Summary of vendor offerings
Alloy is the most configurable of the vendors; they have partnerships with many other vendors that provide a wide variety of identity verification methods that can be used in combination with each other. Their partners include most of the vendors evaluated in this report: Cognito, Ekata, IDology, SentiLink, and Socure. We do not have information on their pricing.
Cognito’s identity proofing focuses on basic PII: Name, phone, address, and SSN. Their unique offering is through using synthetic identity detection to confirm the validity of a Name / Phone number combo, and then using 2FA to confirm that the person is still in possession of that phone number. (Additional KBV is an add-on for further detection of stolen identities.) With this reliance on 2FA, their product isn’t as suitable for managing the applicant backlog without needing the applicants to take some action.
Ekata specializes in confirming “dynamic PII” -- Name, phone, address, and email. By also looking at passively-collected information (e.g., IP address and phone metadata), they are able to detect stolen as well as synthetic identities. They do not have a batch way to process the applicant backlog without needing the applicants to re-enter this basic PII. They do have a dashboard where you can see the results of an individual’s ID proofing process.
Experian is one of the vendors that could provide all the identity proofing pieces; they have both a step-up offering and a full NIST IAL2 offering. It is one of two vendors that appear to have gotten contracts with state UI agencies since the passage of the CARES Act (5-6 states). Their synthetic identity detection product can be used on the applicant backlog without needing the applicants to take any action (document verification would of course need the applicants to provide that documentation). They were the one company that mentioned the use of “marketing data” as one of many data sources used in their synthetic identity detection.
ID.me is another of the vendors that could provide all the identity proofing pieces; their primary offering is a full NIST IAL2 identity proofing solution. (They also offer pieces as individual products, but we do not have as much information on that.) It appears to be the primary vendor that has gotten contracts with state UI agencies since the passage of the CARES Act (AZ, CA, CO, FL, GA, ID, IN, LA, ME, MA, MS, MO, MT, NV, NJ, NY, NC, ND, OR, PA, SC, TX, WA). Their document + biometric verification solution is the most sophisticated; if someone cannot be verified through a comparison of a selfie to the uploaded documents, they are routed to a “remote in-person” identity proofing video chat where those documents are presented in real time to an ID.me call center. There have been concerns around the wait times of this service, e.g. in Nevada. To be used in applicant backlog management, it requires that everyone be sent to their site to re-enter their PII and provide documentation because it is an IAL2 certified solution.
Idemia is another of the vendors that could provide all the identity proofing pieces, partially through the way it leverages Experian Precise ID. They appear well set-up to be used in a “step-up” identification process for either applicant creation or backlog management (i.e., their batch API can do synthetic identity detection without additional action from the applicant). If a state's Department of Motor Vehicles uses Idemia, that state's UI system can be configured to use that database as another trusted source.
IDology is another of the vendors that could provide all the identity proofing pieces, though we don’t have their pricing information. They appear well set-up to be used in a “step-up” identification process for either applicant creation or backlog management (i.e., their batch API can do synthetic identity detection without additional action from the applicant). Part of their unique offering is access to the Consortium Fraud Network that allows them to securely check the use of PII combinations in additional contexts.
SentiLink focuses on synthetic identity detection, comparing the self-asserted PII to numerous data sources. The breadth of their data sources means that with sufficient PII collected, they should be able to detect stolen identities; however, they did not mention the use of passively-collected information, which can be very helpful in this regard. They can be used at either application creation or to evaluate applicants in the backlog without the applicant needing to take action; they also have a dashboard where you can see the results of an individual’s ID proofing process.
Socure is another of the vendors that could provide all the identity proofing pieces. They explicitly recommend creating a “step-up” process and shared that the synthetic identity detection step can verify 90% of people, leaving only 10% to need the more expensive doc + bio verification step. They can be used for either applicant creation or backlog management (i.e., their batch API can do synthetic identity detection without additional action from the applicant)
Last updated