Event Recording

Give me 10 minutes, I'll give you the truth about verified Identities

Log in and watch the full video!

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Thanks. And one welcome from my side too. I have met a few of you during the day yesterday, and I'm happy to meet more of you today, but let's get into the keynote. Give me 10 minutes. I'll give you the truth about verified identities, some joined, maybe my keynote last year and remember the title. So I would like, like to take the time to do a short recap about what we talked last year about
Me 10 minutes. I give you the truth about identity. So last year, the keynote was about identity management in general. So we have seen authentication options. We have talked about customer experience, progressive profiling about linking the digital and the real world identity. So logging into digital portals, as well as accessing local stores, going to sports event, accessing the sports event stadium this year, I want to focus on verified identities. So first of all, what is the verified identity? If we talk about users, we have first name, last name, gender. We have also contact details, like email mobile number. We have address details as well as authentication options that might be old fashioned, a password like CS is great, or it might be more innovative authentication options like 5 0 2, but we also have the identity status. So if a user or identity is verified and maybe user details, which are available on the ID document. So ID card number
Today, there are billions of users and digital services. So if you take me as an example, I use social networks like Facebook, Instagram, and more on a daily basis. I visit different retailers like Healthland like Amazon. I also use different streaming services and I also access my bank account or use car rental services. For example, when I'm in Berlin in all these contexts, I have the user details. So first name, my age birthdate. I also have address details and the contact details, and I can verify the contact details so I can verify an email. I can verify a mobile number. If I get back to the use cases, there are use cases and situations where I need to verify the identity. So if I want to open a bank account verified, email verified, mobile number is not sufficient. So I need to do an identity verification. I need to get the user details verified, need the address details verified. And I also need to verify it's a real person. That's for example, bank account. Also the credit of car rental identity verification might be interesting. I might not need an ID card, but a driver license would be cool to have to check if the user is allowed to drive this type of vehicle in the context of streaming, I might have age verification, obviously in the other use cases, it's also cool to have an ID verification, to know the real user identity, but it's not business critical.
So I not only need to verify the contact details. I also need to verify the user details, the address, and if it's a real person that leads us to the fact that how does a user verify its identity, many of you know, the most common use cases. So there might be NFC where I can verify maybe with an ID card. I have video agent based approaches where I talk with a real person. We are video stream, and I also have the option to visit a physical store show up there, show my ID card. So in general, I have a standard set of ID documents, ID card passport, as well as driver license. And I have further ID documents like university card, green card and more, which I can utilize to verify my identity, or at least partially verify the identity in the next slide. I will show you how we do it. So we will see a short video, how we exceed us, do ID verification.
So we have seen a completely automated ID verification process in less than a minute with an ID document. We start with a face scan where we detect, if it's a real person, we detect life as detection. So if it's a real video stream, we then scan the ID document in our case front side and back side of the ID document extract the user details there and also extract the security features. So we check if it's a real ID document, for example, with holograms, we also do a comparison of the biometric features there. So checking the phase in comparison to the image available on the ID document. So the ID card in that use case, the complete process is E does compliant, which is a European regulation for identity verification. And let's have a look what makes the different compared to other ID verification documents. So we want to see why the CS ID validator makes customers happy instead of other ID documents, which might make the customer frustrating in general, it's all related to the customer experience with other ID docu, with other ID verification processes, you might have long and complicated processes. While we have seen a short process in less than a minute,
Not all ID documents might be supported. So if I get back to the use cases where I want to see driver license, I want to see ID card. I want to see passport and an NFC based approach might only help me with the ID card. So I'm not able to check driver licenses
With, with a visual process like we have, which dynamically adapts to the ID document. I support all documents. I also don't have any limitations for time and location. I don't need to go to a local store. I don't need to wait in a queue for which video agent to be available since it's automated, I can do it anytime, anywhere. And for me, the most important aspect, I don't need a personal contact. The last time I opened the bank account was at 10:00 PM at the evening, sitting on the couch, watching a video. I don't want to get up, go to a local store at 10:00 PM in the evening. It might not be open. And I don't want to be talking with a real person on a video agent based stream. An auto end approach gives me the freedom to do it myself and completely underlying of any other person. I don't need to dress up, get up, sit on a, on a chair and talk with a real agent. I can just do it on my couch. I can even go further with an compliant process. I can do a complete digital sales process. So when signing up for a bank account or getting a loan or signing up for an insurance, I can combine this ID verification process with a digital signature process and then have a complete process in the digital world. Not going to any local store, not talking to any video agent. I can just have a full digital process in automated way. Do it yourself by the user.
I talk now quite a lot about consumer centric use cases, but I also want to shortly emphasize identity verification in B2B and BTU use cases. So we have seen online banking, opening a bank account, getting a loan. We also have shortly talked about current rental. So checking the driver license, knowing which vehicles I'm allowed to drive. There might be also insurance use cases where I sign up for new insurance, but also move from the offline to the online world. So I have acquired some insurances, which are still only offline because I don't utilize them. Now I can go to the insurance, identify myself that I'm the insurance holder and move it to the digital world. But I also have BTU use cases. So first day at a new job during the pandemic, that all has changed. So we have, especially remote work use cases
In the past, the onboarding of new employees was mostly done offline. So I was able to give them a default password. I was able to, to really identify the person in the real world, he could provide all his authentication options himself. I could do all the compliance processes on his first week at chop. I can even check if he's allowed to access sensitive data that all has changed in a remote work. I have employees, which I might not have seen in the real world once. So if I want to give them the option to configure their authentication options, be old fashioned password, be manufacture, authentication options. It's great. If I can see them in the, or identify them, verify them in a digital process as mentioned accessing sensitive data, I might want to verify the identity before giving anyone access to really sensitive data, not only B to E but also B2B use case. If I want to give partners access on that and running through all the compliance processes, it might be regulatory required, or it might be nice to have to identify and verify the user identity in that context. The same is for the partner onboarding. So if I want to onboard partners, for example, the insurance use case or banking use case where partners are selling loans or are selling insurances. For me, it would be great if I know the partner, if I can identify them, if I provide them with the option to completely digital, digitally, sign up with my company and then
Verify that's the user, that's the identity, and then give them the option to sell my products. So identity verification is an important part of identity management. If you consider last year's keynote, we have talked about progressive profiling. So moving a user from weak to a strong identity, getting more and more user details. And there identity verification is an important part. So I'm starting with a user where I have basic details, like first name, last name. I can verify his contact details, like an email, like a mobile number. I can also get his address and maybe verify that it's a real address, but with an identity verification, I really can completely verify the identity itself and verify the most important user details for that use case. So what's important to take out of that identity. Verification is an essential part of the user data because I have regulatory requirements, which makes it important that I have the ID verification. I might have used cases where I am. It's nice to have like driver license verification, like verification of the H and code of streaming. And I have used cases where it's nice to have, because I can provide certain offers. If I really know it's a real person.
So not only regulatory use cases require an identity verification, but in nearly all use cases, it might be important moving users from offline to online in the insurance use case,
Same for energy suppliers. So moving users from offline users to online users, and that's really important. User identity verification can be user friendly if it's done properly. If I don't let the user visit a local store, if I don't let the user away 10 minutes in a queue before talking to a video agent and then having him run through 15 minutes, talking with a person who had done hundred other user verification process before at 10:00 PM in the evening, but having a do it yourself, approach where the user is able to really perform all the processes anytime, anywhere that's really user friendly and makes it easy for the process and that in less than a minute for a two-sided ID verification document. Thanks for joining my keynote today. I'm happy to answer questions. If you have any now on the stage or later, if you want to visit our booth 17, I'm happy to answer all the questions.
Thanks very much. And we do have some questions. I suspect I know the answer to this one. Is there a tendency nowadays to try to collect more consumer identity data than can be justified
In general? I would say no. Oh, because
It depends what you, or how you define the need of the user data. So I think most of our use cases, what we have seen there might be regulatory or nice to have requirements to gather identity verification or other user details. And it's also often we often see all the use cases of all customers, where they give the freedom to the user to decide what users or data data want to provide. If you provide more data, you might have more or better customer experience, better recommendations maybe in the later process. So it really depends. We have the use cases where it's regulatory required or nice to have, but we also have the use cases where our customers give the freedom to the user back.
Okay. Our next question is what is the impact of deep fake technologies on your ID verification technologies?
That's a good point. During the certification process, we had the same discussion with, with the BSI discussing about that. I think it's an attack pattern which can occur. We implemented a few measures to prevent that, but also that will develop first though. It's always the race between hackers and providers of such services. But I think if you really want to attack that, that's not the most easiest pattern. If you want to really overcome the identity verification, you can go out, pay 100 Euro, 200 Euro, and he will provide you with your, with his ID documents. That's maybe easier to overcome an identity verification or force anyone to do the identity verification for you than using deep defects. So the effort in overcoming certain measures, there might be easier ways than deep fix.
Okay. How would you do ID verification in countries where not every citizen has a government ID like the us or countries in Africa and elsewhere?
Yeah, I think the ID verification processes need to be more dynamic. That's also why we have the video or the auto end based approach with the video streaming to support several documents. That's a big also in Europe, if we see also the onboarding process banks, we currently support with that, we see that it's not only the German ID card. You will have ID documents from also in European regions where the ID document doesn't provide you with any security features. So then it's harder to really verify the, the identity. I think there will be more development happening in the future to have multiple layers of verification, not only ID documents, but also further documents combining the complete user identity. So that's the process of V to strong identity step by step verifying certain aspects of the user.
Okay. We've come up to time now, but I'd like to take some more questions. If people are, are keen to stay in a B2 E or B2B scenario, can we link internal applications with this?
Yes. So that's definitely, I think even important to do that, to really utilize and get more most out of it.
Okay. The missed I L level three requires in-person verification. How do you deal with this?
Yeah. So there's still regulatory requirements for in-person verifications, which makes the customer experience bad. So we hope that changed in the future that you have more processes where you can completely do all the things digitally. That's a process, what needs to develop in context also with the regulatory agencies.
And finally, how do you deal with ensuring that a document is in false and it could be a piece of plastic? How do you know
It's? Yeah, so there we especially extract the security features of the document. We have seen the chairman ID card, we extract around 40 different security features on that from holograms to the machine readable code and different other aspects there to verify it's a real document there that was properly tested.
Yeah. Okay. Thanks very much. Again. C FIMAN thanks.

Stay Connected

KuppingerCole on social media

Related Videos

Analyst Chat

Analyst Chat #152: How to Measure a Market

Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Effects of Malware Hunting in Cloud Environments

Webinar Recording

Advanced Authorization in a Web 3.0 World

Business and just about every other kind of interaction is moving online, with billions of people, connected devices, machines, and bots sharing data via the internet. Consequently, managing who and what has access to what in what context, is extremely challenging. Business success depends…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00