July 15th, 2024
By Mouhamad Mbacke
There once was a time when a username and password were the gold standard for online identity security. But as identity-related threats have become more sophisticated, so have identity verification methods.
Be it knowledge-based authentication, multi-factor authentication, or biometric authentication, many new identification standards have been adopted to stay ahead of attackers. At ID Dataweb, we’ve consistently developed new, cutting-edge ID verification technologies to stay ahead of the curve. And now, through our collaboration with RSA ID, we’ve worked to strengthen the identity verification process further.
Automated credentials-abuse prevention
ID verification is an important advancement in the digital security landscape. It’s a vital defense that prevents bad actors from using stolen credentials to access an organization’s systems.
What’s exciting about ID verification technology is how it goes beyond simply checking for correct credentials. Through a combination of knowledge-based, physical, and biometric indicators, it confirms the authenticity of the person behind the credentials, ensuring the person behind the screen is who they say they are.
With more organizations digitizing and structuring around distributed teams, manual identification has become more impractical. But this doesn’t mean identity security must be neglected, rather, this creates the opportunity to deploy safe, automated ID verification solutions.
Getting ahead of bad actors
ID verification is essential during key moments in the identity security lifecycle, particularly in high-risk scenarios like onboarding new users or resetting/recovering credentials. It becomes indispensable when in-person verification isn’t practical, such as when employees, managers, and IT support are in different locations.
Ensuring secure enrollment is vital to verifying that an organization is interacting with the intended individual. According to the IBM Security Cost of a Data Breach Report 2023, attacks initiated by malicious insiders were the most costly, averaging USD 4.9 million and taking an average of 308 days to detect.
Without ID verification, imposters could easily be granted credentials or recover someone else’s credentials by pretending to be them. ID verification provides a way to intervene at high-risk points where the user’s identity, the authentication process, or the entitlements are unclear. In 2022, threat actors gained access to a non-governmental organization’s cloud and email accounts by exploiting this vulnerability.
How ID Dataweb’s ID verification process works
ID Dataweb’s verification process is streamlined through AXN verify, which uses preconfigured verification templates to confirm a user’s identity in various scenarios such as user registration, payments, or call center systems.
Here’s how AXN verify ensures secure and efficient identity verification:
MobileMatch: This template verifies if the user has a phone registered under the name they are claiming to be.
By verifying the phone number, MobileMatch ensures that the contact information provided by the user is legitimate and accurately linked to their identity. This step is crucial because phone numbers are often used as a secondary authentication factor, adding an extra layer of security.
Validating a phone number helps prevent unauthorized access by ensuring that the individual attempting to gain access is indeed the person they claim to be. It mitigates risks associated with SIM swapping and phone number fraud, making it harder for attackers to use stolen credentials.
BioGovID: This template verifies if the user’s selfie matches an authentic government-issued ID.
BioGovID adds a robust layer of security by confirming that the individual’s physical appearance matches their documented identity. This biometric verification ensures that the person presenting the ID is the rightful owner.
Biometric verification is a powerful tool against fraud. By requiring a selfie that matches a government-issued ID, organizations significantly reduce the risk of unauthorized access, as it is extremely difficult for attackers to replicate someone’s biometric data.
Dynamic KBA: This template verifies that the user knows the answers to personalized questions about who they’re claiming to be.
Knowledge-based authentication (KBA) is effective in verifying a user’s identity, especially when combined with other methods. It reduces the likelihood of successful impersonation attacks because even if an attacker has some credentials, they are unlikely to know personalized answers. This protects against credential stuffing and phishing attacks.
Comprehensive Identity Verification Workflows: ID Dataweb’s identity verification workflows enable administrators to create policies dictating when these verification templates will be used. It also supports the configuration of multi-stage verification processes.
The flexibility to create custom policies and multi-stage verification processes ensures that organizations can tailor the verification to their specific needs and risk levels. This adaptability enhances security by applying appropriate verification rigor based on the situation.
AXN verify helps organizations implement a defense-in-depth strategy. This makes it more difficult for attackers to bypass security measures, as they would need to overcome multiple, varied layers of authentication.
AXN verify’s comprehensive and robust approach to identity verification significantly enhances cybersecurity and credential protection, making it an indispensable tool in the modern threat landscape.
ID Dataweb and RSA: Elevating ID Verification Together
At ID Dataweb, we’re proud to collaborate with RSA, a pioneer in security solutions, to enhance secure enrollment and credentials recovery for their customers. Our cutting-edge ID verification technology is now an integral part of RSA My Page, their single sign-on (SSO) solution.
Seamlessly embedded into RSA My Page, ID Dataweb’s technology enables users to quickly and securely verify their identity digitally—eliminating the need for in-person verification. The same ease applies to credentials recovery, making the process both secure and user-friendly.
“RSA remains a leader in security with its state-of-the-art Unified Identity Platform,” said Matt Cochran, VP, Product and Operations, ID Dataweb. “By integrating ID Dataweb’s unrivaled identity verification capabilities, RSA now offers a simple, one-click, no-code deployment for advanced identity proofing workflows. This integration ensures that RSA users can be onboarded and productive seamlessly and securely.”
Our ID verification process, embedded within RSA’s systems, involves a straightforward initial authentication followed by ID Dataweb’s verification workflow. This workflow is powered by RSA’s OpenID Connect (OIDC) connector for user verification.
This collaboration is part of RSA’s Unified Identity Platform, which combines authentication, access, governance, and lifecycle management to help organizations mitigate risks, detect threats, and advance beyond traditional IAM.