The fallacy of identity verification online.

I have done a lot of work for various companies, dealing in different industries, including financial and insurance. Everyone wants to validate peoples identity for various reasons, HIPPA, Payment Card, or just validating the person is who they claim for signatures.

The assumption I see over and over and over again is, that if the person on the other end of the website knows the answers to the questions based off a credit report, that they are who they claim to be. This assumption is wrong, dead wrong, it has always been wrong, and it has been made all the more so by the Equifax hack.

As if the hack wasn’t bad enough, there are companies out there that collect information about you and sell it. They know WAY more about you than you would like. In many cases companies that coalesce this data, know more about you than you ever imagine. This is why the Lexis Nexis breach was so bad.

So, how can any company that claims to assure identity actually do it? There might be exceptions, but my experience says nobody truly does. The claims of such companies look all the more repugnant when you see the entirety of the “assertion” is based on an entirely automated process, asking questions off a credit report, and how these claims stand up in court is beyond me. All it will take is a single person signing for a house online, through one of these places and all of it will come crashing down like the house of cards that it truly is.

It is hard enough to validate someones identity in person, fake IDs, bribery, notaries not doing their jobs… Honestly, right now, I can’t think of anyone that does a better job of asserting someones identity than corporations, that are involved in heath insurance, do for their employees. Heck, employers do a better job of validating their legitimate employees identity, than most Notaries Public.