Frequently Asked Questions About Identity Verification

What is identity verification?

Also called “identity proofing” or “vetting an ID,” identity verification is used to confirm an identity in instances where the customer is not standing before you to show some sort of picture ID. It’s a real-time, electronic process that validates the personal information provided by a consumer.

Are there different levels of identity verification?

Yes. There are several levels of identity verification based on the level of assurance you need.  For example, you may just want to confirm that an identity is real and there are no fraud flags associated with it.  Or, in some instances you need higher assurance that someone is who they say they are.  IDology offers different levels of identity assurance through our ExpectIDExpectID IQ, ExpectID Customer Based Authentication and ExpectID Scan and Verify products.  We also have some other solutions to verify certain identity attributes such as age, a phone number or geolocation.  Learn more about IDology’s solutions.

What information is required to run an ID?

At IDology, we can locate an identity using as little data input information as a name and address. Although some companies may require that a customer provide his/her birth date and SSN, IDology can locate identities without sensitive personal information.

Where can identity verification be used?

Identity verification can be used in any situation where you are unable to check a customer’s ID in person.  Numerous industries use identity verification to confirm consumer identities online or in a call center before processing orders or authorizing any sort of account change activity.  Even when you can check someone’s ID in person but you have reason to believe it’s fake, our identity verification technology can be used.

What is a Customer Information Program (CIP)?

A Customer Identification Program verifies the identity of individuals wishing to conduct financial transactions.  CIP became a requirement by the US Patriot Act for financial institutions in 2003 to prevent financing of terrorist operations and money laundering. Banks are required to keep records of identifying information and check customer names against terrorist lists. Read more about CIP Compliance here.

What is Knowledge-Based Authentication (KBA)?

Knowledge-based authentication, commonly referred to as KBA, is a step beyond basic identity verification to prove that the person providing the identity information truly is that exact person. As its name suggests, KBA is based on some sort of knowledge the individual has.  There are two different forms of KBA, dynamic KBA, which IDology uses, and static KBA which is sometimes called shared secrets.

Are there other terms to describe KBA?

Yes, there are many and it can get confusing.  Static KBA is more commonly called shared secret questions or challenge questions.  Dynamic KBA is sometimes called out-of-wallet questions or sophisticated challenge questions.

What does Out-of-Wallet mean?

Out-of-wallet refers to the type of question being presented.  The question is designed so that it is the answers cannot be found by someone if they steal your wallet or purse.

What’s the difference between dynamic KBA and static KBA?

Both types of KBA are based on presenting questions to a consumer. The difference is dynamic KBA questions are generated on the fly using information found on someone during an ID verification search. Questions are generated based on the information within the data source you are using. For existing customers, you might want to use your own proprietary data behind your firewall. But you don’t need to have an existing relationship with a consumer to use dynamic KBA questions. Learn more about IDology’s dynamic KBA solutions.

Static KBA questions, or shared secret questions, rely on information collected after you have established a relationship with a consumer, such as “What is your mother’s maiden name?” or “What is the name of your pet?” This is why it’s called a shared secret. The consumer picks a question and shares the answer with the business which is then stored in a database to use later. Typically when setting up a shared secret, consumers only pick one or two questions. These questions are then presented each time an identity needs to be authenticated. There are several problems associated with shared secrets such as the answers can be easily guessed, or socially engineered using a social networking site, and also consumers often forget the answers they provided to their shared secret questions.

Does social networking make KBA ineffective?

Social networking makes Static KBA much less effective because a lot of the answers to these squestions can be figured out by looking at someone’s profile. However, dynamic KBA is still very effective despite consumers tendencies to share information about their lives in social networks. The answers to the many types of dynamic questions IDology uses can’t be easily guessed by an average identity thief.

What is Identity Authentication?

By using advanced tools and techniques, identity authentication companies are able to verify the identities of users at online retailers and web-based businesses like insurance companies, healthcare companies, and financial institutions, among others. Identity authentication is at the heart of online security. If you do not know who is buying from you or using your services; then what do you know?

Where does all the information come from?

There are four main buckets of data that can be used to verify an identity including credit history, self-reported marketing data, public records data and your own internal customer data. IDology’s ExpectID Customer Based Authentication solution allows you to use any of the data behind your firewall to customize and generate questions. And our ExpectID IQ solution generates questions based on information found in public records data. Although the word, “public,” may sound as if the information is accessible by anyone, this is not the case. Public data records include protected information taken from all sorts of records throughout an individual’s entire adult life. IDology has agreements to access this information in real-time for the purpose of verifying consumers.

Can I use my own customer data to generate questions?

Yes. IDology offers a solution that allows you to create custom questions based off your own internal data located behind your firewall. You still have the benefits of our cloud-based technology and our expertise in providing a knowledge-based authentication product. Using your own proprietary data allows you to present questions that are more relevant to your business and your customers.

If I use my own data, will it be shared outside of my organization?

No, the actual data a company uses to create questions is never shared with IDology. This solution is unique and is designed to answer the need we hear from organizations that they want to use their own data to generate out-of-wallet questions but they don’t want to share this data with a vendor. IDology’s ExpectID Customer Based Authentication solution allows companies to keep their data private and still be able to use it easily to verify their customers and without any internal employees having to be identity verification experts.

Filed Under: Blog

WEBINAR

BALANCING FRICTION AND FRAUD: Insights from the 2nd Annual Consumer Digital Identity Study

Featuring Christina Luttrell and Eric Leiserson as presenters

May 23 at 2:00pm EDT

NEW RESEARCH

study cover image

SECOND ANNUAL CONSUMER DIGITAL IDENTITY STUDY