The current state of identity verification
Today, the online identity verification market is severely fragmented, with over 30 players all taking a similar nearsighted approach. This approach, where users must verify their identity with each new service they sign up for, is not only expensive and inconvenient for users but also leaves many industries without an effective way to prevent fake accounts.
The limitations of this fragmented market are clear. With the rise of fake accounts, businesses waste over $100 Billion advertising to users that don’t exist. Subscription services lose over $30 Billion to free trial fraud and account sharing, and platforms spend over $25 Billion each year combating fake accounts.
The existing solutions in the market can only detect and remove fake accounts after sign-up, giving bad actors ample opportunity to cause damage and create new accounts after each ban. These solutions do little to actually prevent fake accounts from infiltrating platforms in the first place.
Moreover, this fragmented market means that users are forced to verify their identity multiple times, which can be time-consuming and inconvenient. With each new service they sign up for, users must go through the identity verification process all over again, leading to a fragmented and disjointed user experience.
Not only is this process time-consuming and inconvenient, but it also means that users are forced to store their personal information in multiple places, increasing the risk of data breaches and identity theft. This also means that users must constantly monitor their personal information to ensure that it’s secure, adding even more inconvenience to their lives.
To summarize, the current state of identity verification leaves many businesses and platforms without an effective solution to prevent fake accounts, and causes unnecessary friction for users. It’s clear that the online identity verification market is in need of a new provider with a more conprehensive and centralized solution.
A Centralized Approach to Identity
A centralized approach to identity verification solves many of the existing problems in the identity verification market. Users only need to verify their identity once, and then can reuse that information across multiple services. This eliminates the need for users to go through the verification process for every service they want to use, and limits the number of places where users must store their personal information.
A common objection to such an approach is that it poses a security risk to users by storing their personal information in one place. However, one must also consider this in comparison to the risks of the alternative: storing their personal information in multiple places across the internet.
In a centralized approach using a provider that gives users full autonomy over how their data is shared, users can choose exactly what information they want to share with each service. Additionally, when using a centralized approach, the services often don’t even need to know the user’s personal information. They can simply rely on the centralized provider to verify the user’s identity and then just use the result of that verification.
In contrast, in a decentralized approach, each service must collect (or use a third party to collect) enough personal information about the user to verify their identity. This often involves collecting sensitive information that isn’t even relevant to the particular service beyond the purpose of identifying the user. Not only does this inconvenience the user upon sign-up, but it also means that the user’s personal information is stored in multiple places across the internet, significantly increasing the number of attack vectors for a potential hacker.
Proactive vs. Reactive
Reactive
Despite the efforts of companies and platforms to detect and remove fake accounts, the problem still persists. The current methods for identifying fake accounts are reactive in nature and are generally some variation of: (1) monitoring for suspicious activity, (2) flagging accounts for review, and (3) banning them if necessary. However, this approach has several flaws that allow bad actors to continue creating fake accounts, causing damage, and evading detection.
The first issue is the lag time between when a fake account is created and when it is detected. During this time, the fake account can engage in various malicious activities, such as spreading false information, posting fake reviews, or even stealing sensitive data. By the time the account is detected and banned, much of the damage may have already been done.
The second issue is that bad actors can easily create new fake accounts after each ban. They can use different IP addresses, email addresses, and personal information to evade detection, making it difficult for companies and platforms to keep up. This creates a never-ending cycle of detecting, banning, and recreating fake accounts.
Finally, the current methods for detecting and removing fake accounts are expensive and resource-intensive. Companies and platforms have to invest heavily in security personnel, software, and hardware to monitor and review accounts. The cost of this is staggering, with platforms spending over $25 Billion each year combating fake accounts.
Proactive
For these reasons, it’s clear that companies and platforms need a proactive solution that can prevent fake accounts from being created in the first place, eliminating the problem before it even starts.
Such a solution would need to leverage more than just the standard information collected during sign-up, such as email address, name, and IP address. These can be easily spoofed through a variety of methods (temporary email addresses, VPNs, etc.) and are not enough to guarantee the identity of the user to any reasonable degree. Instead, information that is less easily spoofed should be used, such as biometric data.
Biometrics
Biometrics have become increasingly common in recent years, appearing in everything from smartphones to airports. The distinct advantage they offer over traditional methods of identity verification is how difficult they are to spoof when implemented well.
However, many companies and platforms have been slow to adopt biometrics due to the high cost of implementation. For all companies except the largest, the cost of implementing biometrics is prohibitive and would almost certainly outweigh the benefits provided.
For this reason, many companies opt to use third party solutions to implement biometrics in the context of identity verification. There are a variety of such solutions that range from simple facial recognition to advanced liveness detection. When selecting a third party solution, a company must find a balance of cost, accuracy, and friction on the end user.