My recent Substack post explains what Identity Assurance Level 3 (IAL3) is, and re-examines my doubts about the effectiveness of so-called “voter ID” laws. Because if voter ID proponents REALLY wanted to guarantee that voters are eligible, they would have to do a LOT more. Security theater is not security. But what is the cost of true security?
I hate to use the overused t word (trust), but in this case it’s justified.
“Scammers are aware that people are more likely to open and read a text message rather than an email The open rates for text messages are more than 90% while the open rates for emails is less than 30%. In addition, many email providers have filters that are able to identify and filter out phishing emails while the filtering capabilities on text messages is much less. Additionally, people tend to trust text messages more than emails. Text message also may prompt a quick response before the targeted victim can critically consider the legitimacy of the text message.”
Who can provide remote supervised identity proofing?
“NextgenID Trusted Services Solution provides Supervised Remote Identity Proofing identity stations to collect, review, validate, proof, and package IAL-3 identity evidence and enrollment data for CSPs operating at IAL-3.”
And there are others who can provide the equivalent of IAL3, as we will see later.
How do you supervise a remote identity proofing session?
“The camera(s) a CSP [Credential Service Provider] employs to monitor the actions taken by a remote applicant during the identity proofing session should be positioned in such a way that the upper body, hands, and face of the applicant are visible at all times.”
But that doesn’t matter with me now. What matters to me is WHEN we need remote identity proofing sessions.
Governments aren’t the only entities that need to definitively know identities in critically important situations.
What about banks and other financial institutions, which are required by law to know their customers?
Now it’s one thing when one of my Bredemarket clients used to pay me by paper check. Rather than go to the bank and deposit it in person at a teller window (in person) or at an ATM (remote supervised), I would deposit the check with my smartphone app (remote unsupervised).
Now the bank assumed a level of risk by doing this, especially since the deposited check would not be in the bank’s physical possession after the deposit was completed.
But guess what? The risk was acceptable for my transactions. I’m disclosing Bredemarket company secrets, but that client never wrote me a million dollar check. Actually, none of my clients has ever written me a million dollar check. (Perhaps I should raise my rates. It’s been a while. If I charge an hourly rate of $100,000, I will get those million dollar checks!)
So how do financial institutions implement the two types of IAL3?
“If you need to initiate a funds transfer payment, an authorized signer for your account may also initiate funds (wire) transfers at any Chase branch.”
Note the use of the word “may.” However, if you don’t want to go to a branch to make a wire transfer, you have to set up an alternate method in advance.
Remote supervised
What about remote supervised transactions at financial institutions, where you are not physically present, but someone at the bank remotely sees you and everything you do? Every breath you take? And every move you make? Etcetera.
It turns out that the identity verification providers support video sessions between businesses (such as banks) and their customers. For example, Incode’s Developer Hub includes several references to a video conference capability.
To my knowledge, Incode has not publicly stated whether any of its financial identity customers are employing this video conference capability, but it’s certainly possible. And when done correctly, this can support the IAL3 specifications.
Why to use IAL3 for financial transactions
For high-risk transactions such as ones with high value and ones with particular countries, IAL3 protects both the financial institutions and their customers. It lessens the fraud risk and the possible harm to both parties.
Some customers may see IAL3 as an unnecessary bureaucratic hurdle…but they would feel differently if THEY were the ones getting ripped off.
This is why both financial institutions and identity verification vendors need to explain the benefits of IAL3 procedures for riskier transactions. And do it in such a way that the end customers DEMAND IAL3.
To create the content to influence customer perception, you need to answer the critically important questions, including why, how, and benefits. (There are others.)
And if your firm needs help creating that content, Underdog is here.
Visit https://bredemarket.com/mark/ and schedule a time to talk to me—for free. I won’t remotely verify your identity during our videoconference, but I will help you plan the content your firm needs.
The next time I send something to a company that claims a “bias for action” as one of its Key Super Duper Principles, I plan to call the company five minutes later and say, “Hey, it’s 9:53. I submitted a request at 9:48. Why aren’t you talking to me yet?”
Imagen 4.
The same goes for all Key Super Duper Principles. If a company says something is critically important…then its customers, prospects, partners, employees, and competitors will all be watching to see if the company is serious.
Bredemarket 