Document verification
Overview
You can have the highest level of assurance in the real-world identity of someone signing up for your application or organization by setting up document verification.
Prospective customers can claim their identities online by presenting an identity document they hold, such as a driver’s license or passport. Once they scan their document, the verification flow will do various levels of fraud checks to make sure
- the presented document is real and it’s not a counterfeit nor has been tampered with (Authenticity/Credibility)
- the person is the actual owner of the identification document presented (Possession)
- the person signing up for the account is genuinely present in the process (Liveness check)
These features are readily available in Strivacity’s document verification flow, provided by our trusted ID verification vendor.
Compliance
As part of our Information Security Management Program (ISMP), Strivacity includes compliance, testing, and certification wherever possible. Our document verification process complies with the following security standards:
NIST 800-63A IAL 2 compliance
Document verification is equipped to protect sensitive and regulated data, such as financial and healthcare records from unauthorized access and fraudulent activities in accordance with NIST 800-63A’s Identity Assurance Level 2 standards. Our verification method provides a high level of confidence in user identities accessing sensitive data and services.
NIST non-bias decisioning
Our document verification service earned the highest ranking for impartial race and gender decisioning. Rate 1 by NIST ensures objective, non-biased decisioning when an identity’s authenticity is verified. Our service can handle 35 million identity verification transactions in a single day and over a whopping 1 billion in a month.
Liveness check
Our built-in liveness detection fulfills Level 2 iBeta Presentation Attack Detection (PAD) requirements. This assures that document verification rejects fake representations or “spoofs” of biometric samples and only accepts genuine biometric data for verification.
GDPR compliance
We’ve taken the necessary steps to ensure the processing of personal data for document verification is in line with the General Data Protection Regulation (GDPR) to protect the rights of your EU customers.
CCPA compliance
We’ve also made sure our document verification process complies with the California Consumer Privacy Act (CCPA) to protect your US customers' rights to privacy.
Data retention
You can adjust data retention rules for document verification to stay compliant with the data protection regulations relevant to your organization. You can define how customer data collected during the verification process should be stored, retained, and deleted.
Customer experience
When customers are routed to the document verification journey, they are asked to prepare their identity documents and smartphones they can capture a selfie with:
Then, customers can scan the QR code appearing on the screen to start:
If QR code capture is not available, customers can request a link instead. The link is sent to their email which they can open on their smartphone.
On their smartphones, customers will be asked to choose an identity document. Each document type will have different instructions on how to scan them.
Customers have to make sure that they allow the use of the camera on their phones to capture photos.
To provide assurances for the document's authenticity, to prove it belongs to the customer, and that they are also genuinely present in the process, customers have to pass a selfie check:
The photo they take is compared to the image extracted from their ID document of choice. Customers either can either
- pass document verification,
- be asked to resubmit images,
- or fail the process.
Customers will continue their journey depending on the actions set up for document verification and any additional identity proofing steps available.
Customer success
Requirements
Customers can use the following documents for establishing trust in their online identities:
- Card form documents, such as
- government issued ID or
- driver's license
- Passport
For card form documents, customers are required to capture both sides. For passports, only one side is needed.
Troubleshooting
Error messages
Customers can fail document verification for various reasons. It's not always fraudulent behavior that stands in the way of establishing trust in their identities: the problem might be as subtle as using the wrong type of document, scanning it in bad lighting, or not realizing the document had expired.
Customers receive error messages specific to the type of failure that occurred if they can't pass document verification.
Event logs
In addition to the customer experience, account event logs can come in useful for your customer success team to see where things went wrong. Account event logs trace back customer activity and help identify points of failure.
Your customer success team can use this troubleshooting section to identify/match the customer experience with the error logs in account events and explain to customers what they need to do differently to successfully establish their identities.
Failure reasons
Image quality
Document and selfie capture relies on a built-in sensor that only takes images once an acceptable level of image quality is detected. Customers will know their document or selfie is ready for capturing once the frame around their subject turn green.
However, in some cases, the document verification service may still have issues with image quality. In this case, customers will receive the following error message and will be asked to recapture:
This error can mean both document and selfie issues.
Customer service can identify this error from the following account events logs:
Phase name | Description | Outcome |
---|---|---|
Document verification processing started (documentVerificationSessionProcessing) | The document verification process phase has started. | No outcome is displayed if there was no attempt on the customer's end to recapture the images. This also indicates that the flow has been abandoned. Verification recaptured appears if further action was taken by the customers and they retried taking images. The Generic result block will also return Action. |
Block name | Description | Outcome |
Document verification session processed (documentVerificationSessionProcessing) | The document verification session was processed. | Verification recaptured and the block contains "Bad picture quality" for the reason. |
Unsupported document type
This error occurs when the format of an identity document does not match the document type the verification service is expecting.
The verification service expects two types of identity documents:
- ID-type documents that are the shape of a card, like a driver's license or national ID card.
- Passport-type documents that are not the shape of a card, like a passport or visa.
When a customer selects a document type, the identity document should be in the format that corresponds to the selected type. Customers may receive this error if the official identity document in their region comes in a different format than what the service expects e.g. the passport of a country is card-shaped.
Customer service can identify this error in the account events from the following logs:
Phase name | Description | Outcome |
---|---|---|
Document verification processing started (documentVerificationSessionProcessing) | The document verification process phase has started. | No outcome is displayed if there was no attempt on the customer's end to recapture the images. This also indicates that the flow has been abandoned. Verification recaptured appears if further action was taken by the customers and they retried taking images. The Generic result block will also return Action. |
Block name | Description | Outcome |
Document verification session processed (documentVerificationSessionProcessing) | The document verification session was processed. | Verification recaptured and the block contains "Unsupported identifier" for the reason. |
Expired documents
If someone is trying to verify their online identity with an expired document, they will also be asked to resubmit a valid document:
Customer service can identify this error in the account events from the following logs:
Phase name | Description | Outcome |
---|---|---|
Document verification processing started (documentVerificationSessionProcessing) | The document verification process phase has started. | No outcome is displayed if there was no attempt on the customer's end to recapture the images. This also indicates that the flow has been abandoned. Verification recaptured appears if further action was taken by the customers and they retried taking images. The Generic result block will also return Action. |
Block name | Description | Outcome |
Document verification session processed (documentVerificationSessionProcessing) | The document verification session was processed. | Verification recaptured and the block contains "Expired identifier" for the reason. |
Fraudulent behavior
If document verification fails because document authenticity, ownership, or liveness couldn't be proven, the customer is shown this screen and also advised to contact support:
Customer service can identify this error in the account events from the following logs:
Phase name | Description | Outcome |
---|---|---|
Document verification processing started (documentVerificationSessionProcessing) | The document verification process phase has started. | Reject |
Block name | Description | Outcome |
Document verification session processed (documentVerificationSessionProcessing) | The document verification session was processed. | Failed (failed) and the block contains "Fraud" for the reason. |
Connectivity issues
Document verification can be interrupted due to connectivity issues with the service, e.g. session timeout occurs on the vendor's side. In this case, customers are allowed to retry document and selfie capture two times and continue with the flow if reconnection was successful.
Updated 4 months ago