Where Identity and Access Management Falls Short

Fraud is successfully following digital transformation online. We keep reacting to phishing, ransomware, and data breach after network access has been granted. It seems we just can’t prevent cyber criminals from logging in.

Multi-factor authentication (MFA) was supposed to be the answer, but it isn’t working. One time codes, push notifications, and messaging add cost and complexity, but they don’t solve the network access problem. Criminals using compromised credentials still lead successful attacks on Active Directory (AD) and Remote Desktop Protocol (RDP), which are on the rise.

Root Cause:

Most Identity and Access Management (IAM) are decades old and lack identity verification. It’s obvious - we can’t keep putting a checkmark to identity verification for new users and then issue weak credentials by emailing or scribbling a temporary password on a Post-it note.

We need a way to verify identity online the same way we verify identity in real life - with a valid credential that can’t be vouched for by a password or one time code. Imagine a Transportation Security Administration (TSA) agent at an airport settling for an SMS message returned by the holder of a phone. It’s laughable, but this is what we have come to accept online as routine

Mike Engle, 1Kosmos Chief Strategy Officer

Problem: Identity verification is manual and error prone with high variability between systems.

Business Requirement: Automatic & digital verification of identity outperforms manual processes with a benchmarked 99.6% Target Accept Rate (TAR) and .01% False Accept Rate (FAR). Standardize onboarding of workers, customers, and citizens to prevent synthetic and stolen identities during account opening (e.g., I9 Employment Eligibility, Know Your Customer mandates).

Solution: Digitally-Verified Identity

Benefits:

  • Reduced Admin / OpEx (e.g., Identity Verification)
  • Faster Onboarding / New Account Origination
  • High Identity Assurance

Problem: Users are issued weak, password-based credentials.

Business Requirement: Verified biometrics secured with public-private keys cryptographically vastly outperform passwords in both security and convenience. Replace passwords with a secure identity wallet and use liveness detection to prevent spoofed artifacts (e.g., photo, 3D mask or deep fake).

Solution: Strong User Authentication with Liveness Detection

Benefits:

  • Improved Worker/Customer Satisfaction
  • Reduced Risk from Phishing, Fake Accounts and Account Takeover
  • Reduced OpEx and Service Desk Workload

Problem: Digital transformation hindered by verification of physical documents.

Business Requirement: Machine verification of personal documents (e.g., drivers license, passport, certifications, health records) significantly improves data accuracy, safeguards privacy and reduces cycle time. Enable tamper evident and trustworthy digital verification of identity documents.

Solution: Reusable Verified Credentials

Benefits:

  • Reduced Admin / OpEx
    • No need for costly reverification of identity and credentials
  • Reduced Fraud
    • High trustworthiness, tamper-evident credentials
  • Improved business agility
    • Faster process cycle times
    • Easier onboarding to additional digital services

Problem: Personally Identifiable Information (PII) is incomplete and difficult to manage.

Business Requirement: Blockchain is proven as a superior technology to manage digital property rights without an administrative intermediary. Prevent unauthorized access by replacing centralized honeypots of PII with a private, immutable digital “chain of custody” for identity-related data.

Solution: Privacy by Design

Benefits:

  • Cost Avoidance
    • Out of the box compliance to privacy mandates (e.g., GDPR, CCPA, CPRA)
    • Avoid “friendly fraud” with immutable log / chain of custody
  • Reduced Cyber Risk
    • Eliminate central “honeypot” of user PII
    • Detect fraudulent logins to prevent business account compromise

Modernizing Identity and Access Management

1Kosmos modernizes IAM by combining strong identity verification and strong authentication in an all new architecture that gives IT unmatched identity assurance behind each device while delivering an extraordinarily convenient account registration and passwordless authentication experience.

Anchored firmly in a privacy by design framework, 1Kosmos solutions exceed FIDO, NIST 800-63-3, UK DIATF and iBeta ISO/IEC 30107-3 security standards and places users in sole control of their own data, easing compliance to privacy mandates.

Our immutable “chain of custody” provides tamper evident identity verification and reusable verifiable credentials on demand to support user onboarding and authentication as a mission critical function, because the undeniable truth is that workers, customers, and citizens who present stolen or synthetic digital identity credentials represent significant business risks.

Ready to go Passwordless?

Indisputable identity-proofing, advanced biometrics-powered passwordless authentication and fraud detection in a single application.