NEW: 2022 Market Guide for Identity Proofing and Affirmation
Get the Guide
X
Skip to content
X
jumio-black-logo jumio-black-logo
search jumio
  • Solutions
    • Platform
    • Products
    • Use Cases
    • Industries
    • Features
    • Compliance
  • Technology
  • About
    • Company
    • News
    • Partners
    • Careers
    • Events
  • Resources
    • Library
    • Identity and Beyond Blog
    • Technical Blog
    • Webinars
    • TCO Calculator
  • Contact
    • Support
    • Sales
    • More
  • Request a Demo
  • s
  • English
    • English
    • Spanish (Español)
    • Portuguese (Português)
    • French (Français)
    • German (Deutsch)
  • Request Sales Info
High Contrast
Back to the Identity and Beyond Blog

A Seismic Shift is Occurring in the Identity Proofing Space

By Dean Nicolls | October 05, 2020
Identity Proofing's Seismic Shift

For decades, the only real way to verify someone’s identity online was to compare self-reported information, usually captured on an online form, to a third-party database or credit bureau. So, if Tom Jones at 125 Willow Street in Saratoga, California provided that information online along with his given Social Security number, then obviously that person must be Tom Jones.

Unfortunately, gone are the days where Tom Jones alone knows those bits of data. Thanks to large-scale data breaches and the dark web, cybercriminals also have access to that information. Naturally, criminals can still acquire this PII using highly targeted tactics such as social engineering and malware, or even by looking through a victim’s trash or recycling bins.

In fact, Gartner, the world’s leading information technology research and advisory company, no longer considers data-centric approaches a viable form of identity proofing because there is no test that the individual claiming the identity is, in fact, the authentic possessor of that identity. The identity assurance achieved with this capability used in isolation is relatively low, relying only on “something you-but-not-only-you know.”

That’s why we believe Gartner is predicting a pretty seismic shift over the next two years. According to the 2020 Market Guide for Identity Proofing and Affirmation:

“By 2022, 80% of organizations will be using document-centric identity proofing as part of their onboarding workflows, which is an increase from approximately 30% today” says Gartner.

Data-Centric Solutions Continue to Play an Important, Albeit a Diminishing Role

Per our understanding, While Gartner may not consider data-centric approaches a viable form of identity proofing, it remains in vogue because of regulatory KYC requirements and online friction. A critical element to a successful Customer Identification Program (CIP) is risk assessment, both at the individual and institutional level.

While most regulatory bodies provide high-level guidance for CIP, it’s still up to the individual institution to determine the exact level of risk and policy for that risk level. But, most KYC regulations set forth minimum requirements to open an individual account, including:

  • Name
  • Date of birth
  • Address
  • Identification number (e.g., Social Security number)

Depending on geography and jurisdiction, there may still be compliance requirements in regulated industries to check static data sources in order to tick the CIP box.

Concerns About Friction

But, there’s another fundamental factor at play that keeps many enterprises addicted to non-document approaches: friction. Pinging a credit bureau or public database is quick, easy and inexpensive. It can also be done in the background as the consumer is completing their online application. Compared to ID-centric approaches, data-centric approaches involve virtually no friction. As soon as you ask a user to take a picture of their ID and a corroborating selfie, you are introducing some level of friction. Because of this concern, and the impact it may have on conversion rates, many organizations consider checking of static data to be “good enough.”

According to Gartner: “This good-enough estimation plays into the fact that checking of static data is typically much less expensive than document-centric identity proofing.”

The Cost Benefit Pendulum is Shifting

Organizations must weigh the benefits of higher levels of identity assurance against the costs and friction associated with document-centric approaches. Historically, the benefits of taking a data-centric approach outweighed the costs, but this is changing. The damage that a bad actor can inflict on a brand varies by industry and includes:

Online Fraud

There are a number of different types of fraud that can be perpetrated by a criminal if they’re allowed to create an online account, including, but not limited to:

  • Sleeper Fraud: An individual applies for a credit card, establishes a normal usage pattern and solid repayment history, then maxes out the card with no intention of paying the bill.
  • Account Takeover: Criminals gain access to someone’s bank account to make unauthorized withdrawals and purchases via credential stuffing attacks.
  • New Account Fraud: A hacker uses another person’s personal information and good credit rating to open an account and borrow money using fake credentials.

 

Money Laundering

When criminals succeed in creating illegitimate new accounts in the names of others, it means they have control over complex networks of mule accounts, transferring money between them in order to distance themselves from their everyday criminal activities.

Trust & Safety

In the sharing economy, where strangers are transacting with strangers, the entire ecosystem is based on trust. Whether it’s ride sharing, home sharing or an online marketplace, consumers need to feel safe in order to use the service. But, this also applies to the drivers, the homeowners and the online merchants that they won’t be victimized by physical harm or financial fraud.

Brand Damage

When an organization is victimized by a bad actor and the news hits the media, it can be an existential threat to the entire enterprise. At that point, it’s all about the PR response and helping to mitigate the damage. This is not only a major distraction to the organization, but it can threaten their very commercial existence.

Compliance Fines

The fines now being levied against organizations who have been lax with their CIPs are paying a bitter toll in terms of regulatory fines. In December 2019, German telecoms provider 1&1 was fined €9.55 million by the Federal Commissioner for Data Protection and Freedom of Information (BfDI) for having insufficient authorization procedures in place. All someone needed was the name and date of birth of a 1&1 customer to access extensive personal information regarding said customer. On top of this, massive fines are being handed down to banks who continue to struggle in their obligations to combat financial crime, with AML fine values in 2020 already surpassing 2019.

Increased Familiarity Breeds Adoption

Another reason the pendulum is shifting to document-centric approaches is because the amount of friction to capture a government-issued ID and selfie is lessening. The process itself is increasingly a ubiquitous experience. Thanks to the widespread adoption of Apple’s Face ID and Android facial recognition, face-based authentication is increasingly familiar and comfortable. And it’s getting a whole lot faster. Just a few years ago, it might take several minutes for an identity verification provider to return a go or no-go decision for an online applicant — now the process is measured in seconds.

Gartner themselves are fielding more client inquiry calls about identity proofing, as is evidence of the gradual, but ongoing move away from relying on data-centric methods alone. “Results from a recent Gartner poll of 105 respondents (via Research Circle, a Gartner-owned online community), showed that 61% used data-centric methods for identity-proofing needs, and 33% used document-centric methods. Of those using data-centric methods, 10% planned to move to document-centric methods in the following 12 months. It’s important to note that this poll was taken before the COVID-19 pandemic caused global lockdowns and increased the focus on digital channels.”

Together, the rising costs of onboarding criminals associated with data-centric methods, coupled with the increased usability and identity assurance of document-centric solutions is what’s driving this seismic change. But, it’s the breakneck speed at which this transformation is happening is what’s really most jaw-dropping.

To learn more about the interplay between document and identity centric approaches from two real-world chief compliance officers, check out this pre-recorded 30-minute webcast: Data vs. Document-Centric Approaches to Identity Proofing.

Download a copy of the Gartner 2020 Market Guide for Identity Proofing and Affirmation.

Related Posts

What is a Digital Identity?

November 12, 2019
In the real world, proving your identity is pretty straightforward. When you show up in person to open a bank account, rent a car, book a hotel room, gamble at a casino or purchase alcohol, you present your government-issued ID, proof of address or whatever else might be required for the transaction, and the company...

The Rise of the Jumio KYX Platform in a World of Fraud, Compliance and Financial Crime

March 10, 2021
The worlds of identity verification, compliance and fraud detection are increasingly intertwined. This is why so many online organizations need to rely on myriad solutions that must be stitched together to help ensure the user experience isn’t too disjointed, time-consuming or onerous. We surveyed dozens of our customers and asked them to walk us through...
Identity proofing through informed AI. Jumio and Okta

How Identity Proofing Anchors Okta’s Customer Identity

May 20, 2020
Identity proofing has been fundamental to businesses for a very long time to ensure that customers are who they say they are. The concept of identity proofing dates back to prehistoric times when beads were used to communicate wealth, familial lineage and personal identity. Facial tattoos such as those adorned by the Maori of New...

Latest Posts

  • What Is Synthetic Identity Fraud?
  • How Does Selfie Identity Verification Work?
  • The Power of Orchestration: Why Businesses are Turning to End-to-End Identity Proofing Platforms
  • How KYC and Blockchain Technology Can Operate Together Successfully
  • Understanding Suspicious Activity Reporting & Its Requirements
  • Guidance on Anti-Money Laundering (AML) in Banking and Finance for 2022

This content from Jumio is for general information purposes only. Please consult your legal team for advice regarding your particular situation.

logo jumio
social-media
social-media
social-media
social-media
social-media
  • Solutions

    • KYX Platform
    • ID Verification
    • Identity Verification
    • Jumio Go
    • Document Verification
    • Authentication
    • Address Services
    • Video Verification
    • AML Solutions
    • Transaction Monitoring
    • Screening
    • Fastfill
  • Use Cases

    • User Onboarding
    • KBA Replacement
    • Fraud Detection
    • KYC & AML Compliance
    • Biometric Authentication
    • Going Passwordless
    • Age Verification
    • New Account Onboarding
    • Case Management and Investigation
  • Industries

    • Financial Services
    • Retail
    • Travel
    • Sharing Economy
    • Gaming
    • Telcos
    • Mobility Services
    • Healthcare
    • Education
  • Features

    • Features
    • Compliance
    • KBA Alternatives
    • Compare
  • Technology

    • Informed AI
    • Optical Character Recognition (OCR)
    • Face-Based Biometrics
    • Liveness Detection
  • About

    • Company
    • Leadership
    • Security
    • News
    • Global Coverage
    • Media Resources
    • Brand Guide
    • Partner Program
    • Partner Login
    • Events
    • Awards
    • COVID Relief
    • Fintech Equality Coalition
  • Resources

    • Library
    • Blog
    • Technical Blog
    • Webinars
    • TCO Calculator
  • Contact

    • Support
    • Careers
    • Sales
  • Legal

    • Privacy Policies
    • © 2022 Jumio All rights reserved. US Patent App.
  • Languages

    • English
    • Spanish (Español)
    • Portuguese (Português)
    • French (Français)
    • German (Deutsch)