Introduction 

The IDEMIA Identity Proofing platform offers a secure identity verification service that enables organizations to proof and authenticate a person's identity during a transaction. For example, relying parties with customer-facing online services can verify a user's identity to enroll or log in to a service, update an existing account, or comply with Know Your Customer (KYC) requirements. The IDEMIA Identity Proofing platform stands on five pillars:

  • Document verification: captures a picture of the user's identity document (ID) to verify its authenticity.
  • User verification: the user interacting with the service is a real person and their biometrics correspond to the ID.
  • Issuer verification: the document issuers or other authoritative sources validate the user's identity and document details.
  • Identity evaluation: the evidence presented for verification relates to the same identity, consolidates Identity attributes and evaluates the Level of Assurance (LoA) for that identity.

The platform is built on a modular and API-first framework that can integrate with legacy systems and third-party sources. It is flexible and scalable to handle various enterprise requirements and specific local identity frameworks and regulations.

Identity verification

Key capabilities 

The IDEMIA identity Proofing platform relies on the following key capabilities to complete the proofing process.

Document verification 

During the identity proofing process, IDEMIA's ID&V technology captures and authenticates the user's identity documents to provide relying parties the confidence to grant users access to their services at various levels of assurance (LoA). Organizations can leverage ID&V to:

  • Streamline customer onboarding across multiple channels
  • Improve operational efficiency
  • Comply with KYC requirements
  • Reduce identity fraud
  • Adapt to local regulations and business needs

IDEMIA's ID&V enables service providers to validate the authenticity of a wide range of IDs and detect embedded security features through its document capture and document authentication technologies.

Document capture

The identity proofing process relies on identity evidences to prove the user's identity. An evidence is a piece of information or documentation provided by the user to support their claimed identity, such as an ID, portrait, or phone number, which are subsequently verified and assigned an LoA. IDEMIA supports over 4500 IDs in 195 countries including the following evidences:

  • Identification cards
  • Passports
  • Immigration documents
  • Driver’s licenses
  • Visas
  • Health cards

IDEMIA's ID&V document capture technology allows the user to scan the evidence directly on their mobile device by following real-time instructions and indications to guide them though the step-by-step process. This process is completed by IDEMIA's Capture SDK, which scans the identity document data by capturing a picture or video, or reading the chip in electronic passports. The Capture SDK analyzes this flow and detects a good quality level to increase the overall capability to analyze the ID.

It is possible to use third-party technology to complete the document capture process. Subsequently, the document image can be uploaded directly to ID&V. However, IDEMIA recommends the use of the IDEMIA Capture SDK for full use of the fraud detection features and to maximize the performance of the overall solution.

Document authentication

Document Authentication assesses the authenticity of an ID document by analysing the coherency of the information it contains. IDEMIA's ID&V document authentication technology analyzes each document and performs the following checks during the ID proofing process:

Identity verification

The results of the ID&V authentication controls are called authentication indicators. Indicators help relying services understand why a verification fails and generate a document score from 0 to 4. The more confidence in the performed verification, the higher the score.

User verification 

The IDEMIA Identity Proofing platform offers face authentication (facial recognition) and liveness detection technologies to capture the identity characteristics unique to each person. It ensures that the user on the presented identity document is the named individual.

Face authentication

IDEMIA is recognized as the leading provider for facial recognition, which can accurately identify individuals wearing face masks.

Face authentication and liveness detection are available on multiple channels (Android and iOS mobile apps, or mobile web). Selfie capture is driven by the mobile or web application of the organization with the use of IDEMIA technology.

IDEMIA's native and javascript SDKs guide the user in the capture of their selfie in real-time. The image is then transformed into a biometric template, which is matched against a reference portrait — the template of the photo extracted from the ID, or one that is stored in a reference database when available.

Liveness detection

IDEMIA's liveness detection technology was awarded Level 1 and Level 2 certification by iBeta, a third-party tester accredited by NIST, in accordance with the ISO/IEC 30107-3 standard. The testing method simulated the enrollment of a user in a biometric authentication system. Testers were not able to gain access to the system achieving an attack presentation classification error rate (APCER) of 0%. IDEMA's facial liveness detection solution offers two liveness modes:

  • active liveness: requires the user to perform a series of random challenges (head movements) to prove they are a real and alive person.
  • passive liveness: user takes a selfie and does not require any additional effort.

IDEMIA's liveness detection technology provides presentation attack detection (PAD) to prevent fraud. These presentation attacks can vary in complexity, from a simple printout of face images to a silicone mask. Liveness detection resists fraud attempts using: 2D photocopy, 3D mask (paper mask, silicon mask, latex mask, resin mask, mannequin head), deep fake, and video.

Issuer verification 

When possible, the IDEMIA Identity Proofing platform accesses the document issuer SoR to verify that the identity and document details are in-line with the issuer’s record and the document is still considered valid.

In select participating countries, the service can also validate specific identity details, such as a phone number or social security number (SSN) against authoritative sources to help increase the LoA.

Identity evaluation 

Level of Assurance

In order to effectively prevent ever more sophisticated forms of fraud, the identity proofing service supports various methods of evidence validation and verification. It verifies identity by aggregating evidences in an iterative and interactive approach with the user.

The combination of all verified evidence scores is called a profile. The profile enables a user to reach a certain identity Level of Assurance (LoA) ranging from 0 to 4. This LoA determines the degree of confidence in the identity verification process. It provides the service provider with the assurance that the user claiming these particular identity details is the named individual.

For each successive evidence validation within the same customer journey, the proofing service returns the verification’s status, updates the LoA of the applicant’s identity, and provides the list of available services that provide a higher LoA.

The LoA measures the scale of confidence that the relying party uses to measure the risk of being the target of a fraudster and to adjust the service granted to the user accordingly. The higher the LoA, the more reliable and secure is the identity.

LoA
Level
LoA 0Self-asserted without the assurance that the identity is accurate, corresponds to a user, or exists
LoA 1Reduces the risk of synthetic identities
LoA 2Reduces the risk of basic document forgery or fraud with another person's information
LoA 3Reduces the risk of more advanced document forgery
LoA 4 and higherReduces the risk of sophisticated fraud requiring substantial level of identity theft expertise

The LoA reached by the identity depends on the evidence provided by the user and the different verification methods performed by the service.

Evidences submitted and scored for identity

The example below shows how a passport, a driver’s license, and a portrait provided by the user are verified with different methods and contribute to the identity LoA.

Specific evidence submitted with scores for identity

Identity proof file

Once the IDEMIA Identity Proofing platform processes the identity evidences submitted, the relying service can download a complete identity proof file including all the pieces of identity evidence submitted with a detailed description of each verification status.

This identity proof file is generated regardless of the status at the end of the verification process. It contains all the checks completed on the submitted set of evidences, and the result of the biometric match between the selfie and the portrait on the identity document. In addition, all images used, such as the document scan or selfie, are included. All this data is stored within several files that are electronically signed to guarantee its integrity and origin. This file of proof (an archive file) is sent to the relying service (following an API call) when closing the transaction.

IDEMIA recommends that relying parties store this identity proof file for autonomous and unlimited auditing or troubleshooting purposes.

Note: The IDEMIA Identity Proofing platform retains Personal Identifiable Information (PII) provided by the user for 30 days by default for troubleshooting and service improvement purpose.