I hate to use the overused t word (trust), but in this case it’s justified.
“Scammers are aware that people are more likely to open and read a text message rather than an email The open rates for text messages are more than 90% while the open rates for emails is less than 30%. In addition, many email providers have filters that are able to identify and filter out phishing emails while the filtering capabilities on text messages is much less. Additionally, people tend to trust text messages more than emails. Text message also may prompt a quick response before the targeted victim can critically consider the legitimacy of the text message.”
Who can provide remote supervised identity proofing?
“NextgenID Trusted Services Solution provides Supervised Remote Identity Proofing identity stations to collect, review, validate, proof, and package IAL-3 identity evidence and enrollment data for CSPs operating at IAL-3.”
And there are others who can provide the equivalent of IAL3, as we will see later.
How do you supervise a remote identity proofing session?
“The camera(s) a CSP [Credential Service Provider] employs to monitor the actions taken by a remote applicant during the identity proofing session should be positioned in such a way that the upper body, hands, and face of the applicant are visible at all times.”
But that doesn’t matter with me now. What matters to me is WHEN we need remote identity proofing sessions.
Governments aren’t the only entities that need to definitively know identities in critically important situations.
What about banks and other financial institutions, which are required by law to know their customers?
Now it’s one thing when one of my Bredemarket clients used to pay me by paper check. Rather than go to the bank and deposit it in person at a teller window (in person) or at an ATM (remote supervised), I would deposit the check with my smartphone app (remote unsupervised).
Now the bank assumed a level of risk by doing this, especially since the deposited check would not be in the bank’s physical possession after the deposit was completed.
But guess what? The risk was acceptable for my transactions. I’m disclosing Bredemarket company secrets, but that client never wrote me a million dollar check. Actually, none of my clients has ever written me a million dollar check. (Perhaps I should raise my rates. It’s been a while. If I charge an hourly rate of $100,000, I will get those million dollar checks!)
So how do financial institutions implement the two types of IAL3?
“If you need to initiate a funds transfer payment, an authorized signer for your account may also initiate funds (wire) transfers at any Chase branch.”
Note the use of the word “may.” However, if you don’t want to go to a branch to make a wire transfer, you have to set up an alternate method in advance.
Remote supervised
What about remote supervised transactions at financial institutions, where you are not physically present, but someone at the bank remotely sees you and everything you do? Every breath you take? And every move you make? Etcetera.
It turns out that the identity verification providers support video sessions between businesses (such as banks) and their customers. For example, Incode’s Developer Hub includes several references to a video conference capability.
To my knowledge, Incode has not publicly stated whether any of its financial identity customers are employing this video conference capability, but it’s certainly possible. And when done correctly, this can support the IAL3 specifications.
Why to use IAL3 for financial transactions
For high-risk transactions such as ones with high value and ones with particular countries, IAL3 protects both the financial institutions and their customers. It lessens the fraud risk and the possible harm to both parties.
Some customers may see IAL3 as an unnecessary bureaucratic hurdle…but they would feel differently if THEY were the ones getting ripped off.
This is why both financial institutions and identity verification vendors need to explain the benefits of IAL3 procedures for riskier transactions. And do it in such a way that the end customers DEMAND IAL3.
To create the content to influence customer perception, you need to answer the critically important questions, including why, how, and benefits. (There are others.)
And if your firm needs help creating that content, Underdog is here.
Visit https://bredemarket.com/mark/ and schedule a time to talk to me—for free. I won’t remotely verify your identity during our videoconference, but I will help you plan the content your firm needs.
If the subject of identity proofing is remote, how do you supervise it? Here’s what NIST says:
“The camera(s) a CSP [Credential Service Provider] employs to monitor the actions taken by a remote applicant during the identity proofing session should be positioned in such a way that the upper body, hands, and face of the applicant are visible at all times. Additionally, the components of the remote identity proofing station (including such things as keyboard, fingerprint capture device, signature pad, and scanner, as applicable) should be arranged such that all interactions with these devices is within the field of view. This may require more than one camera to view both the applicant and the room itself.”
I’m going to limit my thoughts to two of the four changes that Integrated Biometrics mentioned.
Decentralized systems
When I started in the biometrics industry in 1994, an automated fingerprint identification system (AFIS) was usually a centralized system. Tenprint and latent examiners at the state capital (there was no federal IAFIS back then) would work in buildings at or near a huge minicomputer that held the state’s fingerprint records. Perhaps there may have been a few remote tenprint and latent workstations connected by modem, and perhaps there were some livescan stations scattered around, but for the most part these client/server systems had a single server in a state computer room. (Well, except for the Western Identification Network, but WIN was ahead of its time.)
Fast forward 30 years, and while this model may work in the United States, it may not work elsewhere.
What if you don’t have internet or cellular communications? (Yes, cellular. Modern edge devices are a topic addressed in the Integrated Biometrics article that I won’t go into here.)
Or what if the communications are so incredibly slow that it would take forever to submit a search to the capital city, and return results to the originator?
This is where decentralized systems come into play. Rather than requiring everyone to ping the same central hub, the biometric database is distributed and synchronized among multiple servers in multiple locations.
Or maybe you’re getting ahead of me here and realizing that “servers” is too limiting. What if you could put all or part of a biometric database on your smartphone, so you can search a captured biometric against a database immediately without waiting for network communication time?
Such decentralized systems were impossible in 1994, but they are certainly possible today. And IB360 lets partners build their own biometric systems with decentralization and synchronization.
Speaking of building…
Demand for speed
As I mentioned, I’ve been in the biometric industry since 1994, and although my early years were spent in a pre-contract proposals role, I’ve seen enough post-contract deployments to know that they take a long time. Whether you were dealing with Printrak, NEC, Sagem Morpho, or the upstart Cogent, it would take many months if not years to deploy a fingerprint system.
For the most part, this is still true today with “pre-made” systems from NEC, IDEMIA, Thales, and the others.
And it’s also true if you decide to deploy your own “custom-built” fingerprint or biometric system from scratch.
Either way, there is a lot of engineering, integration, and orchestration that must take place before a system is deployed. You can’t take an AFIS for Bullhead City, Arizona and deploy it in Anaheim, California…or the state of Tennessee…or the nation of Switzerland. You need to perform months of tailoring/configuration first.
Integrated Biometrics asserts that waiting years for a biometric system is far too long.
Other changes
I’ll let you read the Integrated Biometrics article to learn about the other two evolutionary changes: more powerful hardware (I’ve alluded to this), and a myriad of use cases.
All of these changes have impacted the biometric market, and prompted Integrated Biometrics to introduce IB360. To read about this modular software suite and its benefits, visit the IB360 product page.
Skipping the “leading provider” stuff, we get to this:
“Integrated Biometrics (IB)…formally announced today the launch of IB360, transforming the speed and cost to deploy identity systems. The IB360 platform is a low-code toolset of SDK-based software modules that allows our partners and integrators to more efficiently create biometric identity-based solutions with minimal development cycles.”
I’ve written about the fake recruiters who InMail you about a great position with their company. I shut up the fakes by requesting their corporate email address at their supposed employer. But what if LinkedIn could catch them BEFORE they ever sent that InMail to me?
“LinkedIn is looking to take on scammers who falsely present themselves as recruiters or company representatives in the app, with an expansion of its company verification option, while it’s also making workplace verification required when a member adds or updates a leadership or recruiter-related role.”
From HR Dive.
Of course, the proposed Know Your Recruiter system isn’t foolproof; nothing is. Scammers can avoid the LinkedIn verification step by simply NOT choosing a leadership or recruiter-related job title.
Imagen 4.
And as much as people like me wish that people would care about verified identities…many don’t.
If “Jones Jay” from Microsoft sends jobseekers an InMail about a wonderful position,
some will blindly respond without even looking at Jones Jay’s LinkedIn profile at all,
much less checking whether his identity and employer are verified.
But at least the attempt demonstrates that LinkedIn cares more about their real users than about the scammers who pay for Premium.
Bredemarket 