Assess the risk of identity fraud to your service
Before you choose the right level of assurance (LOA) for your service, you should do a risk assessment and discuss the results with the GOV.UK Verify team. This will help you understand what makes your service more or less likely to be targeted by online identity fraud. Think about why your service needs identity assurance and the risks you are trying to protect against.
You should focus on the risks associated with someone using a false identity or another person’s identity to access your service. This is different from eligibility, which is about whether users have the right to use your service (for example, users are only eligible to apply for Universal Credit if they have less than £16,000 in savings).
Doing a risk assessment
- Complete the risk assessment form. This will ask about how your service works, handles data and the online threats it faces. It should help you understand the risk of online identity fraud to your service.
- The GOV.UK Verify team will get in touch within a week to help you choose the right LOA for your service.
When completing the form, you’ll need to think about:
- whether your service has been targeted by identity fraud or cyber crime in the past
- how much money your organisation could lose if your service is threatened or attacked
- how much damage could be done to your organisation’s reputation if your service is threatened or attacked
- what users can get from your service, for example benefits or personal information
- what financial, physical or emotional damage could be done to a user if someone else impersonated them when using your service