Digital identity verification is an essential step to protecting against fraud, cybercrime and other risks associated with claims made online. It also prevents any possible issues with legality of those making claims that might not match up to reality.
Collection of Personal Identification Information should only include what is necessary to confirm an individual’s claimed identity, in order to avoid invasiveness and overreach concerns while building trust in the proofing process.
TrustSwiftly
TrustSwiftly is a secure and scalable IAL3 compliant solution that offers a supervised remote identity verification process to guard against sophisticated fraud attacks. Featuring automated verification journeys using trusted hardware authenticators (YubiKeys) as well as human oversight, TrustSwiftly uses both automated verification journeys with trusted hardware authenticators (like YubiKeys) as well as biometric comparison with official documents to detect deepfakes or impersonation as well as laptop farm fraud techniques that enable employees in North Korea access their accounts remotely.
An early understanding of IAL3 requirements is vital in order to identify the optimal process for your use case. Depending on the criticality of the transaction, in-person attended interaction may be necessary, while biometric matching alone may suffice in other circumstances. A tiered approach allows you to allocate resources proportionately according to transaction sensitivity while adapting security programs as new threats emerge.
NIST IAL3 verification
NIST 800-63A IAL3 highest identity proofing standard, IAL3, requires in-person attended identity verification with biometric verification and rigorous evidence validation. Only CSPs that can offer on-site assessment using dedicated hardware can meet this level of authentication.
Contrary to mailed confirmation codes, IAL3 requires real-time supervised sessions, comparing device camera biometrics against official documents in real time to detect deepfakes and AI impersonation. Furthermore, this authenticator (such as YubiKey physical authentication tokens) links directly with identity to prevent stand-in fraud – a risk when multiple people share access to one account.
Traditionally, attaining IAL3 compliance required costly and slow in-person verification by an agent with specialized hardware. Unfortunately, this method was vulnerable to social engineering attacks and only worked for limited numbers of people at once. Trust Swiftly’s affordable and scalable IAL3 solutions include chat, video, facial recognition with liveness detection capabilities, document authentication and step-up reproofing – providing lower cyber liability insurance costs and compliance bottlenecks for your organization.
NIST IAL3 identity proofing
IALs are part of the NIST Digital Identity Guidelines, and represent a level of certainty between a claimed identity and real world identities. At its most basic, assurance level 1 does not require linking user digital identities with real world identities, while assurance level 2 and 3 require more stringent measures, including document validation and biometric NIST IAL3 verification to prove these relationships (for instance comparing live image of user’s face against proofing document facial portrait). Finally IAL3 calls for multi-factor authentication using FIPS 140 validated security keys as additional layers.
Business can meet IAL3 standards while protecting users from identity fraud with Mitek’s patented technology, which can quickly verify documents and compare them to live biometrics, enabling a variety of NIST IAL3 identity proofing methods without in-person visits – providing significant improvements over vulnerable password-based methods used by phishing sites to gain access to sensitive data.
NIST 800-63A IAL3
The NIST SP 800-63A Identity Proofing Guidelines outline technical requirements for enrolling and verifying a digital identity that can be used for authentication. They offer an approach for balancing security with usability, including three Identity Assurance Levels (IALs) to describe confidence levels associated with identity assertion.
IAL1 provides the lowest level of identity assurance with no verification necessary; while IAL2 calls for remote or in-person identity proofing processes and superior documents verified with authoritative sources. Finally, for highly sensitive transactions IAL3 uses in-person physical biometrics along with stringent direct oversight for maximum assurance levels.
NIST 800-63A IAL3 2025 release marks a dramatic departure from checklist-based requirements and prioritizes stronger multi-factor authentication methods that resist phishing attacks. This includes pushing towards mandating FIDO Passkeys into AAL2 and AAL3 requirements while formalizing user wallets like mobile driver’s licenses into the federation model. Furthermore, this guideline now calls explicitly for more structured DIRM processes that consider mission delivery, trust of public authorities, as well as individual users’ effects.
