Introduction
Identity verification of government-issued identity documents is mission-critical to ensure a user’s identity is accurately and securely verified in the authentication process. This is especially important in remote environments and mobile device applications.
- As identity theft, forged documents, and spearphishing attacks are rising, providers have a critical responsibility to ensure the accuracy and security of their document authentication technology.
- While meeting the demand for fast, easy user authentication, document authentication technology must be carefully managed to reduce security, compliance, and user privacy risks.
- Organizations need trusted document authenticity tools that verify government-issued documents for user identification, to ensure routine activities, such as user on-boarding and off-boarding, and account recovery are secure and tested to meet globally recognized standards.
Resilient document authentication for identity verification is key to connecting the digital and physical worlds in the authentication process. Mobile document verification solutions must check the document format and “selfie match” the document’s image to score the information’s validity and consistency. However, today’s solutions may yield inaccurate and unreliable results that can be fixed through an industry-defined program that validates performance claims.
Verify Users with FIDO Document Authenticity (DocAuth) Certification
Using government-issued documents for identity verification is a preferred mechanism to verify users in initial authentication and account recovery processes. However, technologies that verify a user’s identity with government-issued documentation must ensure authenticity before a user can create an account and proceed with FIDO Authentication. Similarly, when a user attempts to create an account, recover account access, or resent a password, their identity should be validated again.
To overcome document risks, such as forged IDs, document tampering, and invalid documentation, technology providers can validate their solutions with the Document Authenticity (DocAuth) Certification from The FIDO Alliance.
The DocAuth Certification Process offers a testing mechanism that ensures a remote technology can accurately detect if an in-scope document is authentic. In-scope documents can include national identity cards, driving licenses, passports, residence permits, visas, voter identification cards, or other government-issued identification documents.
Solution providers who invest in this certification can achieve better outcomes for their stakeholders in a multitude of ways:
- Certify technology for document authentication used in remote identity verification products for accuracy, identity and “selfie” matching, and validation of government-issued documentation.
- Ensure document authentication meets privacy, security, and ease of use requirements.
- Prevent targeted attacks, such as spearphishing, imposter documentation, and presentation attacks.
Test for Threats in Document Authentication
The Document Authenticity Certification includes testing for the most common threats associated with government-issued documents used in authentication and identity verification.
- Counterfeit
- Forgery/Tampering
- Digital Tampering
- Physical Tampering
- Expired or Invalidated Document
- Presentation Attack
- Face Morph
Why Providers Choose Document Authentication Certification
FIDO’s in-depth certification methodologies provide quality and security assurance for end users, consumers, and third-party providers to ensure document authentication is managed for the highest levels of security and usability.
- Risk Management for Security, Accuracy, and Interoperability: Similar to the Face Verification Certification Program, the DocAuth Certification demonstrates providers can accurately verify their users’ identities with government-issued identification and match IDs with “selfie-match” images. This proactive approach helps providers defend against common threats in documentation authentication, including forged documents and face morphing. Document authentication can then be used in first-time account creation for FIDO authentication and account recovery.
- Test for Common Issues in Remote Document Authentication: By certifying documentation authentication capabilities, technology providers can evaluate performance and accuracy across environments and use cases, ensuring remote systems can meet requirements. FIDO DocAuth is the industry’s first international certification program that tests for document authenticity with a breadth of sophistication for international government-issued documentation. Rigorous testing ensures users and receiving organizations can be confident that authenticated documents are genuine and valid – and not forged, stolen, or fake.
- Validate Outcomes through the Certification Process: Both identity validation certifications utilize FIDO Accredited Laboratories to test and evaluate mobile document and face verification solutions. When Paired or stand-alone, these certifications demonstrate to customers, prospects, and auditors their solutions have undergone independent testing and security validation to meet FIDO’s performance criteria and are ready for applicable commercial and government use cases.
Benefits of FIDO Document Authentication Certification
The FIDO Alliance Document Authentication Certification is a globally recognized certification that assures document authenticity tools meet the highest standards for security, interoperability, and user privacy. Third-party providers can take this recognized pathway to validate their solutions to win customers and assure stakeholders by rigorously testing with the industry’s only document authentication certification program.
The benefits of certification offer providers the ability to meet a wide range of goals, from revenue generation to security validation to equity and bias testing.
- Test and certify DocAuth tools used to verify document authenticity in remote identity verification products using The FIDO Alliance’s framework based on ISO and industry standards and certified by accredited independent laboratories.
- Achieve recognition and win customers with certified document authentication by The FIDO Alliance – the industry’s only certification that verifies the authenticity of international government-issued identification documents.
- Strengthen core vulnerability points across the authentication process, and maximize the success of remote identity verification with government-issued IDs. Strengthen a user’s identity verification during initial account creation as a critical step to support the overall integrity of the user account management, while building resilience for subsequent FIDO-based sign-ins.
Upon completion, certified providers can publicly list their offering in FIDO’s Certified Products database, access FIDO trademarked logos for sales and marketing use (subject to agreement), and demonstrate certification status with a FIDO-issued certificate.