Six Tips to Improve Your Remote Identity Proofing Process
Remote identity proofing has done wonders to keep security tight as everyone rapidly adapted to remote working arrangements. Organizations quickly learned how to leverage video sharing platforms, address verification APIs, and self-service MFA encoding techniques to securely deploy hardware tokens to the correct person after a rigorous verification process.
If you are considering using remote identity proofing to secure your remote workforce or even just to streamline existing credential issuance processes, we have compiled a list of practical tips to help you save time and avoid costly design rework. The information focuses on often overlooked techniques that can drastically improve the quality and reduce risk. If you need a refresher for how remote identity proofing works, please visit our remote id proofing page.
Before you get started, it is important to realize remote identity proofing is more than just starting a remote meeting, having the applicant turn on their camera, and taking their photo. For the best results, this process requires careful planning and communication to mitigate fraud and to ensure the applicant has a secure, private experience that results in the highest quality identity enrollment data. When all parties plan and understand why this process is occurring, how to prepare for it, and the security controls that will be in place, the entire outcome is much more consistent and resilient to fraud. For more guidance, see this remarkable NIST publication on Enrollment and Identity Proofing.
Tip 1: Describe the privacy and security controls
Take extra time to explain to the applicant how the process works. Let them know this process is being done because of security policy and that their personal data is being secured and will remain private. Also be very clear that you will be using security procedures to ensure that the session is authentic such as; recording the session, using 3rd party sources to validate data, and leveraging technology to detect false identification. When the applicant knows more about the process, they will know exactly what is required of them and this process will be under strict supervision to minimize fraud.
Tip 2: Provide guidance for site prep
Unlike traditional badging offices where the organization can control the lighting, background, and who is present in the room, an applicant typically enrolls at home under a variety of dynamic conditions. Therefore, it is important to provide guidance to the applicant on how to take the best photo, how to control light, and how to create a clutter free background to ensure the photo image is as clear as possible.
Tip 3: Simplify workstation setup
Similar to the previous tip, you must remember the actual data capture will be occurring on a computing device the applicant controls, usually their mobile device or laptop. Therefore, in addition to the physical environment, take great care to help prepare applicant’s workstation or mobile device. During the scheduling process and well before the enrollment process, send links for the applicant to download and install the video software so that they can test and ensure it is operational.
Tip 4: Verify before enroll
After the video session has been set up and the enrollment officer and applicant are interacting with one another, do not immediately perform the photo capture. Instead, make sure to verify the applicant first. A simple, but overlooked security technique is to have the applicant answer a series of questions to help prove they are the same person that registered. This could be a security code that was sent during the registration process, a piece of information in their HR package or information retrieved from the pre-screening background check.
Tip 5: Teach and enforce photo consistency
Either through software or manual inspection, ensure that the person’s photograph is centered and there are no obstructions behind them. Additionally, ensure the photo is cropped and centered consistently.
Tip 6: Track your credential shipment
Before shipping the hardware credential to the user, document the credential ID and shipping number. Combining secure tracking with the unique verification code for credential activation is critical to ensure the proper person received the token.
Remote identity proofing is a powerful security process that can add assurance to your overall security framework. However, before jumping in, plan to ensure your process yields high quality results that can be trusted.