Please enable JS

NextgenID's
Blog & Knowledge Base

July 26, 2023
The Hidden Risks of Mobile-Based Identity Proofing and the Imperative Shift towards Robust In-Person Verification


As our world becomes increasingly digitized, verifying identities securely has become paramount, especially within government agencies tasked with protecting sensitive data. One commonly employed identity verification technique, conducted at Identity Assurance Level - 2 (IAL-2), involves using mobile phones. However, recent developments in deep fakes and Generative AI technology pose significant threats to mobile identity, creating the need for a new approach.

The Unseen Dangers of Mobile-Based Identity Proofing

Deep fakes and generative AI technologies have been making headlines due to their ability to create highly convincing digital replicas of human identities. Deep fakes employ machine learning algorithms to create realistic human-like simulations, often featuring familiar faces, while generative AI crafts counterfeit digital identities from scratch. These technologies can generate images, videos, and even voices that are almost indistinguishable from genuine human expressions.

Mobile-based identity proofing is especially susceptible to these risks. For example, California’s online identification process matches a driver’s license with a snapped selfie. Generative AI can be used to create a synthetic identity, complete with counterfeit documentation and a matching photo or video capable of being used to register a fraudulent identity.

The Case for NIST IAL-3 and NextgenID's SRIP

A shift back to in-person identity proofing—as defined by the National Institute of Standards and Technology's Identity Assurance Level 3 (NIST IAL-3)—is recommended to counter these emerging threats. NIST IAL-3 requires physical presence for identity verification, thus providing a more secure line of defense against Deep Fakes and Generative AI attacks.

NextgenID's Supervised Remote Identity Proofing (SRIP) offers advanced identity verification mechanisms that outmatch mobile-based methods. SRIP involves real-time, human-supervised identity proofing, enhancing the process with additional security measures such as biometric collection and biographic document authentication, significantly raising the bar for imposters. Because the individual is in view of an observer throughout the proofing process, SRIP enforces a superior method for mitigating deep fakes and AI attacks commonly used against mobile phone-based sessions.

The Need for Robust Security Measures

In the era of increased digitization, and remote work it is imperative that government agencies ensure the highest levels of security when dealing with sensitive, confidential, and personal data. Increasing an agency's security posture by embracing NIST’s High Assurance (IAL-3) framework, and utilizing advanced tools like SRIP, protects against Deep Fakes and Generative AI threats, helps maintain confidentiality, and prevents unauthorized access to sensitive information.

Cost Effective and Convenient

Too often, implementing enhanced security measures means compromising on convenience or adding significantly to the cost basis of a solution. Using SRIP enables on-demand proofing through remote trusted agents. Utilizing agents from a call center improves availability to the user and increases convenience. At the same time, this approach shares resources and enables an agent to manage multiple transactions, thereby reducing the overall operational costs.

Looking Forward: Staying Ahead of the Curve

As the identity landscape continues to evolve, government agencies must stay vigilant and informed about emerging trends. Research and investments should be directed toward identifying new threats and developing countermeasures. Additionally, government bodies must promote cross-industry collaboration and share best practices to create a more unified and robust defense against these threats.

Evolving from mobile-based identity proofing to more secure methods, like NIST’s High Assurance level 3 (IAL-3) in-person identity proofing utilizing SRIP methods, is a proactive and necessary measure. NIST’s guidance for utilizing SRIP protects against current threats like deep fakes and generative AI while also laying the foundation for combatting future threats.

Subscribe to Our Newsletter
Headquarters

Headquarters

10300 Eaton Place, Suite 305
Fairfax, VA 22030, USA