Identity Proofing
Identity proofing is the process of collecting, validating, and verifying a person's information to establish their identity with a defined level of confidence. It is the first step before issuing digital credentials.
Identity proofing differs from authentication in that it occurs during the first contact with an individual, when no trust relationship yet exists. The goal is to answer the question: 'Is this person really who they claim to be?' before granting access or creating an account. This process is fundamental to preventing identity theft from the very start of the relationship.
NIST (National Institute of Standards and Technology) defines three Identity Assurance Levels (IAL): IAL1 (self-asserted), IAL2 (remote verification with document), and IAL3 (in-person or equivalent verification). The European eIDAS regulation offers a similar framework with low, substantial, and high assurance levels.
A robust identity proofing process typically comprises the collection of identity attributes (name, date of birth, address), validation of identity evidence (valid, non-expired, non-revoked document), verification of the identity (matching the person to the evidence), and fraud risk assessment at each stage.
Regulations
Real-world examples
- 1.A digital bank implements an IAL2 identity proofing journey for account opening: the customer submits an identity document, records a video selfie, and confirms their phone number via SMS.
- 2.An eIDAS certification body verifies the identity of a qualified signature certificate applicant by requiring physical presence or a certified video journey with liveness detection.
- 3.A staffing platform verifies the identity of temporary workers during registration, combining document verification and biometric checks to achieve a high confidence level.