Entrust, Jumio, Sumsub Lead Identity Verification Gartner MQ

Digital Identity
,
Finance & Banking
,
Fraud Management & Cybercrime

Gartner Publishes First Identity Verification MQ as Workforce-Related Uses Multiply

Michael Novinson (MichaelNovinson) •
November 18, 2024    

Identity verification was historically used for regulated onboarding in industries like banking, gambling and cryptocurrency, but COVID-19 introduced new government and workforce-related use cases including fraud prevention. Today, identity verification technology offers emerging applications in trust building in marketplaces like Airbnb and safeguarding against ransomware attacks by verifying user credentials, said Gartner Vice President Analyst Akif Khan.

See Also: 2024 Threat Hunting Report: Insights to Outsmart Modern Adversaries

Gartner recognized Entrust, Incode, Jumio, Socure and Sumsub as identity verification leaders in its first Magic Quadrant for Identity Verification report, which focuses on a market expected to benefit from the rise in digital interactions, regulatory demands and fraud prevention requirements.

“The larger trend in the workforce space is the use of IDV as a security tool,” Khan said. “A lot of that has been sparked by the ransomware attacks that were carried out against the MGM casino in Las Vegas last September, in which the attackers called the IT help desk, pretending to be a user, socially engineered the Help Desk agent into resetting credentials, and then used those credentials to access services.”

But it’s hard for buyers in this market to distinguish between identity verification vendors when it comes to their accuracy in detecting fraudulent documents. And that’s due to a lack of standardized testing, he said. Vendors typically try to differentiate themselves through ease of configuration, pre-built integrations and accessibility, with workflow customization tools and regional document support also setting leading firms apart, he said.

“It is incredibly difficult – if not impossible – to compare vendors in terms of their accuracy,” Khan told Information Security Media Group. “Even after having done the MQ and being a Gartner analyst who focuses on this area, I couldn’t tell you which vendor is better or worse at spotting a fake U.S. driver’s license. There is no standardized testing or consistency in terms of how vendors are assessing this.”

Regulation plays a major role in shaping identity verification adoption, Khan said, with data sovereignty and accessibility regulations influencing vendor selection and operational strategies. Some organizations require personally identifiable information to remain within specific jurisdictions, necessitating localized data centers. Khan said future regulations will elevate accessibility and compliance standards further (see: The Evolution of Identity Verification).

“There is regulation coming in Europe in the next couple of years around high levels of accessibility required for online services,” Khan said. “The smart clients of ours are starting to look ahead and starting to see that and are starting to make sure that the vendor purchasing decisions they’re making now set them up for success as those regulatory frameworks come into force in the coming years.”

From Standalone Processes to Portable Digital Identities

Khan envisions a shift from standalone identity verification processes to portable digital identities that use verified credentials stored in identity wallets for reuse across multiple platforms. The change will coexist with traditional identity verification methods for years, driven by government initiatives including mobile driver’s licenses in the U.S. and digital identity wallets in the European Union, according to Khan.

“The next time you open a bank account or register for an online game, you won’t necessarily go through identity verification again,” Khan said. “Instead, you will assert the identity that’s been already verified and stored in your identity wallet. And so, there are things already happening in the world in that respect. Mobile drivers licenses are starting to gain some traction in the U.S.”

Despite advancements in machine learning, Khan said humans play a critical role in identity verification for scenarios where automated systems cannot confidently verify documents. This “human in the loop” approach is essential in markets like Germany – where regulations prohibit fully automated processes – but Khan said it raises concerns about processing time, cost, and data security.

“In some markets, clients will actually need a human in the loop,” he said. “But in other markets, having a human in the loop can be problematic because it adds to processing time. It adds to cost. Depending on where the humans are, it might mean that although you are based in this region, if your vendor has their humans in another region, your user’s PII is going around the world for humans to check it.”

Gartner rated Incode Technologies as having the most complete vision around identity verification, with Jumio taking the silver, Entrust getting bronze, and Sumsub and AU10TIX taking fourth and fifth place. From an execution ability standpoint, Persona snatched the gold, Sumsub took silver, Socure took the bronze, and Entrust and Jumio captured fourth and fifth place, respectively.

Outside of the leaders, here’s how Gartner sees the identity verification market:

• Visionaries: AU10TIX, Mitek Systems;
• Challenger: Persona;
• Niche Players: 1Kosmos, GB Group, Zoloz;
• Missing the List: Advance.AI, Daon, ID-Pal, IDWise, Intellicheck, Inverid, Nametag, Regula and Veridas, which didn’t meet the revenue inclusion criteria.

Entrust Boosts Fraud Detection, Doc Verification With Onfido Buy

The acquisition of Onfido will strengthen Entrust’s AI-driven fraud detection and document verification capabilities, according to Payments and Identity President Tony Ball. Onfido’s drag-and-drop workflow engine enhances Entrust’s flexibility and integration of services, while Onfido’s investments in portable and reusable identities align with the evolving needs of governments and financial institutions, Ball said.

Ball said Entrust differentiates itself by leveraging artificial intelligence and machine learning for its anti-bias technology as well as through biometric liveness detection and a drag-and-drop workflow engine. Entrust plans to increase automation rates while maintaining flexibility for manual interventions. It will support financial institutions in everything from equitable client onboarding to customized identity workflows (see: Entrust in Talks to Acquire Onfido for AI-Based ID Checks).

“One of the most substantial things that we have is the AI-driven capability for anticipating where fraud is emanating from, from a deepfake perspective,” Ball told ISMG. “Being able to do that with both a document and biometric attribute is really a strength that Onfido has built on for quite some time, so that strongly complements what we already have.”

Gartner criticized Entrust for low discounting on multi-year deals, charging more for global documents than U.S.-based documents, and for often requiring a human on identity verification checks. Ball said Entrust’s hybrid approach balances automation with necessary human overnight, adding compliance and security investments justify Entrust’s pricing, particularly in regulated markets like Europe.

“There is some validity in the fact that you always want to take as much of the manual intervention out as you can,” Ball said. “On the flip side, there is sometimes a need for manual intervention, and having that hybrid approach is seen as valuable to some of our target audience. Having that flexibility is also a competitive advantage, as much as it is to be in the eyes of some customers fully automated.”

Jumio Improves Identity Verification With AI, ML, Biometrics

Jumio has made significant investments in artificial intelligence, machine learning and biometrics to improve identity verification, with the company’s global system handling numerous identity documents and adapting to legislative changes, said Chief Marketing Officer Anna Convery. Jumio is also combating deepfakes through trend analysis and enhancing detection capabilities with liveness detection, she said.

Convery said Jumio stands out due to its work across more than 200 countries as well as its extensive database of identity documents. Jumio’s dual focus on innovation and customer execution creates a balanced strategy, Convery said, unlike competitors who may lean too far toward one or the other. Recognition by Gartner reflects Jumio’s leadership in the fast-paced identity verification space, she said (see: Reusable Digital Identities – The Future of Digital Identity).

“It’s very important to have the data to see the trends, to understand what’s going on,” Convery told ISMG. “We spend a lot of time looking at the overall picture of the identities and making sure that we look for every indication or every trigger that would have us understand that this person is not who they say they are, and maybe not even a person at all.”

Gartner criticized Jumio for a low ease of configuration, charging more for global documents than U.S.-based documents, and for often requiring a human on identity verification checks. She said workflow complexity is being addressed through better customer-accessible configuration, human intervention is often driven by legal or geographic requirements, and premium pricing reflects Jumio’s robust tools.

“We’ve been working a lot at automation, and some of our customers are 100% automated,” Convery said. “But depending on the organization and the industry and the use case, sometimes it is so sensitive and so particular that it’s actually good to be able to leverage a human in the loop if you need to, and we give that hybrid flexibility where it is needed.”

Sumsub Focuses on Deepfake Detection, Liveness Verification

Sumsub has concentrated its efforts on deepfake detection and liveness verification to address fraud, creating a comprehensive verification platform for the entire user lifecycle, and expanding its use of electronic and portable digital identity systems to replace traditional document-based verification, according to Chief of Growth Ilya Brovin.

Brovin said the company has combined AI-based tools, extensive traffic data and human oversight to improve the accuracy of its deepfake detection, with Sumsub’s system detecting digital artifacts and observing micro-movements absent in synthetic images. Brovin said Sumsub differentiates itself through its end-to-end verification solutions, which integrate onboarding, monitoring and compliance checks.

“Actually detecting deepfakes is not one thing, where you can just have one piece of technology that detects them,” Brovin told ISMG. “You need to have multiple layers of tools in order to effectively secure the whole journey. Deepfake detection is one of the attack vectors, whereas what you’re trying to do is basically understanding that you know who you’re dealing with.”

Gartner criticized Sumsub for not focusing on identity verification-specific features on its road map, not sending proprietary face-matching algorithms to NIST and not having a voluntarily product assessment template. He said Sumsub has made progress in VPAT compliance and portable digital identity systems, and said the NIST certification delay is justified given its limited scope and relevance outside the U.S.

“These tests are usually very, very narrow in terms of what they review and scope,” Brovin said. “In reality, the way we use our liveness and deepfake detection in the real-life case is much broader than what these tests review. We’re always working with our clients to do the quality control on our liveness and deepfake detection solution in real life, and we believe that provides very, very high quality results.”

Socure Enhances Document Verification With OCR

Socure is pioneering new methods in identity verification, including enhanced document verification using OCR, predictive analytics through unsupervised machine learning, and novel methods to combat deepfake attacks, said founder and CEO Johnny Ayers. The company emphasizes speed and accuracy, with recent developments in face-based re-verification and cross-language document processing.

The acquisition of Berbix enhanced Socure’s capabilities in document verification, enabling innovations like deepfake detection and barcode verification, while the integration of acquired technical teams has accelerated the company’s innovation pipeline, Ayers said. Socure’s market leadership stems from the company’s technological prowess and its strategic focus on U.S.-based global businesses, Ayers said (see: Socure to Fortify Identity Services With $136M Effectiv Buy).

“We have the ability to be able to train in any country by just seeing one or two documents, basically where previously you could use a template,” Ayers told ISMG. “Now we can use OCR and be able to extract any document in any language into plain-text English in a fully automated way.”

Gartner criticized Socure for drawing almost all of its processed documents from North America, making it difficult for customers to provide their own agents, and for not testing its liveness detection capability in conformance with ISO. Ayers said Socure’s focus on U.S.-based businesses is strategic, the use of automation over human agents boosts efficiency and accuracy, and certifications were deprioritized.

“As a consumer, would you rather have a 1.75-second response time or wait for a video interview for two or three weeks?” Ayers said. “You’ve seen during COVID some of the wait times to access ID.me were like two months – for a thing that we could do in less than two seconds. So I view that as a positive.”

Incode’s Product Earns Praise, Customer Churn Gets Scorn

Gartner praised Incode for having an easy-to-configure tool, linking SLAs to conversion rates and fraud outcomes, and balancing enhancements to core aspects with the addition of new features for workforce use cases. Incode recently added a no-code orchestration tool and age-estimation products, and plans to enhance injection attack detection and build turnkey features specifically for workforce use cases.

The analyst firm criticized Incode for below-average marketing execution, a high customer churn rate and relying solely on net promoter score to assess customer satisfaction. Incode executives weren’t available for a telephone interview.