Identity Redefined: The Necessity of a Multi-Layered Approach

An image depicts two professionals, a man and a woman, collaborating over a laptop in a modern office setting.

CLEAR

WHITEPAPER

Introduction

Identity: The Foundation of Digital Trust

In today's digital landscape, identity is the critical infrastructure that enables or blocks every high-value interaction, from accessing sensitive information to completing transactions to building lasting relationships. Despite identity's central importance, our collective understanding of what identity is and how it's defined remains anchored in outdated practices. We've been conditioned to equate "identity" with a document or credential, when true identity is inherently multidimensional and dynamic. This thinking creates vulnerabilities that traditional approaches cannot address.

The result is a cascade of operational challenges that impact every sector of the economy:

Healthcare providers struggle with manual and fragmented digital processes that delay care and compromise data security.
Workforce security teams face social engineering attacks that exploit traditional multi-factor authentication (MFA) weaknesses.
Financial institutions balance battling fraud and chargebacks with maintaining smooth customer experiences.
Hospitality brands strive to deliver direct-to-door experiences that increase loyalty without sacrificing security.
Rental companies fight fraud that threatens assets and operational efficiency.

The issue is foundational. We've built systems focused on what we have (such as credentials, devices, and IDs) rather than who we are (the person behind the device). This approach worked in simpler online environments, but AI-powered threats and digital-first operations have permanently altered the identity landscape.

Today's environment demands a multi-layered solution that confirms identity at every critical touchpoint. When strategically implemented, this approach strengthens protection while eliminating unnecessary friction, demonstrating that security and experience are complementary priorities.

Forward-Thinking Organizations Recognize Identity's Role

Forward-thinking organizations recognize that identity isn't merely an authentication step—it's the cornerstone of security, operational efficiency, and customer experience.

An image shows a woman looking at a tablet device in an office environment.

In this whitepaper, you'll learn:

Why identity forms the foundation of digital security and how traditional methods leave businesses exposed to sophisticated threats.
How a multi-layered identity approach provides the highest level of identity assurance—preventing fraud, minimizing risk, and protecting sensitive data.
How our collective understanding of identity has been shaped by historical limitations.
How leaders in healthcare, real estate, and telecommunications configured different identity check combinations to meet their unique security and compliance needs.

The Evolution of Identity: From Documents to Digital Assurance

Identity is the set of characteristics that define a person and distinguish them from others. Yet our understanding has been reduced to documents—not because this approach is most secure, but because institutions historically needed tangible forms of verification.

This document-centric approach created a fundamental problem: Identity systems have been developed reactively, in response to fraud that already occurred rather than anticipating emerging threats. The result is a perpetual security gap where fraudsters consistently stay one step ahead of protective measures. Each new identity system fixes yesterday's vulnerabilities while inadvertently creating openings for tomorrow's attacks.

The cycle of fraud and response:

Fraud occurs
Industry reacts
New solution deployed
New vulnerabilities created
Fraud adapts
Cycle repeats

A Timeline: Identity Through History

The following timeline traces how historical events have repeatedly redefined our concept of identity, showing the shift from administrative identification to security verification to today's multi-layered identity assurance.

How to read this timeline:

■ Red events indicate reactive responses that redefined identity after a need or crisis.

■ Blue events represent proactive innovations that expanded our understanding of what identity means.

1930s-1980s: THE PAPERWORK ERA

Identity as paperwork: During this period, identity primarily serves administrative functions. Society views "identity" as simply possessing the correct document.

1936: SSNs Introduced ■

Responding to the Great Depression's need for systematic benefits tracking, Social Security numbers (SSNs) are created solely for earnings histories, not intended as security credentials or identity verification. Society's understanding of identity becomes tied to a number rather than just physical characteristics or documentation, creating the first widespread numeric identifier.

1980s: MRZs on travel documents introduced ■

Machine-readable zones (MRZs) on passports standardize identity information for border control. Identity information becomes machine-processable, beginning the transition from human-verified identity to technologically-verified identity.

1990s-2000s: THE SECURITY TRANSFORMATION

Identity as protection: Following security crises, society reconceptualizes identity as a security mechanism. The concepts of "identity theft" and "identity fraud" enter public consciousness.

1998: First e-passport introduced ■

Malaysia introduces the world's first electronic passport with an embedded chip storing biometric data. Identity documentation evolves from purely physical to include hidden digital components, introducing the concept that accurate identity verification requires multiple layers.

2001: 9/11 Commission expands requirements for verifying identities ■

In response to the 9/11 attacks, which exposed how terrorists obtained valid identification by exploiting system gaps, identity verification transforms from an administrative convenience to a critical national security priority. Immediate response: 2001's USA PATRIOT Act expands requirements for financial institutions to verify customer identities, establishing the foundation for modern Know Your Customer (KYC) practices.

2010s: THE DIGITAL EXPANSION

Identity as digital identifiers: The ubiquity of smartphones expands our understanding of identity to include biometrics, device fingerprints, and behavioral patterns.

2010: CLEAR launches the secure identity platform ■

CLEAR debuts in airports, enabling travelers to move seamlessly through security with biometric authentication—making experiences both safer and easier than traditional document-based methods. Early deployment proves consumer trust in CLEAR's approach, demonstrating that people value secure, frictionless experiences over outdated methods.

2011: Risk-based security emerges with TSA PreCheck ■

The Transportation Security Administration (TSA) launches TSA PreCheck, a risk-based program that focuses security resources on higher-risk travelers by pre-screening and identifying trusted individuals. Identity verification becomes contextual and efficient, enabling pre-vetted, low-risk travelers to experience expedited, less intrusive screening.

2013: Consumer biometric authentication introduced ■

Apple introduces Touch ID on the iPhone 5S, bringing fingerprint-based biometric authentication into the mainstream consumer experience. Consumer identity verification moves beyond "what you have" and "what you know" to include "what you are," expanding our understanding of identity to include inherent biological characteristics.

2017: NIST Digital Identity Guidelines established ■

The National Institute of Standards and Technology (NIST) publishes Digital Identity Guidelines (SP 800-63-3), establishing formal guidance on identity assurance levels (IAL) and authentication assurance levels (AAL). Identity verification becomes recognized as contextual and risk-based rather than binary. Different scenarios require different levels of identity assurance.

2018-2024: Facial recognition goes mainstream ■

Apple introduces Face ID with the iPhone X, bringing 3D facial recognition technology to consumer devices. Advanced biometrics normalize the idea that your face is your identity, further cementing the concept that "who you are" physically is more definitive than "what you possess" or "what you know."

2018-2024: Era of massive identity breaches ■

A cascade of catastrophic data breaches forces industry-wide recognition that traditional security approaches have failed, exposing the personal data of hundreds of millions:

SolarWinds (2020): A supply chain attack impacts over 18,000 customers including U.S. federal agencies and Fortune 500 companies through a months-long espionage campaign attributed to a Russian state-sponsored threat actor.
MGM Resorts (2023): A social engineering cyber attack targeting hospitality operations shuts down casino systems for 10 days, costing the company $100 million.
Change Healthcare (2024): The largest healthcare data breach in U.S. history affects approximately 190 million individuals' protected health information through a BlackCat/ALPHV ransomware attack.

The exploitation of personal data undermines traditional knowledge-based verification, forcing recognition that "secret information" can no longer be considered definitive proof of identity.

2021: MDLs introduced ■

States begin adopting mobile driver's licenses (mDLs) as digital complements to physical IDs, with Arizona, Utah, and others leading implementation. Identity verification evolves to include selective disclosure capabilities, introducing the concept that identity is contextual—different transactions should reveal only relevant identity attributes. Technologies like MDLs make this possible. For example, they allow someone to verify they're over 21 without revealing their full birthdate or home address.

Present: The Multi-Dimensional Reality

Identity as a complex ecosystem: Today, we recognize that identity is inherently multi-dimensional—not a single document or credential but a complex web of attributes, behaviors, and corroborating evidence that must be verified across multiple layers to establish genuine trust.

2025: Setting the New Standard

CLEAR1 sets the new standard in identity by expanding NextGen Identity+ to its B2B platform

CLEAR's comprehensive identity stack approach incorporates multiple verification layers:

Something you have (physical ID, mobile device)
Your unique features (biometrics)
Contextual signals (location, device, behavior patterns)
Source corroboration (verification against trusted databases)

The selfie (biometrics) gets matched to the portrait on the government ID, while information on the document (such as name, address, and DOB) gets verified against issuing and authoritative databases through source corroboration.

Identity is becoming understood as a complex orchestration of multiple signals rather than a single credential or attribute, fundamentally redefining what constitutes sufficient identity verification.