It pays to be sure: mobile ID verification systems explored
There’s a certain disconnect between the expected speed of convenience of our online, connected lives, and the necessary insistence by national and international governments that we remain within the law!
Most of the time, the majority of us have no problem with this situation, and it’s only when we try and undertake activities like proving who we are, where we live, our nationality or employment status that government stipulations make life more difficult.
Before the age of digitization and, more significantly, before the emergence of the smartphone and its influence on all our attitudes, identity used to have to be proven using paper documents, usually produced in person at local government offices or in banks’ premises, for example.
However, just as we expect one-click, delivery-tomorrow shopping, there’s also an expectation that we can prove who we are (or where we live) to companies and institutions that are bound by law to undertake due diligence.
Clearly, for those institutions, there’s a particular impetus to encourage anything that can onboard new clients or customers as quickly and painlessly as possible.
However, there must be a balance between the ease of use of any application process and its integrity and security. After all, crimes like money-laundering, deception and forgery are still common.
As well as those specific instances where individuals must prove their identity for legal reasons, there’s also another sphere of interest that likes to see proof of status. Companies who wish to publish so-called ‘gated’ offers also require their customers to be validated.
Gated offers are those only made available to a select few, like serving members of the military, people who receive a pension, students or nurses, for instance.
Here too, companies need to carefully balance the veracity of the authentication processes with the ease and speed of use of the verification interface. Incorrectly validating that someone qualifies for a discount may not seem serious when compared with money-laundering prevention, but for the businesses involved, the results are dangerous.
There’s potential for many would-be customers merely to give up on the validation process if it’s too arduous, or, if too many people can falsely achieve validation, the exclusivity of any offer is devalued. Moreover, with that devaluation comes degradation of the brand and a costly loss of trust in the business.
There are many methods by which new generation verification companies accept and confirm proof of status or identity. These vary in stringency and difficulty, as you might expect. There’s still an expectation that to prove a legal entitlement; for instance, identity formats like passports, driver’s licenses, state papers or similar difficult-to-procure documents need to be on hand.
Typically, these documents can be shown to a smartphone’s camera or a webcam. Then, the contents of the document are cross-checked against databases to which the validation company has arranged access – such as a national passport agency.
Here is the first reason why many companies prefer to use online validation services that they buy in. It’s just not economically-viable to arrange access to databases of that nature quickly and simply. That issue increases exponentially if there’s an international nature to the need to validate. Every government agency or department anywhere in the world needs to accept the company’s access and provide means to do so – that’s a lot of APIs to negotiate!
Because of potential forgeries, online validation platform specialists deploy different methods to ensure that documents and identities are genuine. Some insist on a video chat with the applicant, while others offer that as an option for higher-value validations.
Some platform providers state that their results are cross-validated among several databases, sometimes against their own data, sometimes multiple external information sources. There are several providers out there whose count of databases to which they have access is very high – these are the companies to look to if, for instance, international validations are required for e-commerce of age-restricted goods and services.
Each supplier has its take on the key elements of identity and status-checking, with some valuing speed of turnaround and others more focused on the accuracy of results. Several use machine-learning algorithms to help beat forgeries, with new methods of deceit being incorporated into the checking code so that the software gets smarter as time goes on.
For companies that wish to use the services of online validators, we recommend that you speak in-person to representatives from several, as each service offers something different— it’s not one-size-fits-all.
Using simple calls to Onfido’s API hosted in the cloud, companies can streamline their identity verification processes to securely onboard new users in seconds. There are SDKs for OS and Android too, so the process can be easily integrated into existing workflows. Users take a picture of their ID (a driver’s license or passport, for instance), and a short recording of their own face.
The Onfido routines then refer the documents against official databases, and proprietary routines ensure that there’s no form of faking going on, like a forged or expired ID. Onfido’s facial liveness technology also ensures that the person presenting the ID is the legal owner, by comparing the face in the document to the live image of the user’s face.
The machine-learning powered Onfido routines mean checks mostly complete in less than 15 seconds, and many of its clients have found sign-up rates go up by as much as 40 percent.
This type of facility means that applications for and interactions with highly sensitive services such as opening bank accounts or buying air tickets become faster – but simultaneously secure.
The Onfido platform is already in daily use by a host of household names like Couchsurfing, Bitstamp and Revolut; even world-straddling behemoths like these know that the quality and low cost of Onfido’s services make developing their own solutions economically non-viable. Better and more effective to go to the experts whose service gets the results, in seconds.
To learn more about Onfido’s platform, and how to get involved, click here.
The Californian Jumio uses a mixture of human intervention, software, and artificial intelligence (AI) routines to check a variety of ID types for forgery or fraud. The company has significant venture capital weight behind it (it’s funded by Centana Growth Partners and is a Millennium Technology Value Partner) and can cross-reference forms of ID from over 200 countries.
Although based in the US, it has offices in Europe and Asia and has won several accolades both for the speed and the efficacy of its platform– most recently the Frost & Sullivan North American Entrepreneurial Company of the Year for the Biometric Security Solutions Industry.
Rather than relying on pure AI, the company instead uses a well-known concept of machine learning – a constant flow of information that’s monitored by humans who can apply corrections before any results are returned. In this way, the AI algorithms can draw conclusions as to whether deception is taking place, but the final decision is a human’s. In this way, the code layers learn, adapt and improve. The company calls this hypothesis ‘augmented learning’.
Jumio has clients in several sensitive sectors, including finance, the blockchain, cryptocurrencies and gaming, which lends a certain weight to its credibility, as these verticals have serious implications legally if things go awry. All of Jumio’s data and data practice is GDPR and PCI DSS compliant, so the transfer of information to and from its platform (it supports iOS, Android, API, SDK, webcams and SMS implementations) are safe.
Mitek’s mobile identity verification system, Verify, comprises two layers. The first layer provides a secure validation of an identity document presented in the combination of biometrics in the form of a selfie. Verification comes back to the user in seconds, ensuring the sign-up process is smooth, with a minimum of drop-outs.
Before the selfie is taken, the software can guide the user, telling them to move to a better lit spot or away from a distracting background. This alone helps lower rejection rates. For validation, the software requires that the user blinks in a particular time frame to trigger the shot being taken. This ensures that the user is present – it is difficult to fake biometrics that involve a live response!
All data held by Mitek is scrambled using a customer-specific master data encryption key, and all data is time-limited. The company therefore holds only the data necessary for as long as needed, and while in that state is highly secure. The company complies both with the European Union General Data Protection Regulation (GDPR) as well as the EU Privacy Shield.
While these latter two standards are not always relevant to other geographies, it is accepted in data governance circles that European standards are the highest in the world– in this sense, Europe leads and the others follow.
*Some of the companies featured are commercial partners of TechHQ
24 April 2019
23 April 2019