Identify, verify, validate and authenticate are not the same thing
One of the great challenges of our times is to link the digital identities with non-digital identities.
In this publication we talk about four concepts that facilitate this link and that are very present in the procedures and processes of onboarding digital .
Let’s take an example
Pepe needs to rent a motorcycle as soon as possible (discover Pepe’s story here).
He opts for a motorcycle rental company that uses a digital onboarding solution to register clients remotely.
As this is the first time he is going to use the app of this service, Pepe has to enter his email to introduce himself. That is, Pepe IS IDENTIFYING HIS IDENTITY. The type of identification depends on the requirements of the company, it could also ask for your first and last name, for example.
Next, the system asks him to prove that he is the person he claims to be (that is, to confirm to me with evidence that he is Pepe G.).
To prove it, he has to take a selfie and capture both sides of his ID. The system VERIFIES that the biometric data extracted from his selfie matches the data from the photograph of the DNI.
Meanwhile, the system VALIDATES that his ID exists, that it is valid, that the user is old enough to drive, etc.
As Pepe is a legitimate user, with his documentation up to date, the system registers him in a matter of seconds. Pepe is already a customer of the motorcycle rental company, so whenever he wants, he can enjoy the vehicles.
From now on, every time Pepe needs a motorcycle, he will only have to take a selfie. The system already recognizes him and with a selfie, he is able to AUTHENTICATE that he was previously verified as a customer.
In case the differences are not clear enough, from the point of view of Pepe…
➡️ Identification: I am Pepe G.
➡️ Verification: I prove that I am Pepe G. with a selfie and a screenshot of my ID
➡️ Validation: The system confirms that my ID exists and that its information is legitimate and authentic
➡️ Authentication: I take a selfie to show that I am Pepe G. and that I want to use the service again
A bit of theory: Clarifying concepts
We identify ourselves when we say who we are.
During identification, we answer the question: “Who are you?”
According to the dictionary, IDENTIFY means “to give the personal data necessary to be recognized”.
Verification links us to the proof of identity that we provide to prove that we are ourselves.
Generally, verifications include confirmation against official databases, such as credit bureaus, identity documentation files, etc.
Specifically, during the online identity verification process, it is guaranteed that an identity document belongs to the person who owns it , based on the collation of biometric information from a selfie and the capture of the document information.
We verify ourselves through our identity documents.
Verification answers two questions: “Who are you?” and “Are you really who you say you are?”
According to the dictionary, VERIFY is “to check or to examine the truth of something”.
The validation of documentation or personal information of potential clients implies their comparison with databases in order to verify that these data exist in the real world and are correct (also in order to reduce human errors).
Everything that is validated is found and consistent with another data source.
The step of validating users provides companies with the certainty that postal addresses, bank accounts, telephone, etc. exist. that. they provide, but do not link directly to them.
That is, the validation confirms that, for example, an email account exists, but does not confirm 100% that it belongs to a person (hence the validation must be completed with other mechanisms security).
Answer the question: Does this data exist?
According to the dictionary, VALIDATE is “to give strength or firmness to something, make it valid”.
Verification vs. validation
During identity validation, the data is verified to exist and to be correct or real. While in identity verification the data in question are directly associated and the relationship and ownership between the data and the person to be verified is checked.
We authenticate ourselves when we provide a password, a selfie, etc. (information that only us should have), that is, a proof that we are who we say we are.
A proof of our identity before giving us access to a platform or service usually involves:
- Information we have previously provided (such as personal questions)
- A selfie (or others biometric systems)
- A one-time password
Authentication answers the question: “Are you who you say you are?”
The idea is for the user to validate again that he is the same person who registered on the platform or service. It can be done through passwords, tokens or biometric systems.