NFC for Identity Proofing
Here's What You Need to Know
Over the last few years, Near-Field Communication (NFC) technology has been making our lives faster, easier and more secure.
This is true in numerous ways, from enabling contactless payments to electronic tickets, keyless hotel rooms, and all manner of smart home innovations.
At its most basic, NFC communication protocols enable two electronic devices to communicate via radio waves when in close proximity.
For example, when you present an e-passport to an automated reader at an airline gate, NFC can confirm that the information on the passport chip matches the personal information you’ve provided. And because the data on that chip has been digitally signed by the passport issuer, it’s essentially tamper-proof.
Now imagine that same scenario with a traditional passport. Not only could the passport itself be fraudulent, but you’re relying on human beings (the weak link in most security chains) to review the information accurately and without delay.
At scale, it becomes increasingly difficult for human operators to perform this function with the speed and accuracy that government-grade security operations demand, hence the need for NFC.
Bringing Government-Grade Security to Mobile Consumer Services
Not surprisingly, many of today’s forward-leaning organizations (including banks, insurance companies, healthcare providers, education providers, and others) are exploring the potential for using NFC in their own customer journeys, with a special emphasis on the remote identity proofing and onboarding of new customers.
Naturally, the goal of onboarding is to make signing up for a new account as easy as possible for customers without compromising security. And for most of human history, we’ve lacked a secure method for establishing trust remotely—in other words without making the prospective customer travel to a physical place of business and have human beings review their identity documents in-person.*
(*In reality, in-person identity proofing was never all that secure. It has significant vulnerabilities, most notably to social engineering attacks. It’s also horribly inconvenient for prospective customers and inefficient for businesses.)
Mobile biometric technology changed things.
Today, you can verify a new customer’s identity by comparing their selfie with the image on their government-issued ID. Behind the curtain, biometric matching algorithms confirm a match between the selfie and the photo ID image, while liveness detection technology confirms there’s a real human being in the selfie, as opposed to a photograph or video recording. In mere minutes, you can verify and activate a new customer from anywhere, with a high degree of confidence and minimal friction.
In most cases, that is.
While today’s identity document verification technology is highly effective (and getting better all the time), fraudsters are continually learning and becoming more sophisticated, too.
And when you’re relying on the user to upload an image of their own identity document, there’s no way to be sure the image is that of a genuine document from the issuing authority.
NFC provides the opportunity for verification that the document is genuine and issued by the issuing authority—so you’ll have the strongest possible security with just the tap of an e-passport.
Little Chip, Big Potential
As you now know, the foundation of secure remote onboarding is the matching of a live selfie to a “trusted source” image of that person, ideally one that’s linked to a verified government ID.
Some countries are opening up access to their facial image databases to provide this trusted source (New Zealand, Australia, South Africa, Malaysia, and Thailand to name a few), but elsewhere an e-passport or enhanced driver’s license (EDL) offers the best opportunity for matching to a trusted source.
In a nutshell, the e-passport process works like this:
- First, the user captures an image of their identity document (for example, the information page of an e-passport), and the onboarding system extracts information (such as name, date of birth, issuing country, expiry date, document number, and photo) from the captured image.
- The onboarding system uses some of that information to gain access to the NFC chip and extracts information (such as name, date of birth, issuing country, expiry date, document number, and photo) plus a digital signature from the chip.
- The onboarding system now uses the digital signature to validate that the data from the chip is from a valid document issued by the relevant issuing authority and has not been tampered with; at this stage, the system will also ensure that the data from the surface of the document matches the data on the chip and has not been tampered with.
- Next, the user takes a selfie (with liveness capture).
- The onboarding system now compares the selfie image with the chip’s image and the surface image to ensure there is a match.
Once those steps are completed, and assuming all the information has matched and there’s no fraud detected, the individual can be onboarded instantly with a high degree of trust.
Chip-based identity checks are extremely secure; because the image data inside the chip is digitally signed by the issuer, it’s essentially tamper-proof.
Meanwhile, NFC creates appealing efficiencies for both organizations and their customers. An NFC check is fully automated, and the verification occurs in real time, without ever having to wait for a manual review (or hire an army of manual reviewers).
NFC won’t work for everyone, but for customers using chip-enhanced identity documents, it offers a convenient way to onboard using the most secure mechanism available.
Ready to learn more about NFC, digital onboarding, and other identity solutions? Click here to get a fast, personalized demo.