Identity verification and authentication: what is the difference?

In today’s increasingly digital world, more and more of our life revolves around our online activities. The COVID-19 pandemic has accelerated this process even more, as the closing of brick-and-mortar stores moved people towards online alternatives.

It is evident that important parts of our life take place in an online environment and that the changes created by the digital revolution involve a myriad of new opportunities and challenges. One of these challenges is that, due to the increased importance of the online landscape within our lives, the stakes increase. For customers and businesses alike it is important to know who you interact with online, especially as online and offline worlds intertwine more and more. Dangers such as identity fraud have the possibility of casting a shadow over our online activities.

It is for this reason that establishing a person’s digital identity is vital. Establishing someone’s identity sounds simple enough, but when looking at the terminology floating around online, even within the identity verification industry, the picture becomes fuzzier. For example, two terms often used interchangeably are ‘identity verification’ and ‘identity authentication’. For a topic as important as this, such ambiguity is undesirable, because it hinders proper comparison. To accurately compare within the industry, a uniform definition is necessary. Therefore, this blogpost is written to clarify how we at Verifai differentiate between these terms.

Identity verification

At its core, identity verification revolves around the question: are you who you claim you are? Answering such a seemingly harmless question requires multiple layers of security checks. Take the passport control at an airport when entering another country; the person who checks your passport or identity card needs to verify a number of facts, among them things such as checking whether the document is real and whether the personal information on the document matches with the person that’s holding the document.

It is easy to understand that in an online environment, whether it be on a mobile phone or on the web, verifying someone’s identity is more challenging. Nevertheless, the fundamentals remain the same: it needs to be established that the person who attempts to use a service or buy a product is who they say they are.

In essence, the problem outlined above revolves around three questions.

1. Is the document real?

2. Is the person real?

3. Does the document belong to the right person?

To solve this problem, Verifai uses an approach that consists of three main pillars to verify the identity of any given person, while also respecting their privacy.

1. Verifai recognises identity documents, reads the text and checks the authenticity of the document. Part of this solution consists of a quick and simple NFC check, which is an additional security measure unique to Verifai.

2. Verifai establishes that the user in question is a real person, who is physically present during the check. This check is done through our liveness check, which features a few simple steps.

3. Verifai checks if the identity document belongs to the person being verified. This is achieved through smart technologies like face matching.

Identity authentication

Now that the steps and processes associated with identity verification have been explained, it is time to turn our attention to the concept of identity authentication. The easiest way to understand the difference between identity verification and identity authentication is by juxtaposing the two concepts.

The first difference of note is that identity verification is a part of customer onboarding, whereas identity authentication is a part of identity lifecycle management, which takes place after establishing initial contact.

Furthermore, the verification process outlined above is based on the implicit assumption that it is a one-time occasion. That means that there is no prior knowledge about the individual whose identity document is being verified. Contrastingly, the identity authentication process is based upon the assumption that the party authenticating the identity of a person already verified the person. Therefore, the company or organisation that seeks to determine whether an authentication request is valid, is looking for proof that the information of the person attempting to authenticate themselves is correct. This is particularly useful for substantial online money transfers or other high-stakes situations.

This can happen through a variety of ways, but what virtually all of these ways have in common is that they either rely on something a person should know, have or is. An example of the first being a security question and having possession of devices like an identifying card being an example of the second. The third option consists of methods that use biometric identification, such as face matching.

Remembering passwords, security questions or having to be in possession of an extra device are solutions that no customer is enthusiastic about. Furthermore, the security of these options is doubtful. Passwords can be a part of data leaks, security questions guessed and identification devices can be lost. The use of advanced technology such as face matching remedies these problems, while also being user-friendly.

Looking ahead

The goal of this blog was to clarify the difference between identity verification and authentication. By honing the definitions of these concepts, we expect that these terms will be better understood in the future, thereby facilitating accurate and consistent communication. This helps us move closer towards our mission: making identity fraud a thing of the past.

Are you still interested in learning more about identity verification? Keep an eye on this blog or visit our website verifai.com!