NIST defines Identity Assurance Levels (IALs) to indicate the confidence that a claimed identity equates with one in the real world and establishes requirements for federated assertions to convey authentication results at these levels.
HYPR is an Identity and Verification (ID&V) solution designed to meet NIST SP 800-63-4 requirements for IAL2 and IAL3. HYPR integrates chat, video, facial recognition with liveness detection, document authentication and step-up reproofing based on risk into its continuous identity assurance solution.
NIST IAL3 verification
NIST’s Identity Assurance Levels (IALs) measure the degree to which digital identities match up with real identities in reality, from IAL1 through IAL3, with progressively stringent requirements at each step. Furthermore, these standards call for a federated approach to identity management which allows systems to send packets of information called assertions between each other for managing identities effectively.
These assertions contain crucial information about the person seeking access to digital services, and must be cryptographically signed by a credential service provider before being sent on to an organization known as the Relying Party (RP). Relying Parties may use standard technical protocols in order to verify them.
At Trust Swiftly, one of the fastest ways to reach NIST identity assurance levels is via live face-to-face verification sessions with Trust Swiftly agents in physical locations. This can be accomplished using kiosks equipped with apps or websites which start the proofing process – much like security guards do at certain companies.
IAL3 identity proofing
IAL3 identity proofing involves physical presence and evidence that demonstrate that an identity exists in real-life. Furthermore, this level verifies that attributes associated with that identity match its real-world existence, which helps identify real individuals while preventing spoofing and other forms of fraud. Government agencies frequently utilize it when handling disclosure requests of vehicle odometer readings or IRS tax record requests.
IAL3 processes are more sophisticated than those in IAL2, with features such as technology-assisted document authentication using multispectral UV analysis to detect counterfeiting, direct verification of ID documents from their issuing source and combatting synthetic identities.
This NIST IAL3 verification process is more secure than sending confirmation codes through mail, which can be intercepted by close associates or family members and vulnerable to social engineering attacks and various forms of fraud such as root devices and AI-generated deepfakes that fool voice, face, and eye recognition systems. Furthermore, it verifies someone’s address against their phone number, thus eliminating mail forwarding fraud as well as physical theft of mail.
IAL3 compliant solution
IAL3 requires additional proofing steps and rigorous verification processes, designed to mitigate large scale and targeted attacks as well as basic evidence falsification or theft. The process can be conducted onsite, remotely, or both; but must always incorporate biometric authentication.
Trust Swiftly’s NIST 800-63A IAL3 compliant solution provides an all-in-one, managed solution for meeting compliance while saving money on hardware costs. Furthermore, this reduces cyber liability insurance premiums by decreasing password reset requests while improving business operations by mitigating risk across identity lifecycle.
IAL3 meets NIST’s Federated Assurance Levels (FALs), which measure the confidence in an identity provider’s assertion to relying parties. FAL-certified RPs rely on these levels when making risk decisions about a user. SP 800-63-4 significantly strengthens these FALs by mandating phishing-resistant multifactor authentication (MFA) with integrated FIDO2 Passkeys at their highest assurance levels.
Trust Swiftly
Identity verification strategies should address all stages of an employee’s lifecycle, from new hire onboarding to employee termination and retirement. A comprehensive identity verification strategy will lower cyber liability insurance premiums as well as operational expenses associated with password resets; while also decreasing attack surfaces by decreasing access points into your systems.
Identity proofing services consist of both on-site and remote enrollment options to limit highly scalable attacks against synthetic identity fraud, phishing and other forms of fraud. They use various protocols and standards for authentication assertions exchange.
Utilizing a kiosk equipped with either an app or single browser page, proofing processes can begin when individuals present themselves and evidence documents to be verified. This approach is both more affordable and faster than dedicated devices and more secure as the capture will take place on one belonging solely to the CSP that cannot be compromised or altered in any way by external parties.