Unified Personal ID Validation

While the US First Army was blasting tank routes through the Hurtgen Forest in late 1944, Private Joseph Matuska felt enemy shrapnel hit across his entire body. Two weeks later, he lay dazed and unaware in an Army hospital bed in Valley Forge, Pennsylvania. A nurse on rounds happened to recognize the injured soldier as her second cousin, and Matuska’s wife, who would later become my children’s grandmother, was told that her husband was no longer MIA.

Fast forward the calendar seventy-six years, and I watched as my wife, just home from her father’s funeral, sifted through the impressive stack of identification documents that the old WWII veteran had left behind. There was his New Jersey driver’s license, several other state and national ID cards, a military card, a voter registration card, his passport, several medical and insurance ID cards, several credit cards, several club membership cards, and on and on.

It seems ironic that so often, it is not until someone has become deceased that we really take full account of the identification documentation that we are so reliant upon to exist in our modern society. And it seems more than ironic that we tend to brag about living in an era where technology makes our lives so much simpler. My hero father-in-law’s impressive stack of ID cards would seem to serve as Exhibit A to the contrary.

I happened to be thinking of him (and his stack of ID cards) this past week while speaking with the principals from a fine organization called Acuant. Our discussion covered the wonderful work they are doing to simplify, integrated, consolidate, and secure the tangle of identification documents, and associated validation processes that are not exactly the pride of our society. I think their approach is solid, and I’ll try to share with you below what I learned:

“Our purpose at Acuant,” explained Kevin Vreeland, Managing Director, “is to simplify the identity validation ecosystem to maximize the trust of any transaction that is reliant upon an individual’s identity. We believe identity is the new currency, and it is more important than ever that PII is protected. Acuant accomplishes this by providing workflows that are fast and secure by streamlining the lifecycle process for establishing confidence in a reported identity.”

The Acuant solution is offered in three levels: First, images of credential information such as driver’s licenses are captured into the app to support basic tasks including familiar auto-fill into on-line forms. Second, strong authentication is performed in seconds by more than fifty forensic tests including biometric facial recognition, often needed for higher assurance. And third, the solution supports both RFID and a manual review for the most critical applications.

I asked about delivery of the solution, and Vreeland explained that while the team does have a demo app, their typical customer integrates the Acuant software libraries into their own app software. We discussed a typical use-case for a mobile app developer using Android Studio, and the integration process appeared straightforward and easy to understand. Solution delivery via SDK is not always the easiest sale, but it sounds like Acuant knows what it’s doing in this area.

Our conversation moved quickly to privacy, and establishing confidence to put all of one’s credentials into one bucket. Vreeland explained the company’s approach to encryption and its disaggregation of credentials as they are validated, significantly reduce the risk of any compromise. He stressed the company’s belief that individuals should be in control of PII. He also outlined rational use-cases for stored and non-stored credentials by the app provider.

Compliance challenges also came up during the discussion, and Vreeland resonated with my concerns about geographic differences in how credentials are handled. “There are different laws regarding credential handling in various countries,” he said, “and we fully recognize that our solution must respect these requirements. Take Singapore, for example; they require that their citizens’ stored credentials never leave their borders. We must support that demand.”

Acuant traces its roots to the merger of their original auto-fill capability with AssureTec’s multi- factor identity verification. The marriage seems to have resulted in a unique blend of capabilities for trusted, identity-based validation. I suspect that if this technology had been more commonly available at the time, I’d likely have captured my father-in-law’s document images into a common app. (Although old WWII vets didn’t care much for mobile phones.)

So, if you are in the business of servicing your customer base using a credential validation process – and I guess this means virtually all businesses – then please consider taking a moment to have a look at the Acuant approach. I think you will like what you see. And as always, please share what you’ve learned with all of us.