widespread availability of smartphones is beginning to solve this problem.
Proving Identity on a Smartphone
We’re already seeing a massive shift toward capturing and authenticating biometrics using mobile devices. This movement has the largest adoption rates in financial services, authenticating credit card transactions and logging into mobile banking apps. However, even in fintech, enrollment is a challenge. You can allow customers to enroll on their phones, but current systems for proving their identity upon enrollment – entering a username and password, or requiring a one-time password (OTP) sent to their mobile number or email – are ineffective for truly verifying identity.
In order to eliminate this problem, countries where biometric data is already widely used for these purposes require users to visit a central location to enroll, which is often time-consuming and generally problematic. The question then becomes how to confirm identity during enrollment and secure the entire process?
Start With The Device
The main point of contact for most of these end users is going to be their mobile device. It’s their main phone number, and often the main computing tool they are going to use to access their accounts and enroll. This makes it the perfect place to begin identity verification. Mobile devices already include a variety of identifying information, from a registered phone number to a unique identifier number (UID) hardcoded into the device. This combination of data points provides a good start, but any successful form of identity verification is going to rely on numerous data points, not just one or two.
As Kim Sutherland of LexisNexis Risk Solutions recently pointed out during a panel on Remote Identity Proofing at K(NO)W Identity 2017, “don’t limit your thinking to a single piece of data.”
Beyond the phone number and mobile UID number, you can start capturing and enrolling behavioral biometric data, geolocation, gait, typing patterns and velocity, etc., for future verification and authentication. Next, you’ll need account data, such as an account number or enrolled email address, and for financial and governmental use cases, a photo – or better yet video – of a government-issued ID card. This can and should be verified by a human being, checked against the users themselves and whatever relevant database is required.
And of course, you’ll want to enroll biometric data, be it facial, fingerprint, or hand recognition. And all of these data points can be collected by a smartphone.
Layers Upon Layers of Security
In addition to these numerous data points, you can also use knowledge-based authentication (KBA) as a tertiary form of verification. KBA has known issues when it comes to fraud, but as a supporting data set, it can help during remote identity verification, just don’t use it on its own.
Putting all of these pieces together can provide incredibly strong identity verification, but it’s not 100 percent foolproof. There will always be fraudsters and scam artists looking for a way around a secure process. That’s why it’s also essential to make the process as transparent as possible for the user. The more they are able to know (but not required to know), the better they will be at understanding the process, why it’s important, and the balance between convenience and security that it enables. Only then will we have a secure answer to the remote identity verification problem that’s plaguing these industries.