Identity verification occurs in many different situations. From employment screening to onboarding at a financial institution, they are a regular part of our everyday lives. Many Americans do not know that some identity verification providers offshore their services and send their personally identifiable information (PII) abroad. This allows them to provide cheaper verification services since their labor costs are reduced.
Usually, firms do not provide information about where they offshore personally identifiable information. This protects them from the negative publicity and implications associated with the practice. Nevertheless, Americans should be aware of their personal information is being sent overseas. This will allow them to make an informed decision prior to an identity verification screening and decide if they are willing to risk identity theft or not. This will also allow them to demand that companies switch to automated identity verification services that are better equipped to protect the privacy of their personal information.
What Identity Information is Sent Abroad
Many types of identity data can be sent overseas for verification. This information can include:
- Full name
- Social Security Number (SSN)
- License plate number
- Driver’s license number
- Passport number
- Credit card number
- Medical information
The Dangers of Offshoring
The offshoring process involves sharing a lot of personally identifiable information overseas with laborers. While this reduces costs and increases profits for some identity verification providers, this also puts the personal information of many Americans at risk. There are many reasons for this:
- If an offshore worker can access PII, the potential for identity theft exists
- It moves personal information beyond the protections of US privacy laws
Companies cannot be 100% certain that their employees in foreign countries are not going to steal the PII they are working with. The relationship these employees have with identity verification companies does not matter because once the data goes offshore, US legal protections vanish. Plus, sometimes firms use foreign processors who work out of their homes, which increases quality and privacy concerns.
The privacy dangers associated with offshoring include identity theft, data breaches, invasion of privacy, and lack of disclosure about sending the data beyond the reach of US privacy laws. If a US citizen becomes a victim of identity theft, they cannot call an overseas police department and ask for help. This is a major cause for concern.
Privacy Protection Gone Wrong
In 2003 UCSF faced scrutiny when a Pakistani woman threatened to release the medical records of thousands of Americans on the internet. The medical transcriber was angry about not receiving pay for her services, which led her to threaten the medical institution that she would distribute the files. UCSF and its partners scrambled to determine how a foreign worker received such sensitive medical information. It was discovered that she was hired through a series of intricate partnerships.
Eventually, she was paid off and she retracted her statement, claiming that she deleted the files in question. There is no proof that she deleted the files though. This means that the medical records of many US citizens are still at risk and there is no certainty that this problem will go away.
Companies that perform identity verification as a part of their services need to be aware of the identity verification provider they are using offshores personal information. This can lead them to noncompliance with consumer privacy laws like CCPA in California. Not only is this bad for people who are at risk of having their identities stolen, but it is also bad for companies who risk heavy fines for not protecting personal data.
Automated Identity Verification Solutions
Identity verification providers should not rely on offshoring to provide their services. Instead, measures must be taken to switch to automated systems of identity verification. This type of solution provides the most secure form of identity verification available on the market because it involves no human contact. Using a secure network or API, PII is placed in the identity verification system and can be cross-checked against information from official data sources such as government databases, voter data, mobile network subscriber data, credit files, public records and more.
Although the costs of developing this type of platform are steeper than the cost of offshoring, it is ultimately a better solution. Identity verification providers need to be held to this standard and expected to validate people without human review. Human review, especially overseas, is a questionable practice that can put personal information at risk. Identity verification providers who do not already automate their services must be pressured into offering this type of service from regulators, citizens, and other businesses. Preventing identity theft in an increasingly digital world is of extreme importance and using secure solutions is one way to help achieve this goal.
If you are interested in learning more about automated identity verification services, please contact us.