The Business Challenge
In the USA, the Patriot Act from 2001 and similar regulations passed globally have led to the formulation of Know Your Customer guidelines that, among other things, require banks and financial institutions to verify the identity of individuals prior to new account opening.
This in turn has spawned follow-on security guidelines such as NIST 800-63-3 that defines specifications for asserting and authenticating identity, particularly in a remote setting. For US based banks and financial institutions, it’s clear that solutions performing biometric identity proofing and authentication need certification to this NIST standard in order to fulfill KYC compliance.
Our platform is certified to the NIST 800-63-3 guideline and supports remote self-service enrollment to Identity Assurance Level 2 (IAL2) automatically, or higher with agent assistance. Once enrolled, the customer can then use their identity for passwordless access for account login and transaction approval. FIDO2 biometric authentication and storage of customer information in a distributed ledger to W3C DID standards ensures the very highest level of privacy.
With 1Kosmos, banks and financial service organizations can verify customer identities, increase new account conversions, protect logins and reduce friction while maintaining bank-grade security.
The BlockID Advantage
NIST 800-63-3 platform certification supports remote identity proofing to comply with Know Your Customer mandates
Because our platform is FIDO2 and NIST 800-63-3 certified, it provides certified identity assurance level 2 (IAL2) and certified authentication assurance level 2 (AAL2).
We verify credentials such as driver’s license, passport and government issued ID cards in 150 countries in accordance with W3C VC standards, with agent assistance if necessary. In addition, our platform complies with GDPR, SOC2, and ISO 27001 for handling and retention of sensitive data.
We offer multiple ways to verify identities to enable businesses to trust that they are transacting with legitimate individuals who are who they claim to be. Our systems are specifically designed and certified to industry open standards to evolve with the needs of our customers.
LiveID biometric matching defies spoofing and verifies the individual not just device-level access
To overcome facial spoofing through the use of a photo, video, mask, or a different substitute for the actual face of a legitimate person, we’ve developed “LiveID”, which is essentially a short selfie video. This is matched to the image on a scanned credential … the photo on a driver’s license or a passport, for example … to verify a likeness.
LiveID is a real biometric, not just the phone’s interpretation of someone’s face or finger. This means that any time LiveID is used, it is compared to the biometric captured during the enrollment process.
We call this a liveness test and it is performed to verify if the biometric traits of an individual are from a living person rather than from an artificial or lifeless person.
After enrollment, a liveness test can be performed to verify users each time a user needs to login or authorize a transaction. When the live test doesn’t match the test performed during the enrollment process, the authentication fails. The liveness is also used to verify compromised TouchID and FaceID forms of device biometrics.
Privacy by design secures personal information under user control and eliminates threat of data breach
During enrollment, information collected from scanned credentials is encrypted and stored in a distributed ledger to the W3C DID standard, accessible only via a FIDO2 certified private-public key pair secured in the TPM / Secure Enclave of a device and under sole control by the user via their live biometric selfie.
Without the private key, the data cannot be decrypted. There is no central authority overseeing data access other than the user in possession of the private key.
Data is only transmitted for the purpose of creating a new account after user consent is given. This happens via an explicit permission request and confirmation via the mobile app.
Since there is no user store and no centralized storage of user information, there is no honey pot of personally identifiable Information to secure against the threat of data breach.
Easy self service enrollment and verification quickly onboards customers with minimal overhead and errors
Customer enrollment starts by downloading a mobile application from Apple Store or Google Play. Our mobile app can be white labelled or embedded via API / SDK into an existing app. They enroll their biometrics and scan credentials. This process takes less than a minute to complete and does not require Customer Support services.
When users scan their identity documents (e.g, Drivers License), we’ll scan the front of a driver’s license and the “PDF417” barcode on the back, performing real-time ID card detection and classification. For passports we’ll read the “MRZ” data, perform UV, white light and ink-depth checks, and scan the embedded RFID chip.
Within minutes, we verify the validity of those credentials and the information they contain to W3C VC standards using artificial intelligence (AI) and leading third-party verification services, if necessary.
Our mobile app has built in zero-trust checks to verify the patch level, device security, jailbroken status, etc, to ensure device integrity, particularly in bring-your-own-device environments.
The result is a NIST 800-63-3 certified Identity assurance level 2 (IAL2) — and a FIDO2 certified biometric authentication credential. All of this takes a few minutes, but the benefits are substantial. Their information is stored safely to W3C DID standards, accessible only by them, sharable only with their permission.