To complete IAL3 verification, a proofing agent must compare real-world evidence with what an applicant claims as their identity – this process may be completed remotely or in person.
Traveling employees around, paying hotel rooms and losing productivity from in-person sessions simply isn’t practical for remote teams. Hardware solutions like Trust Swiftly allow customers to capture identity documents and biometric attributes remotely for IAL3 proofing purposes.
IAL3 Authentication
NIST guidelines specify three levels of Identity Assurance Level. Attaining Level 3 involves attending on-site sessions with an agent for document verification and biometric verification, validating core attributes (name, address and phone number validation from authoritative data sources as well as steps taken to link those attributes back to an applicant.
CSPs find this verification standard costly to implement and only suitable for high-risk use cases such as secure physical access to buildings or financial transactions online. Furthermore, this approach only provides strong assurances that an individual exists in reality.
Trust Swiftly manages the IAL3 identity proofing process for you, offering a fully automated and cost-effective remote IAL3 compliant solution that meets NIST standards. Utilizing a managed and supervised agent, our agent compares fresh biometric samples against those recorded when the primary authenticator device was initially issued as well as capture live images of faces to instantly and securely verify attribute information.
In addition, Trust Swiftly supports phishing-resistant authentication methods like hardware-bound FIDO Passkeys as well as adaptive verification capabilities to meet user needs while protecting relying parties against fraud.
IAL3 Authenticator Binding
Many use cases don’t necessitate an IAL3 authentication assurance level (AAL). Instead, CSPs may bind lower level authenticators directly with subscribers based on use case. Or a subscriber might already possess authenticators suitable for an AAL authentication solution.
Subscribers with multi-factor authentication solutions such as FIDO Passkey can attach it as an AAL2 authenticator, providing legitimate proof of identity for transactions that require it.
For higher levels of assurance, AAL requires that CSPs perform binding events between authenticators and online identities of subscribers – also known as binding events – which occurs either during an attended identity proofing session on-site, or later through account recovery processes. Biometric comparison between an authenticator and headshot presented for identity proofing should always take place when performing account recovery process and account recovery should always include notification to subscriber; this helps mitigate against phishing attacks or any malicious activities which exploit trust within an NIST 800-63A IAL3.
IAL3 Return & Report
NIST guidelines have established the highest level of identity assurance known as IAL3, designed to combat impersonation attacks by creating a stronger connection between digital identities and real people. This is accomplished by employing document validation, biometric comparison and direct oversight alongside a robust verification process.
NIST defines three levels of identity assurance: IAL1 provides minimal verification, often self-asserted; IAL2 mandates validated ID documents with strict oversight, while IAL3 requires in-person or remote biometric verification with stringent oversight. Each has their own advantages and drawbacks, yet all provide sufficient strength of proof in critical use cases.
TrustSwiftly NIST provides an economical remote NIST IAL3 verification solution designed to meet TAO assessments without compromising user convenience or security. Our process goes beyond simply checking a box; instead it actively protects against threats while safeguarding sensitive systems.
IAL3 Secure Storage
Verification at IAL3 requires an increased level of assurance and more stringent verification processes compared with lower levels, necessitating more rigorous evidence collection, rigorous oversight and biometric comparison. A high-assurance credential issued at IAL3 helps limit highly scalable attacks such as impersonation fraud or data breaches and can protect from them by using superior evidence collection processes as well as more stringent oversight and biometric comparison procedures.
Reaching IAL3 certification can be complex, but new technology is making the process simpler than ever. Companies don’t need to deploy full self-service kiosks; mobile IAL3 verification agents that run TrustSwiftly no code page on any Windows, Apple or Android device can perform the proofing process and ensure certification compliance.
Agents scan government-issued ID documents of applicants and compare a live image of their face against photos on their document to ensure accuracy. Furthermore, authenticity checks of each document and various checks (fingerprinting and cross-referencing with trusted databases) are conducted before storing its results on a secure server until accessing and verifying them can take place.
