Automated way to verify user identity

by parliament   Last Updated August 12, 2019 17:16 PM - source

Whats the best way to get people to verify their identity for the purpose of preventing fake accounts on a social site.

For example, Zoosk does the following:

Members who choose to verify their photo will be prompted by the system to record and submit a video “selfie” that will capture the individual’s face from a variety of angles. If the moderators approve the member’s photo, he or she will be notified and a Photo Verified badge will be added to their profile.

However I'm interested to know if there's a clever way to do this without human intervention (aside from using Amazon Turk service or the like, I mean fully automated)

Answers 4

You could verify their credit card number, just let them know that it's for verification only and nothing will be billed.

What is the best way to validate a credit card in PHP?

Martin Mühl
Martin Mühl
February 05, 2015 21:27 PM

Create hurdles not barriers

Aside from highly intrusive methods, any type of verification is subvertable. You can ensure that you get real people creating accounts. You can give them hoops to jump through to make sure they have some level of commitment. But you don't want to make them feel like they're applying for a passport.

Here's a few basic solutions:

  • Email verification: Don't let them access anything until the address is verified.
  • SMS PIN: Require a mobile number to which you send a randomized PIN they'll use to log in the first time.
  • Open ID log in: Require the use of another account to create this one (e.g. Facebook). No assurances, but it's another hoop.


Any kind of ID verification is intrusive. Be sure you analyze your audience well before deploying a solution. You have to find the right balance of answering security concerns for your app and using a method that feels like a worthwhile exchange to your users.

February 14, 2015 08:53 AM

There are a variety of ways to verify a person on a site, and almost none of them are foolproof.
For example, the Zoosk method can be circumvented because a user could simply submit someone else's photos for approval.

So the real question is, what level of verification is suitable the specific needs of your site? Here are some design questions to as yourself:

  1. Am I willing to pay the cost of higher verification? More verification means more burden for users (submitting evidence, photographs, additional information, captchas, etc). Studies have proven this will turn off users and cause abandonment / no signups. So the more you verify, the more users you may annoy / abandon the site.

  2. Do I need to prevent spam accounts, or verify the identify of a person?. There is a big difference. To prevent spam accounts, it's often enough just to verify that a user is human. You don't need to verify their identity. For example, a captcha is an automatic attempt to verify that a user is human. It doesn't verify the identity of the user. The Zoosk approach also verifies that the user is human, rather than that person's specific identity.

With that in mind, here are various approaches to verifying human vs identity. The choice for your site will depend on how you decide to weigh the tradeoffs in #1 vs #2 above.

Ways to verify that a user is human

  • Use captcha or recpatcha
  • Ask for a mobile phone number and send an SMS code to the phone.
  • Ask for a credit card number.
  • Ask the user to pay a small fee for an account (i.e. provide economic dissuasion for fake accounts)

Ways to verify user's identity

  • Piggyback off a social site's verification system (e.g. require user to log in through Facebook and/or LinkedIn)
  • Ask user for their social security number (this can be automated)
  • Ask for a copy of their driver's license, passport or a recent utilities bill that shows their name (this will be labor intensive)
  • Ask for a notarized copy of their passport or birth certificate, or a public notary identity form.

Obviously all these approaches involved different levels of automation and also vastly different levels of inconvenience to the user. Only you can decide what the ideal tradeoff between inconvenience and accuracy is for your site.

I would not try to "reinvent the wheel" here. Sites like Facebook, LinkedIn, and dating sites have spent a lot of time thinking about verification and spam, so study them carefully to understand why they made the choices they did. Unless your site has unusually high need for verification, I suspect that an existing approach will be suitable for you....but only you can answer that question.

February 14, 2015 11:03 AM

you can use an external service like Yoti

August 12, 2019 16:43 PM

Related Questions

Best way to verify Email/Mobile

Updated May 02, 2015 21:07 PM