Strengthening biometrics identity verification
..through secure RESTful API communications
About the Client
The Attorney-General's Department (AGD) operates IVS and IDMatch, ensuring both meet strict security, privacy, and regulatory standards. Through coordinated rollout and management, AGD enables secure and efficient identity verification while protecting against fraud and streamlining interactions between public and private sectors.
BRIEF
This strategic initiative aimed to modernise the Face Verification Service (FVS) by replacing the legacy, SOAP-based approach with a new, highly scalable REST API.
This project is designed to support high-velocity, highly sensitive biometric identity verification while paving the way for advanced user feedback and enhanced fraud prevention measures.
CHALLENGE
The current SOAP API, while operational, was significantly hampered by several challenges including causing user frustration and inefficiencies. In addition, it lacked robust fraud prevention mechanisms, leaving it exposed to misuse.
Relying on legacy SOAP protocols further constrained its scalability and modern adaptability, while the tight coupling between multiple subsystems, made maintaining consistency, auditability, and smooth integration increasingly difficult.
SOLUTION
At its core is a new REST API, deployed through IVS’ Azure API Management, leverages modern web standards such as JSON payloads and secure JWT authentication for enhanced flexibility and scalability.
The design also incorporates expanded response capabilities that provide detailed, actionable feedback on verification outcomes, mirroring our successful DVS framework and integrates a configurable module to detect and neutralize fraudulent activity.
OUTCOME
The new solution not only addresses significant operational inefficiencies and user frustrations caused by the legacy SOAP-based approach, but most importantly delivers a secure, self-healing, and scalable platform capable of supporting a high volume of transactions.
Ultimately, the solution is not only high-performing but also highly secure, meeting the stringent requirements of modern government digital services.