A recently published white paper developed by DIACC members ID Crowd and Digidentity explores remote identity proofing alternatives to knowledge-based verification. The paper proposes that digital identity has the potential to mitigate risks associated with fraud. Greater customer reach, better compliance, and secure and streamlined onboarding processes are among the benefits digital identity can provide.
Read the full white paper, “Exploration of Remote Identity Proofing Alternatives to Knowledge Based Verification.”
“The US and Canadian identity ecosystems will benefit from this research as it demonstrates that robust alternative methods of remote verification are theoretically possible, both technical as well as commercial,”
Knowledge-based verification refers to a security method in which a user is asked to answer at least one “secret” question. The challenge with this approach, the authors purport, is that it is largely based upon the foundation of “what the user knows,” and relies on the integrity and secrecy of the underlying information that is being verified.
Given that 2017 and 2018 were years in which online data breaches became part of the public consciousness, concerns surrounding data privacy and protection are mounting.
“Data breaches are becoming more frequent; these breaches undermine the integrity of confirming the identity of an individual using knowledge based verification”
“The inability to trust these traditional data set to identify, verify and authenticate individuals and assets, undermines the development undermines the development of identity ecosystems in North America.”
Posing the question – “is the entity asserting the evidence the true owner of the asserted identity?”- the research studied five alternatives to traditional knowledge-based verification.
- The comparison between a machine readable travel document and a “selfie” of the user asserting their identity
- A government issued driver’s license as identity evidence
- Comparing a user’s asserted identity with that of their mobile phone contract
- Verifying the ownership of a financial account under the control of the user
- Verification using credit card transaction data
“The NIST 800-63A identity standards enabled us to grade each method and the evidence in terms of their issuance, validation and security features”
All methods, the study determined, are credible identity verification alternatives to the traditional knowledge-based verification approach.
“The five methods selected are not as vulnerable to breaches as traditional methods such as the credit file as they rely on a spread of features including strong issuance processes, biometric comparisons and cryptographic protective measures,”
About the Paper
The Information in this report is based on research funded by the U.S. Department of Homeland Security Science & Technology Directorate (DHS S&T). Any opinions contained herein are those of the performer and do not necessarily reflect those of DHS S&T.
This content of this white paper is developed under the governance of the DIACC International Applied Research program. The International Applied Research program connects innovators that align with the DIACC Digital Identity Ecosystem Principles with international applied research funding opportunities. The content of the paper was submitted by Digidentity and ID Crowd and does not necessarily reflect those of the DIACC membership.