It’s tempting to consider simply copying and pasting your existing identity verification (IDV) strategy into new geographies. After all, you already know that it works here — why shouldn’t it work elsewhere?
Unfortunately, this is rarely the case. Global identity verification is a game of nuances. Differences large and small between countries and regions will usually require a tailored IDV approach. Failure to recognize these nuances can have major repercussions on your business.
Below, we take a look at just how nuanced global IDV can be. We also offer advice that you can implement for a more successful expansion.
For a more in-depth look at these and other concepts, download our Guide to verifying identities around the world.
Why global IDV requires a tailored approach
Being able to simply pick up your existing identity verification strategy and apply it to a new jurisdiction would require the IDV landscape to be fairly uniform across the globe. It would mean every geography experienced the same fraud trends, every country had the same laws in place, IDs around the globe looked the same, and the same kind of authoritative data was always available.
But differences do exist, and it’s important to understand how they might impact your IDV strategy as you look to new opportunities.
Fraud trends
It’s easy to fall into the trap of believing that fraud patterns transcend borders and assume that the volumes and types of fraud you are used to dealing with on your home turf will translate into the new markets you expand into. While this is sometimes the case, the truth is that fraud trends often vary by country and region, and your global IDV strategy needs to account for these variations.
To illustrate regional differences in fraud trends, consider the fact that a recent 3rd-party analysis of ecommerce fraud found that online businesses in Latin America experienced the highest card fraud rates of all other regions — nearly double (97%) the fraud rates experienced by North American companies and more than triple (222%) the fraud rates experienced by companies operating in the Asia-Pacific region.
The same report found that fraud rates can vary significantly from country to country within the same region as well, with Singapore experiencing half the fraud rate of the broader Asia-Pacific region and France experiencing nearly twice as much fraud as Germany in the European region.
Failure to account for these differences might mean that you are over-prepared against a threat you are unlikely to encounter and underprepared against a threat you are more likely to encounter.
Regulations
If your business operates within an industry where identity verification is required, there is an added challenge in the fact that laws and regulations mandating IDV naturally differ from jurisdiction to jurisdiction.
Differences in these regulations can have a major impact on your strategy as you look to expand, influencing:
- Whether or not verification is required at all: In certain industries, such as finance, identity verification is a given part of doing business. But in other industries, particularly newer industries like social media and online marketplaces, it’s not so standardized. While verification requirements might exist for companies operating in these industries in some countries, they might not be in others; and where laws don’t currently exist, they might be under consideration.
- What verification methods are acceptable: In some countries, when identity verification is required, businesses are largely free to build the IDV processes that make the most sense for them, so long as they meet the standards outlined in the regulations. But in other countries, regulations can be much more granular in terms of outlining what IDV methods are acceptable as well as whether or not certain types of verification are required.
- What types of identity evidence you are required to collect: Just as regulations might differ in terms of which IDV methods are acceptable, they can also differ in terms of the information or evidence (IDs, documents, etc.) you must collect from your customers to verify this information.
“Over the past few years, the types of requirements around ID scans have gotten really complicated. In London, we do ID scans and selfies and can only accept driver's licenses. In Israel, we need to delete specific personal data.” -Anissa Chen, senior product manager at Lime
IDs
Though it might seem logical for government-issued identity credentials to be standardized across geographies, the truth is that a lot of variety exists. Physical IDs, especially, can vary by size and dimensions, material, visual security features, script, and the availability (or lack) of encrypted data. These differences may not sound all too dramatic, but they can have a major impact on your IDV processes.
As just one example, let’s consider materials. The materials an ID is constructed from will influence the way the ID interacts with light during the capture and upload process. An ID made from plastic, for example, or which is laminated, will likely have reflections or glare from light bouncing off its surface, while a matte ID made from paper will lack such reflections and glare.
Knowing what material an ID is made out of empowers you to conduct a more accurate analysis as to whether or not the ID is legitimate. If a particular country constructs IDs from plastic you might expect a certain level of reflection in the uploaded photo; if you do not detect these expected reflections in the upload, it may indicate that an ID is forged — for example, that it was simply printed out on paper.
Different IDs can also be more or less difficult to forge, due to these characteristics, which can impact the total level of assurance that a particular piece of identification provides during the IDV process.
Data sources
Once you’ve collected identity evidence from a customer, you need to validate that it is accurate and legitimate. Database validation — the process of cross-checking the information contained in an ID with the records of a trusted database — is one of the most popular and widespread forms of validation.
Unfortunately, what databases are available for this type of validation, and what data is contained within those databases, will vary from country to country. Likewise, the assurance level provided by different types of databases — for example, whether the database is an issuing database, authoritative database, or standard database — will vary.
If your existing IDV strategy is heavily dependent on the assurance provided by an issuing database check, there might not be a one-for-one counterpart in another country. Before any global expansion, you need to know what databases are available so you can make decisions around how you will validate your customers’ ID evidence in order to achieve the assurance level you require.
Tips for getting global IDV right
As you can see, creating a global identity verification strategy is an incredibly nuanced process that requires you to consider many factors. Here are some tips to help guide you in your expansion:
Start thinking about IDV requirements early in the expansion process.
The earlier you begin, the more time you’ll have to understand what’s required, what’s possible, and what you’re willing to commit to. The last thing you want is to be six months into an expansion when you realize that you can’t tackle IDV in the way you thought you’d be able to.
Make sure all relevant voices are included in these discussions.
Your identity verification strategy is multifaceted, likely touching on multiple departments and functions — fraud, risk, legal, trust and safety, compliance, product, support, and more — within your organization. Voices from each of those departments should be included in your discussions so you can be sure you aren’t overlooking a major consideration.
Choose an IDV vendor who can support you through your expansion.
The right IDV vendor for you will depend on the nuances of your situation. That said, some characteristics to look for in a vendor include:
- Experience: Look for a vendor who has experience supplying IDV solutions to businesses at a global scale. See how Persona supports Brex with automated identity verification in more than 100 countries.
- Compatibility: Look for a vendor that plays friendly with your existing solutions — whether that’s your existing IDV solution or other data sources and tools you use. See how Persona makes integrations easy.
- Flexibility: Look for a vendor with a modular approach that allows you to pick and choose the verification methods that align with your needs, whether that includes government ID verification, document verification, database verification, selfie verification, or your own data. See why it’s so important to have a flexible identity infrastructure.
To learn more about how Persona can support your identity verification needs as you embark on your global expansion, contact us or download our Guide to verifying identities around the world, which contains a more detailed discussion of the above considerations — and more.