Identity verification

Identity verification

The most accurate way to verify someone’s identity is to request and validate more than one form of identification, one with a photo. Examples include a driver’s license, a Social Security card, a valid passport, or military ID. Some organizations may accept a university ID or other non-government ID for one of them.

Identity verification online, also known as identity “proofing” or “vetting”, is when you confirm an identity without seeing a picture ID. Most organizations need a real-time process that checks the personal information given by the individual.

Note: IU’s policies and procedures for giving and taking away access to resources are in the Information Security and Privacy Program, primarily in Domain 8: Identity and Access Control.

Are there different levels of identity verification?

Yes. Levels of identity verification depend on the needed level of assurance. You may only need to confirm that an identity is not fraudulent, or you may need more proof that someone is who they claim to be.

Prior to choosing appropriate verification methods, perform a risk assessment to determine the level of needed assurance. Identity verification typically uses three factors:

  1. Something you have. Typically, a swipe/proximity card, OTP token, etc.
  2. Something you know. Typically, a password or information about yourself (mother's maiden name, security questions, etc.)
  3. Something you are. Typically comparing a photo to a person standing in front of you, or, biometric readers (hand/fingerprint readers, hand geometry, retina scanners, etc.)

These factors are stronger when used together. Passwords can be hacked, cards and keys can be stolen, and biometric readers can be fooled. The chance of a successful attack is lessened when a combination of these factors are used. The level of assurance you can achieve depends on how much information you have to verify. If the information you have about an individual is limited to name, phone number, and address, that's the highest level of assurance you will be able to reach.

Also, some names are very common. If you are changing internal records, ensure you have the correct one. You may need to ask additional questions to identify which record belongs to the person you are verifying.