How an IAL3-Compliant Solution Works

The requirements of the International Identification Layer 3 (IAL3) include more stringent identity proofing, strong phishing-resistant authentication, and secure federated identification practices. They deprecate email OTP authentication while downgrading SMS-based methods; additionally they mandate phishing-resistant MFA/passkeys as security mechanisms.

Contrary to IAL1, which can be achieved using remote unattended processes, IAL2 must involve in-person attended processes that limit more advanced attacks like evidence falsification and theft or repudiation. Trust Swiftly's hardware-based IAL3 solution offers savings both financially and time while satisfying auditors.

IAL3 Identity Proofing

High-assurance identity proofing is becoming an essential component of business success in an age of remote work, where traditional methods such as email OTPs, SMS-based verifications or in-person verification sessions alone cannot guarantee sufficient protection from modern cyberattacks such as phishing attacks, man-in-the-middle threats and others.

NIST has created a framework of identity assurance levels (IAL) to standardize how digital identities are verified. At its IAL3 identity proofing, document validation, biometric comparison, and direct oversight must all be utilized to ensure that claimed identities match up with those being presented with them.

Trust Swiftly's advanced technologies combine to offer an IAL3 compliant solution that ensures increased security, regulatory compliance, user experience enhancement, and cost savings for your business. This is accomplished using document verification and facial recognition with liveness detection - two techniques designed to verify whether individuals presenting themselves for authentication match their claimed identities accurately, thus helping prevent fraud and spoofing attacks from taking place.

NIST 800-63A IAL3

The NIST Digital Identity guidelines include an important provision known as the IAL3 requirement, which measures the degree of confidence with which a digital identity matches with one in the physical world, from self-asserted to verified identities (IAL1 to IAL3).

Trust Swiftly assists organizations in meeting IAL3 requirements through biometrics and address verification. In particular, Trust Swiftly's platform uses facial recognition technology to match photo ID documents as well as cross-referencing addresses with public records to determine that they match public records accurately, reducing risks of fraud or impersonation and helping businesses comply with regulations more easily.

Similar to AAL requirements, the platform enforces AAL2 requirements by mandating multi-factor authentication journeys and hardware authenticators such as PIV/CAC cards for AAL2. For AAL3, FAL capabilities require phishing-resistant methods like FIDO Passkeys to support FAL capabilities. Furthermore, organizations can easily reach IAL3 with zero trust security architecture by taking advantage of adaptive and context-aware verification - this ensures assurance levels align with NIST's modular framework updated for modern security requirements in SP 800-63-4.

IAL3 Compliant Solution

Traditional approaches to IAL3 proofing involve employing an on-site agent, which is inefficient and unsustainable for businesses with remote employees. Flying workers around and paying for hotels is not the most productive use of their time and organizing these sessions can be logistically complex across distributed teams.

Technology has enabled CSPs to remotely verify IAL3 credentials remotely. Trust Swiftly provides a hardware-based solution that meets NIST 800-63A's requirements, helping businesses save money while meeting auditor requirements.

Hardware made to capture identity documents and biometric attributes instantly and automatically allows customers to capture identity documents and biometric attributes for applicants quickly, conveniently, and without fear of phishing attacks or any other vulnerabilities in authentication processes. Furthermore, watchlist screenings help businesses comply with KYC/AML regulations more easily than ever.

Trust Swiftly

Trust Swiftly's remote NIST IAL3 verification solution meets FedRAMP High compliance standards while saving businesses money and protecting sensitive data against cyber attacks by verifying customer identities with confidence.

Identity proofing processes that offer an effortless user experience and eliminate customer friction are at the core of this product, while KYC/AML solutions ensure businesses comply with strict regulations to avoid costly fines and damage to their reputations.

Trust Swiftly's security features include facial recognition and document authentication to confirm the legitimacy of government-issued documents, watchlist screening to identify suspect individuals or entities linked to terrorism, money laundering or fraud as well as address verification by cross-referencing official databases and utility bills ensuring submitted addresses correspond to real world records, address validation through cross-referencing official databases as well as utility bills ensuring submitted addresses align with real world addresses, as well as behavioral biometrics to detect any anomalous actions and interactions taken by verified users that reduce account takeover attempts risk significantly.