Benefits of NIST 800-63A IAL3 for Organizations

Mitek's platform utilizes document verification and facial recognition techniques to compare live images to photos on strong pieces of identity evidence - this process is known as Identity Based Learning 2.

Self-Service Kiosks

Self-service kiosks provide visitors with an efficient way to complete business-critical tasks without needing human assistance. They have become a staple for use cases ranging from e-commerce, customer service and banking to healthcare and immigration.

A kiosk typically comprises of a touchscreen computer, often an off-the-shelf tablet secured within an enclosure designed to prevent tampering, damage and theft. Furthermore, each kiosk must run software components tailored specifically for its specific use case.

Traditional means for attaining NIST IAL3 verification at its highest level (IAL3) required an in-person interaction between credential service provider (CSP) and applicant in a physical location, which was both costly and time consuming. Thanks to new technology, CSPs now have the option of remotely verifying credentials at this higher level for FedRAMP High applications using Trust Swiftly's NIST 800-63A IAL3 remote IAL3 compliant solution that supports document validation, biometric comparison, step-up reproofing as well as step-down reproofing to reduce risks related to identity fraud for FedRAMP High applications. Supervised Remote Proofing

Contrary to self-service kiosk solutions, this process requires an operator at the CSPs main facility who can oversee and ensure all requirements are fulfilled onsite. They must also verify whether claimed identities match up with any valid evidence presented. 

Onsite Proofing

While IAL3 provides greater assurance levels, it requires a more robust proofing process and additional compliance requirements. A human must be present so the proofing agent can visually inspect and verify identity evidence collected (e.g. selfie video, face scan or fingerprints), increasing the risk of social engineering by means of using realistic silicone masks as social engineering methods.

For IAL3 verification, CSPs should provide applicant redress mechanisms in case of delays, failures, or difficulties when verifying their identity (due to security incidents or otherwise). All personal information collected during interactions must be encrypted and exchanged over authenticated protected channels, with proofing agents trained in making risk-based decisions during identification processes onsite IAL3. 

AI Agents

IAL3 identity proofing session between an applicant and CSP representative in which biometric characteristics are collected in person and enrollment into a subscriber account with one or more authenticators bound to it. IAL3 was designed to deter more sophisticated attacks such as evidence falsification, theft, repudiation or social engineering tactics used by scammers and social engineers.

For IAL2, attribute data collection should be limited to that which is necessary for identification resolution. Attributes that assist with identity resolution shall only be collected if CSP has obtained and secured consent from both themselves and RP to do so.