What is Identity Proofing?

If you do business over the internet, it is now more important than ever to provide secure online access to your clients and customers. With the world’s growing reliance on technology and cloud-based business solutions, businesses face the real and ever-present threat of security breaches and fraud.

Effective identity verification solutions should be one of the top priorities for any organization. Building trust with your customers and clients by proving them with a more secure and reliable online platform is key to building and keeping their trust. This is where identity proofing can help.

Implementing Identity Verification

In 2019 U.S. law enforcement received 3.2 million identity theft and fraud reports, and every year the number of identity theft victims continues to grow. In 2020, Accenture studied the cybersecurity threat to businesses. Their report estimated that the average U.S. based company is subject to 22 data breaches each year. Implementing a secure identity verification process is one important way your business can make a real difference in protecting both your business and your valued customers. By improving privacy and security, identity proofing helps you build customer trust in your brand.

More Than a Password

More than just choosing a name and password, identity proofing is the process of verifying and authenticating the claimed identity of individuals requesting online access to client portals, web-based applications, and virtual interfaces.

With typical self-registration processes, identity verification is often based only on an email address or phone number – information that reveals virtually nothing about the actual identity of the individual requesting an account or access to your platform. Even the common knowledge-based identity challenges involve asking security questions (e.g. “What is your mother’s maiden name?” or “What was the name of your first pet?”) that do not actually verify that the claimed identity of the user matches their actual identity.

Identity proofing goes beyond anonymous usernames and passwords, or easily faked ‘security’ questions. Identity proofing is a much more complex process that involves gathering layers of personal information from users over time. By collecting and assessing multiple pieces of user-asserted evidence, your business can make an informed and accurate decision regarding the validity of a user’s claimed identity before approving account registrations or granting user access. Identity proofing is particularly useful when a user is attempting to reclaim an account after losing their login credentials, access age-restricted content, obtain confidential health records, or register for an e-commerce site.

How Identity Proofing Works

The National Institute of Standards and Technology (NIST) issued comprehensive guidelines for validating a person’s identity. The intended purpose of identity proofing is to validate the match between a claimed identity and an actual individual within the population of customers or clients your business serves, and to verify that all supporting documents to that claim are authentic (not forgeries or counterfeits).

Generally, identity proofing is a three-step process for new applicants.


The process begins when applicant submits a request or application to an online business or service provider for access. In this initial step, the business usually requires an appropriately basic level of personal identifying information. This includes the applicant’s name, address, date of birth, email, and phone number, as well as two forms of proof-of-identity, such as a driver’s license and a passport or a data verification against government based data.


Once the first step is completed, the business verifies the information provided and validates all supporting documentation by checking an authoritative source. The two forms of identification (two-factor) are inspected for authenticity. Then the business determines the information supplied by the applicant matches their records.


Successful applications are sent through a third and final step for verification. Applicants are asked to verify their personal details against third party databases sufficiently to confirm the applicant or to submit a photo of themselves to match to the license and passport. Then the business sends an enrollment code to the validated phone number of the applicant, which the user repeats back, verifying the user is in possession and control of the validated phone number. Now the identity of the applicant has been proofed and account or access permissions can be set accordingly.

Integrity is Here to Help

Identity proofing is an important but complex solution to the increasing challenges with online security. It is important that each business tailor their identity proofing protocols to the needs of their unique organization and particular clients. However, it is equally important that the user-experience of your company’s identity proofing journey is easy and straightforward. While it is possible, it is certainly not expected that a single organization’s process, technique, or technology fulfill all three steps of the identity proofing process.

That is where Integrity by Aristotle can help. We offer a suite of widely accepted identity and age verification solutions that are tailored for both commercial and government sectors. Integrity is the most comprehensive and cost effective approach for age and identity verification available across multiple platforms. Reach out to us to learn more about our security solutions and how they can help your business today.

Recent Posts



Recent Posts

Recent Comments