November 11, 2024
How to Select an IDV Vendor: Key Features and Considerations
As digital transformation accelerates across industries, Identity Verification (IDV) has become an essential tool for secure and seamless customer onboarding. From the Anonybit point of view, IDV serves as the crucial on-ramp in the circle of identity, establishing the foundation for trusted, ongoing interactions with users. With the rise of synthetic identities and the growing sophistication of generative AI tools, identity verification has become even more critical, as fraudsters can use AI to mimic legitimate identities with alarming accuracy. Yet, not all IDV vendors are equipped to handle these emerging threats, making it essential to choose a solution or combination of solutions that prioritizes robust fraud prevention without compromising the user experience.
Note that while there are passive verification methods—such as phone, email, and device-based verification—that can enhance security, this blog will focus on more active, document-based IDV techniques, which are sometimes necessary for industries with stringent compliance requirements.
Core Features of IDV Solutions
IDV vendors commonly offer features that help businesses verify the authenticity of identity documents, biometrics, and user data, but each vendor approaches these aspects differently. Here’s a breakdown of common IDV solution features and how vendors may differentiate themselves:
- Document Verification: Using OCR (Optical Character Recognition) and AI, vendors verify identity documents and extract critical data. Advanced solutions go beyond basic document verification, using image analysis and forensic techniques to flag potential forgeries.
- Biometric Verification: Biometric features, like facial recognition, are often part of the verification process to make sure that the person presenting the document is the same person to whom the document was issued.
- Liveness Detection: To prevent fraud in the biometric verification process, vendors incorporate liveness detection, confirming the user’s physical presence during the verification process. Vendors vary in how accurately they can detect spoofing attempts, such as deepfakes.
- Database Screening and Watchlist Checks: For compliance purposes, some vendors offer PEP and sanctions list screening, which helps identify politically exposed persons or individuals flagged for regulatory violations.
- User Experience and Accessibility: Vendors vary widely in how they balance thorough verification with a seamless user experience. Some prioritize minimal user interaction to prevent onboarding drop-offs, while others integrate accessibility features for diverse user groups.
- Privacy and Security: To protect sensitive information, IDV solutions use a range of storage techniques – from standard encryption to privacy-enhancing technologies, and compliance measures for GDPR and other regulations.
- Full Lifecycle Support: Some IDV providers are able to provide reverification and reauthentication capabilities to support downstream use cases. These capabilities need to be evaluated in their own right and will be the subject of another blog post.
- Customizability and Integration: Vendors often offer APIs and SDKs for seamless integration into existing workflows, along with options for custom branding and feature flexibility to suit business-specific needs.
Key Considerations for Choosing an IDV Vendor
Once you understand the essential features of IDV solutions, you can begin evaluating potential vendors based on several critical factors. Here are some key considerations to weigh when selecting the right IDV provider:
- Manual vs. Automated Acceptance: The method by which the IDV vendor verifies users—whether manually, automatically, or through a hybrid approach—impacts both speed and accuracy. Automated solutions tend to offer faster processing, but a manual review might be beneficial for complex cases where accuracy is paramount. A hybrid approach can provide the best of both, allowing for faster onboarding while reserving manual checks for flagged cases.
- Verification Speed: Speed is critical in IDV solutions, as long wait times can result in user drop-offs during onboarding. Vendors differ in the time it takes to verify an identity, especially when handling larger volumes of requests or high-resolution data. Be sure to confirm the average processing time for each vendor and assess whether they can scale to meet increased demand.
- Incorporation of Additional Signals: Some vendors enhance accuracy by incorporating supplementary signals like IP address verification, geolocation, device ID, and behavioral data. These added signals can bolster fraud detection and ensure a more comprehensive user profile, providing further assurance of identity authenticity. Sometimes those signals are captured in a separate process prior to the document verification process.
- Proprietary vs. Third-Party Technology: The origin of an IDV vendor’s technology—whether proprietary or third-party—affects their control over updates, customization, and performance. Vendors who develop their own technologies may offer more tailored and adaptable solutions, while those relying on third-party technologies might be limited in their flexibility.
- Certifications and Accuracy: High accuracy rates are essential, especially when false positives or negatives can have serious consequences. Look for vendors with certifications and audit reports like SOC 2 or ISO 27001, and inquire about their false acceptance and rejection rates to assess the reliability of their verification processes. Recent DHS benchmarks have shown that there is great variance across the board in this regard.
- Adaptability to Changing Document Templates: ID documents undergo regular updates, and a strong IDV vendor should keep pace with these changes to maintain verification accuracy. Solutions with adaptable or self-learning algorithms can swiftly adjust to new document formats, minimizing errors.
- Integration Time and Flexibility: For businesses looking to incorporate IDV into their existing tech stack, the integration time and options for customization are essential. Look for solutions with clear API documentation, SDKs, and support for seamless integration and maintenance.
- Data Storage and Privacy: Whether and how user data is stored has significant privacy and compliance implications. Some vendors may offer local or on-premise storage options, while others rely on cloud-based storage. In the case of cloud-based storage, it is critical to examine the security protocols that are used, as in today’s cyberthreat landscape, anything that can be done to reduce the risk of a data breach and enhance regulatory compliance will go a long way.
- Capabilities for Deduplication, Watchlisting, Blocklists, and Velocity Checks: Fraud prevention capabilities vary, with some vendors offering advanced features like deduplication to prevent duplicate accounts, watchlisting to flag suspicious users, blocklists for known bad actors, and velocity checks to identify unusual activity. These features can be especially useful for businesses in high-risk industries, however, adopting these capabilities means that it is necessary to pay very close attention to the data storage component (see point 8 above).
- Risk Modeling and Reporting: Many IDV vendors offer risk modeling to help assess and manage potential fraud risks. These robust reporting capabilities provide insights into verification metrics, enabling better risk management and regulatory compliance.
- Transparency and Dashboard Functionality: Many customers rely on all of the signals within the IDV framework for their own risk models, making transparency especially important. Solutions that rely on “black box” algorithms can be difficult to trust or adjust. Look for vendors that offer a dashboard for user management, reporting, and real-time insights.
- User Management and Access Control: For organizations requiring multiple user access levels, a vendor with robust user management and access control features is essential. A centralized dashboard that allows for assigning roles and permissions enables better oversight and security and access via biometrics helps to prevent misuse.
What The Providers Have to Say
Adam Bacia, Senior Director, Global Product Marketing, Mitek: “Verification is evolving beyond traditional know your customer (KYC) use cases, and it’s important to evaluate the flexibility of a solution. The ease with which you can quickly adjust the verification process to accommodate new requirements, use case or regulations, or simply create an entirely different verification workflow. Along those same lines, many major markets are entering a transition period where portable digital identities are starting to take root, and in the next few years it will be critical to work with a vendor who is prepared to help your business verify across many different types of identities (both digital IDs and physical documents). Lastly, there is a genuine sea change happening with the use of AI generated content to super charge fraud. Attacks using deepfakes, injections, and digital templates have the potential to undermine some forms of traditional identity verification if vendors aren’t bolstering their processes with equally sophisticated means of detecting and flagging these attack vectors.”
Fernanda Sotil, Senior Director of Strategy, Incode: “When selecting an IDV provider, it’s essential to prioritize those with complete ownership over their core technology. This vertical integration provides unique advantages: it enables rapid adjustments to emerging fraud patterns and direct control over the data used to train machine learning models, which supports continuous iteration and responsiveness to evolving fraud tactics. Furthermore, top-tier providers offer detailed performance analytics, including post-fact labeling to assess the precision of their responses. This is rare in the market but incredibly valuable, as it empowers companies to optimize their verification workflows, adjust model thresholds, and incorporate nuanced conditions to fine-tune their fraud detection strategies. Equally important is biometric verification directly linked to government sources—particularly facial biometrics, beyond mere data. This capability is critical in detecting synthetic identity fraud, providing a rigorous layer of validation that goes beyond traditional document and data checks, ensuring stronger differentiation between legitimate users and potential threats.”
Kristine Champion, Senior Vice President of Marketing, AuthenticID: “To verify an identity with confidence today requires a multi-layered approach that brings together diverse attributes for a holistic understanding of each individual. Integrating ID verification, biometrics, PII, and device data strengthens the certainty that a person is who they claim to be. Fraudsters are becoming increasingly stealthy and sophisticated, demanding that IDV detection technology keeps pace. At AuthenticID, our Identity Fraud Taskforce and technology team are continuously researching, and innovating to build a platform that detects fraud before it breaches our clients systems and stands as a shield against the most sophisticated attacks.”
Jordan Burris, VP & General Manager, Public Sector, Socure: “Public sector organizations are often plagued with a false choice – either get digital services out fast and assume fraud is going to happen; or create a process with lots of friction and limit fraud, but fail to deliver services where they’re needed. In reality, these organizations can both move fast and also mitigate fraud – the key is evaluating accuracy, transparency, security, and total cost of ownership for any solution when making a decision. When factoring these elements together organizations are better positioned to enable a seamless, secure, and equitable digital experience without creating undue friction for good people due to false positives.”
Sean Lanzner, Senior Director of Partnerships, GBG Idology: “It’s important to pick a provider that makes a point to listen to your specific requirements; whether serving certain demographics and countries, complying with specific regulations, or catering to your unique risk appetite. IDV players often can’t offer everything you need, but they can try to be collaborative partners!”
Azhar Hemani, Head of Sales, North America at Bureau ID: “Using advanced risk signals like device intelligence, behavioral biometrics and location intelligence is essential to modern identity verification as they create a multi-layered defense against sophisticated fraud tactics. By integrating device-specific data (like location, behavior, and device history) with traditional verification methods, organizations can verify users with higher accuracy and detect risks in real time. This approach reduces fraud while improving the user experience, making identity verification both more secure and seamless.”
Looking Beyond IDV: Leveraging Biometrics for Downstream Authentication
One of the most powerful advantages of a well-implemented IDV process is the ability to use the data for downstream authentication. For example, if a selfie or other biometric data is captured and stored securely during the initial IDV process (with privacy and user consent thoroughly addressed), it can be reused for subsequent authentication, creating a seamless, secure experience for users.
Solutions like Anonybit, which focus on privacy-enhanced biometric storage, allow organizations to leverage biometric data in ways that protect user privacy while ensuring strong, ongoing identity verification. This approach not only strengthens security but also enables a more convenient user experience across multiple touchpoints in the customer journey. More on this topic in a separate blog
Conclusion
Choosing an IDV vendor involves careful consideration of a wide range of factors, from the core features offered to specific considerations like accuracy, transparency, and scalability. By thoroughly evaluating potential vendors across these dimensions, you can find an IDV solution that aligns with your organization’s security needs, compliance requirements, and user experience standards as well as future build requirements. The right partner will not only provide a solid foundation for secure onboarding but also offer the flexibility and adaptability to grow alongside your business.