Solution

Introducing ATO Protect from Trusona. ATO Protect can validate the identification documents with authoritative sources and collect information on the user providing the scan to determine if the user scanning the document is the legitimate owner of the document. Through a one-time URL, Trusona can display the information you need to confidently ensure that the person you are working with on the other end is indeed the person they say they are.

Key Capabilities

  • ATO Protect checks the formatting of the data and any missing data
  • ATO Protect matches the data to authoritative sources
  • ATO Protect monitors device behavior during the scanning process for anomalies

Glossary & Definitions

MNO (Mobile Network Operator)

Click the MNO button to verify that the mobile number billing information matches the ID and is stored with the issuing authority. If some of the data matches, use your judgment and company policies to assess the risk.

A Mobile Network Operator (MNO) is a telecommunications service provider that owns or controls the infrastructure required to deliver wireless communication services to customers. This includes deploying and maintaining network equipment such as cell towers and managing the core network that facilitates voice, data, and messaging services. Additionally, MNOs often provide customer support, billing, and other services to manage user accounts. Trusona uses MNO services to verify identities and protect businesses from account takeover threats.

DMV (Department of Motor Vehicles)

Click the DMV button to verify that the driver license is authentic, and is stored with the issuing authority. If some of the data matches, use your judgment and company policies to assess the risk.

The Department of Motor Vehicles (DMV) is a state-level government agency in the United States that administers vehicle registration and driver licensing. The DMV handles tasks such as issuing driver’s licenses, registering vehicles, and maintaining driving records. It also enforces state and federal laws related to vehicle operation and road safety. Trusona utilizes API connections to US State DMVs to verify data on the State Issued document being scanned.

SIM (Subscriber Identity Module)

Click the SIM button to know if the SIM was recently swapped. A SIM swap is a common tactic used by cyber criminals to divert the messages to them.

A Subscriber Identity Module (SIM) is a small, removable smart card used in mobile phones and other devices to store and manage the subscriber’s mobile phone number, personal identification number (PIN), and other necessary data to authenticate the user’s identity to the mobile network. The SIM card allows users to connect to a mobile network, make calls, send messages, and access mobile data services. Trusona utilizes services to detect devices that have been SIM-swapped to ensure the identity of the user controlling the device during the verification process.

Setup

You can begin using ATO Protect in less than 30 minutes during a call with the Trusona team, with no integration to your system required. All you need is a list of user email addresses you want to be able to use the product.

Note that this time can vary as you will want to implement two CNAME records in your system to get your customized ATO Protect URL live.

Quick Start Video Guide

Usage

The use of ATO Protect is quick and easy. Let’s walk through the overview, and then we will go into greater detail.

  1. Your team clicks a button in your Trusona portal to generate a unique verification
  2. Send this URL to the user via your normal digital channels (web, app, SMS, WhatsApp, email, chat, etc..) or even read it aloud on a call center call
  3. User loads this unique URL on their mobile phone, which requests a new scan of their document to complete the identity verification
  4. The document is analyzed for formatting, matching authoritative sources, and comparing to the original doc that opened the account (if possible)
  5. Your team sees results in the portal immediately, pass or fail results, with explanation and details

 

Select the document type you would like the end user to scan

When the end user clicks on the link, the portal shows the device details and its approximate geographic location.

When a document is scanned, the portal will show more device details and authoritative information about the scanned document.

From the above, we can see the device behavior matches the identification document, so this person is indeed the genuine person scanning the documentation.

If you click on the link on a desktop or non-mobile device, you’ll see the following screen:

This screen prompts the user to scan the QR code with the device’s camera; no app is needed. Scanning this code will transfer the session to the user’s mobile device, allowing the verification process to continue.

What To Look For

ATO Protect monitors the device’s behavior during the scanning process. Let’s see what happens when the user scans a document and the data looks…off. Note that this is only one of many scenarios.

We generate a URL, click it, and then scan the same document.

Look at the difference in location and IP address. In this case, this person clicked the link and scanned the document in two distinct locations. As of this writing, you cannot travel between those two places that quickly, so this should raise alarms and warn the user that whoever is scanning this document is not the valid owner of the document.