IAL3 verification involves document authentication and facial recognition with liveness detection to confirm that an individual matches their claimed identity, thus reducing spoofing attacks and protecting individuals against identity fraud. For optimal proofing results this level requires on-site attended processes.
TrustSwiftly’s hardware IAL3 solution saves time, money and risky password resets while simultaneously satisfying your security team and FedRAMP High auditors – read on to discover more!
IAL3 Compliant
NIST requires Identity Assurance Level 3 (IAL3) as its highest identity proofing standard, with in-person attended proofing sessions featuring superior-strength identity documents, biometric capture, and rigorous evidence validation processes. Remote IAL3 identity proofing processes like those offered through IAL3 meet FedRAMP High compliance standards while remaining safe, secure, and scalable for remote workforces.
RPs should only collect from CSPs the necessary PII needed to resolve to a unique identity record, for example avoiding requests such as full date of birth in favor of more discrete measures such as age. Please refer to Sections 5.1 and 5.3.3 for resolution requirements at each IAL.
To meet these requirements, relying parties should use hardware-backed authenticators such as FIDO2 security keys and effective federation engines for AALs 1-3, as well as phishing resistant MFA for FAL. Trust Swiftly makes these options even simpler by eliminating in-person proofing costs while mitigating business risks.
Hardware Made to Capture Identity Documents and Biometric Attributes Instantly and Automatically
Traditional proofing methods, which can be both time and cost intensive, have given way to fully recognized pathways allowing CSPs to meet NIST standards more easily than ever. IAL3 authentication must include document verification and facial recognition with liveness detection technology so as to confirm claimed identities as being those attempting authentication.
IAL3 identity proofing includes watchlist screening to identify suspected terrorists, money launderers and fraudsters; address validation by cross-referencing official databases as well as utility bills to ensure submitted addresses match real world records; behavioral biometrics are also employed to reduce account takeover risk by flagging anomalous login patterns.
HYPR Affirm was designed to assist CSPs with meeting IAL3 compliance by providing chat, video, face, and fingerprint capture from an Android or Surface Pro 5G device camera. This hardware-supported process meets FedRAMP high authorization standards allowing password resets to be eliminated as a result.
Meets FedRAMP High Compliance Standards
For your identity verification solution to meet IAL3 requirements, it must support several advanced security measures. These may include facial recognition with liveness detection to authenticate a real person; watchlist screening to identify individuals suspected of terrorist acts or money laundering activities; address validation by cross-referencing official databases and utility bills against submitted addresses for validation; behavioral biometrics capable of detecting fraudulent attempts like phishing/spoofing attacks, and behavioral biometrics that identify fraud attempts using phishing/spoofing attacks as well as behavioral biometrics capable of detecting fraud attempts through phishing/spoofing attacks as well.
Trust Swiftly’s hardware-based IAL3 compliant solution meets FedRAMP compliance standards with ease – saving both time and money while satisfying auditors.
Once an individual completes an IAL3 proofing session, it’s crucial that their data is safely bound with a multi-factor authenticator such as PIV/CAC card, YubiKey or other hard token MFA device. Preferably this should happen immediately following their proofing session with use of continuation codes from their session or biometric capture captured during proofing process.
Easily Scalable for Remote Workforces
Traditional methods for authenticating an IAL3 transaction typically require on-site proofing sessions with agents present, which is costly and difficult to scale across distributed teams. Furthermore, agents leave them open to social engineering attacks by someone posing as an trusted person or wearing realistic silicone masks that appear real enough.
Trust Swiftly’s hardware and software allow CSPs to easily and quickly accomplish NIST 800-63A IAL3 verification remotely, using chat, video and facial recognition with liveness detection – in combination with document verification and watchlist screening – in an efficient, step-up reproofing process that ensures maximum security against fraud while lowering both cyber liability insurance costs and risks for remote teams.
TrustSwiftly takes away the hassle and training needs associated with DIY builds by managing hardware logistics, physical security auditing and employee training so you can focus on business operations while meeting compliance standards more easily. We can even help define a retention schedule to reduce cyber liability insurance costs over time.