Compare Identity Verification Solutions

Can you verify someone’s real world identity online, without impacting users’ experience? The table below provides a summary of the more popular online verification methods, each with their associated pros and cons.

Verification MethodDefinedProsCons
Knowledge-Based Authentication (KBA)KBA verifies customers by asking them to answer specific security questions in order to provide accurate authorization for online or digital activities.
  • Well understood by users
  • Questions gathered over the course of 30 years
  • Questions must be answered within defined time limit
  • Easy to discover answers via social networking sites and social engineering
  • Fraudsters can buy KBA answers on the black market
  • Generated questions often based on credit bureau info
  • Recent data breaches exposing PII
  • Limited to certain countries
  • Often delivers a poor user experience
  • Does not rely on government-issued IDs, it lacks a certain degree of authority
  • Some customers find this line of questioning intrusive
Two Factor Authentication (2FA)Two factor authentication is an extra layer of security that requires not only a password and username, but also something that that the user has on them (i.e. a piece of information only they should know or have immediately on hand, such as a physical token or a numeric code delivered via text message).
  • Out-of-band (independent channel) authentication
  • Strong deterrent (fraudster must possess secondary token)
  • Near ubiquitous penetration of smartphones
  • Regulations such as PSD2 driving wider adoption
  • Effective verification for account opening and password resets
  • Vulnerable to key logging, SMS-spoofing, man-in-the-middle and man-in-the-browser attacks
  • NIST declared SMS-based 2FA insecure
  • Bad customer experience if you lose one of your authentication factors (smartphone, key fob)
  • Can be slow and cumbersome
  • Users must have their second factor (smartphone, key fob) with them at all times
  • Requires extra typing
  • Too easy for an inattentive user to approve an attacker’s transaction without knowing it
  • Reliance on third-party services (either authentication service providers or telecom companies) is also a factor to consider, since breaches in these services have in the past resulted in authentication failure
  • Additional points of failure
Credit Bureau-Based SolutionsMany online identity verification systems call out to one of the big three credit bureaus, Experian, Equifax, and TransUnion, who then search for an identity match within their vast repositories of consumer credit data.
  • Authoritative databases provide a wealth of information based on first and last name, address, and social security number
  • Easy API implementation
  • Definitive match provided (vs. a score)
  • Unintrusive customer experience
  • Fast results
  • People with thin credit files, usually young people, recent immigrants, or people who for some reason have very rarely used mainstream financial services, often cannot be matched
  • Does not verify that the person providing the information is the actual person behind the transaction
  • Less reliable with false positives when common names are used
  • Fraudsters increasingly have access to credit bureau data thanks to several recent breaches
  • Does not rely on government-issued IDs, it lacks a certain degree of authority
  • Implementing companies often have to state that a credit bureau check is performed in the Ts and Cs which can creates headaches
  • Some customers do not like having the credit bureaus pinged because of the footprint it has on their credit file
  • Limited geographic coverage
Database SolutionsThese solutions leverage online, social media, and offline data (and sometimes behavioral patterns) to detect if an online ID is authentic, a fraudster or a bot.
  • API-based
  • Analyzes a variety of data from different sources to verify identity
  • Significantly reduce the number of manual reviews
  • Often used for risk monitoring
  • Can be spoofed because of the ease of creating fake online identities (e.g., synthetic identity fraud) and bogus social profiles
  • Does not verify that the person providing the information is the actual person behind the transaction
  • Does not rely on government-issued IDs, it lacks a certain degree of authority
  • Often confidence score provided; not a definitive yes or no
  • Often does not meet compliance/regulatory requirements
Online Identity VerificationOften leverage a mix of artificial intelligence, computer vision, and verification experts to determine if a government-issued ID is authentic and belongs to the user. These solutions often perform validity checks via a selfie to ensure that the person holding the ID the same person shown in the ID photo.
  • Variety of AI, biometrics, machine learning, and human review used to assess legitimacy of ID and identity
  • High verification assurance
  • Relies on valid government-issued ID and selfie to verify identity
  • API, SDK and Webcam implementations
  • Definitive yes/no result provided
  • Verification results usually provided within a few minutes
  • Requires user to capture a photo of their ID and take a selfie (introduces some friction)
  • Speed of verification, especially for manual reviews
  • Geographic coverage and ID support (for some vendors)
  • Limited geographic coverage and ID support
  • Additional verification information is typically not provided
Looking for an identity verification solution you can trust?