Identity Verification/Proofing

You Are In:Home/Identity Verification/Proofing

How to enable a business,technology, and cybersecurity win

A great example of Enterprise Architecture is our T-Mobile engagement with Identity Proofing.

Identity proofing is a security measure that verifies a user's identity by confirming their claimed identity matches their actual identity. It is also known as "Identity Verification." In a password-less ecosystem, identity proofing is a must.

If you have flown within the U.S. you may have leveraged the TSA PreCheck line at the airport. In order to verify your identity, biometrics (like an image) are captured and compared against your profile. The identity can then be compared against a custom list and checked for things like, fraud. Recognizing a fake identity artifact is a vital aspect of initial identity profile creation. Beyond airport travel, most companies have certain activites that can produce significant effects. Imagine have such a check BEFORE a large cash transation, when issuing privileged hardware or when granting administrator access.

Whenever we engage in a project I remind end users and stakeholders that a design is the criteria outlining what success looks like. If someone wants to build a house, requirements and use cases guide whether a dog house is built or a house for humans. A organization looking to implement identity proofing would do well to consider the below methodology.

  • Create design document that you can point people to who need context.
  • The design must outline business opportunity.
  • Identify stakeholders.
  • Gather requirements.
  • Have stakeholders verify "use cases". Will you require verification of identity artifacts from non U.S. countries? Which ones?
  • Outline an approach. For example, leverage a vendor run-off via several "Proof of Concept" efforts and test use cases.
  • Test cases. Test cases must include forged documents and images. Modern printers and scanners can create amazing fake documents. Don't wait until company wide rollout to test for fake documents.
  • Secure funding by declaring the effort as an official project or initiative.
  • Hurray! You have funding. How the fun beings as you have expectations to meet.
  • Rollout. Start with a small group and incrementally expand.
  • Fake ID handling. Depending on your local laws, you might run across local laws prohibiting the holding of fake identification documents.
  • Make sure to consult your legal council!

An objective of cybersecurity could be to raise the expense of the attackers. A fake ID can be made for $100 that can pass most visual inspections. With ID proofing technology, the cost of fake ids can be raised to $5,000.

For companies dealing with fraud, the benefits of implementing a proofing solution can quickly be justified. Moving beyond the anti-fraud win, a business value, technology and cybersecurity win is part of this effort. Business value bundling win. T-Mobile currently bundles Netflix access for customers, bundling airport TSA PreCheck access is a solid business value add-on. Technology solution. Digital drivers licenses will soon be issued by the state of California. How does our company recognize valid digital identities? Cybersecurity risk reduction win. In additions to the anti-fraud win for customers, the workforce insider threat risk is also reduced. This will help enable initiatives such as "Passwordless access." Great Enterprise Architecture ties together improvements to business value, technology and cybersecurity.