Thursday, November 30, 2006

Idology: A useful took for credit grantor due diligence?

First, don’t misspell the name of the company. It’s “Idology”, not “Ideology.”

In the trial over the constitutionality of COPA (see this blog), the government has mentioned a company and service named Idology as possibly a source of efficient age verification.

I looked at the website, and Idology does offer a variety of knowledge based identification and age verification services. The age verification could apply in circumstances regarding sale of certain items or services to minors, or, depending on how COPA or other possible similar legislation plays out in court and in practice, access to certain websites or at least certain portions of these sites.

The identity verification obviously could fit into a due diligence procedure by credit grantors (banks, mortgage companies, auto dealers, etc) to make sure that they do not give credit to imposters

The trademarked service is called “ExpectID”. There is an expansion called “Knowledge Based Authentication” “ExpectID IQ” based on multiple choice questions. . I could not tell from the site whether the company’s knowledge base checks NCOA (National Change of Address) – the main concept promoted by this particular blog -- but this is obviously a potential source to check if it can be made available to such a service in a systematic and secure fashion.

There is a variation called “ExpectID PA” which is supposed to comply with the USA Patriot Act, and check against blacklists of known or suspected terrorists.

Of course, as I have indicated on other blogs, there is a legitimate concern about “private investigation” companies using lists of non-convicted “suspects” to eliminate potential employees, renters, customers, or other stakeholders, although security clearance procedures of the US Government do this all the time. There is concern of monitoring how names could get on these lists.

The other concern, of course, is the whole philosophy of "know thy customer," which has been articulated as being required of banks and other large companies since well before 9/11. Libertarians have properly pointed out that such similar requirements could be made of small companies with no economies of scale, or even offerers of free content on the web.

The blogspot thread that discusses COPA is here.