Trust Swiftly makes compliance with IAL3 easy by leveraging mobile verification for remote and on-site users. This includes a comprehensive authentication journey that supports phishing resistant methods and superior evidence for IAL2.
The identity assurance level (IAL) defines technical requirements that a CSP must meet in order to reliably identify applicants. IAL requires claimed identity attributes to be collected, resolved uniquely and bound to authenticators.
Self-Service Verification
The identity proofing requirements at IAL3 provide enhanced protection for applicants to prevent impersonation and other significantly harmful attacks. This level of rigor requires a CSP to perform in-person or supervised remote identification, including biometric capture, and perform at least three identity proofing steps to verify that the applicant is the legitimate owner of the identity evidence presented.
Upon successful completion of IAL3 identification, the CSP shall issue an enrollment code to the enrolled individual and allow one or more authenticators to be bound to their proven identity in the CSP’s database. This binding process NEED NOT be completed in the same session as the identity proofing.
During a IAL3 identity assurance level 3 interaction, the CSP SHALL validate all attributes (whether obtained from the identity evidence or self-asserted) and verify their accuracy using authoritative or credible validation sources. This validation may include comparing against watchlists to identify and mitigate known or suspected threats. PII collection SHALL be limited to the minimum necessary for performing identification resolution, validation and verification.
On-Site Verification
As a leader in security, TrustSwiftly provides full NIST 800-63A IAL3 Verification through its onsite OnSite Interview application. OnSite interviews provide a high level of confidence in proofed identities while helping protect against more sophisticated attacks such as advanced evidence falsification, theft, repudiation, and other types of social engineering tactics.
Identifier verification: At IAL1, a CSP performs KBV by verifying the attributes of an applicant’s claim to identity with authoritative sources or another relying party (RP)-verified source(s). The verification of attribute data MUST have at least 20 bits of entropy.
At IAL2, the RP verifies an applicant’s claim to identity by comparing the identifiers in the strongest piece of identifying evidence and performing a biometric comparison of the subject with that identifier. The RP may require the use of a verification method that requires a physical presence with the applicant. At IAL2, the CSP may also offer a continuation code that the RP can validate for future verifications, which MAY be delivered in-session or out-of-band to a physical mailing address or phone number.
Watchlist Screenings
Watchlist screening is a key part of any Anti-Money Laundering (AML) or Know Your Customer (KYC) process. It involves cross-referencing your customers' personal information with global watchlists in order to identify risk and prevent illegal activities like money laundering or terrorism financing.
Watch lists typically contain details of entities or individuals that have been sanctioned by governments or international bodies. These restrictions are often imposed due to terrorism, human rights violations, or illegal trade. Watchlist screening helps ensure that businesses don't accidentally transact with these risky individuals or companies.
AiPrise's watchlist screening service uses sophisticated automated tools to quickly scan customer data against global watch lists in real-time. This provides more accurate results and reduces false positives, helping you keep up with AML compliance requirements without slowing down your business. Typically, watchlist screenings are carried out during onboarding as well as ongoingly on an agreed schedule depending on your AML or KYC processes. These searches can be performed by either fuzzy matching or exact matching methods.
Adaptive & Context-Aware Verification
NIST IAL3 verification guidelines are designed to improve the security and usability of digital ID. They define technical requirements in the areas of identity proofing, verification, authentication, federation, and attributes.
Enhanced security standards and increased scalability for remote, unattended methods for identity verification. This enables more users to access high-value services like banking, healthcare and public safety, even with limited or no Internet connectivity.
The new IAL3 standard defines stronger cryptographic devices (e.g., FIDO security keys and device-bound passkeys) that are highly resistant to phishing attacks, man-in-the-middle and other types of malicious attacks. It also promotes phishing-resistant Authenticators and user-controlled wallets as a key requirement for AAL3 Assurance.
The IAL2 requirements require that the physical applicant match the reference image in the strongest piece of verified evidence, known as SP 800-63A identity verification. This is accomplished by using the ID&V Portrait evidence type, which leverages liveness detection to prevent trivially simple presentation attack spoofing.