Access Control – Access control is the process of allowing or denying the use of a particular resource to any unauthorized persons. This could range from a lock on a car door to a PIN on an ATM system at a bank. The possession of access control is of great importance when persons seek to secure important, confidential, or sensitive information and equipment.
Address Verification System (AVS) – a system used to verify the address of a person claiming to own a credit card. The system will check the billing address of the credit card provided by the user with the address on file at the credit card company. The other security features for the credit card include the CVV2 number.
Authentication – Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be and is genuine. Typical electronic authentication methods involve a user presenting a username and a password. Authentication technologies include other methods of demonstrating identity, such as a using a smart card, presenting a picture ID, and biometrics technologies (e.g. retina scan, voice recognition, or fingerprints.)
Authorization – Authorization is the process of finding out if the person, once identified, is allowed to have the resource requested. This is usually determined by finding out if that person has a particular level of security clearance.
Automatic Number Identification (ANI) – provides the area code, phone number and location of a person calling. Unlike caller ID, ANI still works even when the caller’s number is blocked. ANI can help identify a caller’s address for faster response times for 911 calls and can route an 800 call to the nearest vendor.
Biometric Authentication – Biometric authentication refers to any method of verifying the identity of a person by measuring an individual biological characteristic. This could include, fingerprinting, retinal scanning, iris scanning, and voice recognition.
Call Center – The call center is considered a consumer not present situation since agents are unable to review a picture ID. Agents can identify callers by verbally authenticating different pieces of information including presenting a Knowledge Based Authentication (KBA) multiple-choice quiz.
Card Verification Value (CVV) –
CVV1, is encoded on track 2 of the magnetic stripe of the card and used for card present transactions. The purpose of the code is to verify that a payment card is actually in the hand of the merchant. This code is automatically retrieved when the magnetic stripe of a card is swiped on a point-of-sale (card present) device and is verified by the issuer. A limitation is that if the entire card has been duplicated and the magnetic stripe copied, then the code is still valid.
CVV2 (also known as CVC2 or CID): CVV2 is a three or four-digit value that is uniquely derived for each credit card account. On Visa and MasterCard cards, it is a three-digit value printed in reverse italic characters on the signature panel following the last 4 digits of the account number. On American Express cards, it is a four-digit value printed on the front of the card, usually on the right side. In a card-not-present environment, CVV2 lets a merchant verify that the cardholder does in fact have the card in his or her possession.
Dynamic KBA – Dynamic KBA is a higher level of verification in which questions are generated on the fly using information found on someone during an ID verification search. Basic identification factors, such as name, address and date of birth must be provided by the consumer in order to begin the verification process. Questions are then generated in real-time from data records corresponding to the individual identity provided.
Enhanced Due Diligence – required where the customer and product/service combination is considered to be a greater risk. This higher level of due diligence is required to mitigate the increased risk. A high risk situation generally occurs where there is an increased opportunity from money laundering or terrorist financing through the service and product you are providing or your customer.
Enhanced Knowledge-Based Authentication (KBA) – a solution that generates custom multiple choice questions, utilizing internal customer data, to verify someone is who they claim to be. The main difference is in what data is used to generate KBA questions. Enhanced KBA gives an organization the ability to write and generate their own questions using proprietary data behind their firewall.
Employer Identification Number or (EIN), also known as Federal Employer Identification Number or (FEIN) – the corporate equivalent to a Social Security number, although it is issued to anyone, including individuals, who have to pay withholding taxes on employees. It is also issued to entities, such as states, government agencies, corporations, limited liability companies, and any other organization that must have a number for a purpose in addition to reporting withholding tax, such as for opening a bank or brokerage account.
Identity and Access Management (IAM) – Identity and access management deals with identifying individuals in a system such as a country, a network or an organization and controlling the access to the resources in that system by placing restrictions on the established identities.
Identity Assurance – the ability for an organization to determine, with some level of certainty, whether or not a customer is legitimate.
Identity Authentication – By using advanced tools and techniques, identity authentication companies are able to verify the identities of users at online retailers and web-based businesses like insurance companies, healthcare companies, and financial institutions, among others. Identity authentication is at the heart of online security. If you do not know who is buying from you or using your services; then what do you know? Read more about Identity Authentication here.
Identity Verification (IDV) – Identity verification is the process of validating an identity, or rather, determining whether someone is, in fact, who they say they are. In the online environment, where the customer is not standing before you, IDV means to verify the information provided is accurate such as a name, date of birth, address and SSN. More robust Identity verification processes look at an array of attributes other than just data matching in order to ensure that a customer is legitimate and not a fraudster with a customer’s compromised personal information in hand.
Individual Taxpayer Identification Number (ITIN) – a nine digit, tax processing number issued by the Internal Revenue Service (IRS). The IRS issues ITINs to individuals who are required to have a U.S. taxpayer identification number but who do not have, and are not eligible to obtain a Social Security Number (SSN) from the Social Security Administration (SSA).
Intelligent Questioning – Intelligent questioning is a process that occurs during a KBA session. During this process, actual consumer data, which can be either internal or public, is used to develop correct and incorrect answers.
Internal Data – Internal data refers to any information useful to the KBA process found within a company. Information is focused strictly around the consumer, making it almost impossible for a fraudster to know the answer to the question and helping to solve the problem of familiar fraud.
International Bank Account Number (IBAN) – an internationally agreed system of identifying bank accounts across national borders to facilitate the communication and processing of cross border transactions with a reduced risk of transcription errors.
Knowledge Based Authentication (KBA) – Knowledge based authentication, also known as KBA, is a type of authentication which looks to prove that the person providing identity information truly is that exact person. As its name suggests, KBA is based on some sort of knowledge the individual has. There are two different forms of KBA, dynamic KBA and static KBA. IDology uses dynamic KBA.
Layered Authentication – Layered authentication refers to the different levels of verification used when dealing with identity and access management that help enhance security and prevent phishing.
Local number portability (LNP) for fixed lines, and full mobile number portability (FMNP) for mobile phone lines – refers to the ability of a “customer of record” of an existing fixed-line or mobile telephone number assigned by a local exchange carrier to reassign the number to another carrier, move it to another location, or change the type of service. In most cases, there are limitations to transferability with regards to geography, service area coverage, and technology.
NIST Level 3 – One of the four levels of assurance for identity proofing as defined in the electronic authentication guideline issued by NIST. Level 3 is the highest level of assurance for remote identity proofing and requires that an identity be matched with a financial account number (e.g. credit card or bank account)
Machine-Readable Passport (MRP) – a machine-readable travel document (MRTD) with the data on the identity page encoded in optical character recognition format.
Machine-Readable Zone (MZR) – Most travel passports worldwide are MRPs and have a special MZR, which is usually at the bottom of the identity page at the beginning of a passport. The following information has to be provided in the zone: name, passport number, nationality, date of birth, sex, passport expiration date and personal identity number.
Multi-Layered Authentication – a process in which an individual can be verified by more than one authentication process or method. The goal of multi-layered authentication is to create a tiered defense with little to no friction for the legitimate consumer, and then adding in friction based on level of risk – making it more difficult for a cybercriminal or fraudster to open or access accounts.
One-Time Password (OTP) – a password that is valid for only one login session or transaction, on a computer system or other digital device.
OpenID – An web identity system that lets people use a single username and password to log in and authenticate themselves to any OpenID-compliant Web sites. OpenID is a free system that is distributed across the Internet and maintained by numerous organizations, including major sites such as AOL and Yahoo!.
Out of Wallet Questions – Out of wallet questions refer to the data businesses use to dynamically formulate questions intended to verify customers are who they say they are. The content of these questions is generated from information within a person’s credit history or public records data. The term “out-of-wallet” refers to information that cannot be found in a wallet or a purse, making it difficult for anyone other than the actual person to know the answer. These questions are typically based on places someone has lived, cars they have owned or people that they know.
Password – A password is a word or other collection of characters used for authentication. It serves as a security device to gain access to a resource.
Personal Health Information (PHI) – demographic information, medical history, test and laboratory results, insurance information and other data that a healthcare professional collects to identify an individual and determine appropriate care.
Personally Identifiable Information (PII) and Sensitive Personal Information (SPI) – information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Example PII includes name, address, social security number or other identifying number or code, telephone number, email address, etc. While the concept of PII is longstanding, it is increasing in importance as new fraud tactics emerge and as data breaches become more widespread, leading to a profitable market in collecting and reselling PII in order to defraud both individuals and organizations.
Proofing – Identity proofing is a common term used to describe the act of verifying a person’s identity, as in verifying the “proof of an ID”. Other terms to describe this process include identity verfication and identity vetting.
PKI – Public Key Infrastructure (PKI) is the basis for the digital signature which verifies and authenticates the validity of the signer involved in an internet transaction.
Relying Party – A Web site or other entity on the Internet that uses an identity provider to authenticate a user who wants to log in. Known as a “relying party,” because the website relies on the provider for authentication.
Risk-Based Authentication – Risk-based authentication uses multiple factors to determine whether or not a person is who they claim to be online. Typically, this technique includes the traditional username and password in addition to who the user is, from where they are logging in, and what kind of device they are using. Information such as historical data is also used, which includes attributes provided from the session as well as user behavior and transaction patterns.
Security Token – A security token is a physical device that the owner carries to authorize access to a network service. They are used to prove one’s identity electronically and provide an extra level of assurance through a method known as two-factor authentication.
Shared Secrets – Shared secrets are a set of security questions used to authenticate someone’s identity when you have previously vetted their ID and know who they are. Many people are familiar with this method because it is commonly deployed in banks when someone forgets their password. Shared secrets technology requires the consumer to supply the answers to the questions in advance. These answers are then stored in a database and referenced in the future to verify it is that customer. Examples of shared secrets are “What is your mother’s maiden name?” and “What is the name of your favorite pet?”
Static KBA – Static KBA is commonly referred to as shared secrets. These questions rely on information collected after you have established a relationship with a consumer, such as “What is your Mother’s maiden name?” or “What was your high school mascot?” The consumer picks a question and shares the answer with the business which is then stored in a database to use later.
Subscriber Identity Module or Subscriber Identification Module (SIM) – an integrated circuit chip that is intended to securely store the international mobile subscriber identity (IMSI) number and its related key, which are used to identify and authenticate subscribers on mobile phones, devices and computers.
Thin Files – a limited or brief credit history or not enough credit accounts to generate a credit score.
Two-Way Authentication –Two-way authentication refers to a process in which both entities, the user and server, authenticate each other in such a way that both are assured of the others’ identity. This allows network users to be sure that they are doing business exclusively with legitimate entities and servers can be certain that all network users are attempting to gain access for legitimate purposes.
Verification –Verification is the process used to confirm an identity in instances where the customer is not standing before you to show some sort of picture ID. This process requires specific information from the consuemr to be gathered such as name, address, social security number, driver’s license and date of birth.
Vetting – Identity vetting is used to describe the process of validating an ID. Identity vetting is another way of describing identity proofing and identity verification