Adherence to IAL3 compliance has historically been an expensive and time-consuming task. Flying employees around for verification sessions is usually cost prohibitive for remote-first companies.
Trustswiftly helps make attaining IAL3 compliance faster and more cost-effective than ever before. With our patent passwordless authentication and identity verification technology providing superior proofing processes to protect privileged accounts from sophisticated fraud attacks while simultaneously decreasing cyber liability insurance premiums and operational expenses.
What is IAL3?
NIST SP 800-63 guidelines outline Identity Verification Level 3 as the highest level of verification, which requires direct observation during both in-person or remote identification sessions, biometric comparison to claimed digital identities and biometric verification to detect fraud and reduce impersonation and fraud. TrustSwiftly helps businesses meet IAL3 standards with its secure passwordless authentication process that provides strong levels of protection for sensitive data while fulfilling non-repudiation requirements, including FedRAMP and GDPR.
CSP representatives must inspect each identity document and collect biometrics on secure hardware that cannot be compromised in order to meet IAL3 requirements, making this costly and infeasible for distributed teams. Furthermore, this leaves gaps in security and compliance when employees leave or lose their authenticators (like their phone or YubiKey).
TrustSwiftly’s IAL3 compliant solution addresses these concerns by connecting an authenticator directly with a verified identity shortly after an IAL3 session has taken place, thus increasing phishing resistance, man-in-the-middle protection, non-repudiation for FedRAMP compliance and GDPR, as well as decreasing cyber liability insurance costs.
Clients of IAL3 services frequently struggle to balance the costs associated with storing evidence for an audit with the desire to dispose of it early to avoid data breaches. IT departments can be especially challenged in accomplishing this feat as they often have responsibility for securely storing these files.
IAL3 Requirements
At the highest level of assurance (IAL3), CSP representatives must physically inspect identity documents to verify them, collect one or more biometrics on secure hardware such as YubiKey security tokens for collection, and record digital chains-of-custody to ensure evidence can be verified later on. This process can be time-consuming, costly, and unscalable when applied remotely for remote workers that often requires them to travel in person to an onboarding kiosk.
The NIST framework includes three identity assurance levels (IAL1, IAL2 and IAL3) with increasingly stringent requirements for linking claimed identities to real people and verifying ownership. While IAL2 authentication requires two different factors (face recognition and fingerprint scanning devices), while for IAL3 in-person interaction is needed in order to confirm identity using document inspection, biometric comparison and liveness detection on FIDO devices.
Trustswiftly’s 100% remote workflow and patent technology enables organizations to meet IAL3 requirements more directly by combining document verification with its FIDO Certified passwordless nist ial3 verification solution that also features facial recognition technology, as well as phishing resistance, man-in-the-middle protection and man-in-the-middle protection. Moreover, by connecting an authenticator shortly after an IAL3 session ends, its cryptographic proof of identity and chain-of-custody prevent fraudsters from using biometric data for phishing attacks or account hijacking attacks or account takeover.
IAL3 Compliance
At IAL3, compliance requires an intensive in-person identity proofing process with government issued ID verified with authoritative sources to confirm that claimed digital ID belongs to a real person. As opposed to lower assurance levels, this allows CSPs and verifiers a high degree of certainty that claimed digital identities belong to real individuals presenting it for verification. nist 800-63-4 ial3 compliance levels should generally only be reserved for high stake transactions such as accessing sensitive data or using healthcare services that require high levels of regulatory oversight.
To meet ial3 compliance, verification processes must include face-to-face interactions between applicants and CSP representatives in a controlled environment that includes video streaming and liveness detection such as face or fingerprint or dual iris scans to prevent impersonation attacks. Furthermore, biometric credentials must be securely linked with identity credentials in order to reduce MFA bypasses, SIM swapping attacks and spoofing attempts.
TrustSwiftly’s FIDO certified passwordless authentication and ial3 identity verification software directly meets IAL3 requirements by offering an effective remote yet supervised process that outstrips traditional in-person methods such as kiosks. It has proven much more successful at mitigating fraud losses, lowering cyber liability insurance premiums for organizations while decreasing operational expenses and attack surface area. Furthermore, TrustSwiftly delivers NIST IAL3 and fedramp high identity proofing through document authentication, biometric comparison with liveness detection capability as well as cryptographic authentication on FIDO devices to mitigate losses, reduce cyber liability insurance premiums while simultaneously decreasing operational expenses while decreasing operational expenses and attack surface area.
IAL3 Verification
IAL3 verification is the highest level of ID&V required for high-risk applications such as remote and physical in-person sessions. A CSP representative interacts directly with enrollees during supervised identity proofing sessions and verifies at least one biometric characteristic to prevent impersonation attacks, SIM swapping attacks, MFA bypasses or fraud.
Trust Swiftly has reinvented this highly secure process to make it more scalable and suitable for businesses of all sizes.
TrustSwiftly’s FIDO Certified passwordless authentication and identity verification solution assists organizations in meeting IAL3 requirements by using document verification with face detection and liveness detection capabilities, phishing resistance on FIDO devices, cryptographic authentication of all evidence related to real people as well as cryptographic signature verification to guarantee its inalterability and ensure it relates back to them. This helps mitigate fraud losses, lower cyber liability insurance costs and more.
To help our customers comply with IAL3, our technology removes the need for on-site verification sessions by employing 100% remote workflows and controlled hardware. This enables businesses to easily comply with IAL3 and FedRAMP High assurance audits while guaranteeing every hardware authenticator has an association directly with an identified individual, thus decreasing risks of data breaches or compliance bottlenecks.