Identity verification is only as good as the data sources behind it. Data quality is the single most important factor in regulation compliance and risk mitigation verification. Quality sources such as government, credit, utility, and telco are best, but consumer sources can be used either as supplemental sources or for lower risk transactions.
GlobalGateway uses multiple credible third-party data sources to cross-check the information that your customers provide for verification and validation. We give you a variety of reliable and trusted data sources to achieve accurate identity verification and meet compliance standards. You shouldn’t have to lose potential customers to remain compliant.
Implementing an effective electronic identity verification (eIDV) solution can be complex for customers in one country, let alone in multiple countries.
At Trulioo, we help to ensure the foundational components for eIDV are efficient and right for your business from the very start. With hundreds of clients worldwide, we can help your business adhere to Anti-Money Laundering (AML) and Know Your Customer (KYC) compliance to help your business with frictionless transactions, reduce fraud, improve your risk profile, and create a smoother onboarding process.
Below is a list of questions and answers about Trulioo’s identity verification service, GlobalGateway. Contact Trulioo for expert cross-border identity verification services today.
A: Trulioo works with leading data source providers, who internally enforce the highest data privacy and industry compliance standards. From the vetting process to on-boarding, rigorous checks are in place including determining business history, as well as executing security compliance checks to ensure the integrity of our data.
A: The following data sources are commonly used for eIDV:
Citizen: Data sourced from either a utility or government issued database that is enhanced and updated with other source files such as public data, change of address, postal data, property data, and data pooling with other organizations.
Consumer: Data sourced from direct marketing campaigns.
Credit: The data is derived from a registered credit agency, or bureau, which manages consumer credit information on individuals with consumer credit history in that country.
Electoral Roll: Government collated and issued data, for all citizens in a country, who are enrolled to vote.
Government Issued: Government collated and issued databases, or information. This includes national insurance numbers, driver’s licenses and passports.
National ID: Government collated and issued data for countries which have a singular, national identification system with an associated number.
Property Files: Data issued by the government or other accredited sources detailing ownership of property within a given country.
Public Data/Resident Files: Mixed source which may include utility, consumer, and other public information.
Utility: Data issued for a national utility provider which includes telephone, gas, electricity, or water.
Tele-connect: An automated, telephone number verification service, which details whether a landline or mobile number is valid and hence connects, or is disconnected.
Watchlists (OFAC, DFAT, EU, etc.): Watchlists and country sanction program list screening is available against a rang of lists.
Other Identity Validation: Validation of national identity numbers, social security numbers, national health numbers, or other key country indicators of identity. Also includes validation of the unique reference number at the bottom of global passport machine readable zone (MRZ), which specifies that is it valid and also includes the individual’s name and date-of-birth.
A: Trulioo provides identity verification services to clients across the globe, with coverage in over 50 countries. As a result, each data source is unique, as are the collection methods by which a file is established. What is consistent across all data providers is an adherence to providing notice and requesting opt-in from users, prior to the collection of data, as well as the adherence to security and privacy best practices in protecting this information.
A: Each of our data partners adheres to the data retention practices governed by the laws and privacy standards in which the data is hosted, to ensure integrity. As such, retention practices will vary based on the country and provider, with a focus on maintaining the quality and integrity of the collected information over time.
A: GlobalGateway provides access to a global resource of data sources, integrated via API to our system. Each data source has varying time frames by which the update of their data is governed. Primarily within a daily, weekly or quarterly cycle. Given the direct link to our data source providers, all updates are reflected in real time within GlobalGateway.
A: This depends on the country and when the file is pulled. Since we are constantly updating sources and continuously acquiring newer data sources to improve match rates, the percentage of coverage changes frequently.
GlobalGateway has many countries with population coverage in excess of 80% (Category 1) which is achieved by checking multiple data sources. Our country categorization is based in part on the percent of population covered for each country.
A: Countries in GlobalGateway are routinely enriched and new countries added. A 3 category classification system shows the verification strength of each country (Category 1, Category 2, and Category 3). The classification system is based on how many data sources GlobalGateway has for the country, how much of the population is covered by the data sources for the country, and if the data sources meet or exceed age verification guidelines and AML requirements. Trulioo is committed to transparency and so makes available detailed information on sources once a prospect begins the evaluation of services and initiates a non-disclosure agreement.
A: This is a critical question, and of course depends on the data source and the country. One great way to gain specific answers for this question is to sign up for a free trial or schedule a GlobalGateway demo with our sales rep. You can see the list of data sources in our portal with each data element required and verified for each source. Our data sources can verify the following types of data elements:
First Name/Given Name
Street Number/House Number/ Civic Number
Street Name/Street Type
Date of Birth
Driver’s License or similar government ID
National ID Number
A: By default, Trulioo does not retain customer data; however GlobalGateway has a configurable data retention policy based on each clients needs. Vendors within GlobalGateway are prohibited from using or retaining customer data for any purpose other than providing identity verification services.
A: A verification match is based on the configured rule for your implementation, the rule may include first name, last name, date of birth, address fields, passport and national ID.
The Verification Results Matrix in the GlobalGateway portal delivers a unique visualization of a verification result; displaying the match results for each individual attribute from each individual data source. This provides you with an enhanced understanding and greater clarity of why a customer was verified or not.
A: GlobalGateway includes multiple built-in standard verification rules, as well as the ability to define your own match rules. GlobalGateway also provides the ability to apply a different rule per country enabling you to comply with regional and international AML and CTF regulations.
A: GlobalGateway provides the ability to create multiple test entities per country, allowing you to test for consistency.
A: It depends. Verification rules can be dependant on the country and industry, Trulioo recommends discussing your verification requirements with your legal counsel to ensure you are compliant with country specific regulations.
A: Address information is managed by the built-in logic in GlobalGateway to ensure it maps to a country’s specific format and orientation. All or some of an address may be incorporated into a verification rule; this is dependant upon the rule itself.
A: Each verification transaction is logged in GlobalGateway with a TransactionID. You can search for prior transactions through the Transaction History tab.
A: Required fields can differ per country and per data source, certain data sources may require ID information such as a National ID or Social Security Number
A: A verification match is consistent across GlobalGateway, and we strive to maintain a consistent set of data fields (name and address fields), however there is a subset of fields that can be different per country.
A: Trulioo provides 2 options for integration:
XML Direct – A WSDL based web service that allows you to fully customize the integration of GlobalGateway into your automated business processes or website. XML Direct is GlobalGateway’s legacy API that provides country & data source specific fields.
Normalized API – A normalized API which is country agnostic, providing a consistent and normalized set of data fields for client service integration. The Trulioo Normalized API allows you to customize the integration of GlobalGateway into your automated business processes or website.
A: With XML Direct, you can update the form per country based on the XML Guidelines Trulioo supplies per country. The Normalized API provides a “normalized” (generic) set of fields across all countries.
A: Onboarding depends on a number of factors including integration type (XML Direct or Normalized API), the number of countries selected, and your development team’s timeline. Simple onboarding cases (e.g. national and international) can take as little as one day.
A: To address the recurring need to remediate client data attributes, Trulioo offers an AML Batch Service where you can upload and process batch files (up to 200,000 transactions) to re-verify customers against the Watchlist (AML/PEP/OFAC lists) data source with minimal impact on business. In one to five business days, the results are provided in the form of a CSV file with a negative or positive flag per individual. For positively flagged individuals, links to the specific list(s) they were identified on are provided. For more information, visit our AML Batch Service page.
A: AML Batch process is completed in one to five business days, depending on batch size (up to 200,000 transactions).
A: The results are provided back in the form of a CSV file with a negative or positive flag per individual. For positively flagged individuals, links to the specific list(s) they were identified on are provided. Results are also available in the GlobalGateway portal.
A: A process that compares identity information from an individual, to database results, to see if it matches. For example, a new customer might be asked for their full name, phone number, address and date of birth. This identity information is then compared to records from credit bureaus, government agencies, utilities or various other reliable and independent sources to see if that personal identifiable information (PII) is accurate.
A: An identity verification confirms that an identity provided actually exists and matches records. However, this does not indicate that the identity is authentic, that the individual is who they say they are. Identity authentication, often referred to as knowledge-based authentication (KBA), goes a step further and requires providing an answer to a uniquely qualifying question. For example, what is the name of your first pet, or another question that only you would know.
A: Anti-money laundering (laws). To disrupt and prevent corruption, terrorist financing and other criminal activities, governments enact AML regulations requiring banks and other financial institutions to ascertain that the customer and their funds are legitimate.
A: Know your customer. As part of AML, financial institutions need to establish customer identity and do customer due diligence to ensure they know the source of the customers funds and determine the associated risk of doing business with them.
A: The initial step of an effective KYC process is to accurately identify an individual. Each financial institution has to have a set policy for account opening, identity verification, account screening, customer notification and record keeping.
A: Politically Exposed Persons. These are individuals who, based on their position of power and influence, pose a higher risk of bribery and corruption. Due to their higher risk category, customer due diligence requirements are more stringent (see enhanced due diligence).
A: Anti-Money Laundering (AML) sanctions lists. These are lists of individuals who are suspected (or convicted) of various financial crimes and restricted from doing business in sanctioning countries. These lists come from diverse government sources, international regulators and law enforcement agencies.
A: A legislated responsibility of banks and other financial institutions to understand their customer’s activities and do an analysis of their risk of money laundering and terrorist financing. CDD is a critical element of effectively managing the institutions risks and protecting itself against potential financial crimes and nefarious activities.
A: Types of activities or account holders that require extra customer due diligence scrutiny. If an account type or account owner has a higher risk of money laundering or terrorist funding, then it’s subject to enhanced due diligence (EDD).
A: Financial technology. While any technology used in finance could, technically, be Fintech, the term is now more descriptive of new financial startups that are offering innovative technology and processes. According to PWC, “Fintech is a dynamic segment at the intersection of the financial services and technology sectors where technology focused startups and new market entrants innovate on the products and services currently provided by the traditional financial services industry.” For more information please visit our Blog: fintech.
A: Regulation technology. This recent term is for the nascent field of companies that help financial firms deal with the burden of regulations. According to Deloitte, “RegTech helps firms to automate the more mundane compliance tasks and reduce operational risks associated with meeting compliance and reporting obligations. In the long term, RegTech will empower compliance functions to make informed risk choices based on data provided insight about the compliance risks it faces and how it mitigates and manages those risks.” For more information please visit our Blog: RegTech.
Still haven’t answered your questions? Please send an email to email@example.com and let us know how we can help.