PingOne Verify

PingOne Verify provides identity verification so organizations can instantly ensure users are who they claim to be. Identity verification is the process of validating an end user to ensure their digital identity is tied to their real-life identity, such as a drivers license, passport, or other government issued ID. Give your business the confidence that a user interacting with your brand is a real-life human and truly the person they claim to be, instead of someone else or a bot.

For a user to initiate an ID verification request, the client must obtain an ID verification transaction record from the ID verification service. The transaction record is created when a POST {{apiPath}}/environments/{{envID}}/users/{{userID}}/verifyTransactions request is made.

The transaction record acts as permission for the user to engage in the verification process. The user can then submit the necessary user ID information (such as a driver license or passport) for verification by the ID Validation service. The user can also send a self-image that the ID Validation service compares to the submitted identity document, to ensure the submitter is the person on the document, and checks for liveness, to prevent fraud.

These requests require PING_ONE_VERIFY in the Bill of Materials (BOM) for your environment. To check the BOM for the list of PingOne products associated with your environment, refer to Read One Bill of Materials. If PING_ONE_VERIFY is not in the BOM, contact your PingOne administrator to check whether your license supports adding this product to your environment.

One of the challenges to identity proofing is getting high quality images from the user. Our Universal Capture frontends do the best quality verification they can, but it is still possible that the images will not pass the quality check of the identity proofing vendor. When images are taken during verification (such as submitting government documents, liveness checks, or selfies), retries can be permitted to obtain a satisfactory image for processing. The number of retries permitted, if any, are set on the Verify Policy. The user’s Universal Capture interface, such as a mobile phone with an app using the PingOne Verify Native SDKs, and the verification service negotiate directly for retries when an unacceptable image is submitted and a retry is permitted. Interaction at the API level is not required.

Once verified, the transaction record also acts as a tracking mechanism to identify the user provisioned using ID Validation. This information is logged with the transaction record by the ID Validation service when the transaction ID is received by the client.

All personally identifiable information (PII) is encrypted at rest and removed 30 minutes after a verification decision is made.

US-based Driver Licenses

Document verification provides additional verification support with American Association of Motor Vehicle Administrators (AAMVA). AAMVA offers a service, Driver’s License Data Verification (DLDV), for identity proofing and vetting driver license, identity cards, mobile driver license (mDL), and other secure credentials. Most states (43) and the District of Columbia participate in DLDV. No U.S. territories participate. The states that do not participate in DLDV are:

Alaska (under review)
California (SSA only)
Louisiana (SSA only)
Minnesota (SSA only)
New York (SSA only)
Pennsylvania (participates but requires written permission from the individual)
Utah (SSA only)

SSA only indicates that only the Social Security Administration has access, not even other government agencies have access. SSA uses AAMVA for employment eligibility.

Submitting state-issued driver’s license or identity document to DLDV increases the accuracy of document authentication and also checks their validity by the state government. Accuracy and validity increase by comparing the biographic data, selfie, or both with the issuing government system of record, or another authoritative commercial system of record when the government system of record is unavailable. Results of DLDV checks are returned with the results of other checks in the Verification Metadata.

System of Record check (AAMVA DLDV) requires an additional license and is available only to environments in the North America region.

Request groups

The requests are grouped by endpoints for ease of use.

Documentation	Endpoint
Verify policies	/environments/{{envID}}/verifyPolicies
Verify transactions	/environments/{{envID}}/users/{{userID}}/verifyTransactions
Verify voice phrases (deprecated)	/environments/{{envID}}/voicePhrases
Verify reference data (deprecated)	/environments/{{envID}}/users/{{userID}}/referenceData
Verify identity record matching	/environments/{{envID}}/users/{{userID}}/identityRecordMatching
Verify data based identity verification	/environments/{{envID}}/users/{{userID}}/dataBasedIdentityVerification
Verify documents	/environments/{{envID}}/users/{{userID}}/verifyTransactions/{{transactionID}}/documents
Verified data	/environments/{{envID}}/users/{{userID}}/verifyTransactions/{{transactionID}}/verifiedData
Verification metadata	/environments/{{envID}}/users/{{userID}}/verifyTransactions/{{transactionID}}/metaData
Verification metrics	/environments/{{envID}}/users/{{userID}}/verifyTransactions/{{transactionID}}/appEvents
Verification actions	/environments/{{envID}}/users/{{userID}}/<action>

Documentation

Endpoint

Verify policies

/environments/{{envID}}/verifyPolicies

Verify transactions

/environments/{{envID}}/users/{{userID}}/verifyTransactions

Verify voice phrases (deprecated)

/environments/{{envID}}/voicePhrases

Verify reference data (deprecated)

/environments/{{envID}}/users/{{userID}}/referenceData

Verify identity record matching

/environments/{{envID}}/users/{{userID}}/identityRecordMatching