How to Fix Onboarding With Document Verification and Identity Based Authentication

In this vlog, 1Kosmos’ Product Manager, Sheetal Elangovan, joins 1Kosmos’ CMO, Michael Cichon, to discuss how employee onboarding can be fixed with document verification and identity based authentication.

Michael Cichon:
Right, hello, everybody. This is Michael Cichon, a chief marketing officer at 1Kosmos. I’m here today with a special guest, Sheetal Elangovan, a product manager at 1Kosmos. How are you, Sheetal?

Sheetal Elangovan:
Very well, Michael. How are you?

Michael Cichon:
I’m good. And it’s special talking to you because we started at 1Kosmos on the very same day back in early 2021. So welcome to the vlog. I invited you here because I wanted to talk to you about onboarding.

If we could start with just employee onboarding, the typical process, what does it look like? All of us have been through this but step us through it.

Sheetal Elangovan:
Absolutely. So if you look at onboarding at most organizations today, one of the biggest challenges that they’re handling is remote onboarding. It is a common problem across most organizations that you step into. And usually, there’s an HR person who you are in contact with.

The first step is to provide some documentation about yourself that helps the HR person establish your identity. In most cases, these government documents are being shared over email, fax, or an insecure medium to say the very least, right? Once these documents are in possession of the HR person, they’re being kept in a database and being processed by multiple parties within an enterprise. And after which you’re going through some manual verification before you get to the next step.

As an employee, after you’re cleared for verification, you go on to get an account, they provision you into your single sign-on applications or anything that you require access to. After which finally as an employee, you have to go ahead and set up your account with a password. Of course, you have to remember that you’re going to forget your password or have to make a call to the help desk before you can actually be fully set up. So that’s what employee onboarding looks like for most people today.

Michael Cichon:
Okay. So this is to comply with the employee eligibility requirements, but something very similar happens on the banking side of things. If I wanted to set up a bank account online, I’d have to make the same kind of identity-proofing process, correct?

Sheetal Elangovan:
Yes. You’ll have to go through extensive KYC processes before you get an account.

Michael Cichon:
Okay. So in either of these cases, we go to our go-to documents, our driver’s license and a passport is generally what we use. And I know from my experience, it’s generally either taking a picture and faxing this information or sharing it online. So, what are the drawbacks there?

Sheetal Elangovan:
Of course, the biggest drawback is, first of all, it’s going through an insecure channel, either email, fax, all of these are potential for hacks. And all of the sensitive information, you definitely don’t want it out there being exposed to any of the threats out there. So that is the biggest risk of having it out there.

Michael Cichon:
And then, of course, we’re all doing things more remote these days in the post-COVID era, we’re remote identity-proofing for new jobs remotely and then for our bank accounts. So everything’s going online, going digital. So what’s the way to improve this process?

Sheetal Elangovan:
The definite way to improve this process from a user perspective is to make things easier for them to access with having good checks and balances in places. And for a business, you want to make sure that they are able to give the right people the right kind of access, and this is really where 1Kosmos steps in, right? We are able to help you prevent fraud right on day one by adding identity-proofing to the mix.

Michael Cichon:
What’s identity-proofing?

Sheetal Elangovan:
Identity-proofing is a way of verifying your identity. And identity verification begins with a government-issued document, not just one form of it, but using your government-issued document along with your biometric to make sure that you are who you say you are.

NIST provides a lot of guidelines today around digital identity and how a identity can be verified remotely. So we follow those standards and guidelines to go through identity verification.

Michael Cichon:
Okay, so when we’re scanning a driver’s license, that driver’s license is then verified, correct?

Sheetal Elangovan:
Just scanning a driver’s license does not mean that you’re verified. We have to go ahead and make checks against that driver’s license, make sure that the document that’s being presented is a match with your biometric, your actual face, right? I don’t want to present your identity, Michael, so just making sure that that is in place.

And also, a lot of triangulation, right? It’s not just one form of document in place but triangulating information across different signals to make sure that you are who you say you are.

Michael Cichon:
Okay. There’s 50 states, 50 driver’s license at least. I mean, there’s quite a few documents that you have to be able to verify, correct?

Sheetal Elangovan:
Yes, there are 50 states, 260 countries, different document types that we have to handle to really verify a user.

Michael Cichon:
So obviously, 1Kosmos has solutions for this. So what is unique about the way 1Kosmos goes about identity-proofing and user onboarding?

Sheetal Elangovan:
So the most unique thing about 1Kosmos when it comes to onboarding is that we are able to automate the entire process from identity verification, making sure that the user is who they are, to making sure that they are able to use that same information every day when they authenticate into their systems.

We are able to not just on day one, prove the identity of the user, but on day 10, day 360, we are able to leverage government-issued information that the user provided to make sure that who they say they are.

Michael Cichon:
Okay. So the old way of doing things, I take a picture, I scan it, the other side gets it somehow either on a fax or email, maybe they can’t read it, so I got to send it again, so it’s in my sent folder now, it’s in their inbox. The information exposed in this modern way of doing it. It’s encrypted end to end, correct?

Sheetal Elangovan:
Absolutely. So when it comes to the 1Kosmos journey, what does it really look like? We have a heavy focus on user experience, making sure that it’s the end user. It’s very an intuitive journey where we put you through… You receive a request from your HR person that tells you, “Hi, Michael, are you ready to onboard your go through this journey?”

The first step essentially is to verify your email followed by a phone number verification, and then you go on to present a government ID of choice. After that, we are able to do checks against the documents that were presented and then we determine your identity assurance level. How strongly can we state that you are who you say you are.

But the extremely unique thing about 1Kosmos is that we operate on the concept of having an identity wallet. So an identity wallet is a… Think of your wallet, but your wallet is in possession of you. We use cryptography behind the scenes to make sure that all of this information lives within your identity wallet and can only be accessed with your permission. And that just makes it that much more secure for a person because this is privacy by design in action, right? We’re making sure that the user is always in control of the information that they’re sharing.

From an employer perspective, it reduces the liability when they do not have to keep any of this information on their database. They just have to present the information. They just have to see that information. Identity verification is automated by us, so they just benefit end to end by using 1Kosmos as their identity-proofing provider and authentication service.

Michael Cichon:
Okay. Okay. Do you have something to show us? Can you show us how this works?

Sheetal Elangovan:
So the process looks like this. So HR sends out an invite to a end user. Usually, this is their personal email address asking them to begin their onboarding process. So once they click on that particular link, they are asked to create an account. They go through their provided email address. Once their email address is provided, they go through an email verification to make sure that that email is in possession of them.

The next step is to go ahead and provide additional information about themselves, which is around account creation, having a verified phone number. So we go ahead, make sure that the user’s phone number is verified as well. Behind the scenes, we are able to perform device checks to make sure that the user is in possession of that particular device and that particular phone number for a certain period of time, just to make sure… It’s an additional signal in making sure that the user is who they say they are.

Once they complete that process, the next step really is to go through the identity wallet creation. We are one of the most unique players in this space leveraging the concept of an identity wallet just so that this identity wallet is in control of by the user. That is where all of their documents get stored. Driver’s license, passport, SSN, any of their sensitive information gets stored in their identity wallet. It can only be unlocked by the user.

Once they go ahead and set up their wallet with 1Kosmos, the next step is to go through a driver’s license, verification or really any government-issued document to begin with. The user is asked to leverage their mobile phone camera to go ahead and perform a scan off the document. They go through a scanning process to do the front, the back. And once they successfully get through that process, the next step is to make sure that there is a biometric verification, which is looking for a match between the photo in the driver’s license as well as the biometric that was provided at this time.

Once they’ve been able to pass that, we are able to add in an optional SSN verification check just to make sure that there is sufficient triangulation across different signals that we’ve been able to build up for this particular user. And once that’s done, we have all of this information ready within the user’s wallet.

At this point, the user can be redirected to an HR portal where they will be requested to present all of their documents. Mind you, they’ve already been through all of these checks with respect to identity-proofing, meaning they’ve been verified against third-party verifiers we’ve built signals about the user. Now, all they have to do is just present their information.

Once they consent to present all of this information, HR is able to receive the necessary information, or they can just receive the identity assurance level. We can authoritatively say, “This person is who they say they are based on government-issued documents, based on their biometric, and email, phone verification.” Once this is done, HR can go ahead and choose to go through any downstream processes to enable this users account.

Now, the other benefit with 1Kosmos is that on day one, you also can make sure that the authentication mechanism is set up. If they’ve successfully gone ahead and completed identity-proofing, you can make sure that on day one, as soon as they approved and been through sufficient systems, they can go ahead and log into any of the downstream applications.

That’s just a quick preview of what our remote onboarding looks like today.

Michael Cichon:
Well, that’s pretty cool. You covered some of the benefits. I mean, I’ve done this with the driver’s license scan, and it takes a minute. Just when you think of all of the… Well, first of all, the privacy, right? The information is kept confidential, end to end, but then all the administrative work that it would take to normally vet somebody and prove their identity manually, you’re streamlining all of that. And then on the back end, you have this strong credential now, which the user has at their disposal with 99% facial match to access their systems and nobody else can access it because they’re not that person. That’s a pretty amazing product, Sheetal.

Sheetal Elangovan:
Yeah, absolutely.

Michael Cichon:
Thank you for spending time with us today. Really appreciate it and keep up the great work in the product management team.

Sheetal Elangovan:
Thank you. Thank you, Michael.

Overcoming Resistance to Change on the Journey to Passwordless MFA

Read More