Identity Validation

By Henry Bagdasarian

For identity validation purposes, a person must provide specific personal information to prove ownership of the identity. For example, when you go to the ATM machine to get cash or when you login to one of your online accounts, you must enter a PIN or password to identify yourself. The reason for this process is because every one can claim a certain identity, but how do businesses validate millions of identity claims each day? Such information needed for identity validation is not only unique to the person claiming ownership of the identity but is also defined differently by each business. In most cases, information needed for validating an identity ownership is something that a person has, knows or is. A lot of times, it’s much more effective if an identity is validated by a combination of various information obtained about an identity. For example, credit card ownership during a phone or online transaction is validated by using the credit card information (something we have) and the Card Verification Code (again something we have). This is not a very good idea and doesn't make a lot of sense because the two required validation information can be obtained from the same source, the physical credit card. That means a stolen credit card provides all the information a thief needs to go shopping. However, using a credit card for in-store purchases often requires a valid photo identity card such as a driver’s license which is a better control because two different items that we have must be verified to establish our identities.

Identity validation may also be referred to as identity authentication and identity authorization. Let’s explore the various sources of information available for validating an identity.

As I mentioned, our identity can be validated by providing personal information to a system or a person. Such information can be information that we have such as a driver’s license, picture ID card, or a passport. In some cases, when other parties want to validate our identities, they ask for a piece of information that we have such as the ones I just mentioned. There are really no rules with regards to what information is preferable by all parties for identity validation. Whether you have a new job or are entering the airport, they can ask you for any piece of information that you must have to prove that you are who you say you are. The risk with this type of information is that they can be lost or stolen for identity theft and fraud purposes.

Sometimes, the parties you are doing business with can ask you for information that only you know about. This information will also give them the ability to validate you and complete the transaction. Some examples of information that you know include password, your date of birth, and mother’s maiden name. This type of information is also very valuable and effective until a person shares them with others. Many people share their secret codes and other personal information with their close relatives and friends, but each time passwords are shared with others, the risk of identity theft increases because you are no longer in control of the shared information meaning they can be misused by people you shared your information with or posted on the Internet for everyone else who might have a use for such information.

The third type of information used for authenticating an identity is something we are or biometric identification and authentication. Such information may be our finger prints, hand geometry, or eye patterns. This type of information is harder to hijack than the information we have (passport) or the information we know (password) because in both cases we can lose or give away the information, whereas, our hand or fingers can’t be deliberately given away or stolen unless of course we are directly involved at the point of fraud either voluntarily or forcefully. Biometric identification may be the future for identity validation but we still have long ways to go. I suspect that as biometric identification becomes widely used, identity theft will also evolve and become much more dangerous to people’s lives than just stealing a person’s wallet.

In summary, protect your identity by protecting the personal information that you have or know by reducing their unnecessary exposure to loss and theft. Such personal information as your ATM and credit card PIN as well as your company’s remote access token or passport can be used to take over your identity.

Return to home page from "Identity Validation".

Enter your E-mail Address
Enter your First Name (optional)

Don't worry — your e-mail address is totally secure.
I promise to use it only to send you Identity Management Journal.