The Business Challenge
In the USA, the Patriot Act from 2001 and similar regulations passed globally have led to the formulation of Know Your Customer guidelines that, among other things, require banks and financial institutions to verify the identity of individuals prior to new account opening.
This in turn has spawned follow-on security guidelines such as NIST 800-63-3 that define specifications for asserting and authenticating identity, particularly in a remote setting. For US based banks and financial institutions, it’s clear that solutions performing biometric identity proofing and authentication need certification to this NIST standard in order to fulfill KYC compliance.
1Kosmos BlockID prevents fraudulent new accounts through a NIST 800-63-3 certified Identity Assurance Level 2 (IAL2) identity proofing process that verifies identity anywhere, anytime and on any device with over 99% accuracy, preventing stolen or synthetic identities from being used during customer onboarding.
Once enrolled, the customer can then use their identity for passwordless access for account login and transaction approval. FIDO2 biometric authentication and storage of customer information in a distributed ledger to W3C DID standards ensures the very highest level of privacy to deliver increased new account conversions, prevent account takeover and reduce friction.
The BlockID Advantage
NIST 800-63-3 platform certification supports remote identity proofing to comply with Know Your Customer mandates
1Kosmos BlockID performs identity verification in 205 countries and in accordance with W3C VC standards. This can include agent-assisted document verification to eliminate synthetic identity fraud. SIM Binding, US SSN verification and drivers license verification to AAMVA are optional for additional identity verification.
Using machine learning and computer vision technologies along with an intuitive user interface, our solution processes even low quality images in dark lighting. Images are processed through thousands of algorithms catching sophisticated fraudulent documents.
This approach also possesses zero human bias and the least bias for gender and race decisioning using the #1 algorithm rated by NIST for non-biased decisioning. Because our platform is FIDO2 and NIST 800-63-3 certified, it provides certified identity assurance level 2 (IAL2) and certified authentication assurance level 2 (AAL2).
Our identity proofing is easily integrated into native and custom mobile apps, web or desktop logins through our robust API and SDK framework.
In addition, the 1Kosmos BlockID platform complies with GDPR, SOC2, and ISO 27001 for handling and retention of sensitive data. This means ironclad security for your business and user privacy with information shared only with user consent, completely revolutionizing onboarding and fraud detection.
1Kosmos BlockID LiveID biometric matching defies spoofing and verifies the individual not just the device
To overcome facial spoofing through the use of a photo, video, mask, or a different substitute for the actual face of a legitimate person, we’ve developed “LiveID”, which is essentially a short selfie video, where the users needs to blink and smile to verify liveness. Upon account enrollment, this is matched to the image on a government credential to verify likeness.
LiveID is a real biometric, not just the phone’s interpretation of someone’s face or finger. This means that any time LiveID is used, it is compared to the biometric captured during the enrollment process.
We call this a liveness test and it is performed to verify if the biometric traits of an individual are from a living person rather than from an artificial or lifeless image. This means the user becomes the authenticator. No one else can access the account. And LiveID is over 99% accurate.
1Kosmos digital identity wallet places personal information under user control and eliminates honeypots of user PII
During enrollment, information collected from scanned credentials is encrypted and stored in a distributed ledger to the W3C DID standard, accessible only via a FIDO2 certified private-public key pair secured in the TPM / Secure Enclave of a device and under sole control by the user via their live biometric selfie, through LiveID.
Without the private key, the data cannot be decrypted. There is no central authority overseeing data access other than the user in possession of the private key.
Since there is no user store and no centralized storage of user information, there is no honeypot of personally identifiable information to secure against the threat of data breach. This improves an organization’s GDPR compliance.
Easy self service enrollment and verification quickly enrolls customers with minimal overhead and errors
Customer enrollment starts by downloading a mobile application from Apple Store or Google Play. Our mobile app can be white labeled or embedded via API / SDK into an existing app. They enroll their biometrics, with a blink and a smile, and scan credentials. This process takes less than a minute to complete and does not require Customer Support services.
When users scan their identity documents (e.g, Drivers License), we’ll scan the front of a driver’s license and the “PDF417” barcode on the back, performing real-time ID card detection and classification. In the United States a check against AAMVA records can be implemented to ensure validity. For passports we’ll read the “MRZ” data, perform UV, white light and ink-depth checks, and scan the embedded RFID chip to ensure document validity.
The user captures a live selfie to secure their PII data and for secure biometric access. The images captured from the government-issued documents are compared to the live selfie to verify the likeness of the user. This additional security check eliminates synthetic identity fraud.
Within minutes, we verify the validity of those credentials and the information they contain to W3C VC standards using artificial intelligence (AI) and leading third-party verification services, if necessary.
Our mobile app has built-in zero-trust checks to verify the patch level, device security, jailbroken status, etc, to ensure device integrity, particularly in bring-your-own-device environments.
The result is a NIST 800-63-3 certified Identity assurance level 2 (IAL2) — and a FIDO2 certified biometric access authentication level 2. All of this takes a few minutes, but the benefits are substantial. Organizations eliminate the possibility of synthetic identity fraud and users create a digital identity wallet, accessible only by them, and PII data that is only sharable only with their permission.