LinkedIn’s ID Verification – One Small Step in the Right Direction

LinkedIn has joined the ranks of social media platforms offering ID verification badges designed to assure users that the person associated with a profile is in fact who they claim to be. Given organized fraud on LinkedIn, it’s about time. But, while I applaud the move, it’s important to note what identity verification is and what it means to users like you and me.

ID Verification: The Good, the Bad & the WTF

While social media users and brands have long been able to apply for checkmark-style verifications, these badges have traditionally been bestowed by the platforms themselves. But last November, Twitter changed the game by announcing it was replacing its existing verification system with Twitter Blue. The idea: Enable anyone with a profile (and $8 a month) to add Twitter’s coveted checkmark to their profile.

Quite predictably, chaos ensued as pranksters and cybercriminals purchased blue checkmarks and impersonated brands and their executives with abandon. The Eli Lilly and Lockheed Martin impersonations occurred on Twitter during this time. So did an exodus of top advertisers, contributing to an 89% drop in ad revenue.

Twitter has since paused, re-launched, and continued to modify its approach to verification. But it’s hardly alone. Impersonation occurs on every platform, including TikTok, Facebook, LinkedIn, and even new Twitter rivals like Mastodon. The Bird Network is also no longer an outlier in offering ID verification to all users. Meta’s Facebook and Instagram have rolled out paid verification, and now LinkedIn has announced no-fee verification.

As a B2B marketing leader, it’s LinkedIn that matters most. The platform is expected to capture 25% of all B2B ad spend by 2024, to the tune of $4.5 billion, for a simple reason: It’s an indispensable channel for brand, direct, and account-based marketing. LinkedIn ID verification can serve an essential role in preventing impersonation. But it should be done in a privacy preserving way. Here’s what I mean.

LinkedIn: More Reassurance—But Not Without Risk

LinkedIn’s approach includes options for verifying personal identity and place of employment. In the US, users can confirm their identity by uploading their government-issued ID and phone number and then displaying this verification on their profile. Worldwide, users can verify where they work with their company email address.

But while this is a step in the right direction, there are two significant blind spots in this approach. The first is the requirement to provide a government-issued ID. While this can undoubtedly cut down on fake profiles, it forces users to place the scanned drivers license in the care and control of a 3rd party. As if we haven’t seen enough identity data spread all over the Web and compromised in countless ways.

Consumers (AKA LinkedIn users) should be able to control their own data at all times and have the ability to share it with consent and on demand. The dangers are all too real as thousands of data breaches over the years prove in stark detail.

The second issue is as large or larger. Identity verification somewhere at or after account origination doesn’t prove identity at login. It does nothing to prevent social media account takeover (ATO), which is up more than 1,000%, according to the Identity Theft Resource Center (ITRC). Roughly 40% of all victims of social media ATO reported either having their personal information misused, while half lost funds or sales revenue. More than 70% were permanently locked out of their account while the intruder continued to post new content.

Just imagine the potential damage to victims and the platform itself if (and when) a verified LinkedIn account gets pirated. The good news: It doesn’t have to be this way.

Verification Made Simpler & Safer

Today, verifying identity at login is not only attainable, but readily achievable. At 1Kosmos we’ve implemented passwordless login with verified identity in a number of different ways. What does this mean?

For the LinkedIn and other social media use cases, user enrollment feels much the same way as it does today, but with identity verification, anti-spoofing and privacy baked in. For starters, when the user scans the front and back of their driver’s license, it is verified against AAMVA records to ensure validity, and more broadly can be verified in 205 countries worldwide. Scanned information is sharded, encrypted and stored in a blockchain under the sole control and management of the user. Importantly, the user never gives up control of their PII.

A facial scan is performed and compared to the likeness on their ID. This is configurable, can include liveness detection and is backed by iBeta DEA EPCS certification, verifying identity anywhere, anytime and on any device with over 99% accuracy.

When it comes to use cases that require higher levels of assurance, many organizations look for NIST 800-63-3 certified Assurance Level 2 (IAL2) identity proofing and authentication (AAL2). This typically requires a passport scan, which is then verified with the Country Signer Certificate Authority (CSCA) .

Here, privacy by design means that personally identifiable information is stored and managed solely by the user who can grant access on demand. Their personal information is never stored in a central server accessible by a 3rd party and can be transferred only with explicit user consent.

Once enrolled, our solution can use LiveID technology, device-level biometrics, one-time passcodes and various other authentication mechanisms all bound to the verified identity to ensure the user at login is who they claim to be. Because the 1Kosmos solution is NIST 800-63-3, FIDO, and iBeta DEA EPCS certified, the user’s biometric can’t be spoofed using a stolen photo, video, or other mechanisms.

For LinkedIn and other social media platforms, it would ensure that all verified user profiles and interactions are legitimate, with more than 99% accuracy. This is a significant improvement over knowing that at one point in time the account was in effect claimed by a verified, legitimate user. It truly identifies the user behind the device ad first and every login.

To learn more about 1Kosmos BlockID, schedule a demo today!

Overcoming Resistance to Change on the Journey to Passwordless MFA

Read More