ID verification infrastructure: how to decide which Is best for your business
By Henry Patishman, Executive VP, Identity Verification Solutions at Regula
Nowadays, many businesses have fully migrated some of their operations to the cloud. However, for identity verification (IDV), on-premises solutions are still widely used. According to a recent global survey*, companies are evenly divided in their preference for on-premises versus cloud-based (SaaS) IDV solutions, with 47 percent of businesses in each category. This raises the question of why this is the case and what factors should influence a business’s decision about IDV infrastructure.
For a large number of companies worldwide, many critical business functions, such as CRM, data storage, workspaces, and other essential tools, are already hosted only or mostly in the cloud. At the same time, according to our survey results, businesses show a strong inclination towards selecting on-premises solutions (self-hosted along with private cloud options) for IDV. This distinguishes the verification process from other operations in the mostly cloud-based business setting. Let’s see why it’s so different, and explore the criteria organizations consider when selecting the optimal IT infrastructure for IDV.
Control and Ownership
The primary benefits of on-premises solutions, with those deployed in a private cloud as well, include full control of the IDV process, secure data storage, and legal compliance.
Transparency. SaaS IDV vendors often use third-party APIs, which can be risky for companies. It may not be feasible to verify which developer’s solution is being used. One of our clients chose working with a direct provider as it felt safer and more transparent for them.
Customization. Working with a vendor of a proprietary solution may also be a priority for those organizations which require quicker and more customer-centric support, as the vendor has the capability to customize their solution based on the client’s specific requirements.
Tailored KYC flow. SaaS, a cloud-based solution, may not allow organizations to customize their identity verification flow and rules. For instance, a government agency may need to develop their own flow for a remote visa application process, incorporating additional internal checks. In this case, the vendor’s IDV SDK functions as a gateway, and the client establishes their own verification process independently.
Security risks. The prevailing viewpoint is that the identity verification process is too sensitive and risky to be entrusted to public cloud outsourcing: 48 percent of surveyed organizations see security risks in deploying a cloud-based IDV solution, while 46 percent are concerned with privacy issues. Every fourth company values on-premises data processing to maintain control over their sensitive data. Sharing personal data with a third party is seen as too risky. Self-hosted and private cloud solutions give organizations ownership over sensitive data, meaning that they can maintain control over how their data is stored, secured, and managed. These solutions may also offer additional security features such as encryption, authentication, and access control.
Privacy regulation. According to our survey, 35 percent of enterprises prioritize compliance with data protection laws and regulations, such as GDPR and Data Sovereignty, as a top reason for implementing IDV solutions. Indeed, for large organizations, legal risks and expenses are higher and could result in significant penalties, as they correlate with business scale and revenue: a severe breach of the law could result in a penalty equivalent to 4 percent of a company’s global annual turnover or €20 million, whichever is higher. To illustrate the scale, a leading Austrian food retailer was fined $8.8 million in 2022 for mishandling the data of users in its loyalty program.
Additionally, many regulated industries cannot outsource sensitive data and processes to the public cloud, making on-premises solutions a helpful option to ensure adherence to data privacy regulations.
Cloud service latency. According to the survey*, 39 percent of organizations cited speed of processing as an issue in the case of SaaS solutions. Additionally, 46 percent of companies have concerns regarding network outages and downtime dependency on service providers. As seen in the recent example of Microsoft’s cloud platform Azure taken down by a network outage along with widely used services like Teams and Outlook, this risk is not hypothetical. This highlights the advantage of on-premises options, where you get full control over the process: on-premises solutions are typically more reliable and have lower latency, allowing organizations to quickly and accurately verify customers’ identities.
Expenses. Finally, self-hosted or private cloud solutions are usually cheaper in the long run. Although the initial cost of an on-premises solution may be more expensive than a cloud-based one, the cost of ownership is usually significantly lower. A survey also showed that 37 percent of organizations consider the cost of enrolling in and managing cloud-based solutions as a top five issue regarding SaaS solutions.
Cloud IDV: Business cases
In recent years, cloud-based identity verification solutions have grown increasingly popular due to the many benefits they offer. Let us explore the key features that are making businesses opt for them.
Scalability. Cloud seems to be a good option for small or medium businesses (SMBs), especially when a business is just starting to deploy an IDV solution and cannot yet evaluate how much capacity it will require to process and store all the data. The cloud’s scalability is an easy solution to the problem: it allows organizations to quickly accommodate changes in customer demand.
Local specifics and regulations. To comply with various legal requirements related to personal data storage, businesses operating across multiple countries may consider choosing a large global cloud provider with the necessary infrastructure and expertise. Legal requirements, such as data protection, cross-border data transfer restrictions, data breach notifications, retention, and disposal of personal data, can vary widely between countries and can be resource-intensive to comply with individually.
Compliance. SaaS providers can help meet compliance requirements, such as validation against third-party databases, which is crucial for some verification processes. For example, a local airline carrier required both ID verification and Home Affairs validation for passengers to board planes. They could not opt for an on-premises solution due to the need for a unified flow. The airline had to choose between setting up the verification process in-house or finding an IDV provider that could provide an end-to-end verification and an explicit response. The airline went for the latter.
Ease of implementation. Cloud-based solutions are often designed as ready-to-use solutions, meaning that they can be quickly and easily integrated into existing systems without requiring extensive technical knowledge or infrastructure. This can save businesses time and resources in terms of implementation and maintenance.
When a company chooses either an on-premises or cloud-based solution, it’s not just about having control over the situation, but also the risks involved in the verification process, such as data loss or breach, service unavailability, legal issues, and more. In reality, the risks are the same regardless of the option, the only difference being who is responsible for managing them.
Lastly, there is no need to make a definitive decision: investments in on-premises infrastructure should not be overlooked, even as the shift to the cloud continues. While small and medium-sized businesses seem to have more reasons to opt for cloud-based solutions, larger enterprises with sufficient resources may even prefer to take advantage of a hybrid cloud strategy and on-premises infrastructure to address their unique requirements in uncertain times. The advantages include improved performance, efficiency and resilience for data-intensive and mission-critical workloads, as well as solutions for keeping data safe and addressing ongoing security issues.
So, maybe it’s all about finding the right balance?
*The research was initiated by Regula, a global developer of forensic devices and identity verification solutions, and conducted by Sapio Research in December 2022 and January 2023 using an online survey of 1,069 Fraud Detection/Prevention decision makers across the Financial Services (including Banking and FinTech), Technology, Telecoms, and Aviation sectors. The respondent geography included Australia, France, Germany, Mexico, Turkey, the UAE, the UK, and the USA.
About the author
Henry Patishman is Executive VP of Identity Verification Solutions at Regula.
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.