Guidance

How to check someone's identity (1. 0) pre-release

Published 3 March 2026

© Crown copyright 2026

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/how-to-check-someones-identity-1-0/how-to-check-someones-identity-1-0-pre-release

0. Version and certification validity notes

0.a. This 1.0 publication of ‘How to check someone’s identity’ (‘GPG 45’) is valid from [date of final publication] to coincide with the date the 1.0 publication of the UK digital verification services trust framework (‘trust framework’) comes into force.

0.b. Services demonstrating compliance with GPG 45 as part of certification against the 1.0 trust framework must comply with this version of GPG 45. You should refer to the version and certification validity notes in the trust framework to understand which version(s) of the trust framework you can undergo certification against.

0.c. This is the first version-controlled publication of GPG 45. The most recent non-numbered version of GPG 45 (titled ‘How to prove and verify someone’s identity’) can be found on GOV.UK and is, from the date of this publication, considered the 0.4 version of GPG 45.

1. The identity checking process

1.a. This guidance helps you decide how to check, or ask others to check, the identity of those you interact with, such as your customers or employees. It describes a methodology for creating digital identities in a trustworthy and consistent way and permits a range of checking methods to be used as part of digital identity creation, including phone, post, email, or face-to-face checks. Whilst this guidance has been produced for the above purpose, others may consider that its contents are instructive in a wider identity checking context.

1.b. This guidance is maintained by the Office for Digital Identities and Attributes (OfDIA), which sits within the Department for Science, Innovation and Technology (DSIT) and is produced as an exercise of DSIT’s functions. If other government departments want to apply the guidance to their functions, they should ensure it does not cut across any applicable legislation or statutory guidance that may be relevant.

1.c. This guidance breaks the identity checking process into constituent parts and describes a way to score each constituent part so that you can describe your identity checking process as meeting an ‘identity profile’ and achieving an overall ‘level of confidence’.

1.d. This guidance does not set out a single way to check someone’s identity. Instead, you can use its scoring methodology to decide what tools or processes are appropriate based on your needs.

1.e. Digital verification service (DVS) providers must use this guidance as a methodology to explain their service to be certified against the trust framework as an identity service provider (IDSP). A component service provider (CSP) who performs part of an identity checking process may also need to follow this guidance to be certified. Other DVS might use it if they want to share identities as a holder service provider (HSP) or orchestration service provider (OSP).

1.f. If you want to work with a trust framework-certified DVS, this guidance can support you to determine the scores that will meet your organisation’s identity checking needs, and the level(s) of confidence and identity profile(s) associated with these.

1.g. By successfully checking users’ identities, you can be more confident that you’ll give the right people the right things.

1.h. You can also use this guidance to:

  • understand how another individual or organisation checks someone’s identity;
  • audit and certify identity products or services; and
  • compare different identity checking processes or different identity checking schemes (for example, within the electronic identity and trust services (eIDAS) regulation).

1.i. This guidance does not:

  • tell you how to assess your risk of identity fraud; or
  • apply if you ask users for information about their identity but do not check it (also known as ‘self-assertion’).

1.1. What is identity?

1.1.a. In the context of the trust framework and its supporting documents, an identity is a combination of attributes that belong to a person, and attributes are individual pieces of information that describe something about the person, like their age, name, fingerprint or address.

1.1.b. A single attribute is not usually enough to effectively tell one person apart from another, but a combination of attributes might be.

1.2. When to check someone’s identity

1.2.a. You might not always need to check someone’s identity before you give them access to something. In some cases, you can protect your service using authenticators instead.

1.2.b. Some of the reasons you should check someone’s identity include if you or your organisation:

  • show a user personal data about themself, such as their driving licence or passport details;
  • give the user a benefit, e.g. a business grant, tax rebate, or social security benefit; or
  • need it to meet any regulatory requirements, e.g. to check the identity of security personnel.

1.3. Why you should check someone’s identity

1.3.a. There are risks surrounding the misuse of someone’s identity. These include:

  • identity theft, where personal details are stolen or manipulated by someone else; and
  • identity fraud, where someone’s personal details are used to commit crimes against them or to deceive a third party.

1.3.b. Some of the most common reasons people commit identity fraud are to:

  • access services they’re not entitled to;
  • get benefits they’re not entitled to;
  • steal personal, medical or financial information from others;
  • enable organised crime, like human trafficking; and
  • avoid being detected by law enforcement.

1.3.c. You could be affected by identity fraud if you do not check someone’s identity. This includes being targeted by someone:

  • using a ‘synthetic’ (made up) identity; or
  • who is pretending to be someone else (an ‘impostor’).

1.3.d. Synthetic identities can be entirely fictional, using made-up names, dates of birth, and/or images. They can also be partly genuine, using some genuine attributes and others fake. Fake attributes can be made in different ways, including using artificial intelligence.

1.3.e. Following this guidance is important as it ensures that:

  • you check identities consistently; and
  • organisations who check identities do so consistently and transparently.

1.3.f. Checking identities in a consistent way helps ensure that all organisations and services perform identity checks to the same high standard. This means there are fewer organisations or services that could be targeted by identity fraud.

1.3.g. Checking identities in a consistent way means it’s also easier for you to trust and reuse an identity that’s been checked by someone else. This brings key benefits:

  • people have their identity checked less often;
  • organisations and services can share the cost of checking someone’s identity; and
  • an organisation can offer a service which checks someone’s identity to another organisation.

1.3.h This does not mean you have to check an identity in exactly the same way as another organisation or service. You can do different types of checks but still have the same level of confidence in someone’s identity.

1.3.i If a user needs someone to act on their behalf, please refer to guidance on delegated authority.

2. How to check someone’s identity

2.a. To check someone’s identity, you’ll need to know the details of the identity they’re claiming (known as the ‘claimed identity’). A claimed identity is a combination of information (often a name, date of birth and address) that represents the attributes of whoever a person is claiming to be.

2.b. When you have this information, you can find out if the person is who they say they are. This process is known as ‘identity checking’ and is made up of five parts:

2.c. You can score all of these parts and combine those scores to determine what level of confidence the resultant identity checking process achieves. You do not need to do all five parts to check someone’s identity: you can check someone’s identity without conducting an activity history or identity fraud check, but this means you will need to score more highly on the strength, validity and verification checks to meet your desired level of confidence.

2.d. You do not have to do all parts of the identity checking process at once. You can do them over any period of time and gradually build up your confidence in an identity.

2.e. You’ll get a score for each part of the identity checking process you complete. These scores can then be used to meet one or more identity profiles. Do not add these scores up.

3. Levels of confidence

3.a. There are 4 levels of confidence:

  • low confidence
  • medium confidence
  • high confidence
  • very high confidence

3.b. By reaching a level of confidence:

  • you will know how well you are protected against identity fraud risks;
  • an organisation who makes use of a service you provide will know how well they are protected against identity fraud risks; and
  • your identity checking process can be understood and reused by other organisations and services.

3.c. You reach a level of confidence by meeting an identity profile. The scores you need for each of the 5 parts of the identity checking process are described in Appendix 4. A risk assessment will help you assess the level of confidence you need for a particular service.

3.d. Having a higher level of confidence in someone’s identity is suitable for organisations or services that are at high risk of identity-related crime, or if there are higher risks associated with misuse of the service. However, requiring a higher level of confidence than is proportional to these risks for a service could lead to people being unfairly excluded from that service. The required level of confidence for a service should only be as high as is needed to reduce the risk of identity-related crime.

3.e. Your confidence in someone’s identity can increase over time if you do extra checks or collect more evidence.

3.f. It can also decrease over time, for example if you later find out that evidence you used was lost or stolen at the time you checked that person’s identity.

3.g. You can also decide to reuse identity checks done by another organisation if they do some or all parts of the identity checking process explained in this guidance.

3.1. Low confidence

3.1.a. Compared to not doing any identity checks, having low confidence in someone’s identity will lower the risk that you accept:

  • synthetic identities; and
  • impostors who do not have a relationship with the claimed identity.

3.2. Medium confidence

3.2.a. Having medium confidence in someone’s identity will protect you against the same things as low confidence. It will also lower the risk that you accept impostors who have information about the claimed identity that’s not in the public domain.

3.2.b. For example, it will help prevent someone who works for the claimed identity’s employer’s HR department using information they can access to impersonate the claimed identity.

3.3. High confidence

3.3.a. Having high confidence in someone’s identity will protect you against the same things as medium confidence. It will also lower the risk that you accept impostors who:

  • know the claimed identity (this includes their close friends or family); or
  • do not match the claimed identity’s photo or biometric information.

3.4. Very high confidence

3.4.a. Having very high confidence in someone’s identity will protect you against the same things as high confidence. It will also lower the risk that you accept impostors who are trying to look like the claimed identity, for example by wearing a mask or make up.

4. Authoritative sources

4.a. You might need to check things with an ‘authoritative source’. To be authoritative for a particular piece of information, the source must make sure:

  • the integrity of the information is protected; and
  • the information is up to date.

4.b. The source must also do at least one of the following:

  • issue the evidence that is being checked, for example the Driver and Vehicle Licensing Agency (DVLA) issues evidence such as driving licences;
  • get information from an organisation that issues the evidence being checked, for example credit reference agencies can have authoritative information about bank accounts; or
  • get information from another authoritative source, for example from another identity scheme.

5. Strength check: getting evidence of the claimed identity

5.a. You can collect two types of evidence:

  • physical evidence of the claimed identity (such as an identity document, like a passport); or
  • digital evidence of the claimed identity (such as information from a digital wallet, personal data store or issued directly by an authoritative source).

5.b. You can ask the user to provide the evidence, or you can find it yourself, for example by checking a database. If you want to find the evidence yourself, you will need enough information about the claimed identity to be able to match it to their records.

5.c. The assessment of identity evidence strength is known as the ‘strength’ check. The maximum score for the strength check is 4.

5.d. The strength check assesses how much confidence the evidence you have should give you that the claimed identity exists, but it does not:

  • check whether the evidence is valid or genuine, which you must conduct a validity check to establish; or
  • check whether the claimed identity belongs to the person who’s claiming it, which you must conduct a verification check to establish.

5.e. You can accept and score a declaration from someone that knows the claimed identity (known as a ‘vouch’) as evidence. To do this you must follow the vouching guidance.

5.f Some types of evidence are ‘stronger’ than others, which means they will be harder to:

  • forge (when existing evidence is changed to make it look like it belongs to someone else); or
  • counterfeit (when evidence is created from scratch).

5.g. You can check how strong evidence is by finding out:

  • what security features protect it (for example a hologram, an electronic chip, or the strength of encryption for physical or digital evidence);
  • what information it has; and
  • how the person’s identity was checked when the evidence was issued.

5.h. You must make sure the evidence gives you all the information you need about the claimed identity. You might need to collect more than one piece of evidence to get this.

5.i. You must only check and score one piece of evidence at a time. Do not add the strength scores from multiple pieces of evidence up. Rather, they can be used to meet other identity profiles.    

5.1. Strength score 1

5.1.a. The evidence will have a strength score of 1 if it contains at least two of the following pieces of information:

  • the claimed identity’s name;
  • the claimed identity’s date of birth;
  • the claimed identity’s place of birth;
  • the claimed identity’s address;
  • a photo of the claimed identity;
  • other biometric information about the claimed identity (these are measurements of biological or behavioural attributes, like an iris or fingerprint); or
  • a reference number for the evidence.

5.1.b. The evidence must come from an organisation or person that you know will:

  • check the claimed identity when they issue the evidence; and
  • make sure its process for issuing the evidence is not misused.

5.1.c. Some examples of evidence that will have a score of 1 when they meet the above requirements include:

  • an email or letter from a local authority (whether physical or in a digital format like PDF); and
  • a score 1 vouch in line with the vouching guidance.

5.1.d. You may not be able to conduct a validity check on evidence that only has a strength score of 1.

5.2. Strength score 2

5.2.a. The evidence will have a strength score of 2 if it has everything it needs to get a score of 1 and includes information that’s unique to either:

  • the identity (for example the name and a photo of the claimed identity); or
  • that piece of evidence (for example a reference number).

5.2.b. The organisation that issued the evidence must follow a published policy when checking the claimed identity.

5.2.c. If the evidence includes a name, it must show the person’s full name instead of any pseudonyms, aliases or nicknames.

5.2.d. If the evidence is a physical document, it must be protected by physical security features. These features will stop it from being reproduced without specialist knowledge or information.

5.2.e. If the evidence includes digital information, it must be protected by either:

  • cryptographic security features that correctly identify the person or organisation that issued it; or
  • processes that make sure only authorised users can create, update and access it, for example by ensuring alignment with NCSC best practice.

5.2.f. Some examples of evidence that will have a score of 2 include:

  • a Home Office travel document (convention travel document, stateless person’s document, one-way document or certificate of travel);
  • a birth or adoption certificate;
  • an older person’s bus pass;
  • an education certificate from a regulated and recognised educational institution (such as an NVQ, SQA, GCSE, A level or degree certificate);
  • a rental or purchase agreement for a residential property;
  • a proof of age card recognised under the Proof of Age Standards Scheme (PASS);
  • a Freedom Pass;
  • a marriage or civil partnership certificate;
  • proof of a gas or electric account;
  • a firearm certificate;
  • a ‘substantial’ electronic identity’ from a  notified eIDAS scheme under Council Regulation (EC) No 910/2014; or
  • a score 2 vouch in line with the vouching guidance.

5.3. Strength score 3

5.3.a. The evidence will have a strength score of 3 if it has everything it needs to get a score of 2 and:

  • it includes information that’s unique to both the identity and that piece of evidence;
  • whoever issued the evidence made sure it was received by the same person who applied for it (for example it could be sent by secure delivery); and
  • whoever issued the evidence checked the claimed identity in a way that follows a standard or regulation that’s been approved or recognised by the UK government, such as the Money Laundering Regulations 2017.

5.3.b. Following this guidance, or other guidance which is part of the trust framework or published by OfDIA, does not mean you meet the requirement in 5.3.a to follow a UK government approved or recognised standard or regulation.

5.3.c. It must also:

  • include the person’s official name instead of their initials or synonyms, for example ‘Julian’ instead of ‘Jules’ (if the evidence includes a name); and
  • be protected by physical security features that stop it from being reproduced without specialist equipment (if the evidence is a physical document)

5.3.d. The evidence must also include one of the following:

  • a photo of the person;
  • biometric information that uses cryptographic security features to protect its integrity; or
  • cryptographic security features that can be used to identify the person who owns the evidence (this includes evidence with cryptographic chips and digital accounts that are protected by cryptographic methods).

5.3.e. Some examples of evidence that will have a score of 3 include:

5.4. Strength score 4

5.4.a. The evidence will have a strength score of 4 if it has everything it needs to get a score of 3 and all of the following:

  • it includes biometric information;
  • all digital information (including biometric information) is protected by cryptographic security features;
  • the cryptographic security features can prove which organisation issued the evidence; and
  • whoever issued the evidence checked the claimed identity by comparing and matching the person to an image of the claimed identity from an authoritative source.

5.4.b. Some examples of evidence that will have a score of 4 include:

6. Validity check: checking the evidence is genuine or valid

6.a. You must check that the identity evidence you have collected is genuine or valid.

6.b. This is also known as a ‘validity’ check. The maximum score for the validity check is 4.

6.c. Checking that the identity evidence is genuine will help ensure that the evidence is unlikely to be forged or counterfeit. For physical evidence, it will involve checking physical security features. For digital evidence, it will involve checking evidence digitally (e.g. matching it to an authoritative source) or checking the cryptographic security features.

6.d. You can also validate the evidence with an authoritative source or check if it is stolen, has been reported lost, or is expired.

6.e. You can do a validity check in person or remotely, apart from to achieve validity score 4, where you can only check it in person with the relevant equipment.

Example

You could use a physical PASS card to prove the name and date of birth of the claimed identity. You will need to check the physical security features on the PASS card to do this.

6.1. Validity score 1

6.1.a. You will achieve a validity score of 1 if you check the evidence appears to be genuine.

6.1.b For physical or digital evidence, the person or system checking the evidence must be able to confirm:

  • they’re checking an original, certified copy or scan of the evidence;
  • there are no errors on the evidence, like wrong paper or file type, spelling mistakes, irregular use of fonts or missing pages;
  • the details, layout or alignment of the evidence look the way they should;
  • any logos look the way they should; and
  • any references to information are the same across the evidence (for example if the body text of a letter references an address, this should match the address shown at the top of the letter).

6.2. Validity score 2

6.2.a. For physical evidence, you will achieve a validity score of 2 if you make sure the evidence has not expired and you do any one of the following:

  • validate the evidence with an authoritative source;
  • confirm the visible security features (i.e. those that can be seen without using specialist light sources) are genuine; or
  • confirm the ultraviolet (UV) or infrared (IR) security features are genuine.

6.2.b. For digital evidence, you will achieve a validity score of 2 if you:

6.2.1. Validate the evidence with an authoritative source

6.2.1.a. The person or system must check that the details on it match those held by the authoritative source.

6.2.2. Confirm the visible security features are genuine 

6.2.2.a. The visible security features can be confirmed in person or remotely and may be checked by a person or system. Visible security features can only be checked for physical evidence.

6.2.2.b. If the evidence is being checked in person, you must be sure that you have been shown the original evidence and must not accept scans, photos or photocopies of the evidence as it can be difficult to tell if these have been forged or counterfeited.

6.2.2.c. The evidence must always be shared in a way that protects it from being tampered with. For example, it could be sent by secure delivery if it’s being checked in person.

6.2.2.d. For in-person checks, the visible security features must be inspected using at least non-specialist light sources such as natural sunlight, indoor lights or desk lamps.

6.2.2.e. If the check is being done remotely, the image or video of the evidence must be clear enough for the person or system to examine its security features.

6.2.2.f. The image or video must be taken at the same time the check is being done. The user cannot upload an image or video of the evidence that they’ve taken beforehand.

6.2.2.g. The person or system must use official templates to check that any of the following features that are present on the evidence look the way they should:

  • background printing;
  • fonts and alignment;
  • holograms and positioning;
  • the way it’s been laminated;
  • designs printed with optical variable ink (and check they look the way they should at certain angles);
  • the format of any ‘compound identifiers’, such as a DVLA driver number or a machine-readable zone (MRZ); and
  • the position of any photographs on the evidence (they should not have been replaced or edited).

6.2.2.h. Some places where you can find official templates include:

6.2.2.i. If the evidence is being checked by a person, they must be trained in how to detect false documents by a specialist trainer, such as the Home Office, National Document Fraud Unit, National Protective Security Agency or another company that follows the Home Office’s best practice guidance. Their training must be refreshed at least every three years.

6.2.2.j. If the evidence is being checked by a system, the templates the system checks the evidence against must be updated at least every three years.   

6.2.3. Confirm the UV or IR security features are genuine

6.2.3.a. The person or system doing the check will need to use a UV or IR light to make sure:

  • the paper the evidence is printed on looks the way it should;
  • the alignment of the evidence looks the way it should;
  • any fluorescent features (such as fluorescent inks or fibres) look the way they should; and
  • the evidence has not been tampered with (for example a UV light will show where UV features have been covered by glue if something has been stuck on the evidence).

6.2.3.b. The person or system will need to use official templates to check that any of the following features that are present on the evidence look the way they should:

  • background printing;
  • fonts and alignment;
  • holograms and positioning;
  • the way it’s been laminated;
  • designs printed with optical variable ink (and check they look the way they should at certain angles);
  • the format of any ‘compound identifiers’, such as a DVLA driver number or MRZ; and
  • the position of any photographs on the evidence (they should not have been replaced or edited).

6.2.3.c. Some places where you can find official templates are:

6.2.3.d. If the evidence is being checked by a person, the person must be trained in how to detect false documents by a specialist trainer, such as the Home Office, National Document Fraud Unit, the National Protective Security Authority or another company that follows the Home Office’s best practice guidance. Their training must be refreshed at least every three years.

6.2.3.e. If the evidence is being checked by a system, the templates the system checks the evidence against must be updated at least every three years.

6.3. Validity score 3

6.3.a. There are two routes to achieving a validity score of 3.

6.3.b. For physical or digital evidence, you will achieve a validity score of 3 if you confirm the cryptographic security features of the evidence are genuine.

6.3.c. For physical evidence, you will also achieve a validity score of 3 if you do all the following:

  • validate the evidence with an authoritative source or check the evidence has not been cancelled, lost or stolen;
  • confirm any physical security features are genuine; and
  • check the evidence has not expired.

6.3.1. Validate the evidence with an authoritative source

6.3.1.a. The person or system must do the same things needed at score 2 to validate the evidence with an authoritative source.

6.3.2. Confirm the cryptographic security features are genuine

6.3.2.a. To make sure the cryptographic security features are genuine, the system that checks the evidence will need to:

  • read the cryptographically protected identity information;
  • provide any required cryptographic keys;
  • check the evidence has not expired; and
  • check the digital signature is correct.

6.3.2.b It also needs to check the signing key:

  • belongs to the organisation that issued the evidence;
  • is the correct type for that evidence; and
  • has not been revoked.

Example

Most debit or credit cards will have a cryptographic chip on them. You can check the chip is genuine by asking a user to make a zero-balance payment using a card reader. If the transaction is successful, you’ll know the cryptographic chip and the bank account linked to it are genuine.

Example

You can confirm a passport’s embedded chip is genuine by employing a reader to interrogate the information held in the chip. When the chip successfully passes the cryptographic challenges, it verifies the chip’s operational integrity and confirms the authenticity of the stored identity attributes and passport details.

6.3.3. Check the evidence has not been cancelled, lost or stolen

6.3.3.a. The person or system doing the check will need to make sure the evidence:

  • has not been cancelled by the organisation that issued it; and
  • has not been reported as lost or stolen.

6.3.3.b. They can do this by checking with an authoritative source. This can be:

  • the issuer of the evidence in question; or
  • an authoritative database which records cancellations or thefts of the evidence in question, such as Interpol for passports or a mobile network operator for mobile phone contracts.

6.3.4. Confirm any physical security features are genuine

6.3.4.a. The person or system must do the same things needed at score 2 to confirm any visible security features are genuine. They must also confirm that any UV or IR security features are genuine.

6.3.4.b. They’ll also need to:

  • use evidence that has not been intercepted and reused (‘replay attack’ or ‘injection attack’);
  • make sure any shadows or glare do not stop the security features on the evidence from being examined;
  • update any official templates that are used (such as those from PRADO) every year; and
  • refresh their training in how to detect false documents every year (if the checks are being done by a person).

6.3.4.c. They must also confirm any:

  • designs printed using intaglio (raised) ink look the way they should;
  • designs that have been laser etched look the way they should; and
  • features are consistent and correct across sections of the evidence.

Example

In a UK passport, there should be a passport number on the page with the person’s details on it. You should check if this number is the same as the number punched on the other pages in the passport.

6.3.4.d. To check this, they must use one of the following:

  • a magnification tool, such as a magnifier; or
  • other inspection equipment used to identify forged or counterfeit documents, such as a UV light.

6.4. Validity score 4

6.4.a. You will achieve a validity score of 4 if you do all the following:

  • confirm that visible security features are present and genuine using specialised equipment;
  • confirm that UV or IR security features are present and genuine;
  • confirm that cryptographic security features on the evidence are present and genuine;
  • validate the evidence with an authoritative source and check the evidence has not been cancelled, lost or stolen; and
  • check the evidence has not expired.

6.4.b. To get a score of 4, the evidence will need to be physical evidence which is protected by cryptographic security features and be checked in person by a trained professional using specialised equipment.

6.4.1. Validate the evidence with an authoritative source

6.4.1.a. The person or system must do the same things needed at score 2 and score 3 to validate the evidence with an authoritative source.

6.4.2. Confirm the visible security features are genuine

6.4.2.a. The person or system must do the same things needed at score 3 to confirm the visible security features are genuine.

6.4.2.b. They’ll also need to:

  • be supervised when they capture and examine the evidence by someone who’s also been trained by a specialist trainer, such as the Home Office, National Document Fraud Unit, the National Protective Security Authority, or another company that follows the Home Office’s best practice guidance;
  • examine the evidence under ‘controlled’ light conditions (this means the lighting in the room creates the best possible environment for examining the security features on the evidence); and
  • examine the evidence under ‘controlled’ security conditions (this means there are ways to prevent systems from being fooled or people from being manipulated).

6.4.2.c. They’ll need to check the following features of the evidence look correct:

  • watermarks;
  • security fibres;
  • consistency throughout the evidence; and
  • secondary background (‘ghost’) images.

Example

In the UK passport, there should be a ghost image of the person on the ‘observations’ page. You should check if the surname and date of birth in the image are the same as the person’s details.

6.4.2.d. To check this, they must use one of the following:

  • a magnification tool (such as a magnifier);
  • a low angle (‘oblique’) light; or
  • other inspection equipment to identify forged or counterfeit documents.

6.4.3. Confirm the UV or IR security features are genuine

6.4.3.a. The person or system must do the same things needed at score 3 to confirm any UV or IR security features are genuine.

6.4.4. Confirm the cryptographic security features are genuine

6.4.4.a. The person or system must do the same things needed at score 3 to confirm the cryptographic security features are genuine.

6.4.5. Check the evidence has not been cancelled, lost or stolen

6.4.5.a. The person or system must do the same things needed at score 3 to confirm the evidence has not been cancelled, lost or stolen.

6.5. How to check expired evidence or evidence that does not have an expiry date

6.5.a. Some evidence may:

  • have expired, but still be acceptable as identity evidence;
  • have expired and not be acceptable as identity evidence; or
  • not have an expiry date.

Examples

An expired UK passport cannot be used for travel but can be used to prove someone’s identity.

A UK driving licence is not valid for any purpose after it has expired.

A birth certificate does not have an expiry date.

6.5.b. If you accept expired evidence or evidence that does not have an expiry date, you must complete and score the validity checks in the same way as described for a document that has not expired.

6.5.c. Before accepting expired identity evidence, you must consider:

  • whether it is lawful for a user to have and use it (for example, an expired UK driving licence cannot be used for any purpose); and
  • any legislation or guidance relevant to the purpose of the identity check.

6.5.d. When you choose to accept expired evidence for any particular evidence type, you must complete a risk assessment to assess:

  • how long you should accept that evidence type after its expiry date;
  • the likelihood of the that evidence type being lost, stolen or used by someone else; and
  • the strength of the evidence type when it is expired, for example whether the security features are sufficient to protect it from being forged or counterfeited.

7. Activity history check: checking the claimed identity has existed over time

7.a. Checking the claimed identity has existed over time will lower the risk of you accepting either:

  • a synthetic identity; or
  • an identity that belongs to someone who’s died.

7.b. This is known as an ‘activity history’ check.

7.c. Some identity profiles do not require that you do this check.

7.d. The maximum score for the activity history check is 4.

7.e. To do an activity history check, you must check if there are records that show the claimed identity has regularly interacted with other organisations or people. How many interactions you need to find will depend on if the organisation or person did an identity check during the interaction.

7.f. Some examples of interactions include:

  • credit card transactions;
  • gas or electricity account payments;
  • someone signing in to an online bank or retail account;
  • someone travelling to another country;
  • health records;
  • employment records; and
  • school records.

7.g. You can also accept a vouch from someone who knows the claimed identity as proof they’ve existed over time. You must follow the vouching guidance to do this.

7.h. How confident you can be that the claimed identity was involved in these interactions depends on if their identity was checked by the organisation or person they interacted with.

7.1. Find out what identity checks have been done

7.1.a. Different types of organisations and people will check identities in different ways.

7.1.b. Not everyone will check someone’s identity when they interact with them. If you cannot find out what sort of identity checks they do, you must assume they do not do any. This means you will need to look for more interactions over a longer period of time.

7.1.c. You’re likely to find records of interactions between claimed identities and the following types of organisations. These organisations might interact with other organisations that do identity checks in a different way.

7.1.1. Educational organisations

7.1.1.a. You might find interactions between the claimed identity and an educational organisation, such as a school or college. As these types of organisations have done some basic identity checks, you can be sure that they have followed a published policy.

7.1.2. Financial organisations

7.1.2.a. You might find interactions between the claimed identity and a financial organisation, such as a bank or credit agency. You can be sure these types of organisations will have checked identity in a way that follows the Money Laundering Regulations 2017.

7.1.3. Travel companies or border or immigration authorities

7.1.3.a. You might find interactions that show the claimed identity has travelled to another country. Their identity will have either been checked by the company they travelled with, such as an airline, or by a border or immigration authority. The claimed identity’s physical appearance or biometric information was checked against an official source, such as a passport.

7.1.4. Using vouching for the activity history check

7.1.4.a. When you are using a vouch for the activity history check, you must follow the vouching guidance, and score the activity history check using the scoring matrix below. The score a vouch achieves for the activity history check will depend on whether:

  • the identity of the vouchee was checked by the organisation for which the voucher works; and
  • the voucher knows the vouchee in this capacity.

7.1.4.b. If both conditions apply, then you may be able to score the activity history check more highly in accordance with the scoring matrix below, with higher scores for better identity checking by the organisation for which the voucher works.

Example

A vouch by a teacher for a student of theirs, whom they have taught for one year, could score a 3 for activity history because the identity of the student was checked by the school at which the teacher works when the student enrolled at the school.

On the other hand, a vouch from that teacher for someone they’ve known as a neighbour for one year could only score an activity history of 1 because there are no additional identity checks accompanying those interactions, and the teacher cannot be as sure the neighbour is who they’ve claimed to be throughout their interactions.

7.2. Activity history scores

7.2.a. The score you’ll get will depend on:

  • what type of identity checks the organisation or person did; and
  • when the interactions you found took place.

7.2.b. You’ll get a higher score if the identity has existed for a long time or it has been checked more thoroughly, as set out in the scoring matrix below.

Interactions over the last 3 months Interactions over the last 6 months Interactions over the last year Interactions over the last 2 years Interactions over the last 3 years
Identity was not checked N/A N/A Score 1 Score 2 Score 3
Identity was checked following a published policy Score 1 Score 2 Score 3 Score 4 Score 4
Identity was checked following the Money Laundering Regulations Score 2 Score 3 Score 4 Score 4 Score 4
Physical appearance or biometric information was checked against an official source Score 3 Score 4 Score 4 Score 4 Score 4

8. Identity fraud check: checking if the claimed identity is at high risk of identity fraud

8.a. You might want to make sure the claimed identity is not:

  • at a higher than usual risk of identity fraud; or
  • suspected to be a synthetic identity.

8.b. You can do this by checking the details of the claimed identity with authoritative counter-fraud data sources, such as a national fraud database or databases managed by other authoritative organisations.

8.c. This is known as the ‘identity fraud’ check.

8.d. Some identity profiles do not require that you do this check.

8.e. The maximum score for the identity fraud check is 3.

8.1. Identity fraud check score 1

8.1.a. You’ll get a fraud check score of 1 if you use an authoritative source to check if the claimed identity:

  • has had its details stolen (even if those details have not been used fraudulently yet);
  • has been reported as stolen; or
  • is suspected to be a synthetic identity.

8.1.b. You must improve the way you do the verification check as described in section 9.5 if you find out any of these things have happened. If you suspect the claimed identity is a synthetic identity, you might also need to:

  • do more checks to get a higher validity score for the evidence you have; or
  • collect more evidence of the claimed identity.

8.2. Identity fraud check score 2

8.2.a. To get a fraud check score of 2, you must do all the checks needed to get a score of 1. You must also use an authoritative source to check that the claimed identity:

  • belongs to someone who’s still alive;
  • is known by an organisation that should have a record of that person (for example, an Electoral Registration Office in a local authority); and
  • is not at an unusually high risk of being impersonated (for example, a ‘politically exposed person’ like a politician or judge is at a higher than usual risk of being impersonated).

8.2.b. You must improve the way you do the verification check as described in section 9.5 if you get any information from the authoritative source that suggests these things are not true.

8.3. Identity fraud check score 3

8.3.a. You’ll get a fraud check score of 3 if you use more than one authoritative source to do all the checks needed to get a score of 2.

8.3.b. The sources must also be independent, which means they’re either:

  • separate from the part of your organisation that checks the person’s identity; or
  • part of a different organisation.

8.3.c. You must improve the way you do the verification check as described in section 9.5 if you get any information from the authoritative sources that suggests these things are not true.

9. Verification check: checking that the identity belongs to the person who’s claiming it

9.a. You must prove that the person who’s going through your identity checking process is the claimed identity. You might let someone access your service using a claimed identity that belongs to someone else if you do not do this.

9.b. This is known as the ‘verification’ check.

9.c. The maximum score for the verification check is 4.

9.1. Verification score 1

9.1.a. You will get a verification score of 1 if you do one of the following:

  • ask the person to complete ‘knowledge-based verification’ (KBV) challenges (see Appendix 1); or
  • have created and stored a score 1 vouch yourself in line with the vouching guidance.

9.2. Verification score 2

9.2.b. You will get a verification score of 2 if you do one of the following:

  • make sure the person physically matches the photo on or associated with the strongest piece of genuine evidence you have of the claimed identity (you can do this in person or remotely);
  • make sure the person’s biometric information matches biometric information from the strongest piece of genuine evidence you have or an authoritative source; or
  • ask the person to complete multiple ‘dynamic’ KBV challenges (see Appendix 1).

9.2.1. Make sure someone matches the photo in person

9.2.1.a. The person doing the match must:

  • have been trained in how to detect impostors by a specialist trainer, such as the Home Office, National Document Fraud Unit, National Protective Security Agency, or any other company that follows the Home Office’s best practice guidance;
  • refresh their training at least every 3 years; and
  • have good enough eyesight (with or without prescription lenses) to effectively compare the person to the image.

9.2.1.b. When doing the match, you must make sure:

  • the person whose identity is being checked is present;
  • the light conditions are good enough to clearly see the person and the image on the evidence (for example, there must be no glare or shadows);
  • you are comparing the person to a photo from genuine evidence; and
  • the photo has not been tampered with.

9.2.1.c. The person whose identity is being checked must not:

  • be wearing a head covering (unless it’s for religious or medical reasons);
  • have their eyes closed; or
  • have anything covering their face or eyes (such as shadows or their hair).

9.2.1.d. If someone is wearing a face covering to help them avoid catching or spreading a respiratory infection like COVID-19, you can ask them to take it off to be identified. You can also choose to check they match the photo remotely instead.

9.2.2. Make sure someone matches the photo remotely

9.2.2.a. When doing the match, you must make sure:

  • the person whose identity is being checked is present when their image or video is captured (you must not use a scan or an upload from a photo or video feed);
  • the image or video has not been intercepted and reused (replayed or injection attack);
  • you are comparing an image or video of the person to an image or video of genuine evidence; and
  • the image or video has been shared in a way that prevents it from being tampered with (for example, by using a ‘man-in-the-middle’ attack).

9.2.2.b. If a person is doing the match, they must:

  • have been trained in how to detect impostors by a specialist trainer, such as the Home Office, National Document Fraud Unit, National Protective Security Agency, or any other company that follows the Home Office’s best practice guidance;
  • refresh their training at least every 3 years; and
  • have good enough eyesight (with or without prescription lenses) to effectively compare the person to the image.

9.2.2.c. The image or video of the person must be:

  • clear and in focus; and
  • in colour.

9.2.2.d. In the image or video, the person must:

  • be in clear contrast to the background;
  • not have ‘red eye’;
  • not wear a head covering (unless it’s for religious or medical reasons);
  • not have their eyes closed; and
  • not have anything covering their face or eyes (such as shadows or their hair).

9.2.3. Make sure someone matches biometric information

9.2.3.a. When doing the biometric comparison, you must make sure:

  • the number of ‘false matches’ and ‘false non-matches’ in your system are appropriate for your security and usability needs;
  • your system matches the person to biometric information that’s known to belong to the claimed identity (this is known as ‘one-to-one verification’);
  • the biometric information has not been tampered with (if it was taken from a piece of evidence);
  • your system can identify if the person’s biometric information has been intercepted and reused (‘replayed’ or ‘injection attack’);
  • the biometric information has been shared in a way that prevents it from being tampered with;
  • your system can tell if someone’s using an artefact to convince the system they’re someone else (known as ‘spoofing’) - this could mean making sure they’re not holding up a photo or playing a recording of someone’s else’s voice if you’re checking a facial or vocal type (‘modality’) of biometric;
  • your system’s performance and security have been tested, either internally or using an external ISO/IEC 17025 accredited testing laboratory recognised by the International Laboratory Accreditation Co-operation (ILAC) mutual recognition agreement, against industry standards for performance (ISO/IEC 19795-1) and security (ISO/IEC 30107-1); and
  • your system confirms that the person is real (known as a ‘liveness’ test).

Example

If you’re checking a fingerprint biometric modality, you can use heart rate sensors to make sure that the person who is providing their fingerprint is alive.

9.3. Verification score 3

9.3.a. You will get a verification score of 3 if you do either of the following in person or remotely:

  • make sure the person physically matches the photo on (or associated with) the strongest piece of genuine evidence you have of the claimed identity; or
  • make sure the person’s biometric information matches biometric information from the strongest piece of genuine evidence you have or an authoritative source of the claimed identity.

9.3.1. Make sure someone matches a photo in person or remotely

9.3.1.a. The person doing the match must have all the skills and training needed to get a score of 2. They must refresh their training in how to detect impostors every year.

9.3.1.b. The person or system doing the match must do everything needed to check someone matches a photo (in person or remotely) at score 2. You must also make sure:

  • your process has a way to identify if someone is wearing a mask, makeup or prosthetics to look like someone else; and
  • their eyes are visible without any glare or reflections (if the person is wearing glasses).

9.3.2. Make sure someone matches biometric information

9.3.2.a. You must do everything needed to check someone matches biometric information at score 2. You must also make sure:

  • the number of ‘false matches’ and ‘false non-matches’ in your system are appropriate for your security and usability needs and are based on industry best practice (for example, ISO/IEC TR 29156);
  • your system uses a biometric algorithm that’s been proven to be effective against a recognised benchmark, like the National Institute of Standards and Technology’s (NIST’s) face recognition vendor test guidance;
  • the person’s biometric information is captured under conditions that do not reduce the accuracy of the type of biometric check being used (things like light, noise, and humidity impact the success rates for different biometric modalities and must be adjusted if they’re impairing success rates);
  • your system can tell when someone is spoofing the system using an artefact that’s taken time, money and effort to create, for example, detecting if someone is changing the pitch and adding background noise to a recording of a vocal biometric;
  • the biometric information has not been tampered with, including electronic attacks against the biometric information (also known as ‘injection attacks’);
  • your system’s performance and security have been independently tested by an ISO/IEC 17025 accredited biometric testing laboratory recognised by the International Laboratory Accreditation Co-operation (ILAC) mutual recognition agreement, against industry standards for performance (ISO/IEC 19795-1) and security (ISO/IEC 30107-1); and
  • your system uses multiple processes or measures to confirm that the person is real (known as an ‘enhanced liveness’ test).

Example

If you’re checking a facial biometric modality, you can ask the person to take a short video of themselves, during which they repeat a random sequence of words back to you. This helps you make sure there’s a real person involved. You can also continually assess small movements of the person’s head while the biometric measurement is taking place.

9.4. Verification score 4

9.4.a You will get a verification score of 4 if you make sure the person’s biometric information matches biometric information from the strongest piece of genuine evidence you have or an authoritative source.

9.4.b. The person or system doing the match must do everything needed to check if someone matches biometric information at score 3.

9.4.c. You must also be able to tell when someone is spoofing the system using a sophisticated artefact that’s taken a lot of time, money, effort or criminal activity to create. If you’re checking a facial biometric modality, this could mean making sure the person is not showing a 3D animated avatar on a hijacked computer or device.

9.4.d. The biometric information on the evidence and the biometric information of the person must also be captured under ‘controlled conditions’. This means:

  • any equipment has been designed in a way that makes it difficult to be tampered with;
  • the capture of biometric information is supervised by someone (‘the supervisor’) who was trained in how to compare people to their identity evidence by a specialist trainer (such as the Home Office, National Document Fraud Unit, National Protective Security Agency or any other company that follows the Home Office’s best practice guidance);
  • the supervisor refreshes their training every year;
  • the supervisor monitors the behaviour of the person whose biometric information is being captured to make sure it’s not suspicious; and
  • the area and equipment used to capture the biometric information has been designed in a way that reduces the likelihood of incorrect matches for the type of biometric information being used.

Example

Some facial recognition software will be less accurate in different light conditions. A facial biometric comparison must take place under the best light conditions for the biometric algorithm that’s being used. This will reduce incorrect matches and false rejections.

The area where the check is being done must also be monitored by trained personnel who make sure people are not trying to fool the system.

9.5 Improving your checks if the claimed identity is at high risk of identity fraud

9.5.a. You do not always need to get a higher score to improve your checks.

9.5.b. If you ask a user to complete KBV challenges (see Appendix 1), you can improve your check by doing one of the following:

  • asking the user to complete more challenges based on information from another source;
  • making sure the person physically matches the photo on evidence of the claimed identity; or
  • making sure the person’s biometric information matches what’s on evidence of the claimed identity.

9.5.c. If you’re already doing a physical match, you can either:

  • check more security features on the evidence; or
  • make sure checks are supervised by another member of staff who has completed the appropriate training.

9.5.d. If you’re already matching someone’s biometric information, you can lower your false match rate. This will help make sure your system does not match biometric information to the wrong person.

10. Appendix 1: knowledge-based verification quality rules

10.a. ‘Knowledge-based verification’ (KBV) challenges involve asking a person to prove they know information that only the claimed identity should know.

10.b. You can do this using:

  • a free-text response, where they can answer in any way they like; or
  • multiple-choice, where they can choose an option from a set of possible answers that you provide.

10.c. It’s usually more difficult for an impostor to complete a free-text challenge than a multiple-choice challenge. This is because they might be able to guess the right answer when completing a multiple-choice challenge.

10.d. If you decide to accept free-text responses to KBV challenges, be aware that they might include spelling mistakes or other errors. This can sometimes make it harder to match the responses to a record.

Example

You can ask the person to give you a customer reference number that was issued to them when they bought something from your organisation. They will need to type this into a free-text field. You can make sure the number was issued to their claimed identity by checking it against your records. This reference number is static because it does not change over time.

10.e. How many KBV challenges you ask the person to complete depends on:

  • if the challenges are low, medium or high quality;
  • the way the person completes the challenge; and
  • which verification score you would like your process to meet.

10.1. Quality rules for KBV challenges

10.1.a. KBV challenges should be specific enough to be able to prove that that person is who they say they are.

10.1.b. Someone who has stolen a claimed identity’s wallet, purse or phone should not be able to complete all of the KBV challenges you ask them to.

10.1.c. Low quality KBV challenges must be:

  • about the claimed identity;
  • clear and simple so the person knows exactly what you’re asking them;
  • about something the claimed identity can reasonably be expected to know;
  • from a source that maintains the integrity of the information the question is based on; and
  • from a source that makes sure the information cannot be misused by the claimed identity (for example the claimed identity should not be able to create false records).

10.1.d. Low quality KBV challenges must not:

  • be able to be answered with information that’s available in the public domain (for example in an open dataset or on a website that anyone can access);
  • be able to be answered using information the person has submitted at another point in the identity checking process;
  • be predictable (the questions should change each time someone goes through your identity checking process);
  • have answers that can be easily guessed if you’re asking multiple-choice questions;
  • include information that will give the person the answer to another question; and
  • show personal information (unless the person has already submitted it at another point during the identity checking process).

10.1.e. Medium quality KBV challenges must meet all the requirements for low quality challenges, as well as:

  • be based on information from a source that did its own identity checks on the claimed identity; and
  • be shared, like a one-time password sent to the claimed identity’s phone, in a way that means you can be sure they were given to the claimed identity.

10.1.f. High quality KBV challenges must meet all the requirements for low and medium quality challenges. They must also be based on information:

  • from a source that checked the claimed identity was who they said they were in a way that follows the Money Laundering Regulations 2017;
  • from a source that makes sure the information cannot be accessed, modified or created by its employees;
  • from a source that’s separate from your organisation;
  • from a source that’s regulated by a statutory or independent body; and
  • that cannot be known or accessed by anyone apart from the claimed identity and their immediate family without breaking the law (for example, you should not use information that you know is available on the dark web).

10.2. Asking the person to complete dynamic KBV challenges

10.2.a. To be ‘dynamic’, the answers to a KBV challenge must change over time. This will make it harder for impostors using information from things like data breaches to successfully complete the challenge.

Example

You can make a zero-balance transaction into the claimed identity’s bank account and attach a reference number (which is valid for a short period of time) to it. This will show up as a code on the claimed identity’s bank statement.

The person will need to sign in to the claimed identity’s account within the allowed time to get the code. If they give you the correct code, it will prove the person you’re dealing with has control of and access to that account. Only the claimed identity should be able to do this.

11. Appendix 2: using knowledge-based verification for the verification check

11.a. You can use KBV as part of the verification check for verification scores 1 and 2. You must ask the person to complete certain numbers and types of KBV challenges for each score. Which numbers and types of challenge are acceptable for each score are provided below.

11.1. Verification score 1

11.1.a. You must ask the person to complete one of the following:

  • 2 low quality free-text KBV challenges;
  • 4 low quality multiple-choice KBV challenges;
  • 1 medium quality free-text KBV challenge;
  • 2 medium quality multiple-choice KBV challenges;
  • 1 high quality free-text KBV challenge; or
  • 1 high quality multiple-choice KBV challenge.

11.2. Verification score 2

11.2.a. The KBV challenges must follow the same quality rules that need to be followed to get a score of 1 and must additionally be dynamic challenges.

11.2.b. You can ask a combination of different quality KBV challenges to get a score of 2.

11.2.c. The KBV challenges must be based on information from at least 2 different sources or systems. For example, some challenges could be based on information from a credit reference agency while others could use information from a mobile phone network operator.

11.2.d. Some of the following combinations require you to ask the person to complete multiple-choice challenges. Wherever this is an option, you can choose to ask the person to complete free-text challenges instead. This is because free-text challenges are better at catching out impostors who might pretend to be the claimed identity.

11.2.e. If you ask 1 high-quality free-text challenge, you must also ask at least one of the following:

  • 2 low quality multiple-choice challenges;
  • 1 low quality free-text challenge; or
  • 1 medium quality multiple-choice challenge.

11.2.f. If you ask 1 high-quality multiple-choice challenge, you must also ask at least one of the following:

  • 3 low quality multiple-choice challenges;
  • 2 low quality free-text challenges;
  • 1 low quality free-text challenge and 1 low quality multiple-choice challenge; or
  • 1 medium quality multiple-choice challenge.

11.2.g. If you ask 1 medium quality free-text challenge, you must also ask at least one of the following:

  • 4 low quality multiple-choice challenges;
  • 2 low quality free-text challenges;
  • 1 low quality free-text challenge and 2 low quality multiple-choice challenges;
  • 1 medium quality multiple-choice challenge and 1 low quality multiple-choice challenge;
  • 2 medium quality multiple-choice challenges; or
  • 1 medium quality free-text challenge.

11.2.h. If you ask 1 medium quality multiple-choice challenge, you must also ask at least one of the following:

  • 5 low quality multiple-choice challenges;
  • 3 low quality free-text multiple-choice challenges;
  • 1 low quality free-text challenge and 3 low quality multiple-choice challenges; or
  • 2 low quality free-text challenges and 1 low quality multiple-choice challenges.

11.2.i. If you ask 2 medium quality multiple-choice challenges, you must also ask at least one of the following:

  • 1 low quality free-text challenge; or
  • 1 medium quality multiple-choice challenge.

12. Appendix 3: additional guidance

12.1. If the user has changed their name

12.1.a. There are legitimate reasons why someone’s name might be different on different pieces of evidence. For example, their surname might have changed when they got married.

12.1.b. If it looks like someone has changed their name, you might need to collect more evidence to make sure the evidence belongs to the person claiming the identity. The combination of evidence you collect must match an identity profile for the level of confidence you need.

12.1.c. Some users might have changed their name because of gender reassignment. If this is the case, you must make sure you comply with any applicable legal requirements, including the Equality Act 2010 or equivalent legislation in Northern Ireland, in particular if you ask them for any evidence that includes their previous names.

12.1.d. The identity is also sometimes shown as a synonym on different pieces of evidence. For example, it might say the person’s name is Samantha on their passport, but Sam on their bank card.

12.1.e. You can usually accept a synonym unless you need to know the name that the claimed identity has on any official documents, such as their passport.

12.2. Transposition errors

12.2.a. Other information might appear to be different on different pieces of evidence. These mistakes are known as ‘transposition errors’.

12.2.b. This can happen with, for example:

  • names that have multiple parts, for example ‘Anna-Marie Jane’ might appear as ‘Anna Marie-Jane’;
  • days and months in dates, for example ‘08.10.1978’ might appear as ‘10.08.1978’;
  • centuries in dates, for example ‘1998’ might appear as ‘1898’; or
  • addresses, for example ‘Flat 1a, 29 Acacia Road’ might appear as ‘Flat 29a Acacia Road’.

12.2.c. If transposition errors are easily identified and corrected so that you are sure the evidence relates to the claimed identity, they will not affect the identity check, and the evidence can be scored as usual. If they mean you cannot be sure the evidence relates to the claimed identity, or that you cannot be sure the evidence is genuine, you could ask for alternative evidence for the identity check.

12.3. Why you cannot accept a National Insurance number as proof of identity

12.3.a. A National Insurance number is not evidence of the claimed identity. It is a reference number that can be used to match a record that relates to a claimed identity. You must not accept it as proof of someone’s identity if you’re creating an identity following this guidance because:

  • a National Insurance number is not private and users share their National Insurance number for legitimate reasons, such as with their employer, pension provider or landlord;
  • users cannot control what happens to their National Insurance number after it’s been shared and there are limited checks that bind the number to the claimed identity;
  • some users get a National Insurance number automatically just before they turn 16 without needing to prove their identity first; and
  • there is a known use of National Insurance numbers as part of identity theft and fraud.

12.3.b. If your organisation currently accepts National Insurance numbers as proof of someone’s identity, for example as part of an older system or process, you should :

  • review your process, assess the risks of accepting National Insurance numbers as proof of identity and make sure you comply with relevant privacy legislation;
  • evaluate the cost of changing your service to remove National Insurance numbers against the level of privacy risk, particularly if your service handles personal data; and
  • consider finding another way to confirm a user’s identity.

12.3.c. Find out more about National Insurance numbers.

13. Appendix 4: identity profiles

13.a. There are a number of ways to combine the scores you get for each part of the identity checking process. These combinations are known as identity profiles.

13.b. Meeting an identity profile is the only way to get one of the following levels of confidence in someone’s identity:

  • low confidence;
  • medium confidence;
  • high confidence; or
  • very high confidence.

13.c. To meet an identity profile, your scores must be the same as, or higher than, the scores needed for each check. Do not add your scores up.

Example

You need a validity score of 1 to meet an identity profile. The evidence from the person whose identity you’re checking has a validity score of 2. You can use this score of 2 to meet the lower score requirements of the identity profile.

13.d. You do not need to do an activity history or identity fraud check to meet some identity profiles.

13.e. If a profile says an activity check is not needed, it’s usually because the organisation that issued the evidence has already checked the claimed identity exists.

13.f. You usually will not need to do an identity fraud check if the person going through the identity checking process has already been matched to the claimed identity through a physical or biometric comparison.

13.1. Choosing an identity profile

13.1.a. You can choose to meet any identity profile. Which one you choose depends on:

  • how confident you need to be in someone’s identity;
  • what evidence your users are likely to have;
  • which parts of the identity checking process you can do;
  • how thoroughly you do each part of the identity checking process; and
  • how many pieces of evidence you need.

13.2. Collecting multiple pieces of evidence

13.2.a. You might need to collect multiple pieces of evidence if the evidence you already have does not:

  • include all the personal information you need; or
  • have many security features that stop it from being forged or counterfeit.

13.2.b. You’ll also need to link these pieces of evidence together to make sure they all relate to the claimed identity.

Example

You need evidence of a person’s name and address. A person gives you a bus pass that shows their photo and address but not their name. They also give you a genuine passport that shows their photo and their name. You check these photos match, so you know both pieces of evidence relate to the same claimed identity.

13.2.c. If you collect more than one piece of evidence, you must make sure the evidence has been issued by either:

  • different organisations; or
  • an organisation that used a different identity checking process to issue each piece of evidence you’re using.

Example

You collect 3 pieces of evidence of a claimed identity from different organisations. One is a letter from a local authority, one is from a solicitor, and one is from a gas company. They were all issued to the same claimed identity.

13.3. Low confidence in someone’s identity

13.3.1. If you have 1 piece of evidence

13.3.1.a. There are 3 identity profiles you can meet if you collect 1 piece of evidence.

Low confidence, 1 piece of evidence, profile A (L1A)

Check Score
Strength 2
Validity 2
Activity history N/A
Identity fraud 1
Verification 1

Low confidence, 1 piece of evidence, profile B (L1B)

Check Score
Strength 3
Validity 2
Activity history N/A
Identity fraud N/A
Verification 1

Low confidence, 1 piece of evidence, profile C (L1C)

Check Score
Strength 1
Validity 1
Activity history 3
Identity fraud 2
Verification 2

13.3.2 If you have 2 pieces of evidence

13.3.2.a. There are 2 identity profiles you can meet if you collect 2 pieces of evidence.

Low confidence, 2 pieces of evidence, profile A (L2A)

Check Score (first piece of evidence) Score (second piece of evidence)
Strength 1 1
Validity 1 1
Activity history 2  
Identity fraud 1  
Verification 2  

Low confidence, 2 pieces of evidence, profile B (L2B)

Check Score (first piece of evidence) Score (second piece of evidence)
Strength 1 1
Validity 1 1
Activity history 2  
Identity fraud 2  
Verification 1  

13.3.3 If you have 3 pieces of evidence

13.3.3a There’s only one identity profile you can meet if you collect 3 pieces of evidence.

Low confidence, 3 pieces of evidence, profile A (L3A)

Check Score (first piece of evidence) Score (second piece of evidence) Score (third piece of evidence)
Strength 1 1 1
Validity 1 1 1
Activity history 2    
Identity fraud 1    
Verification 1    

13.4. Medium confidence in someone’s identity

13.4.1. If you have 1 piece of evidence

13.4.1.a. There are 4 identity profiles you can meet if you collect 1 piece of evidence.

Medium confidence, 1 piece of evidence, profile A (M1A)

Check Score
Strength 4
Validity 2
Activity history N/A
Identity fraud 1
Verification 2

Medium confidence, 1 piece of evidence, profile B (M1B)

Check Score
Strength 3
Validity 2
Activity history 1
Identity fraud 2
Verification 2

Medium confidence, 1 piece of evidence, profile C (M1C)

Check Score
Strength 3
Validity 3
Activity history N/A
Identity fraud N/A
Verification 3

Medium confidence, 1 piece of evidence, profile D (M1D)

Check Score
Strength 2
Validity 2
Activity history 2
Identity fraud 1
Verification 3

13.4.2. If you have 2 pieces of evidence

13.4.2.a. There are 3 identity profiles you can meet if you collect 2 pieces of evidence.

Medium confidence, 2 pieces of evidence, profile A (M2A)

Check Score (first piece of evidence) Score (second piece of evidence)
Strength 2 2
Validity 2 2
Activity history 3  
Identity fraud 2  
Verification 2  

Medium confidence, 2 pieces of evidence, profile B (M2B)

Check Score (first piece of evidence) Score (second piece of evidence)
Strength 3 2
Validity 2 2
Activity history 1  
Identity fraud 1  
Verification 2  

Medium confidence, 2 pieces of evidence, profile C (M2C)

Check Score (first piece of evidence) Score (second piece of evidence)
Strength 3 2
Validity 2 2
Activity history N/A  
Identity fraud 1  
Verification 3  

13.4.3. If you have 3 pieces of evidence

13.4.3.a. There’s only one identity profile you can meet if you collect 3 pieces of evidence.

Medium confidence, 3 pieces of evidence, profile A (M3A)

Check Score (first piece of evidence) Score (second piece of evidence) Score (third piece of evidence)
Strength 2 2 2
Validity 2 2 2
Activity history 2    
Identity fraud 2    
Verification 2    

13.5. High confidence in someone’s identity

13.5.1. If you have 1 piece of evidence

13.5.1.a. There are 3 identity profiles you can meet if you collect 1 piece of evidence.

High confidence, 1 piece of evidence, profile A (H1A)

Check Score
Strength 4
Validity 3
Activity history N/A
Identity fraud 1
Verification 3

High confidence, 1 piece of evidence, profile B (H1B)

Check Score
Strength 3
Validity 3
Activity history 2
Identity fraud 1
Verification 3

High confidence, 1 piece of evidence, profile C (H1C)

Check Score
Strength 4
Validity 3
Activity history N/A
Identity fraud N/A
Verification 4

13.5.2. If you have 2 pieces of evidence

13.5.2.a, There are 5 identity profiles you can meet if you collect 2 pieces of evidence.

High confidence, 2 pieces of evidence, profile A (H2A)

Check Score (first piece of evidence) Score (second piece of evidence)
Strength 2 2
Validity 2 2
Activity history 3  
Identity fraud 2  
Verification 3  

High confidence, 2 pieces of evidence, profile B (H2B)

Check Score (first piece of evidence) Score (second piece of evidence)
Strength 4 3
Validity 2 2
Activity history N/A  
Identity fraud 2  
Verification 3  

High confidence, 2 pieces of evidence, profile C (H2C)

Check Score (first piece of evidence) Score (second piece of evidence)
Strength 3 2
Validity 3 2
Activity history 1  
Identity fraud 1  
Verification 3  

High confidence, 2 pieces of evidence, profile D (H2D)

Check Score (first piece of evidence) Score (second piece of evidence)
Strength 3 3
Validity 3 2
Activity history N/A  
Identity fraud 1  
Verification 3  

High confidence, 2 pieces of evidence, profile E (H2E)

Check Score (first piece of evidence) Score (second piece of evidence)
Strength 4 3
Validity 3 3
Activity history N/A  
Identity fraud N/A  
Verification 3  

13.5.3. If you have 3 pieces of evidence

13.5.3.a. There’s only one identity profile you can meet if you collect 3 pieces of evidence.

High confidence, 3 pieces of evidence, profile A (H3A)

Check Score (first piece of evidence) Score (second piece of evidence) Score (third piece of evidence)
Strength 2 2 2
Validity 2 2 2
Activity history 2    
Identity fraud 2    
Verification 3    

13.6. Very high confidence in someone’s identity

13.6.1. If you have 1 piece of evidence

13.6.1.a. There are 4 identity profiles you can meet if you collect 1 piece of evidence.

Very high confidence, 1 piece of evidence, profile A (V1A)

Check Score
Strength 4
Validity 3
Activity history N/A
Identity fraud 3
Verification 3

Very high confidence, 1 piece of evidence, profile B (V1B)

Check Score
Strength 4
Validity 4
Activity history N/A
Identity fraud 1
Verification 3

Very high confidence, 1 piece of evidence, profile C (V1C)

Check Score
Strength 4
Validity 3
Activity history 1
Identity fraud 1
Verification 4

Very high confidence, 1 piece of evidence, profile D (V1D)

Check Score
Strength 4
Validity 4
Activity history N/A
Identity fraud N/A
Verification 4

13.6.2. If you have 2 pieces of evidence

13.6.2.a. There are 4 identity profiles you can meet if you collect 2 pieces of evidence.

Very high confidence, 2 pieces of evidence, profile A (V2A)

Check Score (first piece of evidence) Score (second piece of evidence)
Strength 3 3
Validity 3 3
Activity history 3  
Identity fraud 2  
Verification 3  

Very high confidence, 2 pieces of evidence, profile B (V2B)

Check Score (first piece of evidence) Score (second piece of evidence)
Strength 4 3
Validity 3 3
Activity history N/A  
Identity fraud 2  
Verification 3  

Very high confidence, 2 pieces of evidence, profile C (V2C)

Check Score (first piece of evidence) Score (second piece of evidence)
Strength 4 2
Validity 3 2
Activity history 2  
Identity fraud 2  
Verification 3  

Very high confidence, 2 pieces of evidence, profile D (V2D)

Check Score (first piece of evidence) Score (second piece of evidence)
Strength 4 4
Validity 4 4
Activity history N/A  
Identity fraud N/A  
Verification 3  

13.6.3. If you have 3 pieces of evidence

13.6.3.a. There’s only one identity profile you can meet if you collect 3 pieces of evidence.

Very high confidence, 3 pieces of evidence, profile A (V3A)

Check Score (first piece of evidence) Score (second piece of evidence) Score (third piece of evidence)
Strength 3 2 2
Validity 3 2 2
Activity history 3    
Identity fraud 3    
Verification 3    
Back to top