Increasing scrutiny from customers and regulators combined with increasingly scrupulous fraudsters means your online identity verification program must get real. Verifying the real life identity of your online customers is a growing concern and necessity of businesses across industries.
Many of solutions exist to help companies identify the true identity of their online customers. If you’re in the market, you’ll soon discover that not all solutions are created equal in terms of fraud detection and deterrence, compliance, and user experience.
Consider knowledge-based authentication (KBA), as one example. A formerly widely accepted verification method, the KBA system is straightforward and offers a fairly positive user experience due to its simplicity: it verifies online identity by asking users specific security questions. However, it can be vulnerable to data breaches when fraudsters purchase personal data for impersonation. The 2017 Equifax data breach was one example of KBA gone wrong, impacting at least 148 million people.
As you look for the right online identity verification solution for your customer ID proofing, it’s critical to perform rigorous tests to ensure the solution you choose is accurate, meets compliance requirements, and offers a positive user experience. The last point is key, as online identity verification is found to be a critical deciding factor as to whether customers complete a sign-up process.
In the online gaming industry, for example, a study found 1 in 4 online gaming customers were discouraged from opening an account due to a negative registration experience. This trend is also witnessed in other industries, such as banking. In fact, an overly long account opening process was found to be a key source of friction and was cited as the top reason for abandonment among online banking customers.
How can companies evaluate vendor solutions to ensure they meet their needs and those of their customers? Our infographic offers 14 ways to perform a competitive bake-off and rigorously evaluate the effectiveness of different vendors.
Text Version of Infographic:
Online Identity Verification Solutions
14 Best Practices for a Competitive Bake-Off
Online identity verification is becoming a requirement across industries:
- Cryptocurrency exchanges
- Sharing economy
- Banking and finance
- Gaming
- Travel
- Retail
At the most basic level, your requirements include:
Accuracy
Stop the fraudsters. Let in the good customers.
Compliance
Avoid fines and chargebacks for AML/KYC/GDPR non-compliance.
User Experience
Make it easy for customers to perform the required tasks.
The only real way to know if your prospective vendor can deliver is to perform a competitive bake-off. Here’s how:
1. Compare apples to apples.
Compare similar types of solutions.
It doesn’t make sense to compare an identity verification solution that only performs database pings to a full identity proofing solution with liveness detection and advanced risk signals.
2. Have a representative sample.
Ideally, your test should include thousands of transactions that will lead to statistically significant results.
3. Test legit IDs as well as fake ones.
Fraudulent transactions typically make up less than 1% of total transactions.
Don’t turn good customers away. Test a large sample of legitimate IDs to see how well each vendor correctly identifies them as good.
Warning: Based on Jumio’s benchmark tests, many automated solutions are no better than a coin toss at correctly identifying legitimate IDs, which means they often deny legitimate customers.
4. Test under less-than-ideal circumstances.
Simulate real-world conditions.
PRO TIP: Include sample IDs and selfies taken under realistic circumstances. This includes pictures of IDs that are captured with bad lighting, images that are blurred or captured with excessive glare, and IDs that are bent or folded.
5. Test for expired IDs.
Loophole alert! When a passport or driver’s license is expired, the issuing agency will usually punch a hole through it.
Many automated verification solutions won’t actually catch these expired IDs.
6. Test for older or different versions of an ID.
Your customers might have:
- Older IDs
- Commercial driver’s licenses
- Paper-based licenses
Accurate identity verification solutions will be able to capture and verify all legitimate forms of ID — not just a recently issued ID.
7. Make sure a reason code is issued with denied verifications.
What went wrong?
With many vendor solutions, verifications are returned without explaining why the verification was denied.
Your chosen solution should tell your customer what went wrong so they can course correct in real-time.
8. Test international IDs.
Ensure your test includes a variety of IDs (not just the most common ID types) from the countries you serve.
INSIDER TIP: Test ID cards, older versions of driver’s licenses, and IDs in different languages.
9. Test black & white IDs.
There are no legitimate ID types that are completely black and white.
Accurate ID/identity solutions will be able to detect and deny black and white IDs.
10. Test the time it takes to receive a verification result.
Many automated solutions will boast a verification SLA measured in seconds, but when put into production, the actual response times are much slower.
INSIDER TIP: Test with production data to see in real-time just how long it takes to get a response back.
11. Test the speed of manual reviews.
Many solutions can quickly read driver’s licenses and passports because they’re only reading and extracting information from the barcode or MRZ.
When the verification goes into the “gray zone” and must be reviewed by a human verification expert, the response times can go from seconds to hours to sometimes days.
12. Audit the results.
Did the vendor catch the bogus IDs?
Did the vendor pass legitimate users?
Who performed best against your criteria?
13. Test at all times of the day.
Not all identity verification vendors operate 24/7, which can cause lag times. Test performance at various times of the day and night to ensure consistent responsiveness, regardless of normal business hours.
14. See how many results come back as uncertain.
Some online identity verification vendors return results classified as ‘suspect.’ When this happens, you are required to conduct a manual review to accept or reject these transactions, which can slow down your overall review process.
PRO TIP: While testing vendors, check to see what percentage of transactions end up flagged as suspect, remembering that the fewer, the better.
Congratulations! You’re ready to perform a successful bake-off.
When identity matters, trust Jumio.
JUMIO LOGO
jumio.com
Originally published May 15, 2018; updated December 9, 2022
