Document Verification 101
Ensuring the authenticity of identity documents is critical to establishing and maintaining digital trust in any industry. Here's how.
Document verification is one of the original ways of validating the identity of a person. From presenting a driver’s license in person to obtain a passport, to purchasing controlled substances from a self-service kiosk, document verification is key to conducting all kinds of business and to granting people access to both critical and life-affirming services.
With the advent of the “always online” world we live in, the document verification process became much more challenging. Since seeing a user’s actual document (in person) is so rare nowadays, organizations have turned to advanced technology to help them verify the authenticity of customers’ credentials.
But just as the technology used to keep users and businesses safe has exponentially grown in sophistication, so too has the arsenal of methods used by fraudsters to spoof systems. Digital tools that can manipulate, edit, and even completely invent identity documents – in seconds or minutes – have created huge trust and security hurdles for organizations to overcome. Altering images is now as simple as clicking a few selections in readily available graphic design programs or in nefarious software used by bad actors.
The technology used in document verification processes has, as a response to these threats, become more and more innovative over the years and continues to be a mainstay of any organization’s CIAM (Customer Identity and Access Management) security strategy.
What is document verification?
Document verification is a critical (and first) step in identity proofing and verification. It’s also a process required by Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations in many countries around the world.
For any organization providing its customers access to a product or service, document verification (as part of a biometrics-powered identity proofing and verification process) is the only way to know for certain that the user attempting to interact with your business is truly who they claim to be, and not a fraudster or imposter using a stolen or synthetic identity.
Identity documents aren’t the only benefactors of document verification, however. Industry-leading travel and health credential processing solutions utilize document verification to verify user data, making travel and hospitality transactions run smoothly, safely, and conveniently for both providers and patrons. The worldwide pandemic accelerated these efforts, as it became especially necessary to verify the vaccination and health statuses of travelers.
Knowledge-based security questions, like “What is your mother’s maiden name?” or any similar iteration are no longer acceptable, secure, or user-friendly ways to establish trust with a user – especially in the digital world. Using enhanced AI technology, liveness detection, fraud watchlists, and PAD (Presentation Attack Detection) are all indispensable to creating a robust document verification process that can stand up to the threats of today’s online ecosystems.
How does document verification work?
Document verification has three main steps: document collection, data extraction, and document validation.
During document collection, the identity document (typically a driver’s license or passport) is “collected” electronically, usually through a photo (or multiple photos) being taken or uploaded. Post-image normalization, the system then classifies and analyzes the image, checking for image quality, evidence of tampering, jurisdictional accuracy, expiry, and to ensure that the necessary information for verification is present. This step can also be completed using near field communication (NFC) if the document is NFC-enabled.
Once the images are approved, data extraction takes place. Once the data is extracted, the information within the identity document is compared with personally identifiable information (PII) previously supplied by the user during the first part of the onboarding process or during a previous interaction – like their full name, date of birth, address, email, phone number, or identification number.
The identity document data may also be compared to information found on identity fraud watchlists to ensure the identity of the user is real and genuine, and can even be checked against barcodes on the document itself to ensure that the printed data matches the barcode data and data standards for that document. If the user information does not match up, or discrepancies are found, the user may be rejected from the account creation process or asked to supply more information to prove their identity.
The third and final step of document verification validates if the provided identity document is authentic. Checks performed on the document, which are typically upwards of dozens of micro-services but take place in only seconds, may include analyzing special features (watermarks, holograms, foils, textures, stamps), document completion, and checking for evidence of tampering (including image replacement and colorspace, which is the lighting, color, shadow, texture, etc. present in a document).
Document liveness detection is another check used by document verification systems to ensure that the image on the document is not merely a picture of a picture, photoshopped, or that the document itself is in fact a physical object. Once these checks are complete and the document is determined to be valid, the user can continue the onboarding process.
Key tech components
The strongest defense against identity document fraud, PAD, should be a prominent feature in any document verification solution. Presentation Attack Detection for documents using AI and computer vision helps distinguish between a real, valid document and a digital image or altered document. PAD has emerged as the best defense against document forgery and emerging types of document fraud that more traditional systems are unable to detect or protect against.
It’s equally as critical that the document verification solution’s document matching accuracy is up to industry standards. Preferably, a solution will be powered by AI so it can adjust to new document types from different countries and to identifying new fraud methods employed by bad actors. Document matching should be equipped to capture multiple data points during the verification process. Third-party data checks, including anti-money laundering watchlist checks, are also important to have.
Liveness detection is another key anti-fraud component of document verification (and of PAD). For certain jurisdictions and for certain types of transactions, like a high-risk funds transfer, users may be prompted to capture a video or live image of both their face and them holding an identity document. Liveness detection can ensure the document the user presents is real (not just a photo or video of a document) and truly in their possession; it is a key component to combatting presentation attacks. Solutions that are certified to specific liveness detection standards, such as those set by iBeta, are especially sought-after.
Why is document verification important?
We’ve all heard the adage: don’t give money to strangers. Document verification can, literally and figuratively, be the difference between trusted transactions and ones where users and organizations are implicated in costly, time-consuming, and reputation-harming fraud scandals.
The first step in establishing this trust is through document verification. As the gateway between businesses and customers, document verification solutions need equal parts security and user-friendliness to be successful for all parties involved. When an entity shows its users that it not only values, but prioritizes, their security, those users will be willing and happy to conduct further transactions with the organization.
Document verification can be the difference between fraud and returning business. It’s a cornerstone in the fight against cybercrime and will continue to be critical as service providers across industries branch out into new avenues of business – whether they be software-defined vehicles, secure prescription vending machines, or self-serve alcohol kiosks in stadiums.
Learn how Daon xProof was created to empower organizations against fraudsters and to help create frictionless customer experiences that are highly secure.