FB pixel

What are NIST IAL2 and IAL3 identity verification standards?

What are NIST IAL2 and IAL3 identity verification standards?
 

Today, in the digital economy, numerous online activities require identity verification to establish a connection with a real-life individual, especially in the fields of security, healthcare, and financial transactions. Regulatory compliance is also a key driver for organizations to integrate digital identity verification.

The U.S. National Institute of Standards and Technology (NIST) has established requirements for assessing the acceptability, validation, and verification of identity evidence provided by users to support their claim of identity. There are three identity assurance levels (IALs) established in NIST SP 800-63: IAL1, IAL2, and IAL3, each providing increasing confidence levels in verifying an individual’s identity.

At the IAL1 level, linking the applicant to a specific real-life identity is unnecessary. This IAL is not utilized by organizations that must confirm a claimed identity to a single, unique identity or verify the accuracy and authenticity of all submitted evidence. However, NIST’s guidance is currently in the midst of an update, which will significantly strengthen IAL1.

Widely adopted IAL2 framework

The IAL2 framework is widely utilized for digital identity verification. It is mandated by various government agencies, such as the National Highway Traffic Safety Administration, for odometer disclosures and the IRS for accessing tax records.

Under IAL2, individuals are required to provide identity evidence that substantiates their real-world identity; this may include government-issued documents such as passports or driver’s licenses. These pieces of evidence must undergo validation to ensure their authenticity and prevent counterfeit usage.

Collected data used to verify identity in IAL2 typically includes personal information, identity evidence, and optional biometric characteristics, like a live selfie. IAL2 includes a variety of approved identity proofing methods to increase adoption and minimize false negatives.

When conducting remote identity proofing without the presence of authorized personnel from the Credential Service Provider (CSP), biometrics must be used for verification. NIST recommends that adopters utilize a biometric system with presentation attack detection (PAD).

The CSP should incorporate liveness detection to ensure that the applicant’s facial image is authentic and not vulnerable to spoofing or presentation attacks.

One of the primary challenges encountered in implementing IAL2 is the complexity of conducting document inspections without physical presence. To address this issue, additional measures, such as dispatching an enrollment code to a validated address, are essential to authenticate identity verification.

Higher level of confidence – IAL3

The IAL3 framework requirement mandates that the individual be physically present during the identity verification process or can be supervised remotely by an authorized CSP.

For IAL3, an additional step is needed compared to IAL2, which involves providing further evidence of enhanced security through the use of biometric verification methods such as facial recognition or fingerprint scanning. This safeguards against identity theft, fraud, and other potential risks.

Why these frameworks?

Businesses that incorporate digital identity verification to safeguard against fraud and cybercrime need to adhere to strict regulatory requirements. These regulations impact many sectors and mandate that businesses authenticate the identities of their customers.

In addition to enhancing customer experience and cost efficiency, organizations seek these security measures for various reasons. By streamlining the onboarding process and minimizing expenses related to manual identity checks, companies can gain a strategic edge.

Related Posts

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Privado ID merges with Disco to unify digital identity across Web2, Web3

Privado ID, formerly known as Polygon ID, has announced a merger with Disco, a company specializing in multichain verifiable data…

 

G20 ministers pledge AI transparency and digital inclusion with DPI at the core

At the G20 Digital Economy Ministers’ meeting held in Maceió, Brazil, on September 13, 2024, global leaders reaffirmed their commitment…

 

Spanish startup B-FY brings offline biometrics to US cloud authentication market

Spain-based biometrics startup B-FY has launched in the U.S. market, introducing its cloud-based identity verification and authentication software. B-FY’s technology…

 

Biometric payment cards from FPC and Infineon ready for mass production

Fingerprint Cards and Infineon Technologies have officially unveiled the complete package of biometric payment card technologies that Infineon previewed in…

 

UNHCR, WFP data sharing collaboration yielding results for refugee management in Tanzania

Food distribution for refugees in Tanzania is getting easier with the use of a data sharing tool recently introduced by…

 

DIF adopts new work items to improve DIDs’ applicability and security

The Decentralized Identity Foundation (DIF) has announced two new initiatives – DID Traits and Trust DID Web – to enhance…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events