Trusted Digital Identities

Bank Secrecy Act (BSA) regulations mandate Customer Identification Programs (CIP) as one of the pillars of AntiMoney Laundering (AML). The BSA also mandates that FI’s must risk-rate their applicants, and apply enhanced duediligence (EDD) for higher risk clients. The question is how to establish the risk rating of an identity solely based on the information provided, when such information can be reasonably easy to acquire, especially to those who have the means and the motivation to do so.

Establishing that an applicant is who they say they are and evaluating all of their entities (e.g. email addresses, physical addresses, credit cards, devices) against various risk indicators, including affiliations and connections to verifiable sources of risk, is the basis of Trusted Digital Identities? (TDI?).

There is clear value in performing identity validation beyond compliance. The more certain you are about dealing with a real identity, the better you understand the risk involved in a transaction. In order to validate an identity online there are many options. There are third party databases, such as IdentityMind (IDM), to validate that the applicant’s information have been seen before. You may also use social networks, deep web searches, etc. If there are inconsistencies in the data, you can perform EDD such as Out of Wallet Questions / Knowledge Based Authentication. Some FI’s incorporate document verification (specifically in countries that welcome it such as Germany and Canada) as well as biometrics.