The highest level of identity verification, IAL 3, requires a combination of identity proofing, document authentication, biometric comparison and direct oversight. This level of rigor helps protect against advanced attacks like evidence falsification, repudiation or theft of identity credentials.

Trust Swiftly’s remote IAL3 compliant solution meets FedRAMP High compliance standards, eliminates customer friction and saves your business money with hardware designed for document and face verification, liveness detection, watchlist screening and more.

Reduced Risk of Fraud or Impersonation

Resolve, validate, and verify the claimed identity of an applicant. This includes ensuring that the identity evidence has a linkage to real-world existence and that this real-world existence is associated with the applicant.

Ensure that the biometric characteristics collected from the applicant are actually the biologically distinctive characteristics of that individual. This requires biometric capture capabilities that meet the presentation attack detection performance metric of IAPAR (Impostor Attack Presentation Accept Rate) as specified in SP 800-63B.

Limit the amount of PII sent from the CSP to the RP. This limits the risk that a malicious actor could leverage an attack to gain unauthorized access or control.

Implement a privacy risk assessment, as defined in SP 800-63A and documented in the practice statement, to document the CSP’s policies and processes for maintaining the disassociability, predictability, manageability, confidentiality, and integrity of personal information that is collected and processed by the CSP for its identity services. This includes assessing the impact of changes to its services on these principles.

Increased Security

IAL3 is the highest level of identity proofing and aims to prevent more advanced attacks. It requires an in-person attended session with a trained CSP representative and collection of one biometric characteristic for verification. This heightened level of security is designed to limit more scalable attacks as well as protect against evidence falsification, theft and repudiation and more complex social engineering tactics.

The general requirements at IAL3 stipulate multiple policy and document audits, a variety of fraud checks as well as methods for combatting impersonation. It also defines trusted referee services where an applicant fails to meet the expected requirements of a defined IAL proofing process, and the CSP may engage a service that is vetted and trained to make risk-based decisions about the individual’s case.

Mitek’s Verified Identity Platform provides a flexible and agile way to manage NIST IAL3 verification both remotely and onsite. The unified platform offers the flexibility to choose proofing, authentication and federation components that match specific environmental threats and organizational outcomes while meeting IAL3 standards for remote workers.

Enhanced User Experience

When an individual completes the IAL3 identity proofing process, claimed identity attributes are collected, resolved uniquely, and bound to authenticators through a process called enrollment. This prevents attackers from spoofing these attributes, and ensures that claimed identities match real-world identity.

Unlike IAL1, which can be accomplished remotely, IAL3 requires an on-site attended identity proofing session and the collection of biometric characteristics as verification tools. This rigor is intended to limit more sophisticated attacks and protect against advanced evidence falsification, theft, repudiation, and social engineering tactics.

It is important to communicate clearly with users during the enrollment process about what will happen to their data and what they will need to bring to future sessions, such as a photo ID. This will help reduce frustration and set expectations for the delivery or pick-up of their authenticator. This will also help minimize the number of times they may have to visit a physical location and provide them with better assurance that their authenticators are safe from compromise.

Compliance with NIST 800-63A

Identity proofing processes outlined in NIST 800-63A IAL3 help balance security, user adoption, and usability. The standard defines three Identity Assurance Levels (IALs) to meet the needs of a wide variety of applications.

IAL2 requires that the CSP collect and verify self-asserted attributes from the applicant. Typically, this will involve collecting a photo of the proofing document, a verification of the document’s physical security features, and a biometric comparison of the physical applicant to the facial image on the evidence.

Lastly, the CSP must also obtain an account reference number from the proofing document. This account reference number can be used to confirm the validity of the enrollment code (e.g., confirmation that the applicant is enrolled; confirmation that the enrollment code was sent to the correct address; and confirmation it was not already used). In addition to these requirements, the IAL2 Non-Biometric Pathway allows for methods that do not require an automated comparison of a biometric sample provided by the applicant to the evidence.