How Nojumi Streamlines and Exceeds Basic ID Verification

You are legally mandated by the Law Society of Ontario to verify the identities of your clients you engage with or give instructions in respect of receiving, paying, or transferring funds. The LSO currently offers five methods of verifying one's identity, but your firm may wish for added security when dealing with clients.

With the increase in AI, fraudsters are using highly sophisticated synthetic IDs that easily bypass the human eye. Modern law firms need tools that go beyond the bare minimum required by the LSO to deter bad actors that they might encounter. Nojumi provides an ID verification system built for the high-stakes reality of legal practice and offers additional methods for your firm's needs.

Supporting Both Virtual and In-Person Verification

The Law Society of Ontario outlines five total permitted methods for verifying client identity. While the virtual verification with authentication method is rapidly becoming the standard for most firms, the LSO still permits four other methods that may involve some degree of in-person interaction or physical document inspection.

Not all verifications are done through software, and there may be cases where you would rather have an in-person verification. Nojumi allows lawyers the flexibility to choose and record either.

• In-Person Verification: Lawyers can manually record a physical verification when the client is present, providing a detailed description to log the details of the interaction. This ensures your manual compliance checks are centralized and securely stored.
• Software Verification: Nojumi allows multiple verification templates for different levels of verification, and the option to have two pieces of ID required to verify a client's identity. The online verification request can be sent as a communication directly to the client via email or SMS.

Once the verification process is complete, Nojumi allows staff to download the ID Verification report, allowing users to share information with third parties regarding the risk assessment as given by Nojumi about a potential client.

Nojumi's ID Verification

The Law Society of Ontario’s virtual verification with authentication method dictates that your technology must be capable of comparing a government-issued photo ID against known characteristics and must verify security features found within the ID.

Nojumi fully complies with these LSO requirements. When you run an ID authentication, the system utilizes advanced anti-fraud checks to confirm the physical document's legitimacy. It then verifies the name and date of birth on the identification against the data initially provided by the client. Additionally, Nojumi securely stores a copy of the verified ID as required by the LSO, ensuring that it is instantly accessible for your team. 

However, standard compliance should only be your baseline. Nojumi can perform several different checks that go beyond what is required by the LSO's virtual verification with authentication method. These include:

• ID Authentication*: The system prompts the client to take a photo of their ID. It runs anti-fraud checks to confirm the identification is a legitimate, unexpired, physical document. The software then matches the name and date of birth to the information the client provided. This is the minimum verification required by the LSO, but Nojumi offers additional features below to help ensure a client is who they say they are.
• SMS Verification: The software sends a code via text message to confirm the client has physical access to the phone number they provided.
• Risk Check: This check is designed to identify suspicious digital footprints. It analyzes the risk of custom, disposable, and suspicious top-level email domains; device IPs with matching IPs of other clients; bot interactions; and identity abuse signals such as stolen or synthetic identities.
• Selfie Check: The client takes a selfie on their mobile device, with the software comparing facial features between a live video and the ID's photo. Nojumi also has measures to detect presentation attacks from bad actors who may use deep fakes, masks, or other fraud vectors.
• Data Source Verification*: The system checks the provided client's information against high-quality databases, including credit bureau records, financial institution records, property records, and cheque processor records.

* Both ID Authentication and Data Source Verification are only offered within select countries. If you would like to learn if a client's country is supported by Nojumi, click here.

Nojumi also eliminates the manual data entry that usually follows a successful verification. Once the approval process is complete, the software automatically updates the client's profile with their verified contact information. It also extracts the photo from their provided identification and automatically sets it as their profile picture.

While the ID verification tools are built to connect with our complete suite of practice management features, you have the flexibility to use the verification technology as a standalone solution. Simply create a Nojumi account and add the email address or phone number of your client, and continue the verification process. This allows you to upgrade your compliance workflow without disrupting your existing operations.

ID Verification Templates

You can select specific ID verification templates depending on the level of security your matter requires. Each template applies a different combination of automated checks, with the Authentication check always including ID Authentication, SMS Verification, and a Risk Check. You can scale your security by choosing from our pre-configured options:

• Authentication: Confirms whether the physical ID is real and unexpired, verifies a client's phone number, and scans for obvious fraud risks.
• Authentication + Selfie Check: Leverages the Selfie Check to confirm if their face matches their provided ID alongside the previous checks.
• Authentication + Selfie Check + Data Source Verification: Includes everything above, and also checks the client's information against trusted databases.

Overriding False Positives

Data Source Verification is highly effective, but it is not flawless. Occasionally, a client may fail the data source verification because they recently moved and their address is not yet updated in the regulated databases. Alternatively, a failure can trigger if the client has recently changed their last name.

Whatever the reason may be, a result of failure does not automatically mean the client is a fraudster, but could also be a false positive detected by the system.

If you have sufficient external evidence to trust the client, Nojumi allows matter managers to manually override the failure. When a failure is overridden, the system logs the date, staff member responsible, and reason behind the override. This helps to build a defensible audit trail that documents exactly why your staff you accepted the identification for your firm.

The Bottom Line

Verifying your clients is a strict mandate from the Law Society of Ontario that your firm cannot afford to get wrong. By upgrading from manual checks that could be victims of synthetic IDs to Nojumi's automated system, you ensure total compliance with LSO regulations while simultaneously protecting your trust account from the threat of identity fraud.