Florida Drivers Enjoy Faster, Better Identity Verification

A modern, AI-powered identity platform simplifies and protects online transactions between residents and the Florida Department of Highway Safety and Motor Vehicles (FLHSMV).

For years, the FLHSMV online portal used a question-and-answer sequence, known as knowledge-based authentication — or KBA — to verify user identities and approve online transactions. KBA was considered a best practice when FLHSMV launched the portal, but the authentication method had become increasingly vulnerable as social media and data breaches made Floridians’ personal information available to fraudsters.

To strengthen identity verification and improve user experience, FLHSMV implemented the Socure identity platform, which uses intelligent algorithms and a wide range of authoritative data sources to accurately identify residents. The department’s story shows the promise of embracing modern identity software to streamline online transactions and mitigate fraud risk.

Transitioning from KBA

FLHSMV is the primary identity authority for more than 22.5 million Floridians. It’s also the main regulatory agency for the state’s drivers and vehicles. When Florida implemented an online portal to let residents renew vehicle license tags and perform other tasks remotely, the department needed a way to verify that users are who they say they are.

FLHSMV initially adopted KBA, using an algorithm that automatically pulled data from a resident’s history with the agency. But some users had difficulty remembering details like the color of a car they owned 10 years ago. Although the department’s IT staff often tweaked the KBA algorithm to improve its effectiveness, the KBA question-and-answer time had to be increased from 5 minutes to 10 minutes for portal account creation.

“We had to dedicate a significant number of call center staff to support users in the KBA process,” says Terrence Samuel, FLHSMV’s director of information systems administration.

KBA had also grown susceptible to fraud. Cyberattacks and data breaches have made large volumes of stolen personal data available on the dark web and other illicit sources. As a result, fraudsters using automation could circumvent KBA. This is among the reasons the National Institute of Standards and Technology (NIST) now discourages using KBA for identity verification.

A new approach to identity

FLHSMV conducted a data study with Socure to analyze the performance of the department’s existing identity verification solution against the Socure ID+ Platform.

FLHSMV replaced KBA with the Socure platform, which uses artificial intelligence and machine learning (AI/ML) to verify users and authenticate transactions. Accurate approvals happen automatically more than 90% of the time, thanks to:

• Extensive data: The platform’s identity database draws from hundreds of authoritative data sources to validate name, social security number, date of birth, email addresses, physical addresses, phone numbers, geolocation, IP addresses and device identifiers.
• AI/ML and risk scoring: Intelligent algorithms built from these data points provide a holistic risk assessment to help agencies automatically decide to accept transaction requests, or to escalate them by asking a user to provide more data, such as an ID document and live photo.
• Integration: A simple application programming interface (API) call provides immediate access to enable risk determination at any point of the customer journey.

The software has modules for distinct identity verification challenges like identity fraud and fake email accounts. Another module for verification data has individual identifiers, such as names, addresses and dates of birth, which are matched to an authoritative source.

When a user initiates an online transaction requiring verification, the AI/ML algorithms correlate data from all the relevant modules and assign risk scores that determine whether to approve or deny the request. For example, if an email address is less than 180 days old or does not match email addresses linked to an individual, this may raise the risk score and heighten the likelihood of a rejection. However, if other data points suggest it’s just a verified user with a new email address, the transaction is more likely to be approved.

“It was entirely painless to set up,” says Chad Hutchinson, FLHSMV’s chief technology officer.

“We were surprised at how simple this was to integrate.”

Socure uses the RESTful API, an open standard, and a drag-and-drop interface to reduce confusion and accelerate development timeframes. Extensive documentation ensures developers know what they’re working with.

Safer and smoother transactions

FLHSMV’s portal automatically approves more than 90% of transaction requests instantly, eliminating the time previously spent by users answering KBA questions. The state estimates this will collectively save Floridians 157,000 hours annually. In addition, the new software slashes fraud risk because AI/ML algorithms correlate identity data from hundreds of sources.

FLHSMV also has the infrastructure in place to automate more sophisticated identity verification in the future. For instance, an address change request could ask a user to submit a document confirming the new address.

These so-called guarded transactions can add an extra layer of fraud and identity protection for the agency and its customers.

FLHSMV’s contact center has reassigned agents to other tasks because they’re no longer supporting KBA. And of course, Florida drivers and vehicle owners get better service and convenience.