Identity proofing refers to the practice of ascribing an individual with various identity attributes through verification, validation and identification processes - typically carried out by credential service providers (CSPs).
IAL3 requires biometric comparison between an applicant and evidence, to protect relying parties from impersonation or fraud.
NIST IAL3 verification
NIST 800-63A Identity Assurance Level 3 (IAL3) verification standards were designed to assist organizations in protecting online services from cyber attacks by verifying an individual is who they claim they are, which requires in-person interaction and verification of various forms of ID documents. TrustSwiftly can offer an affordable, secure, and convenient solution that meets IAL3 requirements and keeps organizations compliant.
The latest revision of NIST 800-63A IAL3 digital identity standards incorporates several changes that reflect modern security practices. For instance, they shift focus from "equity" towards ensuring processes work for all users by addressing usability issues such as user friction. Furthermore, they refine IAL taxonomy to accommodate different proofing methods and technologies more readily.
The new guidelines discourage SMS-based authentication in favor of more phishing-resistant MFA or passkeys for AAL authentication, in addition to strengthening federation security practices and watchlist screening that reduce fraud or impersonation while mitigating risk for sensitive data.
IAL3 identity proofing
Are You Seeking Protection Against Fraud or Identity Theft? An IAL3 Identity Proofing service offers an ideal solution. This digital authentication provides the highest level of assurance that a claimed identity matches their real world one; using processes like document verification and biometric comparison as well as strict chain-of-custody procedures, anti-spoofing protections and detailed auditing.
Your CSP must use multiple types of proofing methods in order to meet IAL3 requirements, including document verification and facial recognition with liveness detection. This cutting-edge technology helps eliminate spoofing and man-in-the-middle attacks; additionally it allows an in-person or remote attended session capable of detecting evidence manipulation or falsification as well as highly scalable and targeted attacks by employing presentation attack prevention measures.
IAL3 compliant solution
NIST IAL3 verification is the highest level of assurance available and requires either in-person attended identity proofing or remotely overseen identification processes with stringent oversight. At this heightened assurance level, document validation and biometric comparison to ensure the digital identity claimed is both real and uniquely linked with its enrollee, along with advanced liveness detection to confirm they are present and linked to their credential.
IAL3 also mandates stronger phishing-resistant authentication and secure federated identification practices, deprecating email OTP authentication in favor of SMS-based methods, while mandating robust defenses against SIM swaps and MFA bypass attempts.
Trust Swiftly's remote IAL3 compliant solution exceeds FedRAMP High requirements while saving businesses time and money. Utilizing cutting-edge hardware-based technology, Trust Swiftly captures identity documents and biometric attributes instantly for accurate identification purposes to reduce fraud risk while eliminating customer friction while providing accurate identifying evidence against fraud and AML risk. Furthermore, watchlist screening helps organizations comply more easily with KYC/AML regulations.
TrustSwiftly is IAL3 compliant
CSPs can achieve IAL3 compliance through various means. One method would be for the proofing agent to inspect evidence documents and biometrics at physical locations like stores or offices - similar to how security guards screen people before admitting them into certain offices.
Another alternative approach would be for the CSP to use a smartphone with Trust Swiftly no code page to identify applicants and capture evidence documents faster and easier than self-service kiosks while also protecting them more from injection attacks.
No matter which method is utilized, the RPs supporting IAL2 and IAL3 identity assurance level 3 must ensure that any claim of identity presented for verification matches the real world existence of its presenter. They must also validate whether the personal identifying information (PII) provided matches SP 800-63B's Section 5.2.3 requirements; as part of identity verification activities collected PII must be secured through an authenticated, protected channel for retrieval.