Industry

Automate school account recovery requests with risk-based identity verification tools

Learn how online identity verification can help you automate and simplify your school’s account recovery process.

Icon of a person with five circles around their head
Last updated:
6/4/2024
Read time:
Share this post
Copied
Table of contents
⚡ Key takeaways
  • Colleges and universities can streamline account recoveries by collecting and verifying identifying information from students, alumni, and faculty online. 
  • Using identity verification tools and automation can enable legitimate users to quickly recover their accounts without hands-on help from IT staff.
  • Risk and fraud checks can help detect bad actors who are attempting to take over an account. These account recovery requests can then be denied or routed to manual review on a case-by-case basis.

I’ve gotten a lot of value from my alma maters’ alumni portals. There are career development resources, coaching sessions, library access, webinars, and free software subscriptions — just to name a few. But admittedly, they’re not resources I use every week, and I don’t always remember my password. 

At some schools, resetting passwords and unlocking accounts can be a manual process that requires reviewing emailed copies of identity documents or hopping on video calls and asking to see copies of identity documents. That might be a slight nuisance for an alumnus. But it’s a much bigger one for current students and faculty, especially when IT departments are only available during regular business hours.  

The ongoing requests are also eating up the IT department’s time, keeping staff from working on more strategic digital transformation projects. To manage long queues of locked-out students, staff, and alumni, some schools have hired additional employees focused on manual account recovery. As requests can ebb and flow, an online identity verification (IDV) process could be a more cost-effective and efficient solution. 

What’s leading to an increase in account recovery requests?

The two primary drivers of increased password reset and account recovery requests aren’t inherently bad for universities: 

  • Increased enrollment: A 2023 report from Best Colleges found that almost half of school administrators surveyed said their schools are increasing spending for online programs. And over half of students took at least one online course during Fall 2022. Online courses, certificates, and degrees can give the school a new revenue stream, but high enrollment rates also result in more student and alumni accounts to manage. 
  • Good password practices: Faculty, alumni, and students may use unique and hard-to-remember passwords for their many online accounts. Although it’s encouraging to see people embrace security, they may be more likely to forget their passwords if they’re not using a password manager.   

There could also be cases of account takeover fraud, when a bad actor attempts to reset the password and take over the account of a student, alumnus, or faculty member. 

Attackers might use the account’s single sign-on access to break into other accounts, or gather personal information from the account that they can use for other schemes. It’s worth being mindful of this threat, but it doesn't appear to be a widespread issue at the moment. 

Online identity verification can streamline account recovery

For the most part, we’ve all become accustomed to easily and safely verifying our identities online, especially when it comes to something as simple as identity authentication for resetting an account password. But in some cases, it’s easier to get back into your online bank account than a student or alumni portal. 

Colleges and universities may be able to automate account recovery processes by incorporating online IDV checks. For example, when a user attempts to reset their password, you might prompt them to start a: 

  • Government ID verification: One of the first steps is generally asking the user to upload a picture of an official identity card, such as a government-issued ID. Data is extracted from the ID to help ensure it’s legitimate, unedited, and current. 
  • Selfie verification: Selfie identity verification requires the user to upload one or several selfies, or a short video, to compare their face with the image from the uploaded ID. Liveness detection and image analysis can help catch AI-generated selfies and other types of deception. 
  • Digital ID verification: Some states are issuing mobile driver’s licenses (mDLs) as a government-issued form of electronic identification. These can help reduce errors during IDV, such as when someone has trouble taking a clear image. And they may offer higher levels of assurance as a government ID verification as users generally need to use FaceID or a fingerprint scan to access their mDL. 

These types of identity verification require input from users. Behind the scenes, you can use additional checks to help confirm what someone submits. 

For example, in participating states, information collected from a driver’s license can be quickly checked against the American Association of Motor Vehicle Administrators (AAMVA) database. Additionally, schools may be able to use internal databases to match the identifying information on a driver’s license with a college or university ID. 

Implement passive signals to automate more holistic risk assessments and make better decisions 

Behind the scenes, the IDV system can also leverage various types of signals to identify riskier requests:

  • Passive signals: A passive signal, or device signal, can help you learn more about the user without increasing friction. These may include the user’s IP address, location data, metadata, device fingerprint, and browser fingerprint.
  • Behavioral signals: A user’s behavioral signals, such as how they interact with a form or use their keyboard and mouse, can also be analyzed to detect unusual activity and bots. 

You can use these signals to automatically decline high-volume requests that may be part of a credential stuffing attack. Additionally, you can customize the signal parameters and use results to accept, deny, or route requests to a manual review

For example, you might design your account recovery flow to check the IP address of a current student who wants to reset their password. If the device’s IP address is within 50 miles of the school, they can use a government ID and selfie verification to reset their password on their own (assuming those checks are cleared). However, if the device is further than 50 miles from the school, you can dynamically reroute the request to an IT support team member for verification.  

Free guide
Welcome good users and keep bad actors out with progressive risk segmentation

Persona offers a flexible and secure solution 

Persona can integrate directly with your school’s existing technology stack to free up your IT team’s time and help improve the experience for your students, alumni, and faculty. Our identity platform uses a building-block approach that lets you choose the products and tools that best fit your needs. 

Preply, an online language tutoring platform, was dealing with similar scalability issues before working with Persona. The support team spent hours every day manually reviewing tutors’ identity verification documents and struggled to keep up with Preply’s rapid growth. 

With Persona, Preply created a customized system to automatically verify and accept candidates, decline them, or send edge cases to review. The automated system decreased how much time the review team spends on identity verification by 80%. It also led to fewer errors and increased conversions, allowing the team to focus on strategic projects. 

Persona enables teams to increase operational efficiency and better serve end users without compromising on security or privacy: 

Want to learn more about how Persona can help you expedite account recovery requests and reduce manual review? Start for free or get a demo today.

Published on:
5/24/2024

Frequently asked questions

No items found.

Continue reading

Continue reading

How to detect ghost students and prevent student aid fraud
Industry

How to detect ghost students and prevent student aid fraud

Online identity verification can help schools stop ghost students who steal student aid funds and disrupt classes.

Student identity verification: How educational institutions can improve their IDV
Industry

Student identity verification: How educational institutions can improve their IDV

In an increasingly digitized education space, student identity verification is becoming essential. Learn how it works.

The case for automated identity verification
Industry

The case for automated identity verification

Proper identity verification is your first line of defense.

Ready to get started?

Get in touch or start exploring Persona today.