What is identity proofing and identification, you ask?
Since you are indeed alive in today’s world, you probably “prove” your identity every single day, and it’s become so routine that you hardly notice it. Essentially it’s a way to verify your identity when you apply for online benefits.
At other times, say when you’re paying taxes or applying for a mortgage, you will DEFINITELY notice it because it can be a horribly tedious and time-consuming endeavor. Usernames & passwords. Ridiculous “security” questions (what’s your favorite pizza topping? What car did you drive in 2002?). Finding and scanning utility bills. You get the drift.
But due to recent cyberattacks, this practice has come under question from digital privacy enthusiasts. But you don’t have to be a privacy or security guru to care about this subject, because your data privacy and security means everything. And it all starts with the importance of establishing digital identity in an online world.
Let’s dig into how it’s done today and how it can be done better in the future, with emerging capabilities in biometrics, security protocols, cryptography, and that handy smartphone sitting right next to you now.
Intro to Identity Proofing
Need an intro to identity proofing? If that’s the case, you’re not alone. Although technology has made life easier, it’s also presented a ton of challenges. The internet was created to democratize access to information and it’s excellent for that purpose.
However, we all use the internet now for highly sensitive transactions – your email, banking, communications with loved ones, all your memories…they all exist in the online world, and it’s up to us to protect ourselves as best we can.
Most companies are doing their best to protect your information – for their own self interest as well as yours. That’s where identity proofing comes in. Merchants and businesses need to know that their users are authorized to use their services.
Typically this is done by asking the consumer to prove who they are by sharing a “secret” like a username, password, account number or security question. Some companies require additional layers like multi-factor authentication (a text with a 6-digit code, for example) or document verification.
There are a lot of ways to approach this, but the bottom line is that most knowledge-based authentication is simply not good enough. In a targeted attack, a fraudster can answer those security questions as well as you 60% of the time.
So it’s worth looking into this and understanding how businesses use technology and information to know who you are, and keep the bad guys out.
Why Identity Proofing is Important
For the uninitiated, your “real-world identity” has to be verified in order to access a service or open an account in a lot of cases. Otherwise, identity proofing is used by businesses to verify that the correct person is accessing the correct account.
For example, an online employer or bank might have to check your real-world identity before issuing a paycheck or opening an account. In this instance, they might even ask for a state-issued ID or a valid passport to scan as well. Not to mention that the following information may be asked for:
- Your address
- Your phone number
- Your full social security number
Of course, someone could always impersonate another’s identity by using their stolen information too. Sadly, this can be done without the rightful owner suspecting a thing.
To fight this, many companies ask users to show a picture of themselves to confirm their identity. If not, a close-up shot of your state-issued ID itself could be enough to suffice.
But is that enough?
In the ideal world however, a higher bar would be far better. A password is something you know…and the dark web is teeming with usernames, passwords, birthdates, mothers’ maiden names, and favorite dogs. A driver’s license is something you have, but that could be faked too.
The third option is something you ARE. In other words, your biometrics. Your face, your retina, your fingerprint, even your voice and your gait are all highly unique and nearly impossible to hack. With smartphones now pervasive, you have a tool with a camera and built in security that is a very powerful tool in proving that you ARE who you say you are. A bad guy can’t just spoof that. For a cool example of a company that is doing interesting things in this space, check out Journey, a cybersecurity company that is focused on establishing trusted digital identity (www.journeyidstage.wpengine.com).