2025 Identity Verification Trends
As we are approaching the end of 2024, this is a good time to start looking into the future trends of identity verification in 2025. We spoke with Calum Bunney, Product Management Lead at Keesing Technologies, to hear what we can expect to see in the year ahead.
1. Increasing awareness and importance of identity-checking frameworks to IDV solutions
ID checking frameworks gather several technical ISO standards similar to the ICAO travel document standard ICAO 9303. Different frameworks are emerging for different use cases, such as financial services, employment ID checking, digital ID issuance, and eIDAS trust service applications. The purpose of these application-level frameworks is to apply the right technical rules and standards to make ID verification reliable. Just as the travel document standard (such as from ICAO) has evolved over time, these newer ID frameworks are likely to improve and become more consistent.
“There is activity on many standards levels. A new generation of frameworks brings together generic concepts for ID assurance, such as those found in FIPS, ISO 29115, ISO 29003 and ISO 30107. They mix these with a level of technical frameworks – such as ISO 27001 and ISO 9001 – and then set their own standards for how trustworthy their ID checks need to be. Different frameworks will aim for and achieve different levels of trust.”
2. Increasing use of biometrics
Biometrics has become a must-have feature for remote identity verification (IDV). In this process, the person holding the document initiates the secure document upload. In face-to-face situations, a business agent may also use a mobile device as a scanner; however, due to them operating in a circle of trust, the associated risks are lower than remote verification.
In the first step, the document holder takes a document picture with their own mobile camera and will usually scan the chip. A selfie portrait is then taken, either in a still photo or video format. This is biometrically matched against the facial image stored on the document, usually in the chip.
The most recent technological advancement of this remote onboarding approach is focused on the trustworthiness of the face biometric presentation. Deepfakes, AI attacks, and even simple videos may still fool some solutions, posing the risk that a legitimate document will be used by an impersonator.
“New live attack vectors keep raising the biometric stakes for remote IDV. The market cannot stand still on this topic and a constant race for supplier technology performance is likely to be a destabilising factor for as long as AI is alive and well. This might reshape the market. Either by supplier consolidation to those with the most resistant technology model or perhaps to a hybrid solutions model where more attack detection is deployed on the server side to compensate for concerns over mobile application security.”
He added, “In the meantime, face biometrics can still deploy successfully in face-to-face situations where business users experience a high volume of physical in-person onboarding traffic. Here they can benefit from the detection power of automated face checking.”
3. Increasing market volumes mean a closer look at false rejection
Looking at market growth means not only looking for new and bigger volumes but also at the longer-term value invested in an onboarding process.
It is no surprise that organizations with large volume ID onboarding requirements will be drawn to automated, remote onboarding solutions. These shift the workload to the applicant side, and they may simplify the front end of the process. However, creating a truly successful solution requires more than just an NFC-enabled phone and a selfie camera.
“The debate around biometric liveness and presentation attacks has distracted lately from the biometric reference question: in a remote IDV solution, the reference data is also remote and needs to be trusted. Synthetic document attacks are an increasing problem and can fool many systems. The usual response to this attack is to require the ICAO RFID chip and extract the facial data from this for matching. However, synthetic documents can include or be combined with false ICAO chips. The technology to do this is becoming increasingly accessible. The only solutions to fully address this are to authenticate the chip – using Active or Chip Authentication protocols – and to complete these steps with a Passive Authentication check on the signed chip data. The emergence of the ICAO Digital Travel Credential underlines that from a remote perspective, Passive Authentication is a vital check to perform. Without this, it is not possible to tell the fake from trustworthy biometric reference data.”
“The move to remote IDV that relies only upon the signed chip data to support trust in the document data and the biometric verification process will continue to increase the false rejection rate for genuine documents. Many documents in circulation do not feature chips or those whose verification certificates are not easily reached. In such cases, a relying party application has either to falsely reject such a document or run the increasing risk of a false acceptance. Verifying the visual document alongside this process will significantly reduce the false rejection gap. This can be further reduced by working with a well-resourced certificate directory and an expert helpdesk to review edge case documents.”
4. Increasing use of IDV to create reusable digital identities
The eIDAS2 framework is a good example with a focus on creating more use of reusable digital identities. Other parts of the world, such as Canada, South Korea, and Australia are taking a similar path. A reusable digital identity persists over time and can be used with a variety of service providers, both public and private.
The longevity of the reusable identity requires an embedded understanding of identity lifecycle management. Interoperability is often courtesy of externally supported concepts such as identity federation.
“Creation of a reusable digital identity puts a heavy trust burden on the new digital identity provider. The onboarding process is a foundational one. It cannot afford technical solutions that admit high false acceptance of digital identity applications and cannot afford to exclude (socially or commercially) many falsely rejected identities.” said Calum.
“Successful digital ID providers usually have a set of services for automation, edge case management, and application helpdesks. These need to be threaded together in a seamless way.”
5. Standardized output from IDV
ID and ID document verification is a special service that can be consumed in many types of end-use cases: financial services onboarding, employment, electronic trust services, and more. Customers in these end-user segments are looking for increasingly standardized outputs.
“There are two types of standardized output that will become increasingly important. The first of these is the normalisation of identity data, increasingly referred to in identity management terms as ‘attribute’ data. The terminology and content for these attributes should be consistent and useful. Secondly, the confidence level in verifying attributes during ID onboarding must be agreed upon and communicated”.
About the Contributor
Calum Bunney has worked in the ID industry for more than 25 years and was involved in a variety of projects from the design and launch of electronic passports and eIDs in several countries, the design and delivery of qualified electronic signature trust services within eIDAS, and mobile eIDs and digital wallet technologies.
Reliable Identity Verification Solutions
Our goal at Keesing Technologies is to enable businesses to conduct precise, safe identity checks by offering reliable identity verification solutions. AuthentiScan combines document verification with biometric authentication to validate the document and its owner, while our DocumentChecker tool provides accurate reference data on global identity documents. Businesses can access a vast library of reference data on identity documents through our DaaS (Data as a Service) offering. It is valuable for internal verification processes and training machine learning models in companies creating their own IDV solutions. Our ID Academy provides specialised training to help teams excel in identity verification, and our Keesing Platform provides timely insights to keep teams updated on industry trends. Contact us below for any enquiries and to experience our solutions firsthand.