What is mobile Id verification?
Mobile ID verification technologies are a means of digital identity verification done securely through your smartphone. When opening a new bank account remotely, you can verify your identity using a mobile browser on your smartphone.
Mobile ID verification is essential to the remote account opening process, because it validates whether an online applicant is who they say they are. Using secure mobile ID technologies to verify a customer's identity ensures that financial institutions can trust each user’s digital identity online. When an organization such as a bank has a strong degree of identity assurance that an online user is who they say they are, this is referred to as a trusted digital identity.
Mobile ID verification capabilities are more important than ever because the COVID-19 pandemic has accelerated our digital behavior and how we access financial services. More consumers are now opening accounts, applying for loans, and paying bills on their mobile devices. Banks need to make sure that remote users accessing bank accounts and customer data aren’t fraudsters or bots. Most financial institutions have already started the digitization process for account openings with 85% of financial institutions providing some form of digital account opening.
How mobile Id verification works
Mobile ID verification allows an individual to prove their identity by using their mobile device. You can use your mobile device to compare something you are, such as a facial recognition biometric, against the photo on a piece of government-issued ID such as a passport, driver’s license, or national identity card. Digital identity verification compares a facial biometric scan against the data in the government ID document to validate whether a person is who they say they are.
There are many different methods of identity verification, including the following:
- Identity Document Verification: Checks that the ID document a new customer is using for verification, such as a driver’s license, passport, or other government-issued ID, is legitimate by using advanced algorithms.
- Biometric Verification: Uses selfie photos to establish that the person presenting their government-issued ID with a photo is the same person whose picture appears on the ID. For customer onboarding, best practices include asking a customer to register more than one biometric trait, such as both a facial scan and a fingerprint. (This ensures that later on once the customer is fully onboarded, the bank can step-up security and apply additional authentication challenges if a transaction appears risky.)
- Liveness Detection: Determines whether a selfie photo is legitimate by detecting spoofing attacks like a photo of a photo or a face mask. There are different methods of liveness detection are available on the market. However, the most common form of liveness detection instructs the person to do a series of head movements to prove liveness, such as getting a customer to smile, stop smiling, blink, close their eyes, or turn their head from side to side. Most biometric enrollments can be done so quickly that a customer can barely notice that liveness detection was done.
- One-time Passcode (OTP) Verification: Transmits a single-use passcode via SMS or email to the applicant during the identity verification process.
- Trusted Identity Network: Uses the applicant’s existing credentials with another provider, such as a bank or credit union, to verify their identity and reduce friction during the account opening and onboarding process.
How mobile Id verification helps prevent fraud
Identity verification helps prevent application fraud. When a person is opening their new account remotely, they are asked to verify their identity digitally by scanning both the front and back of their driver’s license, for example. Artificial intelligence (AI) and advanced authenticity algorithms analyze the image to produce an authenticity score to determine whether the ID document is genuine or fake. This is the point where application fraud is most likely to occur. When application fraud is caught at the beginning of the new account application stage by identifying fraudulent government IDs, it significantly reduces the chance of having to mitigate fraud later.
The use of biometrics in identity verification also helps prevent application fraud, which is a type of identity fraud. For example, facial comparison uses advanced algorithms to extract biometric data from a facial image, such as the position and size of a person’s eyes relative to each other, into a standardized data set. Comparing two data sets can determine whether two images are from the same individual. If one image is from a pre-verified source like a passport or government-issued identity card and the second image is a real-time selfie photo taken by the applicant with their mobile at the time of their application, facial comparison can be used to prove their identity and their live presence to help detect application fraud.
Recent research from Aite Group found that application fraud was second only to account takeover fraud as the biggest fraud challenge for financial institutions. In addition, data breaches make it easy for fraudsters to open accounts with stolen information. Without the ability to detect fraudulent identities in real time with the use of mobile ID, financial institutions will continue to have losses.
Mobile identity verification also can help prevent new account fraud, where fraudsters or mules successfully open a deposit account or credit card account without detection if a financial institution lacks identity verification technology. For example, identity verification can stop a fraudster or mule from making it through the remote application process using their own identity documents or a stolen or synthetic identity. Failing to catch the fraudster or mule during the onboarding process can lead to significant financial losses later on for financial institutions.
App shielding in mobile id apps
Mobile app shielding is a digital security technology that’s designed to protect mobile apps such as those used for mobile ID verification. App shielding will detect mobile malware and mitigate other malicious attacks aimed at a stealing an individual’s data or money through their apps. Among other things, it allows a mobile app to operate securely, even when there is a risk of malware if a phone is jailbroken or rooted. Mobile app shielding with run-time application self-protection (RASP) can detect and prevent real-time attacks. The combination of mobile app shielding with run-time protection allows mobile financial apps to run securely, blocks foreign code from interfering with the app’s functionality, and shuts down the application if a threat to data exists. Integrating app shielding with runtime protection also protects sensitive information from cybercriminals, even on untrusted mobile devices. App shielding with RASP also detects malicious keylogging and repackaged applications, among others.
Financial institutions also can pair risk analytics technology (risk engine) with mobile app shielding and mobile security technologies to gather additional information about the app in its runtime environment to allow the banking app to function securely in a risky environment and optimize fraud management.
Benefits of mobile id verification
Identity verification technology allows a customer’s ID documents to be authenticated digitally and in real-time, whether the user is in-branch or remote. For financial institutions, this speeds up account opening and onboarding processes, while also protecting against fraud. For customers, mobile ID verification helps improve abandonment rates because the identity verification process is reduced to minutes instead of days. This kind of frictionless experience to authenticate customers more trust in their financial institutions as the use of their mobile phones becomes more routine.