Trust Swiftly can assist with identity verification for many regulated industries via an IAL3 solution remotely or onsite.

General requirements stipulate multiple policy and documentation audits to ensure a secure process, in addition to various fraud checks. They also outline methods of combatting fraud while reviewing verifications out-of-cycle.

NIST 800-63A

Trust Swiftly's online service complies with NIST 800-63A IAL3 identity proofing for individuals looking to interact with businesses regulated industries, which requires identity proofing with a certain level of assurance (IAL). In such instances, these individuals often need to go through identity proofing processes that provide certain levels of assurance (IALs).

At NIST IAL3 verification , an individual's claimed identity attributes are collected, resolved uniquely and bound to an authenticator through a process called enrollment. This ensures that individuals claiming they are someone else are actually who they claim they are; also making large-scale attacks difficult and time consuming without considerable cost or delay. Authentication also involves gathering biometric characteristics as verification tools.

General Requirements

Identity verification at IAL 3 can involve multiple different approaches. These could range from remote and onsite methods of identity proofing, and unattended to attended identity proofing with live human operators present. IAL 3 uses validation processes on information such as names, addresses, phone numbers, IDs and SSNs collected during identity proofing to ensure they are accurate, unique and consistent with known sources; this ensures pseudonymity by not collecting more attributes than necessary to establish one identity record for an applicant.

CSPs must ensure that users understand how their attributes will be utilized, to prevent attacks targeting large populations of enrollees.

Biometrics

An applicant's live biometric data must be verified against various forms of evidence provided by subscribers and must meet minimum STRONG criteria for approval.

This application can be used by both unattended remote users or with human supervision (where someone walks them through each step). It runs on any device with a camera, including tablets in secure kiosks.

The app utilizes both government and third party data services to verify evidence such as drivers licenses. It performs facial comparisons and checks for anomalies, and compares photo IDs against subjects using its database to ensure authenticity of documents such as drivers licenses or passports.

Fraud Detection

CSPs seek to match claimed identities with actual, existing records in the real world and verifying identifying evidence supporting claims - this includes verifying whether or not a claimed identity actually exists and is associated with real people.

Trust Swiftly can offer a complete selection of services that conform to IAL2 assurance levels. We can also assist with other levels, such as IAL1 and IAL3, but will primarily focus on meeting IAL2, as it is widely recognized among regulated industries for individual verification.

It is crucial that your solution undergoes continuous evaluation for weaknesses and vulnerabilities. Fraudsters exploit static systems that don't undergo continuous scrutiny.

Privacy

Application must utilize a device which is secured and locked down to prevent tampering during proofing process. A person should monitor each step of verification to provide advice, explain any requirements that need to be fulfilled, and state all consent requirements as part of this verification.

The app should verify a number of identity data points such as Driver License numbers, names and addresses as well as text and images present on documents to ensure that they are authentic.

The application must be capable of verifying superior evidence such as microtransactions, OTP phone callback, and bank account linkage. Furthermore, it should support multiple pathways leading to IAL2 with many possibilities leading to IAL3. Furthermore, it must also be resistant to man-in-the-middle attacks.