Digital Onboarding and Banking Experience Summit

Mike Engle

Challenges In Digital Onboarding

With an increasingly digital world, identity fraud has become an even more pressing issue. To mitigate fraud, companies should embrace the same “Know Your Customer” identity proofing rules that banks have been using for years.

This is what I will be discussing in the upcoming Digital Onboarding and Banking Experience Summit. In the first session, I will discuss challenges in realizing digital onboarding, followed by a deep-dive into the role of digital identity in KYC requirements.

When a bank onboards a new customer, they are legally required to identity proof them – typically with driver’s licenses, passports, or other government issued identification documents. The bank scans these documents for authenticity and compares them to the customer’s face. Previously, banks required each customer to be in person for this process.

Traditionally, it has been difficult to complete this process remotely. The document holder is required to scan the documents before uploading, emailing or faxing them to his or her bank. This presents several challenges for both the customer and bank:

  • Quality of Document: It is difficult to get a quality photograph of the documents. (proper angle, lighting, etc.)
  • Image file size: can be distorted in the transmission process (emails can compress photos)
  • PII at Risk: The documents are now floating around the digital landscape – in the customer’s email, in the service rep’s email, or sitting on some server. This puts personal identification information at risk at every step of the journey. 
  • Difficult Verification: After the company receives the documents, it’s still difficult to verify the identity of the individual sending them

Strong Customer Authentication to the Rescue

Advancements in identity proofing can help companies mitigate the risks listed above. Document-based identity verification is becoming more widely used in enterprise cybersecurity. Recently, a Gartner study found that 80% of companies will be using document based verification by 2022. In the same timeframe, 60% of mid-size to global enterprises will start using passwordless authentication methods. The deployment of document based verification and requires these two technologies to be integrated based on industry standards.

The NIST 800-63-3a identity proofing standard was introduced by the US federal government in 2017 and it is critical that your organizational security measures comply with it. NIST 800-63-3a gives guidance on capturing two identity verification documents, validating them, and comparing them against the real person’s face. When your organization uses this standard to onboard a new customer, you have indisputable proof that your customers are who they say they are every time they log onto a system.

This level of identity verification is possible by leveraging the smartphone of the document holder. In fact, with biometric ID proofing and digital authentication, a high level of verification is possible without investing in advanced systems. The document holder can scan his or her documents and take a live ID “selfie” and the system will take care of the rest, including ensuring that the user takes high quality photos of his or her documents. This leads to identity verification based on standards that your company can use not only for onboarding, but for verification each time your customer accesses your company systems.

This type of biometric enrollment is distinct from device-based biometrics like TouchID and FaceID because those biometrics are not attached to a real identity. To be linked to a real identity, the biometric must represent one user and instantaneously match with their government documents.

How is this enrolled identity secured each time the user accesses a company resource? Advanced cryptography and computing hardware have made this possible. Upon enrollment of the users identification documents and “selfie” live ID, each user is given a private key. The identity information and selfie that they enrolled are securely stored. It is impossible to unlock the key without the user’s permission because the user is the only one with access to this data.

Digital Credentials & The FIDO Alliance

In addition to using an identity proofing solution, companies can issue digital credentials. Similar to the identity documents, this information is securely stored and the user is the only one with access to the data. Cryptographic keys are an emerging technology in the cybersecurity industry and they are governed by the FIDO Alliance, which stands for “Fast Identity Online”. 

The purpose of the FIDO Alliance is to eliminate the use of usernames and passwords. The FIDO Alliance determines how companies can use authentication technologies. However, if your company is only protected by FIDO, you are still not completely secure. This is because identity proofing against government documents is not an element of the FIDO standard.

The combination of the FIDO and strong identity proofing standards, like NIST 800-63-3, provides organizations with indisputable proof that their customers are who they say they are at all times. This is because each time a customer transmits his or her credentials under these standards, they are using the same digital signatures that they created upon enrollment. These cannot be stolen or replicated by anyone else.

Customers provide their biometric live ID “selfie” and access your company’s network. Users can connect remote resources several ways including sending messages to their smartphones or scanning a QR code. Now, your company knows indisputably that your customer is who they say they are every time they authenticate0.

This provides users with a frictionless experience and organizations with a high level of assurance for the identity on the other side of the digital engagement. Invest in security systems that set your company up for success and protect your most important assets.

Are you interested in learning more? Register for the Zeus Hades Horizon Digital Onboarding and Banking Experience Summit today to hear me discuss the challenges in realizing digital onboarding, followed by a deep-dive into the role of digital identity in KYC requirements.

Register today via the Zeus Hades Horizon website.

FIDO2 Authentication with 1Kosmos
Read More
Meet the Author

Mike Engle

Co-Founder and CSO

Mike is a proven information technology executive, company builder, and entrepreneur. He is an expert in information security, business development, authentication, biometric authentication, and product design/development. His career includes the head of information security at Lehman Brothers and co-founder of Bastille Networks.