Connecting the Dots of Identity Verification

Recently, our title and real estate customers have been facing a surge in seller impersonation fraud. A fraudster will find vacant or unencumbered properties to list for sale through a real estate agent. These properties are quickly sold for cash offers, usually under market price. The proceeds are wired to the fraudster, who then moves the funds to multiple accounts to evade traceability. 

Given the multiplying effects of declining housing sales coupled with growing vacant land prices - this type of fraud will likely continue to grow. 

That’s why real estate firms have been searching for a consistent approach to identity verification. It’s important to spot these scams early in the process. This reduces your risk of wire and funds transfer fraud and avoids wasting your valuable human capital on bogus deals. 

CertifID set out to provide a consistent framework for our customers to address this growing problem. In our research to provide a comprehensive approach for our customers - we uncovered some surprising insights. 

Let’s start with making sense of the jargon.

Overall, it can be confusing to understand all the products out there and what they do. “ID validation” is often used interchangeably with “identity verification.” What’s the difference, right? Well, it turns out - a lot. 

ID validation refers to establishing the authenticity of an ID card or document, for example, a driver’s license. In this case, “ID” refers to a physical asset used as an identity document (not just a shortening of the word identity). ID validation solutions check for the integrity of that document and that there are no discrepancies or signs of tampering. Basically - these ID validation tools are checking for fake IDs. 

Identity verification is actually something more layered. And it's a process that takes different approaches – some manual, some electronic. According to Experian: “Identity verification is the much more in-depth step of linking an individual to the information they provide.” 

I won’t even get into authentication for now. That’s for another time 😂

ID validation is focused on a document, not a person.

ID validation tools can discern, based on the analysis of the imagery of an ID document - if a font is wrong, the spacing is incorrect, or there's any discrepancy with the document itself.

They often leverage a library of documents on file for each state they’re checking an ID against. They can also scan the bar codes on the ID, decode what is on those bar codes, and then compare it to what’s on the ID. 

And if that fails, then they may use biometric scans. This one is a little bit tricky. For example, you've probably experienced a face scan upon re-entry at the airport from an international flight or with other services. They’ll perform and submit a face scan and compare that scan to the picture on the ID document. 

ID validation tools check that the document presented is authentic compared to the library of documents it’s checking against. But it can’t check that a government issued the ID. And it can’t check that the picture on the ID is in fact the person that presented it. And we've seen many cases where that hasn’t been the case.

So that's where we have to be careful in how we use ID validation tools - they're powerful when used in a layered approach, but they’re risky to use on their own because they may give you a false sense of security.

Remote online notary (RON) tools can provide additional verification.

With RON, you can add another layer of verification. Let’s say you think you have a valid ID. How can I match that ID to the person holding that ID? 

With RON you can get that person on camera with you and match their likeness to the ID. This is helpful. However, we've also seen cases of fraudsters who were so bold as to get on the camera and actually passed a RON verification. So again, any single tactic is just not enough for these aggressive and sophisticated fraudsters. 

Identity verification requires a multi-layered approach.

Each of these tools provides multiple data points for establishing a person’s identity (insofar as they seem to be who they say they are). It’s an exercise in connecting the dots of multiple data points to bring that identity into a clearer picture. A valid ID is just one point of information. Matching that ID to a person on camera is another data point in helping establish that person’s identity. And we can check other aspects of who they are - the device they're using; that they’re the user on that device; does all the information match expected patterns, and so on. CertifID uses a multi-layered approach of device and identity analysis.

Also, let’s address the recent discussion on the value of knowledge-based authentication (KBA). Used alone, KBA can also be risky. Unfortunately, due to the data breaches that credit bureaus and other organizations have experienced, some of that information could be obtained by cybercriminals. So, KBA should be used as just one of multiple layers of authentication and verifications performed as part of an identity verification process. 

It’s also important to note that there are two versions of KBA: Static and Dynamic KBA. Static KBA relies on predetermined questions and answers for verifying a user's identity, typically using information only the user should know but which can often be researched, such as birthplace or mother's maiden name. Dynamic KBA, in contrast, generates questions in real time based on a wide range of personal information drawn from various sources, making it more difficult for potential intruders to predict or research the answers. At CertifD, we leverage dynamic KBA, which allows us to provide a secure, adaptable, and user-friendly method of user authentication.

To compare all of these approaches we just discussed, look at this table on what ID validation tools, remote notary tools, and CertifID each do.

Don’t forget the last mile - a fully secure transaction. 

Finally, don’t let your defenses down even after identity is established. There still needs to be a secure way to share payment information with those verified individuals. 

Let’s say you’ve gone through a robust vetting process with the potential seller and are comfortable moving forward with the deal. How can you ensure the payment information isn’t compromised in the final steps of your transaction? Don’t forget that business email compromise (BEC) - involving a fraudster intercepting communication to get money to be sent to the wrong place - is still rampant in the real estate industry, to the tune of $893M in reported losses in 2020-2021 according to the Financial Crimes Enforcement Network (FinCEN). 

That’s why CertifID was founded and what we solely focus on. We built an end-to-end solution that securely enables real estate firms to move money to, from, and for your clients. But to do that, it includes identity verification upfront before any money changes hands. 

In all, we look at over 150 markers of fraud to establish an overall assessment of risk before you move your money. And we stand behind each verified transaction with up to $1M in insurance. CertifID is here to take all that risk off your shoulders, so you and your teams can get back to what you love - ensuring great client experiences.

‍