Need Assistance? 866-588-9288

Identity Fraud on the Internet: Using Identity Verification as a Deterrent

Those concerned most with the issue of public safety, including parents, members of law enforcement and school officials find that the scope of their concern must now go beyond shopping malls, playgrounds or schools if they are to satisfy their duty to protect those who are unable to protect themselves; they must now add cyberspace to the list of “danger zones” where violence against children, theft and bullying can occur.

Identity, Internet Safety, ID Fraud

Functional Goals
Please indicate the functional goals of the submitted technology by checking the relevant box(es): X Limit harmful contact between adults and minors X Limit/prevent minors from accessing inappropriate content on the Internet X Prevent minors from accessing particular sites without parental consent X Prevent harassment, unwanted solicitation, and bullying of minors on the Internet X Other –ability to share information and manage personal information via RelyID CardSpace

To most Americans, the Internet is the ultimate playground, one where they are free to pursue their dreams and fortunes in the sanctuary of their own homes. To others who would abuse this freedom by misrepresenting themselves in order to commit acts of fraud and related crimes, it is an equally thrilling domain—one where they are able to perpetrate crimes from behind a shroud of anonymity that is often difficult for law enforcement to breach to attain answers and exact consequences after crimes have already occurred. Along with our younger citizens, adults are often at great risk for victimization by fraudsters on the Internet. Social networking sites are quickly gaining the momentum of use that email did in the 90’s. Almost everyone uses some kind of social networking tool on the Internet and as a result, social networking sites have also encountered great risk when it comes to possible issues of liability for negative outcomes resulting from Identity fraud, theft or abuse of their members. How do concerned citizens strike the balance between preserving the freedoms that makes the Internet such a powerful tool for learning, exploration and life-building while at the same time making it a zero tolerance zone for those who would use it to do harm? We do so by providing a solution designed to empower both consumer and business users of the Internet to make informed decisions about who they interact with. In the non-cyber realm, people and businesses typically verify the identities of those with whom they interact by relying on photo ID’s. Since people and their identities are virtualized on the Internet, a more creative solution is required.

Our solution would be to create an interface that would allow sites with members or customers that interact with one another to incorporate identity verification details such as age and possibly even identity grading from criminal background check results seamlessly into their transaction or registration processes. The solution could also include an option for users to go through the process at their own expense to display an emblem of validation within their profile that shares that they really are who they say they are.

The solution need not display the actual age, name or location of that individual. The information could be shared on an as required basis and could also be stored within a Microsoft CardSpace Managed Card provided by RelyID or self-issued cards that have been validated by RelyID.

RelyID offers a multi-level approach to identity verification. Each step in the verification process acts as a filter, which can then automatically trigger one of multiple data verification workflows based on the personal information provided. This methodology both detects fraud and offers a BGC level of “Green” for identity verification. This means that the highest level of reliability that the identity is not only valid, but that the remote party is the true owner of that ID. In instances where questions cannot be returned, in cases such as international credentials or lack of credit history, then Tier 2 verification is utilized for verification results. The system can be tailored to meet a partner’s specific identification requirements. The Tier 2 system automatically runs when questions are not returned on the Tier 1 search with the information provided.

Additional Support and Dispute Resolution
Utilizing and GIS’ extensive network of dedicated support personnel adds a layer of risk management, expertise, and enhanced results to identification screening. The ability to use in-house services to handle dispute resolution, offer consulting, manual verifications, and international screening expertise adds an extended value for a complete identification solution.

Other information can certainly be utilized for verification including Drivers License, Social Security Number, education etc.. Custodial Accounts could be established for minors and managed by parents or guardians. With verification having been established, websites could bar entry into areas within their site or into the community without having the proper credentials. A RelyID CardSpace could be utilized at the method of entry into the site if the site is an accepting party of the technology.

If the site is not in a position to be a relying party of CardSpace then the profile of the individual could contain or receive badge/emblem/icon within the profile that would be added assurance that the individual is who they say they are . This solution would limit harmful contact between adults and minors by verifying an individual’s personal information such as: location, name and age as a prerequisite for membership or participation on a website, consumers would receive an electronic ranking or virtual badge signifying that the personal information they have supplied to the website is valid. Member websites can then use this “electronic signature of validity” to impose limitations on contact between members depending on the age or level of authentication scoring through RelyID.

This solution would limit/prevent minors from accessing inappropriate content on the Internet if the website with inappropriate content required verification of age to be a requirement for access. The individual would require verification prior to entry. The website could utilize Microsoft’s CardSpace technology as an accepting party in order again to gain access to the site. Those users who are underage would not be allowed entry. The RelyID solution would prevent minors from accessing particular sites without parental consent if the website required verification whereby information required to validate the identity of the minor was shared by the parent or legal guardian of that minor.

There are many companies providing Identity Verification services to consumers and businesses; what RelyID offers is unique because we bring with us the power of the nation’s largest criminal screening database containing more than 400 million instant criminal records updated from direct sources including: counties, Department of Corrections (DOC), Administration of Courts (AOC) and State Sex Offender Registries covering 49 states plus Washington, D.C., Puerto Rico, and Guam. Also included are national and international terrorism sources, more than 4.1 million photos, and our proprietary database of previously completed reports. Verification of education, employment and professional certifications is also available as an additional level of identity validation, allowing businesses or consumers to pursue a greater depth of identity verification or validation if so desired.

The service is non-intrusive to consumers, maintains privacy while at the same time helping businesses prevent fraud and protect their members or customers who may interact with each other to make purchases, etc. RelyID proposes a system that performs ID Verification to include Age and further “identity grading” through direct integration to trigger a national criminal background check. Identity Verification is the foundation of the product.. RelyID CardSpace will enable a user to share and manage information with others in a safe secure environment.

In Addition to the Above Description, Please Address Each of the Following:
Describe the solution’s technical attributes, e.g. features and functionality.

The identity analysis may also be conducted using 2 data elements of the individual as the query of our search. These two elements are full name and Social Security Number. With this information, we are able to retrieve every known version of these data elements as exact matches and variations that result from the use of aliases, maiden versus married names, typographical errors, varying data formatting and fraud. Our scoring logic segregates the exact matches and variations from the fraudulent identities and provides the user with the reason for the fraud, or high risk rating. In addition to matching the name and Social Security Numbers, this detection also retrieves from the reference database the date of first use, date of last activity, the best address across multiple data sources, date of birth and data source. By analyzing these additional elements in relation to the various names and Social Security Numbers of the reference data and comparing them to the candidate name and Social Security Number, fraud can be detected beyond just identity manipulation and derive usage patterns that assist in our analysis.

This analysis is built into the scoring logic. These usage patterns are helpful in detecting incidents of true name fraud, where the name and Social Security Number analysis would not glean enough information.

Verify that the attributes of the identity match
The ID comparison engine works in tandem with the ID verification engine that is specifically designed to perform this functionality.
The ID comparison engine’s role is to confirm that an identity is real, that it exists, whether the consumer identity elements can be confirmed against one or more national databases, and whether any fraudulent attributes exist.

The ID verification’s role is to do everything that the ID comparison engine does, but then to bind the consumer to the identity they’re using by presenting them with a series of interactive query (aka shared secret, multiple choice) questions that only the real owner of that identity should know. IQ Presentation Requirements

There are only a few rules you are required to comply with as part of your presentation of the Interactive Query questions.
1.You must present the Interactive Query questions in the order you receive them.
2.You may not store or log either the Interactive Query questions or answers.
3.You may not change the content of the questions.

Provide use cases.
eHarmony is one of the largest online communities utilizing RelyID identity verification service. The service is quite successful and provides additional assurance to community members that the individual is who they say they are. RelyID also helps to maximize communication opportunities between members in a safe secure environment.

Specify what the technology successfully solves and what it does not.
Describe how the technology’s effectiveness is evaluated, measured, and tested.
The solution successfully provides greater assurance that the individual is who they say they are by providing identity verification via a Knowledge Based Authentication System. No system is 100%. We are continuously changing the algorithms used to pass or fail and modifying the thresholds for each partner. The greater amount of data that is required from an individual means the accuracy of the verification increases. We work with our partners to measure the effectiveness of the solution within their environment.

Provide a strengths and weaknesses analysis.
The weakness of the technology is dependent upon data available – the younger the demographic the more challenging it becomes to validate the identity without information provided by a parent or legal guardian.

Detail the implementation requirements (hardware, software, end user aptitudes).
Yes. The data will be accessible via a remote API. The service is a standard, internet-based XML web service. The service is fully documented and for most products an online sample site and a developer’s toolkit is available.

The Data is accessible via a remote API. All products are documented with descriptions and schemas. In fact, in most instances, the products also have an online testing and sample application for assisting in the development effort. Finally, we have coding samples in a developer’s toolkit for most major programming languages, including: VB.NET, C#, PHP and Cold Fusion.

Our API has been built with redundancy, reliability and scalability in mind. Our web and application tiers are all load balanced. Our database server is clustered. Because of this, should any hardware fail, it has a backup that would be automatically used. Our business continuity infrastructure also ensures rapid resumption of services should an event happen at one of our corporate locations, utilizing a fully redundant hot site.

Describe the technical standards used in implementing the proposed technology and identify the standards bodies that are the home of existing or proposed future standards.
RelyID is a founding member of the Information Card Foundation. We are actively working to: Promote interoperability via recommendations, technical interop events, and working group reports for Information Card technology, policy, and user experience. Provide guidance and support for projects advancing Information Card infrastructure on the widest possible range of platforms, including freely available open source implementations. Encourage the development of policy frameworks, identity rights agreements, auditing mechanisms, and other means of ensuring that Information Cards meet social and legal requirements. Engage in promotional and marketing activities to encourage the adoption of Information Cards. The ICF is not a standards organization. RelyID uses standard xml practices.

Discuss the technology’s reliance and use of law and policy for success. Legal Requirements
The system meets all legal requirements within the United States including all state and local regulations that apply to our operations.
The information that RelyID provides may only be used to verify the identity of the consumer.
RelyID will not disclose personal information provided by any partner about consumers to anyone except as required by law or under conditions of confidentiality.
RelyID can provide ID verification internationally. In providing the solution, we offer in house expertise knowledgeable in country guidelines utilizing a dedicated international data privacy division for this purpose. As you are probably aware, each country has a different requirement for compliance, which RelyID will make available to partners if requested.

Additional privacy information:
No medical data is used, therefore international verifications are not subject to Medical Records Privacy Laws.
Electronic verifications incorporate Explicit Consent of the Consumer safeguards, and transactional history remains confidential.
Only a match code is provided, ensuring the consumer's privacy is protected at all times.

Discuss the viability of the technology in both the US and international context.
Identity verification data from the United States, United Kingdom, or Canada can be obtained through the first tier identification procedures in the majority of instances or in cases where credit header data is available. In the event that the questions to secure a RelyID Green Level verification (the strongest) cannot be generated based on this data, the system will automatically submit a second-tier request.

Detail effectiveness to date. Please provide any information possible on “failures” of the technology.
The technology has been operating for over 3 years. There have been no failures but, a constant cycle of improvement. We are continuously improving methodology for grading, thresholds for pass/fail, reporting metrics to our partners and efficiencies within the environment including usability.

RelyID currently provides a method for consumers of online communities to offer consumers an opportunity to validate that they are who they say they via a simple identity verification process. Using publicly available information, RelyID validates a user’s first name, last name, age, and location. Once verified, a user’s profile features an ever-present RelyID badge, which shows that their personal information has been verified.

Corporate Overview
RelyID is owned by the same individuals who own General Information Services the largest privately held data Aggregator nationally. RelyID is a separate company that provides solutions to General Information Services, Inc. (GIS) family of risk management solutions. GIS, originally part of Hooper-Holmes, is one of the two original background verification companies in the United States with over 44 years of experience. RelyID is the identity verification and web-based sister company. Their core business is web-based identification and security for small business, consumer, and information technologies markets. GIS primarily provides workforce screening services to some of the largest companies in the United States, including Fortune 500 and 100 clients. GIS also offers international screening solutions. is headquartered in Dallas, Texas and was founded in 1999 by a former executive from the staffing industry. His experience in database/information modeling of public records information has led to become a leader in the acquisition and delivery of public records information and secure identification technology. GIS identified (BGC) as the leading national criminal file in the nation and currently has co-ownership as a sister-company. owns the largest national criminal file in the country, with the most up-to-date information due to a proprietary source updating process. This allows sources to be updated within 10 days from receipt, compared to 2-6 months for many competitors. BGC is also the first companies in the country to provide weekly updates to their sex offender database. The company was founded based on the premise that a true pre-employment investigation should include more than just a traditional search of a county for records, which can be limited in scope. RelyID has grown to become a premier provider of identification verification solutions for firms needing the highest level of identity strength that goes beyond traditional database searches.

GIS Corporate Size and Scope
GIS’ Corporate Headquarter campus is located just outside the capitol city of Columbia, South Carolina. This location is staffed by over 400 employees, including more than 60 onsite Information Technology personnel who manage the GIS owned and operated data center wing. This staff offers additional benefits beyond identity verification services. In-house support departments employ experienced personnel to manage processes such as customer dispute resolutions. Manual verification capabilities are also performed by the internal research and reporting teams. GIS’ compliance department is also housed at the corporate headquarters, along with a team of certified experts and renowned industry leaders who continually update and internally audit all of our data procedures. RelyID and’s corporate office is located in Dallas, Texas, along with GIS’ Western Operations center. This facility is also the site of GIS’ redundant hot site in the event of a disaster. Global Screening Solutions, Inc., GIS’ international screening brand will offer in-house support to Partner for international verifications. GIS’s research network includes more than 350 overseas professionals in countries across the globe and is staffed with compliance and data security consulting experts that ensure complex legal requirements for data usage are met. Clients include Fortune 500 companies some of the largest companies in their industry, online communities and some of the most highly regulated industries in the United States. GIS also has strategic partnerships with firms such as Microsoft.

The Business Model for RelyID is dependent upon the particular environment of the partner. Those models may include per search, revenue share. Other options may be considered under a Mutual NDA. There is a nominal fee for integration.


12770 Coit Road Suite 1150
Dallas, TX 75251

“I certify that I have read and agree to the terms of the Internet Safety Technical Task Force Intellectual Property Policy.”