Gartner market guide for identity proofing and corroboration

Recently, Gartner released its latest market guide for identity proofing and corroboration. Traditionally a landmark study, the report aims to explore the current state of the identity proofing market. In doing so, it analyses the issues businesses face when verifying identities and how the market can respond to emerging trends. 

So, what does Gartner’s guide for identity proofing and corroboration say about identity proofing, corroboration, and the future of the industry? Let’s take a look.

What is identity proofing?

Gartner believes that until recently most online identity proofing simply involved businesses asking their customers for personally identifiable information (PII). This included the customer’s:

• Name
• Address
• Phone number
• Social security number

Once this information had been obtained from the customer, it was then checked against an authoritative source, such as a credit bureau.

However, such a basic form of identity proofing is now seen as insufficient. This is because, by performing these checks, businesses are simply checking that the data a customer has provided is legitimate. Crucially, this process does nothing to check that the genuine owner of the identity was entering the data. 

As a result, Gartner now defines identity proofing in the following way:

“Identity proofing is the combination of activities during an interaction that brings an identity claim within organizational risk tolerances, such that:

• The real-world identity exists
• The individual claiming the identity is, in fact, the true owner of that identity and is genuinely present during the process”

The proofing process recommended by Gartner is formally known as document-centric identity proofing. For this form of identity proofing to take place, a customer must take a photo of their government-issued ID (such as a driving license or a passport) and then take a selfie. When the customer is taking the selfie, a business should take steps to ensure that the session is real and live. This process is known as liveness detection, or presentation attack detection.

By taking these steps during an identity proofing process, a company can check a number of things. Firstly, they can check the static data, such as the customer’s name, address, and social security number. 

Then, the business can check the validity of the identity document. Finally, the business must check that the customer’s face matches the identity document and that the session is live. As a result of performing all these checks, Gartner believes that a higher level of identity assurance is achieved.

This is the exact process that our AML and KYC compliance solution takes. But, as well as verifying the identity of a customer and asking them for a selfie, our powerful tool also has the ability to check that customer against PEP and sanctions watchlists and screen them for adverse information and media. It can also provide ongoing monitoring.

What is corroboration?

Identities are like possessions: each identity has a rightful owner. As part of the identity proofing process we’ve outlined above, each identity must be matched to the person who takes the live selfie. Matching this information to the person in the picture and backing up the identity claim involves corroboration.

By corroborating an identity, a business or identifier can, within a tolerable level of doubt, confirm that the identity genuinely belongs to the person who submitted the information.

Gartner believes that having proper identity corroboration processes in place is vital for reducing fraud. Due to this, Gartner’s market guide for identity proofing and corroboration recommends that businesses adopt new technologies to detect identity anomalies and prevent fraudulent activities. These new technologies should include identity corroboration hubs.

Gartner believes that by 2023, identity corroboration hubs will displace existing authentication platforms in more than 50% of large and global enterprises. This is because an identity corroboration hub offers the ability to build and manage one true digital identity. This means that a business has established a verified identity via a trust anchor, tied it to a person, and now has access to a trusted identity platform that continuously authenticates this identity through real-time monitoring.

Plus, a corroboration hub offers tracking and analysis of true identities linking their connections and their activities in real time, while protecting their privacy. This allows for true identity verification at any point in time, so fraudulent activities can be pinpointed.

Gartner’s key findings in the market guide

In their latest market guide for identity proofing and corroboration, Gartner found that:

• Organizations are under pressure to move more high-risk interactions online
• Trust in the user’s real-world identity must be balanced with expectations for minimal friction in the user experience (UX)
• Making identity proofing, fraud detection, and user authentication capabilities work together across the user journey can improve risk mitigation, reduce costs, and boost innovation in product or service offerings
• The current paradigm of a user having to assert their real-world identity with every new service provider is not scalable given the pace of digitization
• In the future, portable digital identity solutions will be required to support both current and evolving use cases in the long term

As a result, Gartner recommends that organizations try to balance the often competing demands of trust, compliance, and UX by assessing the full range of identity proofing and affirmation capabilities.

On top of this, in past editions of the market guide for identity proofing and corroboration, Gartner has drawn two interesting conclusions that are worth examining here.

1. Convergence of technologies

One of Gartner’s previous key takeaways has been that the lines between online fraud detection, identity proofing, compliance, and user authentication are becoming increasingly blurred.

Historically considered separate, the technologies behind user authentication, online fraud detection, compliance, and identity proofing are all now merging as part of the identity corroboration process.

By combining these techniques and technologies, Gartner believes that trust assurance can be increased and malicious or abnormal activities can be better identified.

2. Concern regarding fraud

Gartner has also previously noted that as modern life continues to embrace digital channels, the need to corroborate the identity of customers remotely has also grown rapidly.

However, for many businesses, this has posed a challenge. This is because the traditional methods of corroborating an identity have been nullified because personal data has continually been hacked.

To boost security, Gartner notes that many organizations have placed onerous demands on their customers, explaining that these were for account security purposes. However, today, many demographics (particularly younger generations) are valuing convenience over security. As a result, some customers are not tolerating these demands and are now taking their business to competitors who offer a lower-friction experience.

Of course, Gartner is quick to point out that this doesn’t mean that these businesses are prioritizing the customer experience at the expense of security. In fact, the most innovative businesses are investing in technologies that make security invisible to their customers. This means that these businesses can maximize conversions while still being able to detect sophisticated, fraudulent, and malicious activities.

However, with a number of businesses looking to reduce friction, many business owners remain concerned about the prevalence of fraud. For example, in 2017, a Gartner study showed that 32% of respondents were concerned about new account synthetic or identity fraud. On top of this:

• 27% of respondents were concerned about payment fraud
• 23% of respondents were concerned about account takeover fraud
• 15% of respondents were concerned about call center fraud

Since this study, Gartner notes that these concerns have been exacerbated by further data breaches. Due to this, it’s clear that companies need to find a way to become less reliant on static PII.

Instead, according to Gartner, companies must view identity proofing as a continuous and contextual process that provides an increased level of assurance. To do this, Gartner suggests using a trusted identity corroboration model.

This model provides a way of understanding the variety of credentials and other soft signals that can contribute to identity corroboration. In essence, it highlights the range of identity-specific inputs and the contribution they make: affirmative (or positive) signals (increasing trust) and negative signals (decreasing trust or increasing risk).

When used correctly, Gartner believes that this model maximizes the collection of multiple risk indicators that could indicate malicious or fraudulent activity during account creation, access, and maintenance. Plus, by maximizing the weighting of familiarity signals, it ensures that low-risk, good customers can have the best possible customer experience. Ultimately, this leads to lower abandonment, and reduced operational burden for addressing false positives.

Speak with the fraud prevention experts at Veriff

Here at Veriff, we’re experts in fraud prevention. With the help of our identity verification platform, you can ensure that your customers are exactly who they’re claiming to be.

With the availability to select between 40 languages and dialects, and with support for more than 10,000 government-issued IDs from 190 countries, we provide a global reach that means you can verify customers from all corners of the world.

To discover more about how our solutions can help you with identity proofing and corroboration, talk to our fraud prevention experts today.