Documentation

ID.me Digital Wallet & Credential Broker

Welcome to the world of ID.me, where the Digital Wallet and Credential Broker redefine identity verification and authentication. Discover our ID.me Social Login, which leverages these cutting-edge solutions to bind proofed identities to credentials for initial and subsequent authentication. We offer a state-of-the-art Multi-Factor Authentication (MFA) suite certified to NIST 800-63-3B Authenticator Assurance Level 2, providing a high level of confidence in user identity control. Our MFA options play a pivotal role in preventing fraud by adding a layer of security beyond the traditional username and password. With diverse MFA options, such as Call to Landline MFA and unphishable FIDO2 tokens, we ensure accessibility for all demographics. Our capabilities extend to document authentication, phone verification, 1:1 selfie matching, face liveness, human review, and advanced fraud detection tools, including AI/ML and dark web monitoring, all accessible through ID.me's Identity Gateway. Join us in revolutionizing identity verification and security.

ID.me Social Login

ID.me Social Login simplifies the user authentication process for your organization by allowing you to authenticate users, reducing the friction between your customers and their accounts. Using industry standard federated protocols, such as OAuth, OpenID Connect and SAML, ID.me can be seamlessly integrated and serve as a trusted entry point for your users to access their accounts, utilizing our recognized and branded single sign-on service.


When to use this policy

Ideal for integrations with existing social login options (e.g. Facebook, Google, Apple, etc).

Essence of Policy

  1. Email + Password
  2. Consent

Multi-Factor Authentication

To bind proofed identities to credentials for initial and subsequent authentication, ID.me offers a state of the art Multi-Factor Authentication (MFA) suite that is certified to NIST 800-63-3B Authenticator Assurance Level (AAL) 2. These authenticator options provide a high level of confidence (Assurance Level 2) that the same user who was proofed remains in control of their account and credential.

ID.me's MFA options play a crucial role in preventing fraud by adding a layer of security beyond just a username and password. ID.me offers several MFA options increasing accessibility for all demographics. For example, ID.me offers Call to Landline MFA for users without a cell phone and “unphishable” options such as a FIDO2 token the user carries with them on their keychain.


When to use this policy

Ideal for integrations with an existing login that leverage multi-factor authentication.

Essence of Policy

  1. Email + Password
  2. Complete MFA
  3. Consent


Identity Verification

ID.me dynamically conducts Federated Login, Identity Proofing, Multi-Factor Authentication (MFA), and Attribute Validation according to a customer's chosen authentication policy. The intelligent policy engine compares the authentication policy against the existing state of the user’s account to prevent redundant actions and friction and to enable step-up as needed.


KBA Replacement

When to use this policy

Ideal for integrations with low incentive for fraud (e.g., part of the experience has an in-person aspect).

Verification is achieved with one strong piece of evidence - either document or telecom verification.

Essence of Policy

Identity verification based on one (1) STRONG piece of evidence:

  1. Document Upload
    2. OR
  2. Telecom Check


Fortified Identity

When to use this policy

This is best suited for integrations w/ medium/high fraud risk in a commoditized space.

FI is higher-assurance than KBA-R as it is based on two pieces of evidence, versus one. Fortified Identity fills the gap for integrations that have stronger incentive for bad actors but want to limit the amount of friction in the user experience. This is best suited for integrations w/ medium/high fraud risk in a commoditized space.

Essence of Policy

Identity verification based on two (2) STRONG pieces of evidence:

  1. Document Upload
    2. AND
  2. Telecom Check (w/ Liveness Face Match as an optional fallback path)


NIST IAL2

When to use this policy

IAL2 is ideal to increase user adoption, decrease false negatives, and detect fraudulent identities by a malicious applicants. Lastly, this policy has the option to join a video call to interact with an ID.me Trusted Referee to complete verification via Virtual Proofing.

Verification is different than KBA and FI in that it follows NIST digital identity standards. NIST IAL2 limits KBA methods and replaces them with devices and biometrics. This policy introduces the need for either remote or physically-present identity proofing.

Essence of Policy

One piece of STRONG evidence if the evidence’s issuing source, during its identity proofing event, confirmed the claimed identity by collecting two or more forms STRONG evidence and the CSP validates the evidence directly with the issuing source;

OR

  1. Two pieces of STRONG evidence;
    2. OR
  2. One piece of STRONG evidence plus two pieces of FAIR evidence