Identity proofing has been fundamental to businesses for a very long time to ensure that customers are who they say they are. The concept of identity proofing dates back to prehistoric times when beads were used to communicate wealth, familial lineage and personal identity. Facial tattoos such as those adorned by the Maori of New Zealand communicated a person’s status, ancestry and membership in a particular group.
Obviously, the process of establishing identity has evolved, but many of us are still accustomed to physically visiting a branch office to verify our identities when creating new accounts, usually armed with a driver’s license or passport, maybe even a birth certificate. It was not so long ago when identity proofing meant the user was able to furnish a simple email address.
Today, modern organizations rely on online identity proofing to meet a variety of compliance regulations, to combat online fraud and to drive customer acquisition in a user-friendly and seamless way.
Given the current pandemic, remote identity verification is an especially hot topic these days since face-to-face interactions may no longer be feasible. In fact, COVID-19 has exposed just how woefully inadequate enterprises were prepared for a world without branches/retail outlets.
“In conditions of social distancing raised by COVID-19, consumers may now divide financial institutions into ones they can use without leaving home, and those from where it is better to close their account,” Alex Kreger, founder of financial UX design agency UXDA, recently told The Financial Brand.
The Many Use Cases of Customer Identity
The ability to quickly, reliably and securely prove that someone is who they say they are has never been as important. As companies evolve to become more digital, more and more interactions with customers will now occur on a screen rather than in person. These digital transformation efforts start with creating new accounts online.
Digital identity verification is an unsung hero in an organization’s digital transformation strategy because companies must verify that a person’s digital identity matches their physical identity when conducting business online. This not only applies to banks, but to virtually any organization that onboards new customers remotely including e-commerce, online gambling, payments, nonprofits, healthcare agencies, telecommunications and virtually all B2B enterprises.
The worlds of customer identity and workforce identity have often been mutually exclusive with little overlap between them. Companies such as Jumio make sure a person is who they say they are while single sign-on solutions, such as Okta, help establish and manage our workplace identities. That’s why we’re coming together. Jumio and Okta provide strong online identity proofing for newly created accounts and existing users as well as biometric-based authentication for ongoing login protection.
Verifying New Accounts
Together, Jumio and Okta provide the ability for organizations to reliably validate the digital identities of their online customers in seconds and grant them appropriate access to the sites and services they need.
If an enterprise is currently using Okta, there are two primary uses cases where Jumio can layer in additional value:
- Identity Proofing & Authentication: Jumio enables enterprises to quickly, securely and reliably identity proof new users (when they create remote accounts) and authenticate end users (consumers) that require a special level of access. For example, an enterprise using Okta can leverage Jumio to verify the ages of new consumers to ensure they qualify for specific services or access-restricted services.
- Higher Access Privileges: Jumio can provide an extra layer of security for internal employees that require higher access privileges. Jumio can provide Okta-enabled enterprises with extra flags that can be used by the enterprise security policy and IT administrators.
With user self-verification powered by Jumio, you can confidently grant the access you need to make your enterprise run efficiently.
Here’s how it works:
Organizations using Okta can now trigger online verifications of new users directly from the Administrator Dashboard using our APIs. Leveraging Jumio’s SDKs, organizations can quickly build workflows to capture pictures of government-issued ID documents and corroborating selfies to more definitively establish their user’s digital identities. Below is a sample workflow of the admin and user experience.
Sample New User Verification Workflow
This approach offers a number of advantages to Okta customers including:
- Higher Levels of Assurance: Tethering a remote customer’s digital identity to a government-issued ID document and corroborating selfie offers higher levels of identity assurance.
- Better Fraud Detection: The simple act of requiring a selfie and performing a liveness check has a chilling effect on most fraudsters.
- Intuitive User Experience: Thanks to smartphone manufacturers (most notably Apple and Samsung) the notion of unlocking your digital identity with your face has become a familiar and intuitive process.
- Global Coverage: Jumio supports more than 3,500 ID document types (e.g., passports, driver’s licenses, ID cards) from more than 200 countries and territories.
- Simplified Compliance: For companies operating in regulated industries, Jumio’s identity proofing solutions can help streamline and simplify Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations.
Authenticating Existing Users
After vetting and verifying your users, it’s important to continue to securely authenticate them when they log into their accounts. Okta’s Adaptive Multi-factor Authentication allows you to give employees and customers a seamless way to access the tools they need.
Okta Adaptive MFA uses a broad set of modern factors, leverages insight from millions of users, devices and authentications, and integrates easily with your applications and network infrastructure. Okta’s MFA relies on authenticating the user’s device (akin to the FIDO Alliance model). But, some Okta enterprises may want to layer in Jumio Authentication as an additional trust layer for other channels outside of the device (e.g., web-based implementations). In some cases, enterprises may opt to replace Okta MFA all together with Jumio Authentication based on their specific use cases and budget.
And now, Okta can leverage Jumio’s biometric 3D face map as an incremental factor.
When a new user account is provisioned at Okta, Jumio creates a 3D face map of the user during the selfie-taking process which contains 100 times more liveness data than a 2D photo. IT administrators can now trigger Jumio’s biometric authentication solution for all logins or just high-risk transactions (e.g., a $10,000 wire transfer to the Cayman Islands). Because a baseline face map was created when the customer registered, Jumio Authentication can be invoked at any point to authenticate the user.
All the customer has to do is to take a fresh selfie, from which a new 3D face map is generated, and the new face map is instantly compared to the original face map to make a definitive yes or no decision. But this decision is based on biometrics vs. less secure knowledge-based approaches.
Jumio is pioneering selfie-based authentication to allow businesses to leverage biometric user data captured during enrollment and re-verify that data in the future. With this type of selfie-based authentication, users are not required to repeat the identity proofing process again — they just take a quick selfie — and as the digital chain of trust grows, so does the security level.
Performing Account Recovery
According to Gartner research, password resets can account for 30%-40% of support costs and they cause significant customer frustration. Perhaps, most importantly, password resets are a ripe vector for identity theft and account takeovers. The password change function of an application allows any users who can log into that account to change or reset their password and lock out the actual account owner.
There’s a smarter and more secure way of recovering accounts and performing password resets.
Instead of relying on traditional forms of authentication (e.g., knowledge-based authentication), which are inherently less reliable, IT admins can quickly invoke Jumio’s identity verification solution.
Similar to the new account onboarding, whenever a user loses or forgets their Okta password, they can be sent a Jumio Identity Verification link. Similar to the identity proofing step, Okta enterprises can leverage the Jumio Identity Verification workflow to verify that the user submitting the password reset is the actual account owner. If the identity is approved, Jumio would alert Okta and the admin could reissue new login credentials to the user.
This is significantly more secure and reliable than knowledge-based authentication and is a strong fraud deterrent because of the selfie/liveness requirement.
As the world becomes more digital and mobile device centric, it’s increasingly imperative to deliver a simple, fast and powerful identity proofing experience — not only at account creation but for the life of your users.
