Using Multi-Mode Verification for Customer Identification Program Requirements

The 10 Driving Forces behind the Convergence of Payments, Anti-Fraud & Identity Solutions

With advances in technology and increasing dependence on online business and account services, verifying customer identity in applications with controlled access is more important than ever. In some cases, it is even a legal requirement.

History of the Customer Identification Program

The world of online security was forever altered by the events of September 11, 2001. Shortly after the attacks on 9/11, then-President Bush signed into law the PATRIOT Act, legislation designed to increase the security and safety of the U.S. and its critical industries. Section 326 of the PATRIOT Act set forth minimum standards for financial institutions relating to the identification and verification of any person who applies to open an account. The Act defines “financial institutions” very broadly, encompassing a variety of entities including banks, agencies and branches of foreign banks in the United States, credit unions, securities brokers, commodities dealers, insurance companies, even travel agents and pawnbrokers, among many others. The Customer Identification Program (CIP) grew out of this provision, requiring financial institutions to verify the identity of individuals conducting transactions.

Following the enactment of the 2001 PATRIOT Act, banking security legislation required three steps in developing a Customer Identification Program (CIP):

  • Identification and verification of persons opening an account: The type of identification number needed depends on whether a customer is a “U.S. person” or a “non-U.S. person.”
  • Recordkeeping: A record of all information collected on a customer needs to be maintained and retained for at least five years after the closing of the account.
  • Comparison with government lists: The purpose of comparing customer identity data with government lists is to determine whether the customer is on a government list such as OFAC or is a known or suspected terrorist or a member of a terrorist organization.

What is the Customer Identification Program?

The Customer Identification Program (CIP) prescribes “the minimum standards for financial institutions and their customers regarding the identity of the customer that shall apply in connection with the opening of an account at a financial institution.” Each institution is permitted to develop their own CIP according to the specific and unique needs of the business and their customers, so long as the program allows the institution to “to form a reasonable belief that it knows the true identity of each customer.”

Most people are familiar with the various security techniques, such as passwords, smart cards and Personal Identification Numbers (PIN) already widely in use. But the only things traditional security measures can verify is that the individual requesting access possesses (1) certain form of identification (for instance, a Driver’s License or Smart ID Card) and (2)certain knowledge (passwords or security question answers) or (3) is verified by database in conjunction with a government ID such as a SSN number. Such basic access control mechanisms can be abused very easily, which exposes the institution to risk of fraud or theft.

Multi-Mode Verification

To address the risks posed by increasing tech-savvy fraudsters, a more robust approach to CIP is required. Multi-mode verification is the use of electronic document verification, biometrics and identity data to validate an individual. This form of verification combines several identity verification metrics, making it much more difficult to hack or defraud. The concept is based on biometric characteristics or measures, such as voice, face, retina, or fingerprint recognition. Facial recognition is one of the most acceptable biometric traits, and the method of acquiring facial images is nonintrusive. Fingerprints are very distinctive, and they are permanent. However, the accuracy of fingerprint recognition is influenced by the quality of captured fingerprints and the algorithm running the analysis. Clearly each biometric trait has its own strengths and weaknesses, and the choice of using one trait over another depends on several considerations.

Nevertheless, the main security benefit is abundantly clear: Biometric characteristics are inherent to every individual and are never forgotten and are rarely lost. However, biometric measures do tend to vary with time, and the degree of variation is itself variable from one person to another. This is true, for instance, with changes in the voice as an individual grows older. This is why it is it important not to rely on a single biometric data point. Multi-mode verification adds that essential layer of ID protection not just for today, but also across time. By relying on several data points, companies can build a more robust and reliable Customer Identity Program.

Layers of Protection

Prior to 2003, the threshold for verifying the identity of customers conducting financial transactions was much lower than it is today. A few things remain unchanged: Financial institutions have always required identifying information from potential clients, such as their name, date of birth, address, and identification number. Acceptable forms of identification still include a U.S. social security number or other government-issued documents (for non-U.S. citizens: individual tax ID or employer ID numbers). However today, additional steps to verify the claimed identity of a potential customer are required, such as running the documents against government databases.

A perfect identity verification is, in practice, unachievable. Multi-mode verification using biometric verification provides a high level of certainty and security to a business’s CIP. Biometric authentication is becoming increasingly popular as an accurate method of user verification, data protection, and fraud prevention across organizations. However, there are challenges in implementing it correctly or meeting identity compliance standards.

Work With Integrity

Integrity is a suite of widely accepted identity and age verification solutions that are tailored for both commercial and government sectors. Integrity is the most comprehensive and cost effective approach for age and identity verification available across multiple platforms. Contact us today to learn more about how Integrity can help your business design and implement a robust and reliable multi-mode verification identity program.


Recent Posts

Archives

Topics

Recent Posts

Recent Comments

Archives

Categories

Meta