IAL2 requires more stringent evidence, validation, verification, and resolution processes in order to effectively protect against impersonation attacks. IAL2 limits highly scalable attacks while protecting against basic evidence falsification, fraud, theft and social engineering tactics.

IAL2 provides other verification methods that don't rely on biometric comparison, such as confirmation codes delivered outside session to a physical address verified as verified. Throttling requirements help limit attacks targeting the verification process.

Integrated with NIST 800-63A

IAL3 identity proofing adds additional evidence, validation and NIST IAL3 verification requirements designed to prevent impersonation attacks, error-prone evidence collection, repudiation and more advanced social engineering tactics. IAL3 requires an in-person meeting between applicant and CSP representative as well as requirements for at least one biometric characteristic collection and enrollment in an exclusive subscriber account with its own authenticators tied exclusively to it. Learn about NIST IAL3 verification faster by checking out the site.

Mailed confirmation codes provide effective protection from scaled and high-volume attacks while significantly decreasing attacker time-to-value, yet remain vulnerable to being intercepted by close associates and family.

Trusted referees are carefully screened and trained to assist with exception handling scenarios, such as when an applicant's claimed attributes do not correspond with official records (e.g., recent address or name changes). They may also be asked to physically inspect physical evidence. Applicant references are individuals identified, assessed and approved by CSP who can vouch for an applicant's attributes, abilities or circumstances related to proofing process completion.

Faster

There are so many factors that contribute to making life intoxicatingly beautiful: family, food and love! But amidst it all lies an incredible secret weapon: You. Like in IAL1 and IAL2, identity proofing at IAL3 requires more rigor and specificity when collecting, validating, verifying and biometrically comparing evidence collected to protect against enrollment threats and impersonation attacks, but also to limit scalable attacks, defend against basic evidence falsification as well as protect against threats that use compromised personal information for attacks.

Contrary to remote unattended and self-service methods, IAL3 requires face-to-face interactions with a CSP representative in order to collect and enroll an initial authenticator on behalf of an applicant. These interactions are designed to limit highly scalable and targeted attacks from occurring altogether. Furthermore, they play a pivotal role in speeding user adoption rates, decreasing application departure rates and improving application acceptance rates.The IAL3 process includes checks against vital statistics repositories and requires applicants to present proof of citizenship.

Safer

The IAL3 verification process introduces additional evidence, validation and verification requirements in order to more effectively address impersonation attacks and other error sources than with its predecessor, IAL1. It's designed to limit large scale attacks as well as protect against basic evidence falsification tactics like theft or social engineering tactics.

CSPs must document operational processes for handling exceptions in addition to performing PIAs and risk analyses, including employing trusted referees trained to make risk-based decisions on behalf of applicants who fail to satisfy IAL1 and 2 verification requirements such as receiving confirmation codes in the mail or comparison of facial images on identity proofing evidence.

In the event that an applicant does not complete an IAL3 verification process successfully, a CSP MAY provide them with a continuation code to use later to complete it. A series of verification steps is then used to ensure its validity; such steps include validation with authoritative or credible sources and vital statistics repositories (e.g. Death Master File) checking as well as biometric comparison of applicant to validated evidence.

More Secure

IAL3 provides the highest level of assurance, designed to minimize highly-scalable attacks and protect against evidence falsification, document theft and social engineering tactics. It requires more stringent methods of gathering and validating evidence - including verifying an applicant's physical presence during an on-site attended process.

TrustSwiftly's remote IAL3 compliant solution offer an alternative proofing approach that goes beyond simple visual comparison of documents with subjects; TrustSwiftly uses hardware-enabled video and facial recognition with liveness detection capabilities, enabling CSPs to quickly validate identity of applicants while detecting impersonation attempts while creating an effortless user experience for genuine subscribers.

Zero Trust operationalizes NIST 800-63A IAL3 standards for IAL, AAL and FAL by providing continuous verification that reduces fraud, protects sensitive data and boosts digital trust interactions. TrustSwiftly's Zero Trust approach incorporates NIST-align MFA, hardware authenticators and strong federation to deliver an integrated solution with seamless user experiences that complies with FedRAMP High compliance.