BlockScore can be easily implemented in apps. As with any good system design, there are some important points to ensure user data is protected. This post goes through the basics of how to use BlockScore ID verification in an app.
The first step is to design a form to collect the required identity information from your user in your app. From that form, identity information needs to be sent to your server. Always use encrypted channels to communicate between your app, server, and external service providers such as BlockScore. Never store identity information in the app. We also recommend not storing personally identifiable information (PII) on your server because BlockScore can safely store it for you.
The next step is to send the identity information from your server to BlockScore using either our RESTful HTTP API or a client library for your server platform. Many client libraries are available on the BlockScore Github repository. Within a second of sending the information from your server to BlockScore, you will receive a response with valid/invalid, details about the matching pieces of information, and a token to access information about that verification in the future. As mentioned, in lieu of storing the identity information on your server, this token can be used to retrieve identity information from BlockScore.
Once BlockScore has responded with a valid status to your server, store the token in the user’s record. If an invalid status is returned, you may permit the user to retry the verification. We recommend that you limit the number of times the user may retry the verification. A common rate is two verifications per 24 hour period.
BlockScore provides an API key to communicate with our web service. All requests must including this API key. Because this key is also used to retrieve past verification information, it should never be used outside of your server. Never use or store your BlockScore API key on your app.
Optionally, you may request a question set to ensure the person submitting the identity information is the owner of the identity. See BlockScore documentation on implementing question sets.
For app developers with little server development experience, services like Parse provide an easy way to run the necessary server software to support your apps.
BlockScore is an identity verification service that uses many data sources to verify the identity of your customers or users. The goal of the verification is to take information provided by a user, see if the a coherence of that information matches various data sources, and return the results to you for compliance and fraud mitigation.
Unlike single-source providers such as credit bureaus, BlockScore uses not only BlockScore data, but data from many sources to verify identity information. When identity information is submitted, proprietary algorithms compare the identity information provided against various data sources and within a second, return both a simple valid/invalid and details about the match strength of each piece of data provided by the user. For many businesses, a valid/invalid response is sufficient. For more sophisticated risk models, the details can be used.
Optionally, BlockScore offers a question set service, also known as KBA (knowledge-based authentication). After a verification is performed on a person and determined to be valid, you may request a question set comprised of five questions. These questions are used to determine if the owner of the identity is submitting the identity information to you. You may present the user with as few questions as you like. After you collect the answers to the questions from the user, send the answers to BlockScore and you will receive the results in under a second.
In addition to verifying that the identity information is for a real person, the information can also be checked against several watchlists simultaneously. See watchlist scanning for more information on supported lists.
Customers often ask us for the best practices when putting together their BlockScore verification integration. We have seen many custom integrations, some good, some bad. In this article we have compiled a list of tips to maximize pass rates and minimize customer frustration.
For most businesses, your users don’t use your service because of ID verification; they use it in spite of it. Reducing friction is paramount for improving your user experience and this can be achieved by only asking the bare minimum of what is required for your purposes. One convenient optimization is to pre-fill a user’s city and state based on their postal code. Though this isn’t possible for every country in the world, it is possible for most.
One of the most common reasons for a false failure is the use of an incorrect address or nickname. If your customer enters their work address or the address of a home to which they only recently moved, their verification will likely not pass. Let them know that they should use an address that they have associated with their bank of credit card for the best chance of success. In addition, the “name” fields should be labelled “legal name” so as to prompt people not to use nicknames when filling out the form.
If you are verifying an international audience, it is best to customize the forms of identity based on the country they live. For instance, if your customer is in the United States, you would use the language SSN and Driver’s License as means of verification. However, if your customer is in Mexico, they can use their Matricula Consular or Passport. This is much clearer and easier to understand than something like document number or ID number.
Every country has its own peculiarities when it comes to addresses. For instance, not every country has postal codes and the subdivision that is referred to as “state” in the United States has a variety of equivalents in other countries such as the Swiss “canton” or the Canadian “province”. If your customers come from across the world, localizing the fields based on language they understand will greatly improve accurate data entry.
Depending on your audience, people may not understand why your business is asking for their sensitive information. Even mammoth companies like Target are subject to being hacked, so it is no wonder people are sometimes a bit weary of handing over their data. A few sentences before the ID verification form as to why you need to collect this info can go a long way towards improving your customer’s trust.
Sometimes good people do not pass the ID verification process. This can happen for a variety of reasons beyond the person’s control, so it is important to provide some form of recourse. Whether that means allowing the customer to upload a scanned physical document or to provide a way to contact support, making sure that people have an alternative means turning away fewer good customers.
After making these simple changes, your BlockScore integration will convert more people and be much more enjoyable to use. If you have any more questions, we’d love to hear from you at firstname.lastname@example.org.
There are many ways to verify an individual’s identity but they broadly fall into two categories: documentary and electronic ID verification.
Documentary ID verification is the method to verify the authenticity of physical documents. When in person or submitting paperwork, copies of documents such as identity cards, birth certificates, legal documents, and utility bills provide the basis to verify the authenticity of the person providing the information. These documents may be certified copies, be embossed with seals, or have holograms to provide evidence of authenticity. The conclusion is that only person possessing these documents and having similar characteristics to the person stated on the documents such as photos, sex, addresses, and schooling is likely to be the person owning the identity.
BlockScore provides a electronic ID verification method to verify the identity of a person meaning that only knowledge is required. Information that only the owner of the identity is likely to know is checked against authoritative sources for authenticity. Additionally, the authoritative source may also prompt the person being verified for additional information to further verify his or her authenticity. The additional questions returned from authoritative sources is called question sets or knowledge-based authentication (KBA).
Businesses can use both documentary and electronic ID verifications together to mitigate risk and comply with regulations. In many jurisdictions, electronic ID verification is required to ensure that it is legal to do business with a person by checking the person against watchlists. Automated documentary ID verification, such as Jumio Netverify, can be added to the user flow as part of the signup process or when certain events occur such as large transactions. Information extracted by using automated documentary ID verification such as Netverify can be sent directly to BlockScore for electronic ID verification simultaneously.
Businesses have options to balance the impact to users and the need to verify the identity of individuals to comply with regulations and mitigate fraud. Documentary, electronic, or both methods of ID verification can be implemented to minimize the impact to users at various places in the signup flow and ongoing relationship. BlockScore provides the easiest-to-implement electronic ID verification service and works with others such as Jumio for documentary ID verification.
At BlockScore, we provide an API that allows companies to easily verify customer identities. We do all the heavy lifting for you: correlate data across credit bureaus, motor vehicle records, address histories, watchlists, and other records and wrap it all into a simple API that you can integrate into your signup flow. Our vision is to provide the world’s best intelligent identity verification system. Today, we’re announcing the next major milestone in our journey: company verifications.
You can now ensure the information provided by companies with which you do business matches tax IDs and other corporate information for compliance and IRS penalty avoidance. You can verify companies, counterparties, and merchants in real-time without manual processes, and verify that you are not doing business with any sanctioned companies. Company verifications are most useful if:
you process payments for merchants that use your service; you have a process to collect incorporation documents from companies as part of your on-boarding process;
you need to verify EIN (employer tax identification number) for tax purposes;
We currently can verify US-based companies with more countries on the way.
The company verification API is available in the BlockScore v3 API and covered in the documentation.
We’ve been working hard on adding support for countries outside of the United States.
The documentation for the international API can be found on our documentation. If you are already using the BlockScore API V1 you will need to follow a few instructions in order to upgrade. You can find upgrade instructions here.
In addition to this we have revamped and rewritten all of our documentation with much more clarity. There are now code examples for all possible API calls as well as new articles on authentication and versioning.