The public sector is taking on unique challenges; from mitigating the spread of COVID-19 to the implementation of privacy laws, like CCPA, there’s a lot at play as we look at the new or evolving ways our identities are being and can be leveraged. Our Summer Government Digital Forum sparked eye-opening discussions on contact tracing, citizen data, privacy law, public-private partnerships, and more, exploring the ways digital identity is becoming increasingly central – if not already – within each.
With so many points to cover within each of these dynamic discussion topics, it’s no surprise that there was much more to unpack after each virtual session came to a close. Following the event, we chatted (virtually, of course) with our speakers from Socure, to dive a bit deeper and answer further questions from their panel, Stopping Fraud at the Front Door: Protecting Prosperity and Privacy with Better Digital Solutions.
One World Identity (OWI): You mentioned individual countries who are doing a good job managing citizens’ data and digital identity information, but as the world becomes more globally interconnected, are there any early winners across multiple nations?
Socure: Estonia is a pioneer in going digital, considered by some to be the most advanced digital society globally. 99% of its public services are online, and 98% of tax filings are filed electronically. There is a nationwide health system that pulls from all healthcare providers to create a common record for each patient, accessible online. The ID can be used to access e-banking, e-voting, e-health, and even electronic residency systems. Underpinning these systems is a mandatory national ID card system that can be used via a mobile phone SIM card or a biometric-enabled smartphone app.
OWI: Is the SSA database mentioned during this session consent-based? If so, it would seem not to work to catch fake/synthetic identities as the fraudster would not provide consent – is that a correct view?
Socure: As made clear by the name of the program (Electronic Consent-Based SSN Verification), it is a consent-based service. The service can only be used if the number holder provides a wet or electronic signature consenting to the disclosure of their SSN verification. However, we would note that fraudsters don’t have an ethical issue with submitting fraudulent consents. This service should be used in the context of a holistic identity verification solution to weed out as much risk and fraud as possible.
One World Identity (OWI): Where can you find more info on the SSA API?
Socure: Here is the Social Security Administration’s (SSA) program website: Electronic Consent-based SSN Verification (eCBSV). In 2018, Senate Bill 2155 passed sweeping regulatory changes. Section 215 directed the SSA to modify its databases or systems to allow financial institutions to electronically verify if a name, DOB, and SSN match SSA records in real-time. eCBSV returns a match verification of “Yes” or “No.” If records show that the SSN holder is deceased, eCBSV returns a death indicator. Note that eCBSV does not verify an individual’s identity. In June 2020, the SSA started allowing select entities to access the service. Socure is intelligently nesting the eCBSV results within our models to provide additional intelligence and enhanced identity verification and risk scores.
OWI: What are the most important considerations in choosing an ID verification and fraud vendor?
Socure: First, it’s critical to understand your use case. Is the goal to minimize fraud, minimize false positives, increase auto acceptances, reduce onboarding friction, or satisfy compliance requirements? Accuracy is a crucial consideration but, more specifically, the accuracy of what? For example, if fraud is your most significant concern, then look for the best fraud capture rates. Accuracy is ultimately driven by rich, dynamic data sources and the application of machine learning to the data. Look for strength in data science and innovation in a vendor, as you will always need to keep up with developments in fraud techniques, data breaches, and evolving digital opportunities.
Flexibility is important so that you choose step-up options, adjust policies or design logic for various products or services, and otherwise tailor the IDV solution to the risk profiles of your organization and user base. You want to be able to distinguish the riskier applicants and address the risks as needed, to determine if they are “good” individuals.
Speed (i.e., latency) is crucial for digital-first entities, as well as technical feasibility. Many solutions are API-based, providing code that you can readily integrate into your systems. Customer support is also important. Look for 24-7 tech support, reporting tools, and solutions consulting.
OWI: Can you explain how the fraudulent unemployment office filings that we saw in the news might have been preventable?
Socure: Each filing for unemployment should be subjected to identity verification (IDV) to determine if they are who they say they are. Then and only then should the process move onto authentication for access to existing accounts. Fraudsters lean on stolen and synthetic identities to claim benefits. Still, an IDV check will catch inconsistent or untrustworthy data points, such as names and addresses that are not correlated, burner email accounts, email domains used primarily by hackers, and other suspicious factors.
Fraud could also have been prevented if state unemployment agencies shared information on fraud attempts and fraudulent profiles. We’ve seen this work in the private sector, where Socure’s consortium of customers share their outcomes with us so that we can update our analytics models to stay abreast of the latest fraudulent profiles.
Next, we chatted with Taylor Liggett, General Manager of Sterling Identity, and Brian Williams, General Manager, Government at Sterling, who spoke on The Evolution of Background Screening & Identity Services: How Government Can Deploy New Capabilities to Support Their Mission, to dive a bit deeper into the topics discussed and answer some of the outstanding questions from our audience.
One World Identity (OWI): Where can companies help fill these gaps in expertise/human capital we see in the government workforce in the immediate? And in the long-term, what should younger generations be doing to help mitigate this risk?
Sterling: We discussed an existential issue that exists for the future of the government workforce. Barring a significant reworking of the hiring, compensation, career, and culture of that workforce, a long-term, sustainable solution probably rests between existing process improvements and new modernized pilot programs for onboarding and retaining talent. A gig-based model for in-demand capabilities and a pre-screened inventory of specialists willing to engage in limited scopes of work may be a viable solution to bolster the government workforce.
Younger generations may naturally be more inclined to embrace flexible employment models, both as employers and workers.
OWI: Do you see a world where organizations share these “portable Identities” with one another?
Sterling: We can imagine a future where attributes of portable identities are shared between organizations. This comes with the critical caveat that the individual must remain aware and in control of their data and the circumstances under which it is shared.
OWI: What industry is leading the way around portable identity
Sterling: Social media companies, through services such as single sign on to apps and websites, primed the pump for portable identity. Marketplace and Gig Economy companies took this a step further and embraced modern identity verification solutions. Today several technology companies and the screening industry are working to bring the next iteration of portable identity to market.
OWI: Is there an app available now from Sterling with identity and document verification built-in? If so, what documents can be verified, and how? Is there a mobile biometric collection connected to other corroborating information available for your clients?
Sterling: Yes, you can try the Sterling Identity Verification demo here. Note that this demo does not transmit or store any of your personal information; it is intended to demonstrate the fast and easy the verification process is, using just a smartphone. Typical government-issued documents that can be used for verification include driver’s licenses, passports, state-issued identity cards, and others depending on location.
In addition to capturing facial photos via the identity verification process, Sterling Identity can collect fingerprints, facial images, and signatures at our nationwide network of collection centers.
OWI: Identity seems to be more and more foundational as we talk about “remotely” available services, both to constituents and corporations. How likely is it to have a national ID database as a public-private coordinated effort?
Sterling: The evolution of identity is becoming a great example of public-private partnership potential. Some countries already have or are headed in the direction of a national database. In the United States, there will likely be close coordination between multiple databases that exist for different reasons, to serve diverse populations.
The government provides various public goods that will help bring about the catalyst for this change. Public safety and the ability to deploy a portable ID for mass transit; the resolution, receipt, or remuneration of various tax and governmental fees; or the need to receive and maintain any number of government-issued/or certified credentials and licenses, will all bring about pressure for portable identity.
OWI: What identity verification tools or companies is Sterling considering using to meet this increased demand?
Sterling: To give our customers maximum flexibility and service reliability, we develop our own technology and partner with multiple identity vendors. These tools allow us to configure custom solutions that best meet customer needs regardless of geographic location or specific solutions requirements.
OWI: How can companies successfully build relationships with the government directly?
Sterling: Attending meaningful thought leadership forums, like the Know Identity Digital Forum on Government, is a great starting point. Additionally, ensuring that you are well-represented through any opportunities for public comment related to identity. Participate in thought leadership forums such as the American Council on Technology – Industry Advisory Council (ACT-IAC) and stay engaged.
OWI: Is the Indian ADAAR ID something for the USA?
Sterling: The underlying premise of delivering a unique, verified identifier to each citizen for use in digital transactions is certainly not new, but India is ahead of much of the world in bringing this to life. Digital identity initiatives being explored in the United States will likely have attributes of the AADHAAR scheme in terms of verified, unique identities. Still, we envision a much more granular approach when it comes to giving individuals the ability to not only control a verified identity, but to control discrete immutable aspects of their identity, like a verified education history, professional certification, birthdate, or otherwise. This emerging field is fascinating, complex, and promises to be enormously valuable to individuals, government, and businesses to the extent that identity solutions can help make the economy more frictionless and secure at the same time.
As always, there’s much more to tackle in the public sector. And now, we’re looking forward to benchmarking the industry shifts that will take place between now and our upcoming Fall Government Digital Forum! And if this is all news to you, take a moment to catch up on the other sessions from this event you may have missed.
We hope to see you at our next Digital Forum – check out the full schedule now!