×
is
2022/06/15
 
15 Jun, 2022 | 3 min read

Identity Verification and KYC in a Digital Age

  • Kayathiri Mahendrakumaran
  • Software Engineer - WSO2

Photo by Joe Shields on Unsplash

Overview

Identity verification is a crucial step in ensuring someone is who they say they are. This idea is brought through digital identity verification. This reduces the effects of individuals from creating a fraudulent identity, engaging in fraud-related crimes, or acting without the permission of someone else. Organizations must detect the identity of an individual as they manage many prominent security issues like identity theft, data breaches, and fraudulent transactions. 

The following verification methods can help to narrow down the above mentioned issues:

  • Digital ID verification
  • Biometric verification
  • Knowledge-Based Authentication/verification (KBA)
  • One-time Passcode (OTP) verification
  • Trusted Identity Network

    • This blog post will illustrate how various features of WSO2 Identity Server support identity verification. 

    Benefits of Identity Verification

    Regardless of industry, identity verification offers several important advantages and benefits that boost security and reduce overall risk, including:

  • Faster and effective customer onboarding
  • Reduced likelihood of identity theft 
  • Risk management

    • Need for Identity Verification

    It's crucial to recognize a trustworthy individual in a world where we conduct transactions with many websites and applications daily. When making an online purchase, you can perform a quick Google search to see if the site has received positive reviews from other users. Therefore, most websites maintain ratings for their sellers and buyers. People need to trust that you are a real customer and that you are getting what you paid for.

    Most organizations mandate identity verification to maintain their reputation, avoid fraud and other crimes, and improve user experience. 

    Supported Features

    Identity Verification with Evident

    Evident is a popular and reputed supplier of identity verification services, offering over 12,000 categories of verifiable data along with ID scanning for over 195 countries. Evident provides a comprehensively streamlined approach to identity verification, offering businesses the assurance they need to remain compliant while giving them freedom to scale and adjust as they expand or pivot. 

    Using 3D liveness detection, Evident creates a 360-degree identity profile by comparing information from authoritative sources and identification documents. Evident sends verification requests to people with ease, enabling them to use their mobile device to scan and submit an ID document such as a driver’s license, passport, or other valid form of ID.

    Figure 1: Identity Verification with WSO2 Identity Server and Evident ID

    As shown by Figure 1, you can configure Evident with WSO2 Identity Server. When a user registers to WSO2 Identity Server, the account will be locked. To unlock it, a verification request is sent to Evident. Then, Evident sends an email to the user with steps to complete the verification. Once the user completes the steps, Evident will verify the identity of the user and unlock their account. 

    Verifiable Credentials 

    What are Verifiable Credentials?

    Verifiable credentials (VCs) are an open standard for digital credentials. They can represent information found in a physical ID, like a driver’s license which allows individuals to legally operate vehicles. The idea of a VC is to represent an individual’s physical identity in a digital format. These VCs are machine verifiable, secure, tamper-proof, and are issued by competent authorities such as Azure, and MATTR.This process is illustrated by Figure 2.

    Figure 2: The Trust triangle of verifiable credentials

    As shown above, there are three entities in the VC system: an issuer, a holder, and a verifier. This forms a triangle of trust. The issuer provides the credential. These issuers often include governmental agencies, hospitals, banks and other financial institutions, educational institutions, and even startups that verify information and issue credentials attesting to it. The holder is the individual who has the credentials. Holders can be individuals or organizations. The verifier confirms if the credentials meet the established criteria of a VC. For example, a university librarian (verifier) confirms that an individual (holder) is a student at the university (issuer).

    Not all the methods of creating VC are equally secure. They must satisfy some of the following concerns. 

    • Security
    • Standardization
    • Open Formatting
    • Robust Privacy Strategy

    From an implementation standpoint, these VCs must adhere to theW3C Verifiable Credentials Data Model. The concerns mentioned above are tackled by these standards, as these are a set of specifications and verifiable documentation that allow credentials to be verified and shared on the web. 

    WSO2 Identity Server is an API-driven, open source, cloud native IAM product that enables secure access for onboarded users by providing verifiable credentials. The solution issues digital credentials for its customers to use at various instances by reducing costs to produce and maintain physical ID cards. Here are some of the benefits:

    • Reduce costs - Eliminate the requirement for printing hard copies.
    • Improve security - Digitally verifiable credentials reduce the chances of using fake or stolen physical credentials.
    • Improve branding - The digital credentials can be used in various places.

    Identity Assurance and eKYC

    Identity assurance (IDA) and Electronic Know Your Customer (eKYC) are new OpenID Connect extensions that enable suppliers of verified identities to distribute UserInfo and ID tokens with extra information detailing which assertions are firmly validated. Identity verification will be made easier and less expensive with eKYC and IDA.

    This in turn, helps to verify the identity of a person or entity. In addition to understanding the process-related details and supporting documentation used to verify end user claims, the relying party (RP) must also be aware of the degree of trustworthiness of the end user claims that the OpenID Connect Provider (OP) is willing to communicate. This schema should have flexible data formats for communication of information about the ensured identity data, including requests and responses. 

    As for KYC, if two parties are involved in a transaction, they must know each other to make the transaction legitimate. This is crucial in online transactions as the KYC process identifies and verifies the identity of a customer. Similarly, eKYC is the digitalized version of the KYC process. Implementing eKYC provides significant advantages:

    Advantages of eKYC and IDA

    • Less bureaucracy
    • Cost efficient
    • Paperless
    • Reduces fraud

    Figure 3 illustrates a sample scenario of eKYC in identity verification.

    Figure 3: eKYC process

    Enterprises or organizations will experience a shift to digital transformation by switching to Identity verification and eKYC models that necessitate a significant investment in infrastructure and resources. These enterprises should focus on the long term advantages that this transformation provides instead of considering the initial investment made in the short term. Customer behavior too has changed as more individuals continue to use digital channels for their needs. Digitalizing identity verification will improve an organization’s customer base and provide a more secure, seamless, and scalable onboarding process for their customers. We are pleased to mention that WSO2 Identity Server provides support for eKYC and identity assurance.

    For more information about WSO2 Identity Server, click here.

    English
     
    API Management
    Integration
    IAM
    Internal Developer Platform
    Solutions
    Resources
    Support
    Company
    Sign Up For Our Newsletter

    Follow us

    Learn About Security At WSO2