Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

What Is the Difference Between Identity Verification and Authentication?

Question: What is the difference between identity verification and authentication?

Shai Cohen, senior vice president of global fraud solutions, TransUnion: As more services shift to a virtual format, consumers and organizations are threatened by more efficient and evolved forms of fraud. To confirm that a customer is who they say they are requires both identity verification and identity authentication.

These two terms are not synonymous or interchangeable, and the organizations that don’t know the difference make themselves vulnerable to increased fraud losses. Treating a verified identity (“this identity exists”) as authenticated or proofed (“this user is who they claim to be”) makes an organization vulnerable to account takeover fraud and synthetic identities.

Securing Account Creation and Use

The combination of a name, address, phone number, and email on an online form can provide enough information for a company to verify a consumer’s identity and establish a layer of trust when an account is first created. This information can be checked against multiple data sources, such as utilities or telephone carriers, to ensure the name matches the other qualifying data.

It’s critical to note, however, that verifying that the identity exists does not prove it belongs to the person entering that information. Criminals can use illicitly obtained identifying information to apply for new accounts or benefits in victims’ names. Some create synthetic identities where credentials have been fabricated and are not associated with a real person but can fool verification processes.

This type of identity theft has prompted a shift toward proofing or authentication practices. These approaches require significantly more rigor than simply verifying that an identity exists. Organizations work to confirm that the identifiers supplied to create a new account belong to the person entering the information — i.e., that the applicant is who they say they are. Some identity-proofing systems may request a selfie and government photo ID for a facial recognition match from new customers.

Authentication, on the other hand, is an ongoing identity-proofing process that both checks the identity of digital users and ensures the integrity of the devices they use. Two-factor authentication and one-time passcodes are both commonly used authentication methods that help grant account access to the right person in real time.

Note that security measures have to balance consumer needs. A 2021 study from the CMO Council reported that authentication frustration caused 61% of consumers to abandon a transaction, and TransUnion’s 2022 “Global Digital Fraud Trends Report” showed that approximately two-thirds of consumers would switch companies for a better digital experience. Organizations should incorporate both identity verification and authentication processes so that they can ensure safe interactions and create a trusted virtual channel that keeps consumers coming back.

Related News

Researcher create polymorphic Blackmamba malware with ChatGPT

Researcher create polymorphic Blackmamba malware with ChatGPT

The malware can target Windows, macOS and Linux devices. HYAS Institute researcher and cybersecurity expert, Jeff Sims, has developed a…
Owner of Breach Forums Pompompurin Arrested in New York

Owner of Breach Forums Pompompurin Arrested in New York

Pompompurin has been charged with a single count of conspiracy to commit access device fraud. Conor Brian Fitzpatrick (aka Pompompurin,…
New Vishing Attack Spreading FakeCalls Android Malware

New Vishing Attack Spreading FakeCalls Android Malware

The attack scheme begins with the FakeCalls malware masquerading as an online banking application of a reputable South Korean financial…