Keeping identity information secure is of significant importance not only to individuals, but also to businesses with which they interact and to organizations that deal with identity theft and misuse such as money laundering and fraud. The validation of a person's identity is particularly important when the individual is not physically present, as is the case for online transactions.
Validation relates to the confirmation or establishment of the truthfulness/soundness of an identity claim in order to have the claim sanctioned. Various forms of primary identification are generally utilized for validation purposes, such as traditionally physical forms of identification which relate to physical attributes of an individual, including passport photographs, biometrics and DNA information. An example of current primary identity validation is a bank requesting that an individual come in person to a branch and present a passport which is checked to confirm it is a genuine document and the photo matches the individual. Primary identity validation is contrasted with secondary identity validation, which traditionally relies on facts associated with an individual and relates to assessing the suitability of an individual to engage in a transaction. The suitability may first be confirmed by determining, for example, whether an individual has a sufficient credit limit for a transaction. Then, the individual may engage in the transaction, during which process Primary identity validation may occur.
There are two fundamental aspects of establishing the validity of one's identity. First, an individual's identity must be established to exist. Second, it must be shown that the identity belongs to the individual in the transaction.
Proof of the existence of an identity is commonly achieved in real time through confirmation of identity details that are readily accessible, whether in-person or online. Such identity details may be an individual's address, date of birth, electoral roll registration, criminal record, credit rating, etc. Current identity validation solutions in the market evaluate the level of consistency between information disclosed by an individual with information on record. The more that consistency exists, the greater the level of comfort that the information supplied is correct. Organizations that offer services to confirm the existence of identity and check for consistency include databrokers, such as Experian, Equifax and CallCredit.
One problem with solely establishing the existence of an identity without linking the identity to an individual is that it does not sufficiently address the question of whether the individual who supplies the data is in fact the correct individual or an imposter who has obtained the information checked. Affiliation of an identity to an individual that is claiming ownership is often conducted offline using such pieces of primary/hardcopy identification as passports, utility bills, birth certificates, documents sent to a home address for signature, or requests to attend an office in person. Online financial companies such as PayPal and online banks also attempt to establish ownership of an identity through a process of paying in one or more small amounts of money into a bank account and requiring the purported owner of the identity to confirm the amount through an email address purported to be associated with the identity.
U.S. Patent Publication No. 2008/0215346, which is assigned to Neteller, describes a predetermined level of assurance which establishes that an identity is affiliated with a user by contacting a number of databrokers and requesting verification of at least one piece of secondary identifying information associated with the predetermined level. If primary identification is required, the validation step is performed offline. As used by Neteller, the term financial information is understood to be details such as an account number and sort code, rather than the ability to access the financial information through a password and username (i.e. confirmation/checking of data items instead of secure access capability). Such information may be checked, but this is done through databrokers. UC Group Limited also aggregates secondary identification information from multiple brokers and uses a similar definition of financial information.
Validation is often used for only one financial transaction at a time. For example, price comparison websites are required to check identification details for each quote, taking up time and costing money for each quoting institution. Online identity solutions such as NetIDMe, and verification token software such as Microsoft's Geneva/Infocards and OpenID, are commonly used to provide online identities that associate a username and password with a token verified by a third party. Financial passporting that checks only a single account's details through the transfer of money is also common.
Due to the increase in Internet retail, credit card and bank details are handed over to more and more third parties. Personal information about a transacting party may already be known or easily discoverable from a significant number of sources. Such attainable information may include birth dates, addresses, mother's maiden names, or primary school attended. As a consequence, the security of financial and personal information is greatly compromised.
Certain aspects of an individual's online identity which are more protected include usernames and passwords that are used to access important accounts such as financial accounts (bank accounts and trading accounts), government accounts (related to tax submission and voting), and work or educational accounts (firm logins, university logins, professional logins including those used for medical professionals who access patient details).