People go through either identification, verification, or authentication on a daily basis—whether it’s opening a bank account, making online transactions, or creating a new social media profile. It can be hard to tell the differences between these three processes at first, but failing to understand them can land businesses in hot water. To keep businesses safe and compliant, this article clarifies these subtle, yet important differences.
Identification is the process of recognizing one’s claim to be a particular person. Regulations oblige financial companies to identify their customers, which often requires collecting certain information. JMLSG GUIDANCE FOR THE UK FINANCIAL SECTOR states that “the firm should obtain the following information in relation to the private individual”:
For in-person transactions, customers can identify themselves by simply stating their name. A similar identification process occurs during online transactions—where customers provide their email address in addition to their full name.
When occasional transactions don’t exceed a certain amount (e.g., 1.000 euro), businesses may allow their customers to complete them right after the identification process.
Verification is the process of ensuring that the information provided by customers during identification is authentic. This is necessary to avoid fraud, identity theft, and other illegal activities.
There’s a functional difference between verification and identification. If the identification process simply asks customers who they are, the verification process asks them to actually prove their identity and provide supporting documents. The verification stage is crucial since fraudsters can easily get their hands on identification data.
The verification process commonly takes place in higher-risk onboarding scenarios, such as online banking or betting. In these cases, it’s especially important to truly Know Your Customer before establishing the business relationship.
Verification must be based on reliable sources that are independent of the customer. In other words, customers need to present legit documents to prove they are who they say they are. To ensure a high level of confidence, these documents should typically be issued by a government department or agency.
According to JMLSG GUIDANCE FOR THE UK FINANCIAL SECTOR, the verification process takes place by submitting one of the following government-issued documents:
In cases when a document doesn’t include a photograph, a supporting document is required. Documents without a photograph include:
The documents then get examined using two methods:
These examinations are conducted either manually or through computer technologies. Companies should decide which approach is appropriate depending on their business model. For companies with an intense flow of customers, the verification process will require a lot of resources, especially for non-face-to-face services. Therefore, such businesses tend to use special tools and services for remote identification and verification.
If verification is a one-time process that takes place during the onboarding process, authentication is a recurring procedure that ensures that existing accounts haven’t been compromised. The three common types of authentication include:
The most common form of authentication is asking for the user’s password. However, this information can easily be stolen by fraudsters. Therefore, the more types of authentication a business uses, the higher the chances that the fraudster won’t get access to the user’s accounts. Biometric data and liveness checks may have the highest information security levels, since they’re the most difficult to forge.
“Authentication” often gets confused with another term called “authorization.” However, the difference between them is significant. Authentication aims to recognize users, while authorization specifies the features that users can access. For example, if a person is subscribed to a certain streaming service, authentication will recognize the subscriber, while authorization determines which features are available based on the subscription type.
The main goal of identification, verification and authentication is to know your customers, protect your business from fraudsters, and comply with regulations. The best way to achieve these goals is to conduct all three processes simultaneously and combine different verification and authentication methods. To put it simply: the more, the merrier.