In-Person ID Authentication
Please fill out the form below and we will contact you shortly.
against losses incurred from identity theft by providing the power to authenticate ID documents live – in real time – during a transaction.
In-Person ID Authentication
All your authentication data in one place
Customer-not-Present Identity Authentication
Simple ongoing Authentication of "Trusted Individuals"
to conduct real-time forensic level authentication of government issued identity-credential documents. The system can authenticate passports, national ID cards, and many other types of official credential document – currently more than 4,600 global documents. Authentication is performed automatically by conducting as many as three-to-four dozen different tests – depending on the document being tested and the channel in which authentication occurs. The process can typically be completed in 10-20 seconds.
right in your organization. Businesses can proactively authenticate the identity of an individual regardless of whether they are physically in your branch, or if they are transacting online, through your call centers or via your mobile app. PALIDIN can be custom-configured to save only the authentication data you want. ID-document data can be synced to your core database systems, and the custom configuration settings can accommodate custom data fields (such as contract #, employee name, membership identifier, etc) to be associated to the record of each authentication event.
to allow real-time forensic level authentication of government issued identity-documents when the customer is not present ("CNP") in the store or branch location. PALIDIN-M can authenticate passports, national ID cards, and many other types of official credential documents using Android/iOS based mobile devices (smartphones & tablets). PALIDIN-M also gives clients the option of enabling "facial match" and "facial liveness" tests to ensure the person performing the authentication matches the person pictured on the identity document.
which accommodates different transaction environments. No matter how your customers are interacting with you, anytime a potentially high-risk transaction occurs - or a "Know your Customer" regulation is triggered - PALIDIN offers a method to achieve authentication of the identity. This is made more powerful by PALIDIN Enterprise, the cloud-hosted solution that collects client authentications from across all channels, no matter if they are in store, web based, or originated in the organizations’ mobile applications.
The in-person PC-based version of the PALIDIN software is ruled by a “per license seat” model which allows clients to conduct an unlimited number of document athentications at a fixed annual cost. A computer using a Windows Operating system is required. In addition, a peripheral ID document scanner attached to the PC is needed. PALIDIN supports multiple different scanners from numerous different manufacturers. A PALIDIN Desktop installation can be “siloed” as a self-standing solution on a PC or Windows tablet with no internet or network connections.
Alternatively, it can be installed on a networked device where records of authentication results and data captured from ID documents can be stored in a network location. With some custom API development work, data and images can be integrated to client applications, such as CRM systems or new account forms. Paired with PALIDIN Enterprise, records from a locally installed device can be viewed across the enterprise by regional, national or global managers.
Any organization that operates more than one physical store or branch location will benefit from the Enterprise module: the cloud-centric app that gives organizations access to and control over the identity authentication activities across the entire organization. Some of the more powerful services enabled through PALIDIN Enterprise include:
The benefits of the Enterprise add-on are largely driven by the ability to store authentication records from across the entire organizational operation into a single location. PALIDIN Enterprise utilizes Microsoft Azure as the cloud-hosted solution provider. Our clients may, also, choose to host the service within their own cloud instance.
PALIDIN Enterprise allows administrators to choose which data fields, if any, to store in the cloud. The app is designed with flexibility in mind in order to meet a wide range of privacy requirements. Choose between storing “status only” or “Custom” data.
The “status only” setting will store only generic information about the transaction, such as the date and time of the transaction, the authentication result and the document type. The “custom” setting will allow administrators to select which personal data fields to store in the cloud, including no data at all, if so desired. It is also possible to store document images.
The Enterprise settings can be structured to enable a database hierarchy that will give visibility from high level organization-wide perspective all the way down to the individual checkout/teller counter level. For example:
Daimler/MercedesBenz/North America/United States/Illinois/ Chicago/HoffmanEstates/Dando Mercedes/Finance M#2
With a structure of this type, authentication data can be viewed at the Daimler level, for only the MercedesBenz brand, globally, geographically, at the nation level, at the state level, at the metropolitan level, at the metro zone level, at the individual dealership level, or at the individual installed system level.
Inform local associates that stores in their region have seen an increase in specific types of counterfeit documents and alert them to be more vigilant.
Regional managers can see the data for all locations within the region they manage while a Director can see the data for the entire organization. Store managers can only see the data from their store.
Are associates following established procedures by authenticating the ID document when opening a new account? „We opened 100 new accounts last month but only 65 documents were authenticated”.
Store A has had 300 document scans in total last month. 90% were passed result, 10% were failed results.
If the organization utilizes both desktop and remote (Mobile or Web-ID) authentication processes, the Enterprise portal will collect the results from all the channels used to authenticate customers and display them in a single location.
Dashboards allow for powerful visualization of identity authentication behavior patterns across an organization’s various tore locations and other channels. A sample top-level dashboard, (see below figure), displays a summary of one organization’s authentication results and the respective transaction counts. Clicking on any segment of the left-hand chart produces a drill-down chart on the right with the details of that segment.
In the below example, the right-hand chart shows the distribution of all scans with a failed result, segmented by state. New York state accounted for almost half of all documents with a failed result, across the whole company. This information can help guide loss prevention and risk management teams in setting up policies and training employees on fraud prevention techniques.
Figure 1 - Document Authentication Distribution by Result & Failed Result Totals by State
The Managed Settings tool allows system administrators to configure the PALIDIN app, upload a settings file to the Enterprise portal, then assign the settings file to all of the installed systems across the organization (currently, each system has to be configured independently). The managed setting feature makes updating desktop app settings across all systems in the organization a more streamlined process.
The core PALIDIN document authentication engine is available as a cloud-hosted SaaS model that can be enabled for use with mobile devices. This makes it possible for users to authenticate government documents from any location, without the need of a desktop computer or document reader device.
Any number of potential use-cases are made possible by enabling self-authentication using the clients' own mobile devices. eCommerce, remote drop-off, call-center transactions, 2-factor authentication, notary public, buy-online pick up at store retail sales, field-agents in law enforcement and dozens of other scenarios.
A robust software development kit makes it possible to develop ID Document authentication directly into company branded mobile apps for any use-case which allows for customers to perform account management, purchase or account application activities on their mobile devices.
Anytime a high-value transaction occurs, it is possible to insert an ID document authentication process into the cycle. This is particularly valuable in any “customer not present” transaction.
WebID allows organizations to request client self-authentication of government-issued identity documents from wherever they may be by simply sending an authentication invitation via email or SMS text message to the client's mobile device.
This can be implemented during client-not-present transactions, even if the transaction is not occurring on a mobile channel. It is achieved by inserting a web token process into the transaction environment – an eCommerce shopping cart or online loan application, for example.
When the transaction reaches the appropriate phase, a token is sent to the client’s mobile phone (via SMS or email).
When the token is accepted, a browser-based ID document authentication process is initiated. Successful authentication of the client’s ID document then triggers a response-token back to the core transaction environment, and the transaction is permitted to complete.
Augmenting document authentication in remote transaction channels is the ability to require a facial match against the image on the document being tested. This one-two punch of, first, authenticating the document, and second, confirming that the person carrying the ID matches the image on the ID is a potent combination and highly effective at reducing fraud.
Identity authentication has become a critical core competency for many organizations for whom it is essential to know that the person on the other end of the transaction is who they say they are.
Technology has made this possible. PALIDIN confirms that a person presents a genuine government issued identity credential. With facial match, PALIDIN ensures the person carrying the identity document is the same person identified on the document. Passing both these tests means this person is a known and trusted individual.
At this time, when a person’s identity is known and trusted, PALIDIN makes it possible to enroll them into EVERKNOWN – a modular solution that utilizes a variety of both covert and overt authentication techniques to allow future authentications of individuals’ identities without looking at their ID document.
EVERKNOWN allows organizations to move trusted individuals towards future authentication methods that are cost effective, speedy and unobtrusive. In some circumstances, EVERKNOWN can confirm identity covertly, without the individual having any conscious interactions, while in other cases, users may submit fingerprints, voice-prints, facial images, or be required to type a phrase or click on a link.
Many different methods of identifying an individual, whether remote or in-person, are available through a large and growing number of players in the expanding field of identity authentication. The functional use cases for these different methods vary, according to the nature of the authentication, and can be talked about in terms of where they might be most relevant in the “authentication funnel”. Stated differently, various authentication technologies can be utilized at different points during the relationship, or based on the type.or nature of the individual transaction that is occurring.
On-boarding or first Transaction(unkown individual)
Period of Establishing Measurable ID markers(potentially known individual)
ID Document Authentication; External Watchlist
Physical Biometrics; Behavioral Biometric; Behavioral Fraud Analysis, Knowledge Based Authentication
Behavioral Biometrics, Physical Biometrics
“KBA” is a widely used method of identity authentication. There are two commonly used types of KBA methods: static, which relies upon answers provided by the user, and dynamic, which generates both questions and answers from publicly obtainable information, typically via credit reports.
An example of a static knowledge-based authentication would be a security question asking “what is your favorite food?” The customer answers the question, and the KBA system would store the answer to this question. The system is “static” because the questions and answers do not change.
Static KBA systems are fraught with problems. A 2015 study by Google engineers found that only 47% of people could remember what they put down as their favorite food a year earlier -- and that hackers were able to guess the food nearly 20 percent of the time, with Americans’ most common answer being pizza. Even when people remember their answers, they sometimes forget their precise form. If users are not likely to remember the answers to such questions -- and, in many cases, choose answers that can be easily guessed by malicious actors -- it is hard to see the value of static knowledge-based authentication for security purposes.
An example of dynamic knowledge-based authentication would be a security question asking, “Which of these addresses did you live at in the past?” and beneath it, a number of possible answers, of which one must be chosen. The material for such questions and answers are typically drawn from legally obtainable data compiled and often sold for such purposes. Credit reports, direct marketing databases and customer surveys are among the sources of personal information used for dynamic knowledge-based authentication.
The premise behind dynamic knowledge-based authentication is that the information will be accurate for the user in a way static KBA cannot be, will use more private and less commonly available information and won’t be forgotten by the user. Unfortunately, if the information contained in such documents seems more impregnable to exposure, this is not the case.
As seen with the infamous breach of credit reporting agency Equifax in 2017, in which 145 million American consumers had their personal details stolen, credit reports are increasingly at risk of exposure. The UpGuard Cyber Risk Team, a research unit devoted to finding and helping to secure data exposures, has uncovered multiple exposed repositories containing credit reports, as well as marketing databases and customer lists of the sort employed for dynamic KBA. If bad guys can get such info and use it to further attack consumers by successfully answering dynamic knowledge-based questions, they will.
UBA & BFA solutions look at patterns of human behavior, and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns—anomalies that indicate potential threats. Data-led insights into a user’s normal activity and all other associated information – email address, device credentials, location, sites visited, shipping details, and thousands of other dynamic attributes make up a user’s digital DNA.
Add in machine learning and deep data analytics, and relationships between seemingly disparate pieces of information can be identified. These connections can better authenticate the true identity of a user, as well as identify anomalies in customer behavior that could indicate fraud
Behavioral biometrics is a breakthrough cybersecurity technology that identifies people by how they do what they do, rather than by what they are (e.g., fingerprint, face), what they know (e.g. secret question, password) or what they have (e.g. token, SMS one-time code). Behavioral biometrics measures and analyzes patterns in human activities. Historically, these included keystroke patterns, gait, signature and other mannerisms regarding how an individual physically interacts with their devices.
Today’s advanced behavioral biometric techniques capture an array of human interactions between a device and an application, such as hand-eye coordination, pressure, hand tremors, navigation, scrolling and other finger movements, etc.
Using continuous, passive behavioral biometrics authentication, including geo-location tools and machine learning, to build a picture of, the way they walk or how they hold and swipe their smartphone, tablet or PC, silent authentication analyzes behavioral patterns to securely authenticate the consumer.
Also, because it makes use of the sensors and signals that surround us on a daily basis – Bluetooth devices and Wi-Fi networks, for example - the authentication can be conducted without the need for purchasing extra equipment (fingerprint scanners, hi resolution cameras, etc). Data is then compared in real-time to expected consumer patterns and this allows each individual to be securely authenticated whilst creating a seamless, uninterrupted user experience.
As the name suggests this class of solution involves using data submitted by a prospective or existing client and comparing it against any of a large number of available 3rd party “watch lists” to determine whether or not a given individual might have an adverse identity profile. For example, in financial institutions, regulations require that certain classes of transactions must pass anti-money-laundering and terrorist funding vetting processes to make sure the person conducting the transaction is not a suspected individual. In other industries, it may be necessary to make sure that a person has not conducted similar transactions in rapid succession, or that they are not misusing a tax ID number.
Combined with other methods, the use of a watch-list may offer companies the ability to avoid regulatory penalties and also secure their transactions from fraud.
Physical biometric identification refers to uniquely identifying a person by evaluating one or more distinguishing biological traits. For example, many phones now need a fingerprint or facial scan to access. Numerous other biometric markers are in use in various secure access applications such as retina and iris patterns, voice waves, hand geometry, earlobe geometry, and even DNA.
Using Biometric identification leads to a higher degree of security than manual identification processes such as passwords, e-mail addresses or PINs which can be hacked using many social engineering techniques and the personal information shared on social media. Forgotten, shared or lost passwords can mitigate security if fraudsters obtain them. Resetting forgotten passwords and typing long passwords and PINs also increases time for companies to on-board and transact with customers and causes frustrations among them.