KuppingerCole Report
Buyer's Compass
By Anne Bailey

Buyer's Compass Providers of Verified Identity

It is no longer enough to create and secure user identities. Verifying that the identity does indeed describe the individual it was created for is a valuable capability in many use cases, including authentication, remote onboarding, and enabling high value transactions. This Buyer's Compass will provide you with questions to ask vendors, criteria to select your vendor, prepare your organization to conduct RFIs and RFPs, and determine requirements for determining a successful Provider of Verified Identity.
By Anne Bailey
aba@kuppingercole.com

1 How to use the Buyer's Compass

This KuppingerCole Buyer\'s Compass on Providers of Verified Identity provides information about

  • Use Cases

  • Functional Selection Criteria

    ...
Login Free 30-day Select Access Get full Access

2 Market Segments Defined

Providers of Verified Identity are vendors that deliver solutions to verify that a digital identity corresponds to a real-world identity. These vendors provide an employee, end-user, device, or legal entity with a digital identity that may be used across multiple platforms, services, or with multiple companies. Providers of Verified Identity is a future-oriented take on the market, predicting that onboarding and continued relationships between entities will be increasingly rely on verified identities for the highest privacy, compliance for KYC/AML regulations, and ease of use.

The technology that Providers of Verified Identity use to facilitate digital-only onboarding and identity verification is varied, and the identity may use passwords, certificates, biometrics, eTokens, federation of trusted sources, Decentralized Identifiers (DIDs), or be supported by Artificial Intelligence (AI). But the services that Providers of Verified Identity bring are foundational to delivering the security required for IAM, the streamlined solutions required for CIAM, and the means to adhere to strict AML and KYC requirements in highly regulated industries.  

A reusable verified identity has the potential to change the trust afforded to credentials from other systems, the storage of user data, the effort needed to adhere to privacy and compliance regulations, and ability to prevent fraud. There is the potential to create much more user-centric identity systems while increasing their portability. These are disruptive proposals, and the many vendors who are active in delivering such solutions take varying technological paths to achieve them. The dominant technological approach is not yet clear -- many products are newly launched, and others are adapting their established and familiar approaches to adjust to the changing trends. These technological approaches are presented in the market:

Vendors are typically characterized by one of the four approaches, but sometimes use them in combination. And although these approaches are used by vendors who offer solutions for all industries, they bring nuanced differences and strengths to the solutions. Fraud detection often is complimentary to other cybersecurity tools for organizations that face high numbers of fraud attempts, not just at the point of onboarding or authentication. Document and video verification is an all-around step toward enabling virtual and sometimes automated identity verification. This is often a foundation for other identity verification solutions, but is also a comprehensive solution in its own right. Solutions that use federated identity verification leverage the many existing digital IDs already in use, creating easy to use mechanisms to verify and accept those verified identities. And decentralized verification uses a decentralized architecture to secure and store the proofs of document and video verification, making a significant steps toward verified reuse of identity.

3 Top Use Cases

Providers of Verified Identity are enabling higher security, trust, and privacy beyond what traditional identity interactions could afford. The main applications of this solution in the market are:

Use Case Description
Customer Onboarding Targeting CIAM, a new user completes a digital onboarding process using a previously created and trusted identity – such as an eID or BankID – or onboards a government-issued ID and biometric information to create a verified, reusable identity with which the user can repeatedly interact with their service provider with a heightened level of assurance.
Employee or Partner Onboarding Targeting IAM, a new employee or partner presents evidence of their identity and can be remotely provisioned and issued access rights. Integrations with authentication sources and interoperability of verified identity attributes are critical here.
Verification for KYC/AML The trust in a user’s identity can be uplifted for a critical transaction by verifying a preexisting digital identity. Using document scans, connection with biometric information, and/or video identification, KYC and/or AML requirements can be fulfilled remotely. In advanced cases, this verification can be reused.
Verified identity for Authentication For CIAM and IAM scenarios, a verified identity can be created by proving that an identity document is connected with the biometric data of an individual in the real world. When authenticating, the user can present the biometric data as a second factor, which is linked to the existence of a verified identity document.
Sharing Verified Identity Reusing a verified identity entails sharing identity attributes with other parties in a trustable, secure manner. Extending beyond the typical identity attributes such as name, date of birth, address, contact information, ID document number, customer or employee ID, etc., sharable identity attributes include employment experience, education experience, health records, ownership records, intellectual property rights, and much more. Connected to a verified identity and formatted in a standardized manner, these identity attributes or credentials can be shared with other parties in peer-to-peer transactions or between business entities. The sharable attributes or credentials can be trusted to be valid.

Table 1: Top 5 Use Cases

4 Top 20 Selection Criteria - Functional

When considering a new product, there are many factors to assess. This Buyer's Compass identifies the top functional criteria to look at when selectin ...

Login Free 30-day Select Access Get full Access

5 Top 10 Selection Criteria - Non-functional

Aside from the functional selection criteria listed above, there are a number of non-functional criteria to take into account when deciding on an appr ...

Login Free 30-day Select Access Get full Access

6 Use Cases / Selection Criteria Matrix

Having identified the most important use cases and selection criteria for vendors, this section provides a matrix that maps use cases and functional s ...

Table 4: Use Cases / Selection Criteria Matrix

KuppingerCole Advisory Services can support you with adapting criteria to your specific requirements ...

Login Free 30-day Select Access Get full Access

7 Top 5 Prerequisites - Technical

The list below enumerates some technical prerequisites that should be considered part of your verified identity provider evaluation process.

T ...
Login Free 30-day Select Access Get full Access

8 Top 10 Prerequisites - Organizational

Success in rollout depends on more than the technology selected. There are also various organizational prerequisites. The following table lists the to ...

Login Free 30-day Select Access Get full Access

9 Top Questions to Ask

Question Description
Do you specialize in serving specific industries? Large vendors will have customers across most industries. S ...
Login Free 30-day Select Access Get full Access

Copyright

©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.

top