As our world becomes increasingly digitized, verifying identities securely has become
paramount, especially within government agencies tasked with protecting sensitive data.
One commonly employed identity verification technique, conducted at Identity Assurance
Level - 2 (IAL-2), involves using mobile phones. However, recent developments in deep
fakes and Generative AI technology pose significant threats to mobile identity, creating
the need for a new approach.
Deep fakes and generative AI technologies have been making headlines due to their
ability to create highly convincing digital replicas of human identities. Deep fakes
employ machine learning algorithms to create realistic human-like simulations, often
featuring familiar faces, while generative AI crafts counterfeit digital identities from
scratch. These technologies can generate images, videos, and even voices that are almost
indistinguishable from genuine human expressions.
Mobile-based identity proofing is especially susceptible to these risks. For example,
California’s online identification process matches a driver’s license with a snapped
selfie. Generative AI can be used to create a synthetic identity, complete with
counterfeit documentation and a matching photo or video capable of being used to
register a fraudulent identity.
A shift back to in-person identity proofing—as defined by the National Institute of
Standards and Technology's Identity Assurance Level 3 (NIST IAL-3)—is recommended to
counter these emerging threats. NIST IAL-3 requires physical presence for identity
verification, thus providing a more secure line of defense against Deep Fakes and
Generative AI attacks.
NextgenID's Supervised Remote Identity Proofing (SRIP) offers advanced identity
verification mechanisms that outmatch mobile-based methods. SRIP involves real-time,
human-supervised identity proofing, enhancing the process with additional security
measures such as biometric collection and biographic document authentication,
significantly raising the bar for imposters. Because the individual is in view of an
observer throughout the proofing process, SRIP enforces a superior method for mitigating
deep fakes and AI attacks commonly used against mobile phone-based sessions.
In the era of increased digitization, and remote work it is imperative that government
agencies ensure the highest levels of security when dealing with sensitive,
confidential, and personal data. Increasing an agency's security posture by embracing
NIST’s High Assurance (IAL-3) framework, and utilizing advanced tools like SRIP,
protects against Deep Fakes and Generative AI threats, helps maintain confidentiality,
and prevents unauthorized access to sensitive information.
Too often, implementing enhanced security measures means compromising on convenience or
adding significantly to the cost basis of a solution. Using SRIP enables on-demand
proofing through remote trusted agents. Utilizing agents from a call center improves
availability to the user and increases convenience. At the same time, this approach
shares resources and enables an agent to manage multiple transactions, thereby reducing
the overall operational costs.
As the identity landscape continues to evolve, government agencies must stay vigilant
and informed about emerging trends. Research and investments should be directed toward
identifying new threats and developing countermeasures. Additionally, government bodies
must promote cross-industry collaboration and share best practices to create a more
unified and robust defense against these threats.
Evolving from mobile-based identity proofing to more secure methods, like NIST’s High
Assurance level 3 (IAL-3) in-person identity proofing utilizing SRIP methods, is a
proactive and necessary measure. NIST’s guidance for utilizing SRIP protects against
current threats like deep fakes and generative AI while also laying the foundation for
combatting future threats.
10300 Eaton Place, Suite 305
Fairfax, VA 22030, USA