Credential verification occurs in two fundamentally different contexts: attended verification, where a human is present to observe the interaction, and unattended verification, where the credential is checked through purely digital means without physical oversight. These scenarios require different technical approaches, security measures, and standards.
What is attended verification?
Attended verification happens in person, with a human verifier present during the credential check. A TSA agent reviewing an mDL at an airport security checkpoint. A bartender checks age before serving alcohol. A law enforcement officer verifies a driver's license during a traffic stop. A security guard checks credentials at a building entrance.
In these scenarios, the physical presence of both the credential holder and the verifier provides context that supports the verification process. The verifier can observe that the person presenting the credential matches the photo on the credential. They can watch the holder interact with their device to confirm they control it. They can ask questions or request additional verification if something appears to be off.
ISO/IEC 18013-5 standardizes attended verification for mobile driver's licenses. The standard defines how credentials are transmitted between the holder's device and the verifier's reader using short-range engagement methods such as NFC and QR-code–based device engagement, as defined in the standard. It specifies the data formats, security protocols, and presentation flows that ensure interoperability across different devices and jurisdictions.
Unattended verification
Unattended verification occurs remotely, through digital channels, without a human verifier present. Opening a bank account online. Completing a job application that requires identity verification. Purchasing age-restricted products through an e-commerce site. Accessing government services through a web portal.
In these scenarios, there's no physical context to support the verification. The verifier must rely entirely on technical controls to confirm that the credential is authentic, that it belongs to the person presenting it, and that the person is actually present during the transaction.
ISO/IEC 18013-7 extends mDL standards to these online use cases. It defines protocols for presenting credentials over the internet, enabling residents to use their DMV-issued identification for remote services such as account creation, digital onboarding, and identity verification during online transactions.
The expanding role of unattended verification
As more services move online, unattended verification becomes increasingly important. Banks want to onboard customers remotely. Government agencies want to provide services digitally. Employers want to verify qualifications without requiring in-person visits. Healthcare providers want to confirm patient identity for telehealth appointments.
Unattended verification enables these use cases while maintaining the security and trust that verifiers require. By defining clear standards for online credential presentation, ISO/IEC 18013-7 enables the same mDL accepted at a TSA checkpoint to be used to open a bank account or access government benefits online.
Want to keep learning?
Subscribe to our blog.
