You can’t swing a dead cat at M2020 without hitting a document verification vendor. I know, because I’ve been trying.
What is Document Verification (DV for short), in case you didn’t already know, is the process of validating (typically) a license or passport, to ensure that the person presenting said id is who they say they are. DV takes various forms, depending on the vendor. It can be just the comparison of the doc’s image with a selfie. It can be the capture of the data from the doc. It can be capturing image and data, which is then fed to a boiler room where some nameless bumpkin starts googling the data to see if it’s real.
Document verification service
One of the more well-known outfits providing DV services sells the latter. After you scan and upload your id, it goes to that company, which then farms out the data to the 21st century equivalent of a data sweat shop. Does it get the job done? Yeah, I guess. And then what? That applicant, the poor slob who uploaded the doc, now has to wait for this process to complete. My favorite airline uses such a vendor, and in fact less than two weeks ago I used their system to validate my passport so I could print my boarding pass for a trip overseas. The turnaround time was less than wonderful, and guess what? I failed. I had to complete the process in person at the airport the next day.
At volume, such a system can’t come close to keeping up with a robotic one. And it introduces the possibility of additional human error. These two elements add up to a crappy user experience.
My organization isn’t precisely in the DV business. But it’s a very powerful option. Let me get to that in a minute.
We provide the best possible identity verification and fraud prevention process on the planet. With the highest possible degree of accuracy, we tell you whether an applicant is who they say they are, along with their likelihood of defrauding you. We automate this process by employing the best data science in the world, to build detection models that are trained on hundreds of millions of known outcomes, meaning good applicants and bad ones. This way we recognize a good egg when we see him, and can auto-accept him for a loan, a credit card, an account. Alternately, we can recognize a bad egg, and show him the door.
There’s one more bucket to consider that falls between the good and bad method, namely when and how to hit people up for just a little bit more information. “I trust you enough to keep you in the system, but not enough to just give you a pass.” This is the painful stage in an application process where you nail somebody with KBA, as in “what’s your mother’s maiden name, in what month did you meet your spouse, and how many licks does it take to reach the center of a Tootsie Pop?”
Another method is manual review. Double-ouch. You get sent to the aforementioned sweat shop, where some low-paid drone, once again, googles you. Eventually.
And then of course there’s Document Verification. Yes, it’s friction. Our own CEO hated it at first, because yeah, it’s a speed bump. But in fact, if it’s done right, it’s the best possible speed bump. And Socure does it right. You scan your license, your passport, your state id, your Mickey Mouse Club membership card (at least I think we cover that one), or any one of up to 3500 different possible forms of physical identification, using your phone or web camera. Optionally you can take a selfie. We ensure that the document hasn’t been tampered with, using a wide variety of quality checks, and then we scan the data from that same doc, to save you the trouble of entering it, and then we pre-fill the entry form with that data.
You might have to add in anything that’s required for the particular transaction and which isn’t on the document (for example, most state licenses no longer include SSN). Then rather than employ a sweat shop, Socure automatically validates the data (assuming we say the document itself isn’t bogus) using our id verification and fraud capture platform. You might call that friction, but it’s not only automating the process, it even automates the capture of the PII you feed into that process.
Think of it less as friction than as a step-up authentication method, in the event your organization needs greater assurance for an applicant who otherwise isn’t quite up to snuff during the initial examination.
Here’s a similarity I like to leverage. If, during a registration process, you give me a bogus SSN, such as one that belongs to a dead person, it’s easy. I hit the trap door button on you, and you land either in a pit of alligators, or a dark room where “Come Sail Away” by Styx is playing 24×7. Too hideous to contemplate.
But if you give me a good SSN, while that’s a start, it’s a bare minimum. It might simply mean you paid for somebody else’s. So now I have to do the hard work of checking out everything else you provided. Likewise, if you give me a compromised document, where you’ve cut and pasted a different image on to it, or the selfie doesn’t match, good-bye. But if you give me a good one, it’s an even more powerful first token of trust, after which I now complete the process by validating the PII on that doc.
And here’s one more thing to consider. Increasingly, financial and other institutions are actually starting with DV. In fact, the cryptocurrency exchanges have made DV the front end of their entire registration process for years. You don’t get to play unless you scan your passport and provide a selfie for comparison. This is also more the European model of providing docs (and even sometimes video) in order to participate in a financial relationship.
One could argue that putting identity document verification at the beginning of the funnel instantly creates more work. It truly depends on what you consider to be more laborious, typing into an entry form or taking some pictures. On the other hand, as a consumer, allowing the DV process to scan your data for you can not only save keystrokes, it eliminates most of the fat-fingering boo-boos those keystrokes might otherwise introduce.
As a bank or lender, whether you invoke Document Verification at the beginning of the end of your onboarding process is a matter of security, data acquisition, and customer experience. If it’s a step-up, you want to keep it to a minimum, assuming you have a great IDV platform to auto-accept the good applications and boot the bad ones. But if you put it out front, either way, you want it to drive that onboarding, not drag it down, not introduce errors, not create a bad consumer experience. Document verification should empower a streamlined, accurate set of steps for enabling only the honest consumers who will make your business grow.
Drop us a line to find out how Socure’s document verification module can be part of your secure customer acquisition process.
Jeff Scheidel is a technologist with 38 years in software, including 26 years in security solution design. He is the author of numerous white papers on security and regulatory compliance, as well as a McGraw-Hill book on identity, access, database, and application protection. Jeff is an expert on compliance requirements across a number of industries, and has presented at a wide variety of security events.
Escalating Fraud Solutions at Money20/20
Money20/20 this year is pretty huge–with nearly twice the attendance as...
The Business Impact of Identity Verification and Fraud
Economic, business, and social systems operate according to the trust that...