Skip to content
All about technology.

Requiring Verification Specialists: Which vital accreditations and authentication elements are crucial for a verification service?

Best Practices for KYC/AML: Essential Certifications and Attestations for Verification Service Providers, as suggested by The Sumsuber.

 and  Administrator
3 min read
Inquiring Verification Service Providers: Which key certifications and attestations are essential...
Inquiring Verification Service Providers: Which key certifications and attestations are essential for attaining credibility in the verification sector?

Requiring Verification Specialists: Which vital accreditations and authentication elements are crucial for a verification service?

Sumsub, a leading verification provider, has announced the launch of a bi-weekly Q&A series aimed at answering frequently asked questions about regulatory compliance, verification, and automated solutions. The Q&A series will be posted every other Thursday on The Sumsuber and social media platforms, including Instagram and LinkedIn.

In this week's Q&A, Polina Ryabinchuk, the DPO/Deputy Head of Legal Department at Sumsub, will discuss the most important certifications a verification provider must hold for regulatory compliance and identity verification.

Essential Certifications for Verification Providers

The certifications and standards crucial for a verification provider focus primarily on adherence to recognized identity assurance frameworks, security standards, and industry best practices. Key certifications and frameworks include:

  1. NIST SP 800-63 Levels (Identity Assurance Levels - IAL and Authentication Assurance Levels - AAL)
  2. For identity proofing and authentication, many high-assurance regulatory frameworks and industries require adherence to the National Institute of Standards and Technology (NIST) standards.
  3. Specifically, IAL2 or IAL3 levels for identity proofing (verifying that a real person is who they claim to be with strong evidence) and AAL2 or AAL3 for authentication mechanisms are considered the baseline for secure digital identity verification.
  4. Primary Source Verification (PSV)
  5. For credentialing, especially in healthcare, verification providers must be able to perform primary source verification of credentials such as licensure, board certification, education, and training directly from issuing authorities or authoritative databases.
  6. Compliance with HIPAA and Data Security Standards
  7. If verification involves healthcare providers or personal health information, compliance with HIPAA (Health Insurance Portability and Accountability Act) and secure handling of protected health information is essential.
  8. Membership or Accreditation in Trusted Industry Programs
  9. Programs such as DirectTrust’s Identity Provider Program set standards for providers issuing digital credentials linked to verified real-world identities in healthcare, ensuring strong adherence to security and trust protocols.
  10. Verification of Government-Issued IDs with Organizations like AAMVA
  11. Verification of state-issued IDs (driver's licenses, state IDs) is typically done through recognized authorities such as the American Association of Motor Vehicle Administrators (AAMVA) to ensure authenticity.
  12. Other Industry-Specific Accreditations or Requirements
  13. Depending on use case, industry or state regulations may require verification providers to meet criteria from accreditation bodies such as NCQA (National Committee for Quality Assurance), The Joint Commission (TJC), or URAC.
  14. Use of Cryptographically Verifiable Credentials (Verifiable Credentials - VC)
  15. For emerging digital identity frameworks, supporting cryptographically signed digital credentials (VCs) that comply with trust models allowing tamper-proof identity claims is increasingly important for regulatory and interoperability compliance.

The Important Certifications Mentioned

The important certifications mentioned in the Q&A series include:

  • ISO/IEC 27001:2013, ISO/IEC 27017:2015, ISO/IEC 27701:2019, SOC 2, ISO/IEC 27018:2019, UK GDPR certification (Data & Privacy ACCS 2:2021), EU GDPR certification, eIDAS & ETSI standards framework, UK digital identity and attributes trust framework, ISO 29003:2018 & 29115:2013, and FIDO certification.

In addition to discussing these certifications, Polina Ryabinchuk will also touch upon Biometric Presentation Attack Detection according to ISO/IEC 30107-1:2023.

A detailed guide on selecting an efficient verification vendor can be found on a specific link. Stay tuned for the next Q&A session every other Thursday!

Technology plays a significant role in the Q&A series, as it is the medium through which the sessions are delivered, and the topics of discussion concern technological solutions such as automated identification processes, cryptographically verifiable credentials, and Biometric Presentation Attack Detection.

The certifications and standards crucial for a verification provider focus on adherence to recognized identity assurance frameworks, security standards, and industry best practices, often involving technology such as NIST SP 800-63 Levels for identity proofing and authentication, primary source verification of credentials, compliance with HIPAA and data security standards, industry programs like DirectTrust’s Identity Provider Program, support for cryptographically signed digital credentials, and more.

Read also:

    Related

    Latest