Why federal agencies are turning to risk-based identity verification

As public services shift online at record speed, agencies are scrambling to verify identities with accuracy and equity in an environment where fraud is constantly evolving. In a new interview produced by Scoop News Group, Stuart Levy, Vice President of Public Sector Identity at TransUnion, emphasized that rigid, one-size-fits-all identity verification models no longer work for agencies serving large and diverse populations.

“Privacy and security are at the top of the list,” says Levy, noting that agencies still face difficult tradeoffs when balancing fraud mitigation with user experience. Many are finding that strictly following NIST’s digital identity guidelines can be challenging in practice. Instead, Levy says, agencies are increasingly turning to multi-layered, risk-based approaches that use the optionality built into the guidelines.

“Our customers find the best results when they calibrate through using multiple kinds of solutions, multiple capabilities and having depth in defense,” he explains. Rather than rely on a single check, agencies can combine analytics, machine learning, document validation, behavioral signals and other tools to reduce fraud while removing unnecessary friction for legitimate users.

But Levy warns that technology alone isn’t enough. The real value comes from analyzing how risks present themselves over time within each specific program. “We get the best performance … when we calibrate by looking at transactions over time to better understand how risk is presented to that agency,” he says.

Levy pointed to agencies leveraging the newest version of NIST’s guidelines, which formally support risk-based decision-making. That model allows programs to focus investments where risk is highest and streamline identity steps where risk is lower. “We allow our customers to spend money where risk is present — or avoid expense where risk is less present,” he says.

A significant takeaway, Levy added, is that identity modernization is never a one-time project. Agencies that succeed treat it as a continuous lifecycle. For example, weekly or bi-monthly meetings that evaluate and monitor transaction flow help agencies recalibrate controls as new threats emerge.

Finally, Levy noted that shrinking technical teams are prompting more agencies to outsource parts of the identity-verification experience to FedRAMP-authorized providers. “It makes more sense for us to host those interactions with consumers,” he says, adding that solutions like those TransUnion offers can accelerate implementation and reduce burden on agency IT teams. “We can appear to be just like the agency, and we can do it confidently and securely,” says Levy.

Discover how TransUnion enables agencies to deliver more effective services and mitigate fraud risk through enhanced identity verification.

This video panel discussion was produced by Scoop News Group for FedScoop and StateScoop and underwritten by TransUnion.