Our lives have moved online. The internet is where we stock our fridge, pantry, and liquor cabinet; it’s where we file our taxes, find love, and even discover ebooks about identity verification (IDV) — among other things.
As our physical and digital worlds have become more deeply integrated, so has the process of verifying individuals and businesses. It's no longer enough to verify that a username matches a password. Now you have the added element of matching a person or entity's online persona to their physical identity.
Many companies need to comply with legal requirements around IDV. This is particularly true in highly regulated industries such as fintech and health, where fraud comes with significant costs: an IBM report found the average cost of a data breach in 2022 was $4.35 million. Given the risks, concerns around validating and protecting user information are only growing.
But even companies in relatively unregulated industries have reason to want to know their users’ true identities. In addition to deterring potential fraudsters, identity verification grants assurance to customers that the companies they’re trusting are vigilant about fraud. The consequences of someone pretending to be another person on a dating website likely won’t be as expensive as someone faking their way into a stock-trading account. But the individual whose identity was stolen — and the dating website — would still rather avoid it.
One of the biggest challenges of implementing IDV is finding the sweet spot where you have enough measures in place to catch bad actors without unnecessarily inconveniencing good users. If you’ve ever abandoned an online purchase rather than go through the hassle of proving you’re not a robot, you probably know how that frustration feels.
Fraudsters’ ever-improving abilities to create convincing fake identities are making it more difficult to strike this balance. Bad actors are also getting better at tricking their way into off-limits data. The Identity Theft Resource Center’s (ITRC) Annual Data Breach Report recorded 1,802 data compromises in 2022. These compromises impacted 422.1 million victims — an increase of over 40% from 2021, and approximately 87% of those compromises included sensitive personally identifiable information (PII).
In theory, it’s possible to build an identity verification solution in-house to mitigate fraud, comply with regulations, and build trust and safety in your brand. But it’s a big project, especially if you’re starting with no working knowledge of all the requirements and pitfalls. And it will pull resources that could otherwise go toward building your business.
Shopping for an out-of-the-box IDV solution can be intimidating, but it’s usually well worth the time. With the right criteria in mind, you can find one that has the flexibility to meet your specific needs now and in the future.
Answer these internal questions before kicking off your search for an IDV provider
Different companies have different needs and priorities when it comes to IDV. These can depend on a wide range of factors, including your industry, risk tolerance, and use cases. Narrowing down exactly what you’re looking for will help you recognize a solution that works for you when you see it. Consider:
What industry regulations do you need to meet?
If you're working in an industry subject to specific customer identification program (CIP) requirements, check the IDV vendor’s website to see how the solution ensures regulatory compliance. Communicating your requirements upfront will help root out any identity verification vendors that don't suit your regulatory needs.
What’s the minimum acceptable data you need to confirm a user’s identity? Does this vary per user?
Knowing the minimum amount of data you need to validate a user will help you rule out options that are too heavy-handed for your use case or don’t comply with your industry regulations. Note: a flexible tool may allow you to add more data-collection points as needed.
How significant an issue is fraud in your business?
Do you already know what kinds of fraud are most common in your business and industry? If not, are you researching it? Does your business have leading indicators for high-risk actors? If so, you need a tool that can consider these leading indicators as well as investigate lagging indicators to help influence your fraud strategy and protect your P&L.
How do you measure success when it comes to IDV?
What’s your goal for using an IDV vendor? Are you most concerned with getting as many users through the IDV process as smoothly and quickly as possible, or are you aiming to prevent as much fraud as possible? Or do you simply want to build trust? What metrics matter most to you?
What's your risk appetite?
Every business and identity provider has to deal with the trade-off between fraud and conversion. Is fraud more costly than user dropoff to your business? Or are you willing to slightly increase the risk of fraud to onboard more new users and maximize revenue?
When do you need to reverify your users or ask for additional verification?
This varies depending on your product or service. Look for IDV solutions that give you the flexibility to customize workflows throughout the customer lifecycle, e.g. the ability to reverify accounts every six months or when a user’s ID is about to expire so you always have a current one on record.
How do you want to handle data storage?
Do you have the infrastructure to collect and store sensitive data yourself? Do you want the IDV vendor to store the data? Both options have ramifications for your budget and compliance responsibilities.
What are your unique requirements?
Are you in a space that requires very specific types of verifications? For example, companies working in cryptocurrency might need to verify their customers’ crypto addresses. Can you get all the verifications you need on one platform?
What’s your budget?
Knowing your budget and what you expect to get for your money from the start of the process will save you from talking to companies with prices beyond your scope. Also, consider how you want to pay. Are you running so many verifications that a subscription model makes sense? Or would paying per check better fit your needs?
How to assess effectiveness
It's critical to understand how the identity verification solution will perform and execute your requirements. Here’s how to make that assessment, including how to recognize unrealistic metrics and too-good-to-be-true claims, crucial context for judging statistics, and why you should ask about a bake-off (not the kind involving pies).
When you’re assessing a tool’s accuracy, what you look for will depend on your priorities. Is your goal to verify as many good users as possible or to catch and stop as many bad actors as possible?
If your primary concern is verifying good users, you need to assess the tool’s accuracy based on the following performance metrics:
- Precision: Of all the users the tool identified as good, what percentage were actually good?
- Recall: Of all the good users trying to get verified, what percentage did the tool allow through?
If preventing fraud is your highest priority, you need to consider these performance metrics:
- Precision: Of all the users the tool identified as frauds, what percentage were actually fraudulent?
- Recall: Of all the fraudulent users trying to get verified, what percentage did the tool catch?
Take into account factors that affect accuracy data
One metric you’ll likely encounter is the pass rate, which defines the percentage of users successfully verified upon verification attempt. However, just knowing a tool’s pass rate isn’t enough to assess the tool’s accuracy. To make sure you have the full picture of how accurately a tool detects and prevents fraud, context is key. You’ll want to understand:
The average fraud rates in the test population
Some industries experience higher fraud rates than others. A high pass rate among users of a solution with historically low fraud rates, like a grocery delivery app, is a good sign. Most of those users are good actors, so it makes sense that the tool would accept the majority.
But in a population with a high rate of fraud, such as a banking app, that same high pass rate might indicate that the tool isn’t catching bad actors. Don’t assume that a high pass rate equals a better tool. Ask about the population the pass rate came from.
The sophistication of the fraudulent activity
Some types of fraud are harder to spot than others. An IDV solution that has a high rate of accuracy against unsophisticated types of fraud (e.g. trying to pass a library card off as a driver’s license) may not fare so well against sophisticated types of fraud, e.g. deepfakes. Take into account the type of fraud your industry typically experiences.
The devices individuals used when verifying their identity
This can affect pass rates in surprising ways. One of the most common reasons users fail verification checks is because their photos aren’t detailed enough for the tool to read. If an identity verification vendor presents a pass rate based on people who were all using smartphones with excellent cameras, the tool may not fare as well with your real users, who are likely using a range of devices.
Whether machines or humans were verifying the IDs
IDV tools usually use artificial intelligence (AI) in some capacity to verify the majority of users. Software is faster than humans but can sometimes be less accurate. Data based on human verifications will likely show higher accuracy rates when it comes to verifying good users and excluding bad actors. But if the tool actually relies mostly on AI, you likely won’t see the same results as those based on human verifications.
Conduct a bake-off
Ideally, to get the most accurate insights, the IDV vendor will allow you to perform what’s known as a bake-off. Sadly, no desserts are involved. A bake-off involves plugging your own sample data into their solution to see how effectively it sorts bad users from good users.
A bake-off gives you a clearer view of how your real-world users might fare in the tool. You can test low-quality images, poor lighting, expired IDs, fake IDs, and any other common use case you want your IDV tool to handle. You’ll also be able to see how long it takes for a user to get verified.
IDV vendors will throw all sorts of stats your way, particularly around pass rates. Don’t take them at face value. Instead, dig deeper to see what those numbers really mean.
Assess service reliability
The quickest way to lose a customer during the IDV process is to make them wait or restart the process due to an error on your end. Make sure you get stats on the following technical details:
- Uptime: What percentage of the time does the IDV solution function as promised? Is there a contingency plan for downtime?
- API uptime, response time, and latency: How long does it take for your system to connect to the IDV solution and vice versa? Even the briefest delay can cause a customer to drop off.
- Major outage incidents: Are there any vulnerabilities, like recurring outages, that may impede your service and frustrate internal teams and users alike?
These items will likely be addressed in your IDV vendor’s service level agreement (SLA). This agreement might also cover metrics like how quickly the vendor will respond to any questions or requests. As part of your vetting process, determine how often they meet their SLAs. In other words, how often do they live up to these guarantees, and what happens when they don’t?
How to assess the cost of an identity verification solution
While IDV pricing models can be intimidating, once you know how they work, you can make sure you’re getting a fair price for everything you want without paying for unnecessary extras.
Subscription vs. pay per check
A flat rate subscription might be more cost-efficient if you know you’ll be running a certain number of IDV checks every month — with little fluctuation. This model therefore typically works best for more established companies with a proven total addressable market (TAM), rather than startups who are still trying to estimate how many users they’ll likely process on average. If you’re still at the guessing stage, find out if you can switch pricing models later down the line when you consistently need to run enough checks that a subscription becomes better value.
For many companies, it may initially make more sense to pay per check. This could mean the IDV vendor charges for every completed check. However, it could also mean they charge for every customer who starts the verification process, even if they don’t finish. This means in the case that you’re the target of a distributed denial of service (DDoS) attack, you could be charged for every fake verification attempt. Understand the fine print and make sure your vendor uses a fair pay-per-check model so you know they’re aligned with your interests and motivated to ensure users complete the verification process.
Bundle vs. à la carte
Companies may bundle different checks and tools together for one price. This can be advantageous as long as you’re interested in all of the included features and have an expert on your team who can get the most out of them. But if you only need specific services, it may make more economic sense to find an IDV vendor that allows you to customize your plan, rather than forcing you to waste money on a package deal.
Some industries require that you check identities against specific watchlists, which are accessed via paid licenses. Look for packages that include those licenses. You can also go beyond regulatory requirements and choose licenses based on the types of fraud your company or industry experiences most frequently. If you’ve already paid for a particular license, find an identity verification vendor that will subtract the cost of the fee or allow you to pull that data into their platform so you’re not paying twice.
Make sure the price is right
Partnering with an IDV provider that checks all of your boxes is usually less expensive than building, maintaining, and updating your own. However, budget is likely one of your main considerations. Vendors know that, and the best ones are willing to explain what you’re paying for.
While you want to get your money’s worth — while avoiding paying for services you don’t need — don’t be tempted to readjust your baseline requirements just to save. Insufficient IDV will ultimately cost you more than you’d pay a comprehensive IDV vendor, so make sure your package contains everything you need.
The fundamental features to look for in IDV solutions
By this point, you’ve assessed what you need from an IDV solution and some factors to consider when looking at metrics. Now, let’s focus on the kinds of features IDV solutions include and what to keep in mind when assessing them for your specific needs.
Look for an IDV solution that offers a wide range of verification options. The more options users have, the more customers will be able to get verified.
When studying the verification methods each vendor offers, keep in mind your specific situation and users. For example, a financial institution will likely need to check a person’s name against international watchlists, whereas non-regulated businesses would find this to be an unnecessary extra step that could negatively impact conversion.
Common verification types include:
To maximize your users’ chances of successfully verifying their identity, look for solutions that can recognize IDs from different countries and regions — and distinguish between current and old designs. ID layouts change frequently, and old designs often remain in circulation and valid, so your IDV solution needs to be able to accept multiple styles.
Common government IDs the solution should be able to verify include:
- Driver’s licenses
- State IDs
As with IDs, the wider the range of document types an identity verification solution can recognize, the higher the chance your potential user will have a document they can use to verify their identity.
- Birth certificate
- Social Security card
- US military card
- Permanent resident card
- Certificate of citizenship/naturalization
- Bank statements
- Tax returns
- Educational certificate (e.g. a degree or transcript)
- Employment records (e.g. a pay stub or W-2)
- Proof of address (e.g. a utility bill or other mail)
- Proof of insurance (e.g. insurance card)
- Proof of ownership (e.g. a car title)
- Business documents
Database verifications draw on private and public records from authoritative and issuing databases like the IRS and DMV to cross-check personal information, like an individual’s name and date of birth, with details required for verification, like their Social Security number (SSN).
Look for a certain degree of flexibility: for example, being able to adjust your match requirements to accept common nicknames or shortened versions of first names. Even if the database doesn’t contain an entry for Mike Wheeler, born April 7, 1971, it should recognize that this is the same person as Michael Wheeler, born on the same date.
Thanks to camera improvements, it’s now possible to require the user to take and submit a selfie that you can compare to a portrait on their ID or a previous selfie. Today, most modern selfie verifications employ liveness checks to help distinguish between a photo of the person and a photo of a non-living spoof, such as a mask, photo, or recording.
Two-factor authentication (2FA)
While not technically a form of verification, two-factor authentication can add an extra layer of security by requiring the user to supply information from two of the following categories (instead of just a password) before they can log in or complete a transaction:
- Something the user knows (e.g. a password, PIN, or secret answer)
- Something the user is (e.g. a fingerprint or selfie)
- Something the user has (e.g. a code sent to a phone or email, or a code generated by a secondary external security device)
Companies in certain industries are legally required to screen users against certain watchlists. This is particularly true for businesses that have to comply with Anti-Money Laundering (AML) rules. Regulations vary by industry and geography. See if your IDV provider can help you meet these requirements by screening common reports and lists, such as:
- Sanctions and other watchlist screening: screens the individual’s identity against lists of people and organizations that are known to be sanctioned by various governments. You can also screen email addresses in this way.
- Politically exposed person (PEP) screening: screens for people of influence or in positions of power that might be vulnerable to instances of bribery or engagement in other acts of corruption.
- Adverse media screening: checks public media sources such as news reports to see if there are any reports of this individual engaging in fraudulent activity or other illegal activities.
Transaction monitoring is most commonly implemented by companies that have a regulatory obligation to comply with AML requirements. However, it’s helpful beyond just compliance — for example, it could help you spot instances of fraud. Typically, the process involves monitoring customers’ transactions for suspicious activity, such as withdrawals, deposits, and transfers that exceed a specified dollar amount or occur in a way that may be masking illegal activity such as money laundering or the financing of terrorism.
Manual review of automated verifications
AI is clever, but it doesn't replace the need for human intervention in certain scenarios. There will likely be instances when you need trained personnel to manually review the verification. Some identity verification providers dedicate human resources to perform these manual reviews in-house. This might help you save on internal resources, but could potentially lead to issues around data privacy. It can also delay verification, which might cause good customers to drop off, negatively impacting user growth for your business.
Assuming you’d rather not rebuild your entire tech stack, it’s critical that the IDV solution you select can easily integrate with your existing systems and processes. Some questions you may want to consider include:
Does this solution integrate easily into my product?
You want your IDV solution to fit easily into existing customer flows, e.g. onboarding. Make sure the IDV vendor offers an integration option that suits your product’s configuration and your team’s technical abilities. Consider:
- Does the solution offer a range of integration options — and is the one you need included? For example, do you want to use a hosted flow, in which you send your users a link that takes them to a verification flow hosted by the IDV vendor? This requires little to no engineering but involves diverting your users to a third-party site to complete verification. Or do you want to embed the verification flow into your website (via a web SDK) or your app (via a mobile SDK)? These methods keep the verification flow within your product for a more consistent user experience, but often require at least some engineering.
- When choosing your preferred integration method, consider your team’s technical skills and time. How much coding is required? Would it require engineering time you can’t spare? Would a no-code option like a hosted flow fit better? Or do you want to prioritize an embedded experience?
- How easy is it to integrate into different stages of the user journey? The more technical this process is, the harder it will be to add IDV checks throughout the user lifecycle, which could mean you’re not able to reverify users as frequently as you’d like.
Does this IDV solution integrate with my existing systems?
To minimize disruption and siloed information, look for a solution that will fit in seamlessly with your existing tech stack and workflows. Some IDV solutions can connect to a variety of platforms you’re probably already using, helping you manage data seamlessly and improve the experiences of your users and team.
Consider checking whether the IDV solution integrates with:
- Customer Relationship Management (CRM) tools: Once a user has been verified, see if the IDV tool can push all the information you have about the customer into the CRM for your sales team to use.
- Messaging platforms: This will allow you to set up automated notifications at different points in the user journey. For example, when a case needs manual review or when a new user has been verified.
- Other data sources: If your team accesses data from other vendors, find out if your identity verification provider can consolidate these risk signals. For example, you can use this data to make a more informed decision about what’s considered high, medium, and low risk in your user base.
Data storage and security
Every industry must consider customer data protections to some extent. As such, you’ll want to ensure your IDV vendor keeps your customers’ sensitive data safe.
Some identity verification vendors will store your customers’ personally identifiable information (PII) for you.
On one hand, this saves you the time, logistical headache, and expense of paying to store it securely yourself. However, it also makes it even more important to dig thoroughly into the vendor’s customer data security and protection procedures.
If you want an IDV solution that includes storage of customers’ PII, consider the following:
- What kind of data do they keep? How and when is the data captured? Is it when the user submits their credentials for verification, or does it happen while they’re filling out the forms? Will the IDV vendor store fields and images? Some might keep the text and discard uploaded photos of IDs or selfies, which are typically larger files.
- Where do they store the data? Some IDV vendors may store your data on site, which gives them more control over it. However, others may use a third-party service, in which case, you might need to push harder to get answers about the security and privacy precautions in place to protect it. Find out where the data centers are, their data protection policies, and if the IDV vendor and data centers both use end-to-end encryption.
- Who has access to the data? One of the most common reasons your IDV vendor would need to access customer PII is to do a manual review of a verification attempt. If this is a service your IDV vendor offers, or there’s another reason they would need to have someone look at your data, ask about the safeguards they use to make sure only authorized people can access the data. For example: Where are the reviewers based? Are they employed by your IDV vendor or outsourced? What information do they see during a review? Can the tool limit who sees PII? What training do they receive? How does the vendor ensure standards are upheld? What are their quality assurance policies?
- How long does the vendor store the data? Some IDV vendors delete data after just one week. Some might keep smaller files but delete photos. It’s important to know how much data you’ll have access to, particularly in preparation for audits. You may be required to keep data for a certain amount of time. If an IDV vendor typically only keeps data for a shorter period of time than you need, ask if they would be willing to extend that period for your situation.
- How do they protect customer data? Confirm that your IDV vendor has the appropriate measures in place to protect sensitive data. For example, ask about data availability, secure development, continuous vulnerability scanning, audits, internal controls, and who has access to production. Additionally, ask for a copy of their certifications. Common widely recognized and globally accepted security and privacy certifications include SOC 2 and ISO 27001.
- Are they compliant with relevant data privacy laws? These laws can include (but aren’t limited to) the California Consumer Privacy Act (CCPA) / CPRA, General Data Protection Regulation (GDPR), Family Educational Rights and Privacy Act (FERPA), and Health Insurance Portability and Accountability Act (HIPAA).
IDV providers help prevent fraud by making it harder for would-be criminals to use fake identities to commit crimes. If you’re in an industry where fraud is particularly common or particularly consequential (e.g. fintech or medicine), you want an identity verification vendor that allows you to proactively add additional protections based on leading indicators.
When assessing an identity verification provider’s fraud capabilities, consider the following:
What data does it monitor, detect, and show?
Certain types of data can help identify fraudulent behavior, including:
- Passive risk signals: identifying data that is not actively supplied by the user, e.g. IP address or browser fingerprint.
- Behavioral signals: actions the user takes that could indicate fraudulent use, e.g. copying and pasting SSNs, switching between screens, or moving the mouse in an atypical pattern.
- Manipulated or fake IDs: in addition to being able to tell that an ID matches the identity of the user, you want the IDV solution to be able to tell if it’s fake or has been otherwise manipulated using common photo editors (e.g. with a new birth date or photo).
- Link analysis: how users are connected via various properties
What level of device intelligence does this solution display?
A form of passive risk signal, device intelligence means how much data the solution can derive from the device that’s being used. This should include:
- Whose device it is and who is using it: are they the same person?
- What type of device it is, e.g. a laptop or a cellphone?
- The device’s location
- Whether the device is being used to create many accounts (which could indicate that it’s being used for fraud)
- Whether the device is using an IP address that’s known to be used by scammers or has been used to defraud the platform previously.
Can you tailor the fraud capabilities to your specific needs?
Make sure the IDV provider can help you meet any relevant regulations and detect, deter, and deny fraud you typically see in your industry and specific business. A tool that adjusts in real time based on risk signals can minimize how much information good users need to fill out while making it harder for fraudsters to get through.
Capacity and coverage
Before you invest in an IDV solution, you need to know that it can meet your needs now and in the future as regulatory requirements and fraud capabilities change. Invest in a flexible, adaptable system upfront. Otherwise, you might find yourself going through the whole shopping process again in six months.
Can this solution handle the volume of IDV checks you’re doing now?
Small startups can’t afford to overpay for a solution intended for larger companies. And enterprises that need to verify tens or hundreds of thousands of users a day may find that some IDV solutions can’t keep up.
You also need to give yourself room to grow. Even if you think an IDV vendor can deliver on your needs right now, think six months or even a year ahead. Do you have any initiatives or strategic developments planned that might lead to an influx in user verifications?
Ideally, choose a solution you can build on and scale as your IDV needs change.
Can this identity verification provider serve all your users, wherever they are and wherever they’re from? In other words, can it verify IDs, databases, and watchlists from every country and territory you operate in? The more geographical coverage the solution provides, the more users can get verified on it. Also, the broader the range of IDs and documents the IDV solution can recognize, the more users it will be able to process without human input, saving your team time.
Remember: even if you only want to verify users in the U.S., some might have foreign IDs or be on a foreign watchlist or not have an SSN. You need an IDV solution that covers as many options as possible.
Assessing user experience
Everything discussed thus far is critically important, but has focused on just the internal requirements for your company. Your users’ experience is just as, if not more important. If a significant portion of your users drops off during the verification process, it does not matter how sophisticated your IDV process is behind the scenes.
To offer the best customer experience, you need a solution that is customizable to your specific needs. Here are some common factors to consider when judging the UX of an IDV solution.
Easy, fast, and safe for customers
Users don’t sign up for your service because they love uploading photos of their driver’s license. While some may appreciate that you’re taking steps to prevent fraud on your platform, most ultimately see IDV as a necessary evil. The best way to delight them is to make the process as convenient and fast as you can while still catching fraud and complying with your industry’s regulations.
With this in mind, here are the three core elements that make a good IDV experience.
Some people are more computer literate than others, so some of your users will struggle with online tasks to a greater degree. As such, your IDV provider should make it easy for every user to get through the process. Make sure the solution can:
Tell users what they need before they start.
Give your users a list of the documents (e.g. their driver’s license) and information (e.g. their SSN) they’ll need before they start filling anything in. This gives them a sense of how long they can expect the verification process to take and a chance to get organized. Remember: the more types of documents the IDV solution accepts, the more likely the user will find one that works for them.
People are more likely to stick with a process — even a tedious one — if they know how long it will last. And having everything ready to go decreases the number of times they have to get up to find something. Not only is this annoying for them, but it’s also an opportunity to get distracted and not finish the IDV process.
Guide the user through each stage.
Your solution should include clear instructions on how to complete each verification step. Make the instructions easy to see and understandable. This includes making sure they’re available in the languages most commonly used in your regions of operation. Adding guesswork into identity verification only makes it more confusing. Not all of your users will need everything spelled out, but it will make a difference for those who are unsure.
Recognize users on multiple devices.
It’s common for people to work across multiple devices. They might start the IDV process on a desktop, then switch to their phone to take a selfie, then go back to the desktop to type. Make sure they can easily continue their session on another device via a link or QR code. Having to restart their session on another device will lead to high dropout rates.
Make sure the identity verification solution allows you to explain why the individual is being denied — without going into so much detail that fraudsters can use it against you — and give them a chance to fix the mistake if it doesn’t seem concerning (for example, if they accidentally added an extra letter to their name). If users keep running into an error page with no explanation, they’ll give up in frustration.
The less time your customer has to spend on IDV, the happier they will be (and the more likely they are to finish the process). You need to balance the speed of their experience with security. For example, you can:
Customize checks to meet the minimum standard.
You need to meet your industry requirements, mitigate fraud, and/or build trust without overburdening your customer to the point that they give up on your IDV process. The minimum number of checks you need to feel satisfied that a customer has been adequately verified will vary by your industry, fraud rates, risk tolerance, each specific customer, what they’re trying to accomplish, and more.
Make sure the tool you’re buying allows you to customize friction based on the specific user and transaction, so you’re not holding every individual to an exhaustingly high standard for no good reason.
Automate processes where you can.
Look for tools that automate processes — particularly ones that use AI and machine learning (ML). Where possible, have the tool complete tasks for the user. This makes the process faster and easier. It could be something as relatively simple as auto-filling forms so users only have to check if the information is right and auto-capturing selfies instead of making them push a button: every second counts.
Identify and automate tasks that are bottlenecks for manual reviewers. For example, use workflows to give users that failed verification another way to verify their identity (sometimes called a “fallback method”) instead of automatically sending them to manual review, which will slow down the process.
Crucially, your IDV solution should be able to automatically check government IDs against selfies, identify a user’s location, and scan databases and watchlists — many of the qualities already discussed. Not only is this faster for your users, but it also helps you scale the number of verifications you can run at the same time.
That said, don’t take technology at face value, particularly AI, which can be biased by the source information it’s trained on. Ask your IDV provider how they mitigate bias, especially when it’s evaluating faces.
You’re not the only one who’s concerned about security. Your users are reading the same headlines about data breaches and scams, so your identity solution needs to allow you to show customers that they can trust you to keep their data secure. Check that you’ll be able to:
Explain your PII protections.
Your IDV solution should make it easy for you to explain to your users the security protocols built into the software and the steps you’re taking to protect their data. This will reassure them that you are aware of your responsibilities and are addressing the risks.
Protect sensitive data.
Not only are machines faster than humans at analyzing information, but they’re also not inherently interested in stealing people’s data. Your IDV solution should give you the ability to automate processes that involve PII to prevent data breaches. And when humans do need to get involved, you should be able to restrict who has access and only show the information they really need.
Create an IDV experience that looks and feels like your brand.
Looks do matter sometimes. You could be using the most secure IDV solution around, and users will still drop off if it looks like a leftover from Windows 97. Many people base decisions on whether or not to trust software on their first impression of the way it looks. Make sure your IDV vendor allows you to match their solution to your branding so users know they’re on the same site.
Intuitive, informative, and backed up with support for your team
Don’t forget about the people who have to use the IDV solution and rely on the data it collects: your team. That includes product, operations, support, trust and safety, fraud, and more. If it’s too complicated or technical, they won’t be able to reap the benefits of all its features and might make mistakes.
User experience on your staff’s side can be divided into two categories: the dashboard they use every day and the vendor support services they need for training and troubleshooting.
An IDV provider’s dashboard will be the hub of your team’s activities. It needs to have:
There’s a learning curve with any new identity verification provider. However, the more intuitive an IDV solution is, the sooner your team will be able to get up to speed with it — and the less frustrated they’ll be.
Clearly laid out data
Giving your team more data empowers them to make better-informed decisions. However, that’s only true if it’s laid out in a user-friendly way. The dashboards they use should be customizable so that everyone can find the data pertinent to their job and no one is overburdened with data that’s irrelevant to them.
Having certain IDV metrics at your fingertips gives you a more comprehensive overall picture of how the solution is working in your business. Your IDV dashboard should include metrics such as:
- Conversion rates: What percentage of users start the verification process but don’t complete it? What percentage do complete it? Where in the funnel are most users dropping off? This will help you adjust your customer journey to maximize completion rates.
- Accuracy: What percentage of bad actors is the identity verification provider stopping or letting through? What percentage of good actors are being stopped? This is important to know, whether your priority is fraud or conversion rates.
- Reasons for failure: Can you see why verifications fail? Knowing this might help you adjust the system to be more strict if it’s allowing too many bad actors in or less strict if legitimate users aren’t able to get verified.
- Volume and outcome of manual reviews: How many attempts at automated verification are redirected to manual review? Why, and was the user ultimately verified or not? Knowing this can help you spot moments in the verification journey that are overzealously flagging users for manual review, which can help you automate the process more effectively.
Most of the features discussed so far have revolved around the IDV solution. On top of that, you need to know that you’ll be working with a helpful team that’ll partner with you and is aligned with your success.
As with any solution, you need an IDV vendor who can act as an extension of your team, sharing their expertise and experience with industry best practices. Consider:
- Do they understand your business needs? Different companies have different IDV needs, depending on factors including your industry, customer base, fraud levels, and more. Find an IDV vendor that understands, is willing to learn about your unique business needs, and will help you build a tailored IDV process. A good place to start is by researching identity verification vendors that are commonly used in your industry. From there, you can look into their experiences and specifications to determine if they are a good match for you.
- How accessible is their technical team? As a buyer with a lot of technical questions to cover, you need access to someone on the vendor’s side with that knowledge. If a vendor is reluctant to let you speak to an engineer when you’re a prospect, you can’t get a satisfactory understanding of whether their solution is right for you. And it doesn’t bode well for the kind of technical support they offer customers should you choose to work with them.
- Can you test your own sample data before buying? The best way to make sure an IDV solution will be effective for your users and use cases is to try before you buy. Look for an IDV provider that lets you test out a sample of your real data to make sure it will work.
- Do they have a sandbox feature? Having access to a test environment — a sandbox or simulator — within the solution itself is also important. This allows you to test different workflows before making them live for real users so you can project what percentage of users will be verified, if you’ve introduced too much friction, and accuracy rates.
- Is the technical documentation strong? Ideally, your team should be able to get most of their answers from the vendor’s technical documentation. Make sure it’s detailed, organized, up-to-date, and easy to access.
- How will your company be supported as a customer? If something does go wrong, you need to know that you can get in touch with the vendor’s support team to resolve the issue — without sitting on hold for an hour and going around in circles. Find out: Is their support outsourced? (This can make it harder to get hold of an engineer who has direct experience working with the product.) How much technical training does the support staff receive? How willing are they to go the extra mile to find a solution for your use case? Do they take customer feedback into account when planning new features?
As with any software purchase, there are a lot of considerations when you’re buying an IDV solution.
Your decision ultimately comes down to, ‘Does this identity verification solution collect and securely store the data I need to verify my customers and meet compliance standards while making the IDV process as convenient as possible for my customers?’
The answer looks different for every company. It can also change as you scale and as you add or modify stages in the customer journey.
Once you’re sure an identity verification vendor meets your fundamental requirements (budget, security, geographical coverage, etc), the most important characteristic of an effective identity verification partner is flexibility. You need a solution you can adapt to meet new regulations, grow alongside your needs, and adjust as the way your users use your platform evolves. To ensure you can access all those benefits, make sure you choose a vendor who understands your business and your goals and will provide technical and strategic support at every stage.
Persona's free in-depth guide to evaluating IDV solutions
Hopefully, this guide has given you a comprehensive look at the specifications and questions you need to consider in your search for an IDV solution. For more detailed insights and deep dives into finding a tool that’s truly customizable, check out our free in-depth guide to evaluating identity verification solutions.
IDV is a necessity for you and your users. But it should be a tool you can control, not a one-size-fits-all blunt instrument you simply tolerate. Find a solution that does what you want, the way you want.