Enhancing Privacy Through Secure Identity Verification
Enhancing Privacy Through Secure Identity Verification
Remote processes and transactions are now standard operating procedures for most businesses that aim to survive the decade. Opening bank accounts, purchasing products, and accessing goods and services from both the public and private sectors are now typically done online.
For these processes to be carried out and for an individual to gain access to these services and transactions, government standards dictate that businesses must be able to ascertain that the person they’re conducting transactions with are indeed who they claim to be, in the form of identity verification.
In the offline world, this was done by an individual by physically presenting themselves and accompanying identification documents such as a passport or driver’s license to an authorized representative of the business in question or a government agent who would cross-examine and verify that the individual is indeed the person whose photo appears on the identification documents.
These days, identity verification done digitally online opens up vulnerabilities in security and privacy for the individual and the business or government agency which can be taken advantage of by identity thieves, terrorists, and countless other malicious parties for whatever ends they pursue. An up-to-date example of this is the recent nightmare underwent by the US government’s unemployment benefits programs during the pandemic, where several states had to shut down their programs due to fraudulent claims which inadvertently deprived millions of legitimate claimants from receiving benefits.
What describes non-secure Identity Verification?
There are different levels of security for identity verification which are applied depending on the industry, scope, and gravity of the transaction being carried out.
In the case of the scenario mentioned above, the US government applies the standards set by the National Institute of Standards and Technology (NIST) in their published document (NIST 800–63A), and dictates that unemployment benefits claims must meet the minimum standard of Identity Assurance Level (IAL) 2 and Authenticator Assurance Level (AAL) 2.
Aside from the federal government’s regulations, the rest of the world also complies by other regulatory guidelines that govern the levels of security, such as the Anti Money Laundering Directive (AMLD) and the electronic IDentification, Authentication, and trust Services (eIDAS) in the European Union.
These regulations among others in different countries, states, and industries serve as guidelines for consumers and businesses or governments to abide by when undergoing transactions that require an individual to verify their identity for the prevention of identity fraud. Organizations such as Q-SERVI ensure strict compliance with these guidelines to ensure the best level of security for the individual, while protecting their privacy.
What are the methods of Identity Verification?
Verifying one’s identity in this decade comes in a few different forms. All the while being compliant with the regulatory measures mentioned above, the channels for verifying the identity of an individual can vary for access to different services. One thing to note, is that creating new accounts, or first time registrations generally have more stringent procedures than simply accessing a service that you’re already signed up for.
One-Time Passwords (OTPs)
One-time passcodes are a widely utilized and accepted form of verifying an individual’s identity. It has been proven as an efficient and easy to access method, and is at this point familiar to most if not all consumers who have a mobile device today. This method is mostly utilized by the financial sector for its consumers who are returning to access their financial services.
The way it works is pretty simple. Every time an individual requests access or logs in to their financial page to access services, a system sends out an automated text message with typically a 4 to 6 digit passcode to the individual’s registered mobile number to prove that the person attempting to access the services are indeed the client with whom the institution conducts business with.
However, this method doesn’t come without its challenges. One thing to note is that users are assumed that they are constantly tethered to the registered mobile number and that the device is active at the time of attempting to access their services. Should the individual be separated from their phones or access to it is impeded for reasons such as battery being discharged, loss of the phone, or simply forgetting and leaving it at home or at the office, that individual then loses the ability to conduct transactions or access services until they solve the problem of getting their phone back to them.
Another liability is the rampancy of phone theft these days, which is a major cause for concern especially for individuals who store their login credentials in low-to-no security applications, such as the notes function on their mobile devices. While using password management tools such as Google Password Manager can easily avert this danger, many people still prefer the simplicity of simply opening a notepad window and saving the file in their device.
Also known as knowledge based authentication (KBA), this is a longer established method of verifying one’s identity, and is often used for individuals who forget the passwords to the accounts they are accessing. Typically, this is set up during initial registration where the user is asked to choose a question for which they will also provide an answer to, such as specific account information, their mother’s maiden name, the name of the street they grew up on, or the name of their first pet.
This method is most widely used in over-the-phone transactions with mobile carriers, financial service providers, and even cable TV subscriptions at the beginning or onset of the call. The business’s representative will usually ask the user to verify certain information like date of birth or email address before providing the service the caller is asking to gain access to.
The challenge of this however, is that there are cases of fraud being committed by family members and friends of the authorized users, or simply hackers that gain the specific information about the individual. Aside from this, the users themselves may feel that the business is invading their privacy by requiring them to provide specific and uniquely identifiable information about themselves to the business they are conducting transactions with.
How does one ensure security in verifying their identity?
Ideally, the biometric approach is among the most secure in verifying one’s identity. On top of that, ensuring the individual’s privacy with verified credentials instead of revealing personal information is a popular development with digital identity wallets, such as Q-Wallet, that ensures the user’s personal data is secure and is not disclosed to any party without prior authorization by the user themself.
With Q-Wallet, one may rest assured that the sovereignty and control over the privacy of one’s personal data, credentials, and other types of personal documentation remains with the user, as it should.
Share this story...
Share this story...
To learn more about how Q Services can help your organisation, get in touch via the contact form: