Acuant CEO Yossi Zekri recently spoke at London’s premiere Identity Week Show recently. Here is a bit of what Yossi had to say from Acuant’s point of view on the global challenges in establishing identity today.
We are all aware that establishing identities today is not foolproof. There is no perfect solution to protect customers and institutions from sophisticated fraudsters, hackers and data breaches. But as identity is increasingly digital and becoming a currency for consumers — the need to defend digital identity against bad actors is imperative.
Establishing a trusted Identity Anchor is the base for the Digital Identity of the future — and this is at the heart of what Acuant does.
Acuant sees millions of global ID transactions — heavily concentrated in North America, but capturing transactions from virtually every country every month. We see mobile use is increasing across the globe, which has its own set of challenges.
With more than 196 countries, there are thousands of identity document templates and types globally, each with unique identifiers/characteristics and security elements. This presents challenges such as:
- Data Sets – The need for good (and a lot of) data and quality documents to establish a global document library. Systems must utilize human factors as well as machine learning to have continuous updates to libraries or databases.
- Design – ID card issuers do not always design with authentication in mind so there are different security features which can present challenges and most have nonwhite light features making them poor or irrelevant for mobile authentication.
- Language & Culture – There are cultural differences in language/spelling that add complexities. For example, Mohammad is written 50+ different ways, depending on the country, and Asian names often end up truncated due to the limited character space on forms.
In addition, ordering schemes differ among countries and security features on each ID are different with some being easier to forge than others and frequent changes to track. This is a constant battle with incremental fraud capabilities and the methods providers and institutions use to verify IDs are changing.
Device & Method Challenges
It is imperative today for businesses to provide an omnichannel verification solution that includes mobile. The rise in mobile adoption evidenced in Forrester’s Mobile Mind Shift Index identifies an evolving preference for mobile use.
Much of this can be attributed to millennials (currently ages 18-34), the generation most likely to own a smartphone (97% market penetration) which they check more than 150 times per day. A paper document is no longer the only method of ID verification to consider. Some reports show millennials are deciding who to do business with based on their mobile capabilities.
But verifying IDs via mobile creates additional challenges:
- Solutions must be in real time (seconds)
- ID holder’s appearance may have changed since ID photo was taken
- Fraudsters are increasingly sophisticated
- Camera quality affects the image and image quality is key!
- Harder to run forensic tests
Solution providers need a strong Algorithm + Big Data Set + Human Oversight = for the Best Results.
Establishing Genuine Presence
Today, solutions must be able to address increasingly sophisticated fraud and presentation attacks while balancing the user experience. Businesses and organizations must match the level of risk to the use case: how much friction they add will/should depend on the level of assurance required and risk involved.
Factors to consider include:
- Time – consumers will not stand for a lengthy or invasive process
- Accuracy – how can this process yield accurate/ best results
- New verification methods to support mobile/digital identity
- Using a hardware secure element (SE)/chip authentication to securely store a mobile ID credential on a smartphone
Linking an ID to a person requires multi-factor authentication. First, you must establish there is a valid ID to establish a trust anchor. You must have a clear image that can be captured via any device and have robust authentication tests (strong forensics). Second, you must verify the person is who they claim to be which can be accomplished with biometric tests such as robust facial match and liveness tests. ID photos must be matched to be a real time selfie for a score or decision. Challenges here include presentation attacks, image and device spoofing, deep fakes and video replay.
Once you link the ID to the person, additional security features can be layered on:
- Start building an Identity Score for easy & ongoing verification
- Watchlist & database crosschecks: OFAC, INTERPOL, AML etc.
- NIST certified algorithm – ICAO Standards for govt use cases such as border control
Software solutions that use AI & Machine Learning in tandem with human researchers are the best method to detect fraud. Automation cuts down processing time and eliminates mistakes. You must start with an automated solution that uses a strong algorithm, have a big enough data set, then add human oversight (mostly to compensate for image quality and variation) to get the best results and pass more good customers.
While there are no global standards today in identity verification, there are solutions that offer a level of certainty for every level of risk. It is up to institutions to decide the amount of security they are providing, and up to consumers to decide how much friction they are willing to bear. The burden of proving digital identity is one both must ultimately face.