What is machine learning?
Machine learning (ML) is a subset of artificial intelligence (AI). While the field of AI itself covers a lot of territory, it essentially boils down to the simulation of human intelligence in machines (computers).
ML involves the programming of algorithms that can learn from themselves and even make their own predictions.
ML allows machines to learn from past experiences – much as humans do – by analysing their output and using it as an input for the next operation.
ML algorithms learn from data to solve problems that are too complex to solve with conventional programming.
Deep learning is a subset of machine learning which is derived from running multiple layers of ML algorithms together at the same time.
Note: The terms machine learning and deep learning are often used interchangeably. Most machine learning today is actually conceived at the deep learning level.
A short history of digital technology: from mainframes to machine learning
In order to better understand how artificial intelligence and machine learning fits into modern digital technology, it is useful to consider the technologies in a historical context.
The technological trajectory that brought us AI and by extension machine learning is best summed up in a diagram published in the “Digital Transformation Initiative” report by the World Economic Forum and Accenture. The diagram (Figure 1) outlines the combinatorial effects of technology: “where the capability of technologies working in tandem far exceed their capabilities when deployed separately”.
Notice how each new technology looks like a wave building off of the technology that came before it – this is the combinatorial effect of technology.
The birth of mainframe computers in the 1950s, led by IBM* and a handful of other companies, made way for the personal computer (PC) of the 1980s. Later, the Apple and Microsoft operating systems (OSs) further forged the home PC market which then steered the rapid scaling of the internet. The early eCommerce internet (web 1.0) preceded the mobile and cloud-computing internet of today (web 2.0) which has ushered in big data and the internet of things (IoT). This abundance of data now feeds the algorithms used in AI and machine learning.
The curve representing AI and ML has taken-off sometime around the year 2010. A question mark implies that it is anybody’s guess as to when this curve will start to come down, but if the prior technological leaps are of any indication, the cumulative capability of AI and ML technology will be immense.
* IBM is still a major player in the digital transformation and is especially active in machine learning (link to IBM’s machine learning landing page, which offers a relatively accessible, technical explanation of machine learning).
Expert systems: early forerunners to AI and ML
Expert systems are considered as the direct descendants of AI and machine learning. While most accounts date the beginning of AI research to a 1956 workshop at the ivy-league Dartmouth College, research into AI began in earnest in the 1980s when so-called “expert systems” proliferated.
Expert systems were designed to solve complex problems by reasoning through large bodies of knowledge. There were, however, a number of issues with these systems which prevented them from catching-on at the time.
First, these systems required a human expert to provide the knowledge base. In many cases, this was too costly for organizations, as it would divert their employees from their regular work. Additionally, some of these human experts felt threatened by the encroaching AI, believing that it would negatively impact the value of their expertise.
Second, these systems were based on the notion that expert knowledge consists of a collection of rules (if-then statements or conditional computing). When these systems were faced with a problem that they didn’t have the knowledge to, they were unable to solve the problem.
Third, knowledge is only part of the equation to “intelligence”, the other part relies on when and how to use it, or how to adapt it to a variety of constantly changing situations.
Things are clearly different now, the expert systems of yesteryear have essentially morphed into machine learning that can harness data from the internet and can be programmed to learn from its own data output.
Machine learning in action
Machine learning has already led to immense changes in our society. However, if you do not directly work in the technology sector or engage with the topic, the extent that this technology has changed and continues to change society might be unclear.
The chances are actually quite high that you currently use multiple products or services that employ machine learning technologies, as a growing number of companies are leveraging ML over an exceedingly wide variety of industries.
Netflix for starters, uses customer data to predict what audiences want. In fact, Netflix employs ML technology so effectively that they have all but eliminated the industry standard of pilot episodes. Instead, the company will invest from the beginning in multiple seasons of new shows which they are certain will be a hit because their algorithms tell them so.
Other streamed media, from Spotify to YouTube, also rely heavily on machine learning algorithms in order to deliver content that matches user’s likes. Just as well, all of the major social media platforms from Facebook to Twitter, Instagram and TikTok employ ML algorithms to deliver more of the content that their user’s want.
Online shopping portals such as Amazon leverage ML algorithms to recommend other things that you might want to buy based on your past searches. Furthermore, the constantly changing prices of goods on Amazon and other online stores are also decided by an ML algorithm. Savvy shoppers will save items in their baskets and wait until the price lowers. Extra savvy shoppers will use services, such as camelcamelcamel, that show the price of goods over time on Amazon et al., and use this to their advantage.
Most email filtering programs employ ML in order to stop spam. Chatbots use a combination of pattern recognition and natural language processing in order to interpret a user’s query and provide suitable responses. Even Hello Barbie used a ML algorithm that was able to reply to its users from 8000 different responses. However, due to privacy concerns, the doll and the service was discontinued.
IBM’s Watson has long been famous amidst fans of Jeopardy for regularly (always?) winning against the show’s previous highest scorers. Watson is powered by an ML algorithm which enables computers to process text and voice data as well as understand human language the way people do. Watson was already introduced in 2010 and yet most are probably still unaware that ML technology was and is at work in the background. Nowadays, Watson has many more applications besides playing Jeopardy.
The myriad digital assistants on the market, such as Apple’s Siri, Amazon’s Alexa and Google’s Assistant also make use of ML natural language processing.
Another major ML project is self-driving cars which, when road-worthy, will most likely be better at driving than humans as AI does not get distracted or drunk. Self-driving cars use ML to continuously identify objects in their environment, predict how the objects will move and guide the car around the objects as well as towards the driver’s destination. Now, if we can only figure out a way to keep the hackers at bay.
The list goes on and on for AI, machine learning and its uses and it is being added to everyday as more and more use cases are dreamed up and developed.
How machine learning is used in facial recognition technology
The industry around facial recognition technology is rapidly maturing due to advances in AI, ML and deep learning technologies. Facial recognition is a technology that is capable of recognizing a person based on their face. It employs machine learning algorithms which find, capture, store and analyse facial features in order to match them with images of individuals in a pre-existing database. There are many strong use cases for the technology which you can read about in our blog here.
How facial recognition technology works is fairly difficult to grasp and a quality explanation would go far beyond the parameters of this article. For our purposes, we will consider the four overarching problems that a machine needs to solve in order to recognize a face. They are: face detection, face alignment, feature extraction, face recognition and face verification.
Face Detection – The machine must first locate the face in the image or video. By now, most cameras have an in-built face detection function. Face detection is also what Snapchat, Facebook and other social media platforms use to allow users to add effects to the photos and videos that they take with their apps.
Face Alignment – Faces that are turned away from the focal point look totally different to a computer. An algorithm is required to normalize the face to be consistent with the faces in the database. One way to accomplish this is by using multiple generic facial landmarks. For example, the bottom of the chin, the top of the nose, the outsides of the eyes, various points around the eyes and mouth, etc. The next step is to train an ML algorithm to find these points on any face and turn the face towards the centre.
Feature Measurement and Extraction – This step requires the measurement and extraction of various features from the face that will permit the algorithm to match the face to other faces in its database. However, it was at first unclear which features should be measured and extracted until researchers discovered that the best approach was to let the ML algorithm figure out which measurements to collect for itself. This process is known as embedding and it uses deep convolutional neural networks to train itself to generate multiple measurements of a face, allowing it to distinguish the face from other faces.
Face Recognition – Using the unique measurements of each face, a final ML algorithm will match the measurements of the face against known faces in a database. Whichever face in your database comes closest to the measurements of the face in question will be returned as the match.
Face Verification – Face verification compares the unique properties of a given face to another face. The ML algorithm will return a confidence value to assess whether the faces match or not.
PXL Vision’s Facial-Recognition / Verification Solution
PXL Vision provides leading solutions for the automation and enhancement of digital identity verification and customer onboarding through tailored software solutions powered by the latest developments in artificial intelligence and machine learning technologies.
The team has extensive experience and expertise in building highly complex machine learning technologies and the passion and know-how to bring them to the market.
Contact PXL Vision today for more information on how our facial recognition software can meet your business needs.
What is compliance?
In general terms, compliance means to conform to a rule, such as a policy, directive, regulation or law. Compliance is the goal that businesses and organizations need to achieve in order to ensure that they are aware of and take the necessary steps to comply with the relevant laws, policies, and regulations of the industry and jurisdictions in which they operate.
Compliance in the financial industry
Compliance varies widely between industries and within different jurisdictions. In the financial industry, compliance plays an important role when businesses and institutions carry out the due diligence requirements which manage the risks of financial crime.
A large sub-section of financial compliance has to do with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations. AML refers to the laws, regulations and procedures intended to prevent criminals from disguising illegally obtained funds as legitimate income. KYC are the steps that businesses take to comply with AML by verifying their customers’ identities.
KYC processes are employed by companies of all sizes for the purpose of ensuring their proposed customers, agents, consultants, or distributors are who they claim to be. Banks and other financial institutions are increasingly demanding that customers provide ever more detailed due diligence information. KYC regulations were initially imposed only on banks and financial institutions but nowadays non-financial industry entities are also liable to oblige.
Of note is that there is no global political authority that applies and enforces conformity to these KYC and AML regulations. Instead, various governments around the world have cooperated to establish a host of institutions and practices which have collectively intertwined to form a defacto regulatory framework as part of the global financial system.
Financial compliance in Germany
BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht), is Germany’s Federal Financial Supervisory Authority which works to ensure, as well as enforce when necessary, regulatory compliance in Germany’s financial market. Most countries around the world have established an authority to regulate the financial activity in their country, and in some cases of its citizens, no matter where they reside (such as in the United States of America).
In BaFin’s English translation of its AML proceedings (in German: Geldwäschegesetz – GwG) we read:
“In accordance with section 51(8) of the Anti-Money Laundering Act, BaFin provides the obligated persons and entities under its supervision with regularly updated interpretation and application instructions for the implementation of due diligence obligations and internal safeguarding measures in accordance with the statutory provisions on the prevention of money laundering and terrorist financing. BaFin also currently issues circulars on topics relating to the prevention of money laundering and terrorist financing.”
This finely worded introduction is followed by a 66-page downloadable PDF in English of the most recent version of the AML proceedings for Germany. The document has also been transposed into a click-through website for added convenience. It is important to note that these English language versions have been translated from the German language as a favour to the non-German speaking audience residing and/or running a business in Germany. The official “binding” version is the German edition, found here as a PDF.
The complexity of financial compliance in Germany
For the purposes of this post we will outline various Parts and Sections of the English language translation of the GwG in order to outline some of the compliance complexities in Germany and, by extension, the global financial system.
The aim is to promote the idea that outsourcing your businesses’ due diligence requirements is a smart business move. In doing so, you will be able to focus more effort on your company’s product / service and its core operations – with the assurance that you are BaFin compliant.
There are a number of companies such as ours which have developed compliance software, commonly referred to as digital onboarding software or as an online identity verification platform, for this purpose.
*Note: The following excerpts are taken from bafin.de’s Geldwäschegesetz – GwG (Money Laundering Act – AML) website. It is in no way complete and is also heavily edited for expediency. It is recorded here for demonstration purposes and to provide an example of the complexities of compliance in Germany. The entire GwG is between 60-70 pages in length and consists of 7 Parts, 59 Sections and 2 Annexes.
Part 2 – Risk management – GwG
Section 4 Risk management
(1) In order to prevent money laundering and terrorist financing, the obliged entities must have in place effective risk management systems that are appropriate for the nature and size of their business.
Section 5 Risk analysis
(1) The obliged entities are to determine and evaluate the risks of money laundering and terrorist financing associated with the business activities they engage in.
Section 7 Money laundering reporting officer
(1) Obliged entities under section … are to appoint a money laundering reporting officer at senior management level and a deputy. The money laundering reporting officer is responsible for compliance with the provisions under anti-money laundering and counter terrorist financing law.
Section 8 Recording and retention requirement
(1) The obliged entity is to record and retain
- data collected and information gathered in the fulfilment of its due diligence requirements
(3) The records may also be stored digitally on a storage medium. The obliged entities must ensure that the stored data
- are consistent with the data and information gathered,
- are available for the duration of the retention period and
- can be made readable within a reasonable period of time at any time.
Part 3 – Customer due diligence requirements – GwG
Section 10 General due diligence requirements
(1) The general due diligence requirements are:
- identifying the contracting party and, where applicable, the person acting on their behalf in accordance with section … and checking whether the person acting on behalf of the contracting party is entitled to do so.
Section 11 Identification
(1) Obliged entities are to identify contracting parties and, if applicable, persons acting on their behalf and (beneficial owners, before establishing a business relationship or executing a transaction.
(4) In the identification, the obliged entity is to collect the following information:
- in the case of a natural person:
- a) their first name and surname,
- b) their place of birth,
- c) their date of birth,
- d) their nationality and
- e) a residential address
- in the case of a legal person or a partnership:
- a) the company, name or trading name,
- b) the legal form,
- c) the commercial register number if available,
- d) the address of the registered office or head office and
- e) the names of the members of its representative bodies or the names of its legal representatives and, if a member of its representative body or the legal representative is a legal person, the data listed under letters (a) to (d) for this legal person.
Section 12 Identity verification, authorisation to issue regulations
(1) In the cases set out in section 10 (1) no. 1, the verification of the identity of natural persons is to be carried out on the basis of
- a valid official identity document which includes a photograph of the holder and satisfies the passport and identification requirements in Germany, in particular a German passport, identity card or substitute of a passport or identity card, or a passport, identity card or substitute of a passport or identity card recognised or accepted under German provisions for foreign nationals…
Section 13 Identity verification procedures, authorisation to issue regulations
(1) Obliged entities verify the identity of natural persons by one of the following procedures:
- appropriate examination of the document presented physically or
- another procedure suitable for verifying identity under anti-money laundering and counter terrorist financing law and having a security level equivalent to the procedure set out in no. 1.
Section 15 Enhanced due diligence requirements, authorisation to issue regulations
(1) The enhanced due diligence requirements are to be fulfilled in addition to the general due diligence requirements.
(2) Obliged entities are to fulfil enhanced due diligence requirements if they find out, through a risk analysis or by taking into account the risk factors specified in annexes 1 and 2 in an individual case, that a higher risk of money laundering or terrorist financing may arise.
If you were able to make it through the above legalese, you will have made it through some of the complexities involved in attaining financial compliance in Germany. And these are just the Parts dealing with risk management and due diligence, which involves risk analysis, reporting officers, data retention, due diligence, enhanced due diligence, proper identification procedures, and so on. This is precisely why the identity verification industry exists.
Compliance in Germany: Kafka’s nightmare
This article was originally going to be titled Compliance in Germany: Kafka’s nightmare. However, further research suggested that the comparison of the famed German-language novelist and the bureaucratic nightmare of regulatory compliance at BaFin was not very apt. However, not wanting to leave out the comparison in its entirety, here is a short read for the interested.
Prague-born author, Frank Kafka, writer of the world-renowned The Trial and The Metamorphosis, wrote about the soul-crushing bureaucracy of the Austro-Hungarian empire. The word Kafkaesque is often applied to complex, bizarre and impersonal administrative situations where the individual feels powerless to understand or control what is happening. If Kafka had written in the 21st Century, it would probably have an entrepreneur as the protagonist, attempting to comply with BaFin’s AML regulations.
How to ensure BAFIN Compliance in Germany and around the world
There are identity verification solutions that take the guess work out of KYC/AML due diligence requirements. Digital onboarding software can be individualized to work within the scope of your industry and for the jurisdictions in which your business operates.
Learn how PXL Vision can help you cut through the bureaucratic nightmare of due diligence requirements.
Who is FINMA and why does the latest revision matter?
FINMA is Switzerland’s market supervisory authority and is responsible for the financial regulation of the country’s banks, insurance companies, stock exchanges and other financial intermediaries.
Up for revision is FINMA’s Circular 2016/7 “Video and online identification”, which was drafted with the standing motion to be regularly reviewed and updated. The revisions under consideration aim to further simplify digital onboarding procedures for the Swiss banking industry whilst maintaining the same or a higher security standard.
Because FINMA is revising its due diligence requirements for video and online identity verification, this provides a new opportunity to use technologies such as NFC. The proposed revisions to the FINMA Circular, dated November 16th, 2020, have been written to take advantage of recent technological developments in biometric technologies. The revisions are currently in the consultation period until February 1st, 2021 and are expected to enter into force by mid-2021.
FINMA’s “Circular 2016/7 Video and online identification”
The original FINMA “Circular 2016/7 Video and online identification” provided financial intermediaries with 2 possible ways to onboard customers digitally. First, for “Video Identification”, they assigned equal validity to real-time video identification as they did for in-person identification. This especially permitted startup fintech companies to ramp up their offerings by allowing them to conduct Know Your Customer (KYC) due diligence via live video feed. This process, however, is still quite expensive, not available 24/7, and still quite cumbersome, as many do not feel comfortable holding a live video call with an unknown agent, being asked all kinds of personal questions.
Second, for “Online Identification”, the Circular also allowed for a completely machine-based identity verification, with a lot of room for interpretation when it comes to the detailed requirements. But this process would still require customers to perform trial or micro deposits (small money transfers) from an existing bank account to the new account to assist in linking the new customer to their identity.This process is time consuming, often taking several days for the transactions to clear and also required agents or extra processes to send and confirm the transactions. Also, many potential customers may not have a bank account to start with, thus not qualifying for this kind of account opening.
FINMA’s Circular 2016/7 Revisions
The revisions to FINMA’s Circular 2016/7 aim at permitting financial intermediaries to forego this time consuming and costly micro deposit process – provided that they are able to scan and decipher the client’s NFC biometric passport chip. NFC biometric chip validation today provides the highest possible degree of security in mobile identity document verification.
“For this purpose, clients scan their biometric passport chip with a smartphone app and transmit their personal data and photo (but no other biometric data) to the financial intermediary.”
– FINMA Circular 2016/7 “Video and online identification” – partial revision, 16 November 2020
While this is great news for the Swiss banking industry as it allows further automation of the identification process, we believe that it does not go far enough, as it does not reflect the expectations of the industry.
4 reasons why the FINMA revision is better for the Swiss Banking Industry:
1. Verification via microdeposits is time consuming
Financial institutions have been using micro deposits to validate ownership of linked accounts for a long time but the process has a serious flaw. Namely, that it can take up to five business days for the transaction to clear.
In a world where consumers expect online services to be instant, five days is simply too long. People are simply not willing to wait for services, particularly when there is an abundance of substitute services available. Delays of any sort are directly associated with customers abandoning online processes, from shopping cart abandonment to setting up online accounts. The revision will ensure this frustrating and time-consuming part of the onboarding process is finally streamlined using technology.
2. Provides an additional option for online identification
The more, the merrier when it comes to options – adding flexibility to businesses and customers alike. When approved, the revisions will provide an additional option, in that it allows financial intermediaries to forego the micro deposit process, provided that they are equipped to scan and extract info from NFC chips. These days, most countries are using biometric chips in their passports. Swiss citizens certainly are, as they are members of the Schengen area where biometric passports are now a requirement for all newly issued documents. The micro deposit option will still be an option for situations where it might be preferred.
3. Highest security in document verification
Biometric passport NFC chips are considered by most governments to be extremely secure. The realization that paper-based passports could be easily altered or falsified drove a worldwide move to electronic passports (ePassports).
The large number of lost or stolen passports across the globe led to a huge pool of paper-based passports easily purchasable on the darknet by counterfeiters and other malicious actors.
4. Improves scaling
Alongside greater security, another advantage of biometric passports is speed. According to the FINMA Circular, financial intermediaries should be enabled to automate their identification processes in order to improve their scaling while maintaining at least the same security level.
To get an idea of how quickly biometric data can be extracted and processed from a passport, visit a major international airport with ePassport gates. Provided that there are not any other running problems and that you are not a wanted terrorist, entry is usually granted in seconds.
Why the FINMA Revision doesn’t go far enough
While the Revision is a great first step by the Swiss financial regulator and is certainly headed in the right direction in terms of technology, it still falls behind what is desired. A number of financial intermediaries and banking associations working in the Swiss financial industry, who had pushed for a revision of Circular 2016/7 in the first place, were asking for a fully automated process, and are rather disappointed with the current draft of FINMA.
Today’s technology in document verification, liveness detection and face verification, is at least as secure if not more secure than human verification, whether in-person or through live-video verification. There are numerous well-established studies proving this for face verification – it’s clear that human operators cannot perform with the same security, reliability and accuracy as facial-verification software.
Furthermore, documents containing an NFC chip are not yet distributed en masse. While it may be true that most people have an international passport with NFC capabilities, these documents are not primary documents in that people do not carry them around all the time. Thus, NFC support is not yet scalable across the masses.
FINMA will accept public statements until 1 February, 2021 and, based on the responses, will decide whether to revisit the proposal in the Circular or move forward with it.
PXL Vision’s NFC Solution
PXL Vision’s reinforced document verification tool is equipped to extract and verify the authenticity of NFC biometric chip data. This product can be paired with identity proofing and database checks to ensure that your financial intermediary meets the due diligence requirements set forth by the authorities in the jurisdictions where your company operates.
Contact us today to learn more about PXL Vision’s wide array of products for online identity verification.
A digital identity verification process can be used to verify the age of individuals online and add a layer of authentication to e-commerce activities. Until recently, age checks or age verification required a different kind of approach and the purchase of controlled substances or other age-restricted goods was mainly policed at the local, in-store level.
However, it appears that age verification has taken a backseat to society’s concerns when it comes to these same purchases online. We take a closer look at what this means for e-commerce platforms and the nature of the internet. Does trust matter anymore? And how can age checks ensure the right people at the right age are provided access?
Age verification, age checks and controlled substances
Given the complexity of policing products across different geographic jurisdictions, it first needs to be asked: what types of use cases require age verification today? But the answer still hasn’t changed.
The purchase of age-restricted goods such as cigarettes (specifically e-cigarettes), alcohol, prescription drugs, adult-content and now marijuana (in the US/Canada) is and has been illegal for minors for many decades (with some exceptions). The overarching intent has always been to protect youngsters from making bad decisions that can harm their still developing brains.
While it has always been possible to illegally purchase these forbidden goods as a minor, the effort of getting around the age verification process in place at the time was sometimes too much or the cost too high to even bother. However, with the advent of the internet, the online sale of these goods is now essentially a free-for-all and age checks are mostly a voluntary process.
The ease with which minors are able to purchase these goods demonstrates a real need for regulations to catch-up to the innovations permitted by the internet.
One such solution to ensure that age checks are consistent, could be to enforce the use of an identity verification solution at the point-of-sale and also at the delivery/pick-up of any age-restricted goods.
A 2012 study by researchers at the University of North Carolina recruited eight participants, ages 18 to 20, to try to buy wine, beer and other alcoholic beverages online (the legal age in the US is 21). In the study, if the online vendors asked for age verification, the participants could lie and say they were of age but if asked for their ID card upon delivery they had to comply. The participants placed orders at 100 different online retailers and most deliveries were made by the US-based FedEx or UPS. Of those orders, 45 were successfully delivered and only 28 were outright rejected due to an unsuccessful age check. At that time the study’s lead-researcher Rebecca Williams, PhD said:
“We were amazed at how easy it was for minors to buy alcohol online. Using their real ID and a prepaid Visa card, they could place an order for alcohol in just a few minutes and often have it delivered to their door in a matter of days without anyone ever trying to verify their age.”
Fast forward to 2020, this time in Australia at the University of New South Wales where a similar study was commissioned. Researchers in this study found that 69% of the 65 most popular online alcohol retailers had left alcohol unattended at an address without verifying the purchaser’s age.
As in the 2012 study, the lead researchers of this study were also shocked, saying that unchecked online purchasing was “creating new problems around minors accessing alcohol” and calling for “online standards to be just as tough as when you walk into a pub or a bottle shop.”
Age verification in the ‘good old days’
Those who are old enough to belong to the earlier half of the millennial generation might recall a time when age verification required a workaround. That usually meant a fake ID or an ID with an altered date of birth to illegally purchase alcohol or cigarettes at a store.
More often than not in those analogue times, age checks required the clerk at the liquor store to scrutinize the younger shopper’s ID, perhaps bending it ever so slightly towards the light to see if the date had been altered. They would squint their eyes and maybe even ask the card-holder for their birthday as a final step towards age authentication. These unruly minors would memorize the details of the card and practice their answers – lowering their voices if necessary to sound more “of age”. On the other side, periodic secret-shoppers would enforce the age regulation by testing the clerks and their resolve. Fines were hefty for both stores and its employees, such that most store clerks were usually on guard.
Could you imagine if age verification required the same broken process today?
That’s why online verification is so important to ensuring safe processes are already place for those under 18 years in the current online environment.
Real world testing: Why age checks matter
Today, minors can skip the rehearsal to this in-store drama and simply purchase alcohol, cigarettes and other controlled substances online without any sort of age verification required (depending on the website).
In most jurisdictions, IDs are supposed to be checked upon delivery at the door. However, this is rarely enforced as was evident from the two studies outlined above.
It is also not enforced in Germany, where our office is based and where we decided to test the process. In Germany, the purchase of certain kinds of alcohol requires the purchaser to be over 18 years of age. For our test purposes, the purchase was carried out at bevbox.de, which verified age through a simple website pop-up. This pop-up gives you two options “yes” and “abort”. In clicking “abort”, it simply asks you the same question again. By clicking “yes” and confirming that you are of age, a cookie is downloaded to your browser and you are never asked again.
A couple days later the package arrived and was simply dropped off at the front door with no further ID-verification was required. “They actually just left it in the stairwell, I was a little worried that a neighbour would have taken it” recalls the employee.
Another German based drink delivery website, urban-drinks.de, requires users to enter their date of birth for age verification purposes upon checkout. After purposefully entering an underage birthday, the website states that “you have to be at least 18 years old”. Then by simply changing the birthdate, the transaction was processed.
What about the payment?
Paying for age-restricted goods online has never been easier. Even despite the fact that most jurisdictions around the world require individuals to be at least 18 in order to open a bank account. The primary issue here is that opening a bank account requires signing a contract which can only be done by an adult.
There are, however, numerous ways around this. One option is to purchase a prepaid debit card, offered by multiple companies as well as Visa and Mastercard and sold at a wide variety of stores. Even though the terms and conditions of prepaid cards state that they are not to be purchased by anyone under 18 (does anyone read these terms and conditions anyway?) If you are unable to fool a store clerk or convince an adult to buy one for you then you are out of luck. Or are you?
The PayPal way: How young people get around age verification
With a little bit of internet savvy, which the younger generation has in spades, it is incredibly easy to open a fake PayPal account, anonymously purchase age-restricted goods from a huge array of legitimate online vendors that accept PayPal, and then have the goods shipped to your front door.
It is important to mention that what follows does not imply that we condone spoofing PayPal and illegally using its services. It is instead for demonstration purposes of how online payment systems and shopping platforms are in dire need of more control and regulations:
Most online shops accept PayPal. And while opening a PayPal account requires the account holder to be 18 or above, it is all too easy to get around this – albeit illegally according to PayPal’s terms and conditions (which few people ever read).
Opening a PayPal account doesn’t actually require any age verification outside of an email and phone number that can receive SMS texts. A free anonymous email can easily be set up from multiple websites. And if you don’t have a phone or don’t want to use your own phone number, then you can use a number from a website like receive-smss.com.
Click on the above link and select a phone number that is from your country or the country where you want to open a PayPal account. Next, open a PayPal account using the PayPal website from that same country. When PayPal asks for a phone number enter in your fake phone number and then wait for the SMS code which you will enter into the PayPal site and voila!
PayPal will limit these unverified accounts to $500 per month and even lock you out of your account if they suspect you of breaking the terms and conditions. So, the idea is to use the account for small amounts of money and only load it on when you are about to use it. You can fund your account by performing online work or selling something online and asking for payment with PayPal. With nearly 350 million PayPal users worldwide this won’t be too difficult to accomplish.
Additionally, with a little more difficulty and a higher chance of getting caught you can also fake an ID verification and use PayPal without limit. There are many tutorials on the Internet explaining this process.
For more information on the subject, take a look at our cybersecurity article for more tips on how to keep safe online.
Under age purchases: Tread with caution
The ease with which underage minors can purchase alcohol and other age-restricted goods on the internet is rather terrifying.According to the Center for Disease Control (CDC) in the US, youth who drink alcohol are more likely to experience problems at school, have other social problems, are more likely to get in trouble with the law, have physical issues, memory problems, get alcohol poisoning and the list goes on. The CDC maintains though that drinking among high school students, at least in the US, has generally been declining in recent decades. There are, however, other age-restricted goods besides alcohol that are likely to have negative consequences on the developing brain. For instance, marijuana and cigarettes and especially e-cigarettes and “weed” vaporizers.
Adding momentum to the issue is the intersection of social media influencers and the ease with which minors can procure age-restricted goods. Many online influencers revel in the “lifestyle” of smoking, drinking, vaping – having a good time! And this is all it takes for their underage followers to want to do the same.
The Orlando based Addiction Center knows this all too well. One study posted to their website which surveyed 2000 adolescents on their social media use and consumption of age-restricted goods, showed that social media users were 5 times more likely to buy cigarettes, 3 times more likely to drink and 2 times more likely to use marijuana.
The regulators had better start regulating
All of this begs the question of how did we get to this point? The glaring issue is clearly one of technological innovation outpacing regulation and yet, questions regarding age verification and age checks (and similar legislative matters) continue to be a challenge for global regulators.
A spate of recent testimonies at the US Congress involving the tech titans of Facebook, Apple, Amazon, Google et. al. provides sufficient evidence of this. At a hearing with Facebook’s Mark Zuckerberg, one congressional member asked how Facebook made money since its service was free. Zuckerberg laughed and replied that it was paid for by ads!
It is of course understandable that regulators are careful not to overstep and harm the innovations of their jurisdictions – one fear being that other countries could then use the opportunity to gain an advantage. There is, however, clearly a problem when a sitting of the world’s most highly regarded regulators demonstrate a limited understanding of how the internet works.
PXL Vision’s solutions
PXL-Vision is confident that regulations on online age verification will soon come into force. This legislation would likely involve electronic scans of an individual’s ID and a biometric face-scan to ensure that the person using the card and card holder are the same person.
As in previous times, merchants selling age-restricted goods will again be required to verify the age of their customers. The full legislation would also likely involve regular checkups to ensure that the online vendor’s procedures and processes are in place.
The PXL Age Verification Solution
At PXL Vision, we provide a highly secure and fully-automated age verification solution that is specifically tuned to maximize sales conversion in e-commerce and reduce the drop-out rate in the order process.
PXL Vision was recently approved by the Kommission für Jugendmedienschutz (KMJ) or The Commision for the Protection of Minors in the Media (About Us: in English) as one of only a handful of fully-compliant age verification solutions to protect minors and add trust to digital interactions.
Reach out to us today to see how we can help your online business achieve its age verification goals.
What is digital onboarding?
Digital onboarding is an online process whereby an individual signs up with a company or a government/institutional service in order to later access its products and services. The individual provides their personal data, and if required, a piece of biometric information such as a fingerprint or face scan. The digital onboarding process allows the individual to be easily and securely identified at a later date.
Before the onset of digital onboarding, an individual provided their individual data either in-person or through the mail, which was often an expensive and time-consuming process. As businesses and institutions continue to shift their operations online, the need for a secure and reliable digital onboarding solution has increased. This is all the more true as the Covid-19 pandemic continues, requiring us to minimize person-to-person contact.
Online businesses in particular are massively benefiting from digital onboarding technology. The onboarding of customers into a company’s database allows the businesses to better keep track of their customers and better target their products and services to their customer base.
The current proliferation of well-designed digital identity platforms on the market, which are simple for the end user to operate, is turning a once tedious and time consuming process into a more streamlined and faster one.
The digital onboarding process
For online businesses, the digital onboarding process uses the platform that your company has either developed in-house or chosen from a list of contenders. The platform is used for ensuring compliance (when required) and ultimately for converting potential new customers into paying customers; those who will eventually form your customer base.
For many online businesses, an email and credit card or PayPal account has long been sufficient for onboarding purposes. However, this rather nonchalant onboarding method has been proven insecure with high numbers of fraud cases still being reported. Thus, the concerted effort by the digital onboarding industry to add extra layers of security to the onboarding process.
However, the customer onboarding process is the beginning phase of establishing a relationship with a new customer. And it is crucial to get it right as the customer already begins to form their opinions of your company at this point. It is still possible, and altogether too often the case (as you will see below), that the customer decides to abandon the onboarding process, either because it takes too long to complete or is too difficult.
Digital onboarding and identification
The industry that is growing up around trustworthy digital identities has risen out of this pressing need to make online interactions and transactions safer and more secure. Digital identity solutions are transforming online businesses by adding an important layer of trust and security to the digital realm.
However, global fraud figures reveal a darker side of the digital onboarding process and account-based fraud now makes up one of the most pressing threats to businesses today.
According to US-based Javelin Strategy, a research-based advisory firm in digital finance, the number of consumers who were victims of identity fraud fell to 14.4 million in 2018, down from a record high of 16.7 million in 2017. However, on the flip-side, new account fraud, whereby hackers use a victim’s identification to open new accounts, has been on the rise. Fraudsters open new accounts for credit cards, student loans, mortgages, and the like.
Our article on how to prevent cybersecurity attacks provides a number of useful tips for businesses interested in getting the most protection from their digital identity verification platform. It’s especially relevant during the digital onboarding process.
With the technological solutions now in development by RegTech companies such as ours, online fraud is about to receive a serious blow. As digital onboarding technology continues to progress, especially in the areas of facial biometrics, artificial intelligence and machine learning, it will become possible to create a digital twin that exists online as a representation of our real world selves.
To learn more about identification and digital onboarding, read our article on digital identity verification.
Customer abandonment issues with digital onboarding
Despite the added security that a more robust digital onboarding process offers, a major issue in the industry is that of high customer abandonment rates. This high rate of abandonment is primarily due to poorly-designed digital onboarding platforms that are too difficult or too time consuming to complete. Some of this is due to poor UX design (see our previous article on the effect of UX design on the digital onboarding process) and much of it has to do with the identity verification process itself.
When you dig further into the figures, some digital ID platforms in the European market have even reported 40-50% customer abandonment rates.
This issue is easily visualized through a simple demand side curve. However, instead of price on the y-axis we will write in the time/difficulty of the digital onboarding process. The x-axis will denote the # of customers converted.
A linear agreement is made where the more time that is needed to complete the onboarding process leads to fewer converted customers and vice versa.
The solution then is to rethink and simplify your company’s digital onboarding strategy in order to move the C-point downwards and rightwards along the curve.
Case study: costs associated with shopping cart abandonment at the checkout
Similar to the checkout experience at physical stores, customers do not want to waste time in line. When online, the same customer who simply wants to make a purchase will not stand for an onboarding process that takes too much time or is too difficult to complete. An independent web UX research institute, Baymard Institute, found that abandonment rates for online checkout carts average nearly 70 percent for some online merchants.
To be clear, this high abandonment rate is not only due to a less than satisfactory onboarding experience. In a survey of around 4500 people asking why they had abandoned their shopping cart, 20% responded that the checkout process was “too long / complicated”. Yes, one of the primary reasons for high shopping cart abandonment rates is the length of time it takes to verify a customer’s identification.
Cart abandonment is one of the single greatest costs to a business. The bottom line of your business takes a direct hit when a potential customer abandons their purchase. Moreover, the cost can be immeasurably higher when that customer simply switches tabs on their browser and takes their business to a competitor.
A faster, more streamlined digital onboarding process reduces these abandonment rates. PXL Vision’s digital onboarding solution uses passive liveness detection, which increases the speed of the online ID verification process – topping out at less than a minute on the customer side.
Fast verification times and the prevention of financial fraud
While the use case for online shopping carts is clear, there are other use cases, such as with online banking and finance (Fintech), wherein your onboarding solution needs to comply with a regulatory framework in place – for starters KYC / AML guidelines.
For online banking, one would think that the longer the process takes the more bona fide and trustworthy it ought to be. A streamlined and fast digital onboarding process might even appear to be in conflict with fraud prevention. What we have witnessed, however, is that low quality and poorly designed digital onboarding platforms actually increase the risk.
When low-risk consumers come across a complicated, time consuming onboarding process they are more likely to take their business elsewhere. High-risk consumers, on the other hand, are more likely to complete the processes of overly complex and time consuming onboarding processes, given that they might have fewer options to choose from.
PXL Vision’s flexible online identity verification platform protects their clients against fraud by complying with the strictest of KYC / AML guidelines all the while maintaining fast onboarding speeds. Furthermore, PXL Vision has adopted the most recent AML5 Directive as well as the GDPR into its digital onboarding process, providing access to the entire European market, with more than half a billion potential customers.
5 Ways PXL Vision speeds up / simplifies digital onboarding
- Overall User Experience – A fully automated UX with reduced screens and need for interaction in the onboarding journey
- Clear instructions & Instant feedback – Follow the KISS acronym: Keep It Simple Stupid! Image too blurry? We inform the customer immediately so they can try again
- Multiple ID support – Supporting a wide variety of ID types – and the multiple variations therein + an ongoing assessment of new versions
- Cross-platform and architecture support for the perfect fit into existing business processes
- Compliance – KYC, AML, GDPR and other regulatory legalese taken care of
PXL Vision’s digital onboarding solution is a modular and fully-customizable platform wherein your customers will be able to verify their identity in 20 – 30 seconds. The time savings are substantial and it reduces the potential for customer abandonment in the final stages of the onboarding process.
Fast digital onboarding improves the user experience, increases the conversion rate and expands your customer base.
PXL Vision’s digital onboarding platform
The digital onboarding of new customers is the most crucial aspect of your online business. We understand this and understand the time constraints of today’s consumer in an online marketplace with almost endless choices.
Reduce your company’s abandonment rates today and build your customer base by verifying your new customers’ identities with speed and peace of mind. Find out how PXL Vision can reduce identity verification costs for your business by up to 95%. Contact us today.
Why should you care about user experience (UX) in digital onboarding processes if you want to maximize sales conversions? Well, the pace at which a company onboards new users and its sales conversion rate are two profoundly important success metrics in today’s highly competitive business environment. The company that is fastest in onboarding customers is most likely to be the first to reach global scale.
Yet all too often, a poorly designed UX during the onboarding and identity verification process comes up as a major stumbling block to scaling a company, as it leads to potential customers dropping off. A bad UX can easily become a drag on sales conversion. To convert more customers faster, companies need to make sure that their customer identity verification solution is optimized for sales conversion.
In the race to sign up new customers, competition is fierce. Especially in many new and crowded lines of business such as neo-banking or the sharing economy, companies need to ensure the rapid adoption of their product or service if they want to compete.
Moreover, they know that in the digitized business world, the first company to reach a certain scale unlocks the so-called “first-scaler advantage” and very often ends up dominating the market globally – with the second biggest company being just an also-ran in terms of market share.
Optimizing Sales conversion is all-important in customer onboarding
That is why conversion rate optimization (CRO) is simply vital. In order to reach these goals, companies need to onboard a greater volume of customers faster than their peers.
That said, stringent identity verification requirements are an additional constraint in many lines of business. For example, neo-banks and telecommunications companies have to fulfill Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements. To verify the identity of their customers, this process can be greatly helped by modern software solutions that undertake this task.
A poorly designed user experience is a major bottleneck to sales conversion
An identity verification solution with a poorly designed user experience can become a major bottleneck in a company’s sales conversion drive. This is because identity verification adds another layer to the sales conversion funnel. And with each additional layer, a potential customer is more likely to abandon the process altogether.
However, verifying their customers’ identity is a legal requirement in many sectors. So what do companies have to do then? The answer is to invest in an identity verification solution that is as user-friendly as possible. This minimizes abandonment rates and concomitantly lifts conversion rates.
UX needs to be optimized to increase conversion rates
Firstly, investing in an easy-to-use software solution that is integrated into the product and that enables companies to sign up customers using any common mobile operating system like Android or iOS is required.
Many legacy companies – particularly those with high KYC requirements such as retail banks and insurance companies – still rely on knowledge-based authentication (KBA) over the telephone, thereby overburdening their employees with verification procedures. This has left sales conversion rates to languish. Those firms, too, need a software solution that automates the process.
How to have a positive impact on conversion rates:
1. Increase sales conversion rates on the customer’s side
It is important to make users aware of the necessity and benefits of an identity verification check, just as it is important to explain to them how this check will be conducted. Taking users by the hand through the process will help a company move them through the conversion funnel. For example, a short video to illustrate the process can help.
A large improvement can also be made by comparatively basic things like providing clear instructions and context to the user, by explaining the rationale behind asking for their ID and a video-selfie. Similarly, providing a progress status on how many steps are still needed to finish the process can also aid users. Likewise, the fewer screens the user has to wade through, the better.
2. Increase sales conversion rates on the company side
Companies should invest in a software that can be easily integrated into their existing business processes, whether these are themselves integrated into a cloud-based or on-premises solution. This guarantees them a frictionless user experience.
They should also see that the entire verification process is completed within their own application environment so that there is no jump-off to external applications. A benefit of keeping it internal is the possibility to apply all kinds of a company’s own business rules to optimize for conversion, while still keeping the security of the process high.
Furthermore, it makes sound business sense to have users complete the identity verification step after the check-out process and not beforehand.
3. Onboard customers regardless of their hardware specs
The software solution needs to be flexible enough to integrate equally well into the various operating systems used on any of these platforms and be able to work under the technical constraints of any mobile phone or laptop camera.
Likewise, the solution should independently identify and recognize the type of document the user is showing – e.g. a passport, a national ID or a driver’s license – in order to verify him- or herself. This obviates the need for the user to pre-select the document type, which is a step that can easily be confusing for them.
It must also not be put off guard by external factors such as the poor quality of a document photo, a person’s visible age difference between the time the picture on the ID was taken and now, ornaments like glasses, make-up and piercings, or poor lighting conditions.
4. Enhance UX through the most advanced technological solutions
On the technical side, a solution utilizing passive liveness detection, where the user doesn’t need to do anything, provides better results than software using “active liveness detection”. The active liveness problem needs to do perform gestures like turning his or her head or nodding – which can easily be misunderstood or even antagonize the user.
Passive liveness detection, on the other hand, doesn’t require anything more than looking into the camera and the user is done with the verification process in a matter of seconds.
As the process with passive liveness detection is fast and simple, major stumbling blocks toward onboarding the user have been removed. There is no need to take a selfie and upload the picture. A simple point-and-shoot UX makes the process run smoothly. This lowers abandonment rates significantly.
How to make user experience frictionless
PXL Vision’s technology has been built from the ground up to provide the highest degrees of security and automation, with conversion rate optimization in mind. The seamless integration of PXL Vision’s technology with a cloud or on-premise solution ensures a frictionless user experience.
Our software solution can be used on any customer device and with any operating and is known for its reliability and security.
Contact us to learn how PXL Vision’s technology can make your customer conversion rates skyrocket.
What is KYC?
KYC stands for Know Your Customer. It is also sometimes referred to as ‘Know Your Client’ too. Documents which are required for businesses to know your customer are called KYC documents. The broader KYC process is designed to validate and verify a customer’s identity to ensure a safer business relationship in the financial industry. Know Your Customer compliance rules are mandatory in the global banking industry and sometimes extend to other finance-related businesses online.
A large part of the KYC process focuses on regulatory compliance through risk mitigation, including customer due diligence procedures. Know Your Customer rules ensure banks and other finance businesses can manage customer and reputational risk, especially when it comes to money laundering and criminal fraud activities.
In this article, we take an in-depth look at how different global compliance checks, regulations and requirements can make an impact on KYC for your business and industry. We also take a closer look at the impact a flexible and accurate identity verification platform can make in reducing risk across the entire process.
What is a KYC document?
KYC documents are normally divided into two distinct categories:
- Proof of Identity (POI) document – requires a photo of the individual
- Proof of Address (POA) document – cannot be dated older than 3 months.
Why is this relevant within the identity verification industry? When a business digitally onboards new customers, they are required to ensure they can accurately proof the identity of their customer using KYC checks.
It is important to note that the same document cannot be used to confirm both the user’s identity and the place of residence. At least two documents are required for the KYC process.
The acceptable KYC documents vary depending on which jurisdiction the process is being performed in. Some of the more generally recognized documents are listed here.
Proof of Identity (POI) for KYC and Know Your Customer compliance
The first half of a KYC document must be an official government issued ID. This document must include a photo of them. There are a variety of IDs that are allowed to be used for POI purposes. Which are acceptable and where is determined on a jurisdictional basis.
In 2016, Pricewaterhouse Coopers published a very useful Quick Reference Guide on KYC (available here as a PDF). Some commonly accepted POI examples from around the world are:
- Passports – universally recognized
- National Identification Cards – Aadhaar in India, DNI in Argentina, SIN/SSN in Canada/United States, HKID in Hong Kong, BSN in the Netherlands
- Driving License – United States, Canada, the Netherlands
- Voter ID card – INE in Mexico, India, Jamaica
- Health Card – Canada
How PXL Vision checks POI and complies with KYC
Every company that performs proof of identity (POI) checks should have a comprehensive KYC guide that describes the process and requirements for the user.
PXL uses a smartphone (or any other) camera to scan and extract information from the identity document in order to determine the authenticity of the document in an automatic way. Users just need to point their camera at the document, our solution then detects which document it is and extracts information from the document.
Most documents have machine-readable code line(s) (MRZ) on the back side of the document. We extract the information and run various checks on the MRZ itself. We then extract further information from the rest of the document known as the visual inspection zone (VIZ). However, purely extracting information from the document is not enough, we also want to ensure that we are dealing with a real document and not a fake. To assess the authenticity of a document, we analyse hundreds of different visual key features and run a variety of security checks, such as detecting holograms, on the document.
More and more identity documents now come with a biometric NFC chip. Using the smartphone NFC reading capabilities (if available), we are also able to read the information from the document and check whether the chip in the document has been tampered with. This, today provides the highest security in document verification.
In case the fully automated checks fail, based on the security requirements of our customers or the regulations in place, there are steps in place to manually verify the documents proving identity. PXL Vision provides an easy to use tool for guiding customers’ back office employees through a simple manual verification.
How does Proof of Address (POA) work with KYC compliance?
The proof of address (POA) KYC document is often vaguely defined. It is, however, one of the basic requirements for KYC checks. Officially issued documents, which have the individual’s name and current address on it, are key. Most POA documents require an issue date in the last 3 months.
Just like with POI documents there are a wide variety of documents that can be used for POA purposes; which are acceptable and where is also determined on a jurisdictional basis.
Most documents should be dated to within three months to show that the address is current. Some commonly accepted POA examples from around the world are:
- Utility bills such as Landline Telephone Bills, Gas bill or Electricity bill (usually not more than three months old)
- Bank Account Statement or Passbook entries (usually not more than three months old)
- Proof of residence issued by a Notary public or a Government Authority
- Identity card or document with an address that is issued by a Central or State Government
- Maintenance bills from official companies (usually not more than three months old)
How PXL Vision checks POA
Know your customer rules can vary by geographic jurisdiction and can partner with other companies to provide this check. For example, PXL Vision’s identity verification platform is able to implement an API from another service provider to perform the POA check. In Switzerland where PXL has a large customer base, an API is used from the Swisspost to check POA documents. This is just one use-case where POA is an important part of the overall KYC process.
If performing a manual POA check for your business, here are a few pointers to properly verify the documents:
- First, and if applicable, inspect the document for watermarks and security features to see that they are intact.
- Next, look for any signs of photoshopping or other alterations.
- If it is a bank statement, utility bill, maintenance bill or government issued correspondence have a look at the date to ensure that it is no older than 3 months.
- Make sure that the document has the person’s name on it.
- Check if the document has the address (the more specific the better) and confirm it’s existence with an online search of Google Maps.
- If the applicant submits the address without the apartment number while living in a block of flats, the compliance officer must request them to specify the flat as well. Postal boxes are not allowed.
KYC within the broader scope of Anti-Money Laundering (AML)
The submission of Know Your Customer documents and the process of checking them is partial to an anti-money-laundering (AML) framework, which banks and financial institutions are legally obliged to follow. The goal of AML is to verify with a high degree of assurance that customers are who they say they are and that they are not likely to be engaged in criminal activity.
The U.S. has had some form of KYC/AML legislation in place since the early 1900s; first rolled out to fight organized crime. However, this existing legal framework was completely overhauled and expanded following the September 11th, 2001 terrorist attacks in New York City.
The new KYC/AML legislation is encompassed by the USA Patriot Act of 2001(PDF), specifically in section: Title III: International Money Laundering Abatement and Antiterrorist Financing Act of 2001. Numerous countries around the world base some of their own KYC/AML processes on the stipulations and requirements found in the Patriot Act.
Who Regulates KYC Compliance? Your Know Customer rules depend on where you do business
In addition to the legislation outlined in the US Patriot Act, a variety of other oversight bodies around the world implement and regulate KYC/AML compliance. Some of these oversight bodies are:
- Australia (AUSTRAC – 1989)
- Canada (FINTRAC – 2000)
- Germany (BAFIN – 2002)
- Switzerland (FINMA – 2007)
- Italy (Banca d’Italia – 2007)
- Mexico (Federal Law for the Prevention and Identification of Operations with Resources from Illicit Origin – 2013)
- United Kingdom (The Money Laundering Regulations – 2017)
- India (Reserve Bank of India – 2002)
- South Africa: The Financial Intelligence Centre Act 38 of 2001 (FICA)
Other political organizations, such as the EU, Asia-Pacific countries (APAC) and others have built upon or created their own compliance frameworks. In addition to GDPR regulations, the EU has a new regulatory requirement, PSD2, to reduce fraud and make online payments more secure, as well as the 6th EU Anti-Money Laundering Directive (6AMLD).
Also, numerous countries and international bodies follow the G7’s Financial Action Task Force which is in turn supported by the G20.
Businesses that require KYC
As mentioned, KYC is mandated by international law for banks and other financial institutions, at least to the extent that they want to participate in the global financial system. However, as governments around the world are beginning to hold financial institutions to ever higher standards, these institutions are in turn requiring the companies they do business with to also be more accountable.
So while banks and financial institutions are required to comply with KYC to limit money laundering and terrorist financing, these banks are now passing on some of the burden to the companies that they do business with.
If your business deals with money transactions in any way, now would be a good time to get in front of these potential future regulations.
At any rate, there is a good argument to be made that some businesses in the non-financial sector should voluntarily implement KYC procedures anyway in order to signal their trustworthiness and protect their business and customers from fraud. We recently published an article on the sharing economy, which demonstrates a solid use case for a KYC procedure where one is not yet mandated.
Compliance with KYC Requirements through digital identity verification
As businesses and institutions continue to move their services online and grow their user base, solutions for fast, easy and low cost online identity verification are needed to ensure your business is in compliance with Know Your Customer requirements.
Individuals want the convenience of signing up through digital channels, and they want the process to be quick and painless. Businesses and institutions, on the other hand, have to manage the realities of complying with KYC regulations and factor in the cost of whichever solution they go for.
The right online identification verification solution needs to be able to:
- Extract data from a wide variety of ID documents such as passports, driver’s licenses and other government-issued IDs
- Verify the authenticity and validity of the ID document
- Capture facial biometric data from the customer
- Compare the biometric data and the ID document to validate the customer’s identity
- Securely meet these technical objectives, while being scalable and cost-effective for large, international companies.
- Provide a simple, seamless user experience
KYC verification: Innovative approaches welcomed
European regulators have adopted new online identity verification processes. They are actively promoting new solutions to address specific compliance challenges. Furthermore, they have developed a common approach for a consistent application of standards across the EU known as the electronic IDentification, Authentication and trust Services regulation (eIDAS). The intent of eIDAS is to drive innovation towards using higher levels of information security and innovation.
The European Commision has recognized built-in computer applications that automatically identify and verify an individual from a digital image or a video source (facial biometrics) and built-in security features that can detect presentation attacks.
KYC for your business
Know Your Customer regulations already places a cost burden on businesses operating in the financial industry. Out of concern for money laundering and terrorist financing, governments and banks are making their KYC processes more stringent.
Some of the extra cost for this tightening of regulations is being shifted to businesses not directly involved in the financial sector but still availing themselves of financial services.
If you are one of these businesses, please get in touch with us and find out how we can help you reduce these costs and drive customer conversion with a fully-automated, customizable solution from PXL Vision.
Facial biometrics currently represents the cutting edge of online identity verification and companies such as PXL Vision are focused on taking it to the next level.
The technological innovations that are at the forefront of facial biometrics are being researched and developed at the intersection of artificial intelligence and machine learning. This matters, given the entire industry is constantly looking for new ways to innovate and deliver a better customer onboarding experience.
With the current Covid-19 pandemic situation still upon us, our societies are undergoing a rapid reorganization as we shift more of our services online in order to allow greater social distancing. This shift towards convenience is now accelerating at an exceedingly rapid pace and more customers are digitally onboarding using biometric identity verification services.
From home office to distance learning, internet banking, online shopping and streaming of at-home entertainment, more and more of our daily interactions are taking place online. The OECD reported that the Covid-19 crisis has placed an unprecedented demand on communication networks with some operators claiming a 60% increase in Internet traffic.
As a result of this migration to a more centralized online existence, is the pressing need for a more robust, secure and trusted digital identity verification platform. This is required so we can know and trust our work colleagues and fellow students – or allow banks and online merchants to know who their customers are.
A long practiced method for online identity verification has been founded on biometrics. Biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals. Examples include, but are not limited to fingerprints, palm veins, face recognition, DNA, palm print, hand geometry, iris recognition, retina and odour/scent.
On the other side of online identity verification are the hackers, fraudsters and spammers that work towards bypassing these “secure” verification procedures for their own illegal gain. These criminal individuals are at times successful, providing the impetus for companies to improve the robustness of their online identity verification platforms.
In some cases it is necessary to rethink the identification method used in its entirety. For instance, the still widely used method of fingerprint scans as a biometric sign-on solution, has been proven to be easily beatable. Already back in 2013, a league of whitehat hackers from Germany, the Chaos Computer Club (CCC), demonstrated how easy it was to create a fake fingerprint from a scan.
Hacker Starbug from the CCC quipped: “As we have said now for years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.”
Because it has been proven that biometric fingerprint technology is not as secure as once thought, other methods for online identity verification are being researched and developed.
One of the more promising methods rising out of this research is facial biometrics, which is currently on the forefront of online identity verification. One clear advantage to facial biometrics is that, unlike fingerprints, people do not randomly leave their face prints around. As it happens, people do leave pictures and videos of themselves all over the internet.
Hackers can take this visual media and perform what are commonly called ‘presentation attacks’ on facial biometric secured platforms. Therefore, constant innovation in the industry is required.
One such attempt to get around the new Apple Face ID is posted here by whitehat hacker Andrew Sink. Sink made a mask from his own face in an attempt to fool Apple’s platform and he was surprisingly semi-successful. If an amateur hacker can almost fool Apple’s facial biometrics, what are the implications for businesses trying to secure their customer’s data with less secure software solutions?
Active vs. passive liveness detection
There are two main methods in use when checking if the person behind the camera is a real “live” person. One is known as active liveness detection and the other as passive liveness detection.
To the uninitiated, active liveness detection certainly sounds better than passive liveness detection. Here is why it’s not:
“Move your head from left to right… now blink 5 times… then smile slightly…. now touch your nose and ears at the same time … now do all of the above 2 more times really fast while holding your breath!”
What you just read was an example of the sometimes too elaborate instructions for active liveness detection. A little exaggerated of course, but you get the idea. Not surprisingly, there are often many user dropouts when onboarding with active liveness detection as people become frustrated with the instructions.
The cumbersome user experience aside, active liveness detection is also not immune from hackers as it can easily be spoofed through presentation attacks.
Passive liveness detection explained
Just as the human eye can spot the difference between a real person in front of them and a photo, so too can machines. PXL Vision’s R&D into passive liveness detection employs artificial intelligence and machine learning technologies in order to stay one step ahead of the hackers.
Passive liveness detection is named as such because it doesn’t require the user to perform any of the motion tasks of active liveness detection. The user is instructed to take a normal video selfie of themselves and that is all. With this user-side simplicity, hackers are often unaware that there is a liveness check in progress and thus have no idea that there is even a process to beat.
While both methods require the user to take a selfie to prove who they are, the backend still needs to prove if it is actually a real person. Deep fake images, morphing and AI can fool most systems. Even simple photos and masks cannot be detected if there is no security layer. A replay attack using a video can also bypass most of these processes too. Therefore, what’s the answer?
Identity verification with facial biometrics at PXL Vision:
Successfully verifying an identity using PXL Vision’s software involves a two-step authentication process.
The first step examines the user’s documents and the second step the person:
1. The submitted ID documents must match the person
To meet the first prerequisite, the onboarding user has to “capture” their ID card with their smartphone camera. PXL-Vision extracts all of the relevant data from the user’s identity documents, applying its in-house researched and designed software. The software performs a state-of-the-art enhanced comparison of the Visual Inspection Zone (VIZ) and the Machine Readable Zone (MRZ) of the user’s uploaded identification documents and checks its authenticity by verifying hundreds of visual key features on the document simultaneously. There is also an additional option that detects and checks specific visual security features such as holograms and data from NFC biometric chips.
2. The person submitting the documents must be “live”
The second prerequisite requires the person submitting their documents to be “live”. This measure, extremely important to facial biometrics, is meant to protect us in a world where our biometric data is often accessible through a quick Google search or easily found on our social media channels.
As shown in Sink’s video above, hackers are already hard at work attempting to bypass these facial biometric platforms using presentation attacks. As evident in the video there are a number of “liveness” attributes that are being looked for but it is not yet entirely clear what they are or how to get around them.
After PXL Vision has verified the authenticity of the document and the liveness of the user, another step is made to ensure that the document also belongs to the user. The face verification tool compares the user’s face from the video-selfie to the photo printed on the identity document and/or stored on the NFC chip.
PXL Vision’s facial biometrics innovations
Because all biometric identity verification processes are vulnerable to sophisticated presentation attacks, the goal is to detect these attacks without introducing too much friction into the process.
PXL Vision and its proprietary passive liveness detection software finds itself on the cutting-edge of facial biometrics. By analyzing depth, texture and appearance and employing sophisticated deep learning algorithms, PXL Vision is able to lower fraud rates without causing customer abandonment of digital onboarding processes.
PXL Vision believes in a truly passive liveness detection approach that doesn’t require active participation by the user. It operates in the background, detecting features such as edge, depth and motion detection, as well as passive observation of features such as skin texture.
There is also an emotion analysis function in the works, which determines if the user is being forced to perform a verification. By capturing such a large amount of information in a single take, PXL is able to make a particularly fast decision with a higher than 99% accuracy rate.
Flexibility is key
Given the current backlog and immense need for a large number of online identity verifications, PXL Vision’s technology aims for a flexible and fully-automated approach with as little human involvement as possible. Of course, there will always be the option for a manual check as a backup if anything goes awry.
PXL Vision is the industry leader in facial biometrics and online identity verification
In addition to serving many customers across a variety of industries, PXL Vision provides the ID verification services to SwissID, the national standard in digital identity in Switzerland.
Get in touch with us today to learn more about our innovations in facial biometrics and how our flexible and modular product solutions can assist your business today.
Fake accounts, anonymous users and a multi-billion dollar sharing economy: What does it all have in common? Whether it’s homes, cars, bicycles or scooters for rent – if users can’t feel safe using sharing economy platforms, businesses risk losing their customers.
We take a closer look at how the sharing economy relies on selling safe spaces for the end-consumer, and some of the techniques businesses can employ to prevent the rise of fake accounts, anonymous users and fraudsters on their platforms.
What is the sharing economy?
The myriad companies that make up the sharing economy provide new ways for people to share and use everyday items. From transportation goods (car-sharing services such as Uber and bike-sharing & scooter-sharing services such as Lime) to temporary lodging, including Airbnb, Vrbo and Booking.com, the sharing economy is here to stay.
Alongside adding competition and making goods more accessible, the sharing economy has also helped foster more integrated communities, wherein individuals can share products and resources with one another.
The sharing economy has, in fact, redefined the way we think about property, creating a new economic model which focuses on the sharing and use of goods as opposed to outright owning and then storing goods when not in use. A common occurrence of past generations was to purchase goods (let’s say a bicycle, for example), use it occasionally and then store it in the garage or basement, perhaps forgetting about it, only to find it some years later in a state of disrepair and ultimately selling it or passing it on.
Today, if someone wants to occasionally use a bicycle, they can simply locate one via a smartphone app from an online bike-share provider (such as Mobike or Donkey Republic), use it, and then leave it for the next user.
The same also applies to temporary lodging too, such as with Airbnb, where individuals could offer all or part of their home to vacationers, often leading to unique stays whilst allowing the tourist to live like the locals.
Fake accounts and fraud in the sharing economy are growing
Both buyers and sellers depend on knowing precisely who they are dealing with. Consumers have the right to be comfortable in the knowledge that they can trust a stranger with their own and their family’s safety. And the sharing economy platforms have the duty of care towards their users to provide a safe and fair marketplace for all. In economics, this is known as “collaborative consumption.”
The sharing economy depends on the trust of other users to look after the products, lodgings and devices they share. A lack of trust only leads to adverse negative outcomes.
We take a look at some of the most outrageous examples of sharing economy fraud in recent years:
The great bicycle-sharing scandal
Bicycle sharing schemes have been one of the largest casualties of a poorly enforced and under-regulated sharing economy. As an environmentally-motivated answer to the rise of China’s massive car-ownership problems, several Chinese startups attempted to re-invent the sharing model using big data, ensuring large amounts of venture capital were invested in highly competitive group of global bicycle sharing giants from 2014 – 2018.
Traditionally, the bicycle sharing model was designed around designated drop-off stations for cyclists to lock their bicycles, which restricted users to an inflexible “docked” model. Where the Chinese model departed from this idea, users were no longer restricted to docking stations or drop off-points. As is the case with the overall sharing economy, the smartphone’s GPS had ushered in a new functionality, built on trust and access to almost unlimited user data.
Now that users were freed from restrictive drop-points, bicycles could be left almost anywhere within this ‘dockless’ system. As a result, thousands of bicycles were found strewn across canals, dumped in rivers, tossed across beaches and dunked in harbours all over the world.
Prominent venture capital firms that included Sequoia Capital and Tencent, each played a role in funding the downfall of this collaborative economic model.
Weak User Identity Verification Processes
The reason for this willful environmental vandalism in the bicycle sharing economy? A lack of user culpability and an overall weak identity verification system.
Mobike, for example, which still operates globally, only requires a telephone number and a small holding deposit (10 euros) to gain access to a bicycle. The value of the bicycles are obviously much greater than this token amount and the app’s poor security features (no additional document verification required) allow fake accounts to be easily registered. This encouraged some users to willfully take advantage of a poorly designed identity verification system.
If the user can expect no consequences for their actions, because they can stay essentially anonymous on a sharing platform, why would they be motivated to act appropriately without oversight?
Sharing operators face growing regulatory risk when they don’t secure their systems from launch. Singapore-based company, oBike, were the first to be kicked out of Australia in June, 2018. Victoria’s Environment Protection Authority (EPA) applied new pressure to sharing operators to clean up their act or face permanent bans when they didn’t comply with new bicycle sharing economy regulations.
E-scooter user growth treads a similar precarious path
Eventually, the rapidly-changing regulatory burden and willful vandalism of bicycles were so widespread, that some of the largest Chinese bicycle sharing companies went bankrupt and the venture capital dried up, along with the business model.
By 2019, just as the bicycle sharing model had warned, the rise of the e-scooter was also starting to face the same launch issues: poorly regulated identity verification apps, lack of transport planning and limited regulatory oversight were already causing headaches for governments and planning officials across the world.
When a user is positively convinced of their investment and participation in the sharing economy, economists call that form of motivation, “fractional ownership”. The lack of ownership or responsibility presents an opposite problem though, and is one of the driving points of failure within the underlying ‘sharing’ part of the sharing economy.
The Home sharing economy
Airbnb has more than seven million properties in nearly every city and country across the world. While testament to the stunning growth of the sharing economy, the sheer scale of these platforms lays bare the difficulties associated with confirming the identity of every single person who accesses or provides services.
Where platforms like Airbnb or Vrbo are concerned – the homeowners need to be reassured that they’re renting to legitimate people, and that any damages would be covered if things go wrong. For holidaymakers, it’s crucial to know exactly whose home you’re staying in, so having a user’s identity and credentials verified (and accurately) is vital.
A quick google search returns innumerable horror stories on the various scams and poor experiences that people have had with Airbnb. On the flipside, there are many people who have also had wonderful experiences. It appears to be human nature to report a negative experience than write about a good experience. And the bad reviews hurt the bottom line of Airbnb in a big way.
Financial interests to boost platform safety and accurate verification of users
An investigative story published on Wired exposes the degree to which fraudsters are willing to go in order to scam Airbnb’s users:
“Airbnb empires are being rapidly scaled and monetised, with professional operators creating scores of fake accounts, fake listings and fake reviews to run rings around Airbnb, local law enforcement and the guests who place their trust in the platform.”
The article describes how entire new buildings are being used as Airbnb units and being managed through a variety of international backdoors and secretive accounts to do so. These buildings were never zoned this way and would never have been approved if they were.
Another Airbnb scam involves rental scams. This scam appears worldwide, wherever people are looking for a place to live in a tight housing market (ex. Berlin). A rental place will be posted on a rental website like immobilienscout24.de for instance. Once contacted, someone will invite you to locate the place on Airbnb and make a down payment of 1 month.
As the saying goes, clearer heads prevail; but when you are desperate for a place to live, it is all too easy to jump on any rental offer that comes your way and even forgo seeing it in person before sending a deposit.
The longstanding not-for-profit Better Business Bureau, which operates in the North American market, recently published a report on the sheer size of rental scams occuring on room rental platforms. One survey, cited by the BBB, found that 43% of people using these sites in the United States encountered some sort of fraud. The survey points out though that more than 5 million renters in the U.S. have lost money in this way.
As part of its role, Airbnb is planning to verify 100% of all its listings by the end of 2020, but only after 5 people were tragically killed at a rental listed on its platform. Furthermore, Airbnb users regularly complain of having their accounts hacked. There are numerous websites and forums devoted to stories of Airbnb’s identity verification management systems failing and causing financial damage to users.
As Airbnb plans to launch its IPO in December, 2020, safety steps which include a thorough identity verification platform will be important to maintain consumer confidence behind the brand.
Ride sharing economy
There are currently around 4 million Uber drivers and 2 million Lyft drivers worldwide. Launched, respectively, in 2009 and 2012, the rate of growth of these two ride-sharing services is nothing short of incredible. Ride-sharing is certainly a pinnacle of the sharing economy.
However, due to the fast growth, less than sufficient attention has been given to the operations and the security of the platforms. There has accordingly been a huge influx of fake user accounts and scams run on the platforms.
It is not enough to publish an article or multiple articles on the scams that are out there. Not everyone will read them or follow up on them. And the scammers are always changing their methods to stay ahead of the game anyway.
Uber, for instance, is no stranger to fraud on their platform and much to their credit they have been actively fighting it by employing machine learning technology to stop the myriad scams.
These scams run the gamut from GPS-spoofing apps, where a scammer uses two phones to fake rides all the way to offering fake discounts on chat apps – all the while using stolen credit cards to pay for the rides.
Fake accounts and stolen cards leave ride sharing platforms exposed
The use of stolen credit cards and fake accounts across these ride sharing platforms is reported on by FICO, a data analytics company based in the US that primarily deals with credit ratings. They recently published a report on credit card fraud in the ride-sharing industry which demonstrated how criminals are overwhelmingly using these popular ride-sharing apps to “test” stolen credit card numbers to see if they work.
If fraudulent activity isn’t enough to convince you of the need for a more resilient online identity verification process, then perhaps another real problem of the ride-sharing economy will – sexual assault.
In Uber’s first ever safety report, the company revealed that there were 6000 sexual assaults over a two year span in the US market. While the media took this number and ran with it, a well-researched article on The Conversation points out that, while even 1 case of sexual assault would be too much, Uber’s numbers are lower than other transportation providers.
Of course, there is always a risk when you enter a car with a stranger, whether they have undergone a background check or not. And even though both Uber and Lyft are taking positive steps when it comes to preventing sexual assault and other crimes, they should aim for 0 cases of sexual assault.
The issue of these ride sharing apps is that they use a fairly unsafe digital onboarding process and neither Uber nor Lyft employs background checks on their drivers – and they certainly don’t meet with drivers in person before allowing them to begin work. This means that they should at least implement the most robust and technologically advanced online verification process available, such as that offered by PXL Vision.
Ridesharing apps are the wave of the future but it is still a relatively new technology. And with all new technologies, it is important that the industry continues to innovate and make its product safer for consumers. It is our belief that with a high-quality online identity verification technology in place, the amount of fraud and other harmful activities would go down. If both parties to a ride share transaction could be absolutely certain of the other’s identity then a more secure ecosystem would result.
In our related article on cybersecurity, we take a deeper look at this issue, and provide some essential practical tips for businesses trying to verify customers online – it’s especially relevant to the sharing economy.
How to prevent fake accounts in the sharing economy in 3 simple steps:
1. Identify the appropriate identity verification tool for each use case
A well-designed and flawless digital identity verification process is one that is able to prevent fraudsters from creating fake accounts in the first place.
Every sharing economy business has different needs, depending on how they onboard their customers and the level of risk their customers are exposed to. For example, a customer who hires a bicycle with false credentials is inherently less of a financial risk to a company than a customer who attempts to defraud a car-sharing or house-sharing business – though both are a burden on the industry.
Therefore, the type of identity verification technology/method will need to be scaled to ensure the level of risk is met. Sophisticated ID verification techniques (like facial biometrics) which are designed to weed out fake accounts with accuracy, are going to be vastly more useful than an email or social media single sign-on.
In fact, mobility and sharing economy businesses that act to ensure more secure onboarding techniques will also be more attractive to customers, safe in the knowledge that they are also protected from fraud when they rent a car or hire a vacation home for the summer.
2. Determine the most secure identity verification tool for your business
Various forms of identity verification methods in use today are used to authenticate and prove one’s identity. The most common and least secure method asks users for their email address to which a confirmation link is sent. The issue, of course, is that individuals can have an unlimited number of emails under just as many aliases.
Another method asks for a phone number to which a text code is sent which needs to be entered. This one adds a layer of inconvenience to would be fraudsters, but is still easy to spoof. A number of telecommunication resellers will happily sell you a sim card without any form of ID verification in many parts of the world.
Better methods ask the user to upload important documents or better yet to appear in a live video verification with an agent. Of course live video methods are costly to companies and can also be fraudulently worked.The best verification methods today use fully automated AI technologies for checking the authenticity of government issues identity documents, running facial biometric recognition to check whether the document belongs to the user and “liveness” detection to prevent people from using printed photos, video recordings or 3D masks held against a camera.
The smartest tool currently available on the market uses something known as ‘passive liveness’, which completely avoids the need to perform orchestrated instructions on camera (known as ‘active’ liveness) and significantly reduces customer dropout rates.
Make sure you read our article on passive liveness technology for more detailed information on this very interesting topic!
3. Focus on conversion optimisation
Not to be overlooked, the success of the sharing economy is not only reliant on the overall level of security and how those security features are implemented across different sharing apps, but the rise and subsequent fall of companies operating in this industry often point to one central area of neglect in the sales and marketing process: poor conversion optimisation.
Why is customer conversion key? Simply having a highly secure solution will not help if your users cannot navigate through the onboarding process confidently. It’s not enough to have users download your app, if they are going to bail on as soon as they become frustrated by an inflexible product solution that focuses too much on the tech and not enough on the customer experience.
Have you ever used an app that was difficult to follow, took more steps than necessary to authenticate identity and still failed at the last step? This is where we encounter the term ‘dropouts’ and it’s considered one the largest headaches customers can face during customer onboarding. Compared to national banks or government ID schemes, where security and compliance remain the top priority, the sharing economy only succeeds when conversion and simplicity work side-by-side with the right technical solution.
Can we help?
PXL Vision is the Swiss market leader for a highly secure and fully automated AI-based identity verification solution. PXL Vision’s uniquely flexible technology supports any customer requirement and business process worldwide. Our technology is market-proven and trusted across industries, including Swiss ID, which provides a simple and secure login for a number of prominent services across Switzerland.
To help you get started with your identity verification needs, get in touch with us today and we can help you evaluate the best solution for your business’s needs.
Flexibility is key for digital businesses. Yet all too often, the development of companies is hampered by inflexible solutions that cannot accompany them on their international growth journey. This also holds true for businesses that seek flexible online identity verification solutions. In order to scale globally, companies need a software solution that is flexible enough to deal with a multitude of different compliance, business and financial requirements as well as engineering constraints.
As consumers increasingly conduct their commercial activities online or on mobile, companies are following suit by investing in state-of-the-art software platforms to manage their customers’ trusted digital identities in a secure way, right from the onboarding stage and beyond.
While doing so, companies have to fulfill the demands that customers, regulators, as well as other factors put on them. They have to create interactions with their customers that are built on trust, while optimizing the user experience and preventing fraud.
How to deal with the challenges of scaling globally
This alone will be enough to give a company’s compliance staff a headache. Yet, it becomes even more challenging when considering the various constraints they have to fulfill when a company scales internationally.
Globally there are thousands of ID types, comprising biometric passports, national IDs and driver’s licenses – issued by 196 countries and territories. Identity verification solutions need to be able to recognize every single document type. However, not all of these documents may be machine-readable. For example, biometric passports are fairly harmonized across the globe, but documents such as drivers licenses are not.
This is why companies need to deploy a scalable and flexible software solution if they want to be able to verify a document bearer’s identity.
At the same time, not all countries have the same regulatory maturity and thus require different features and functions – setting aside the fact that customers in country A might not be familiar with the user journey in country B. An inflexible software solution could therefore become a real obstacle to scaling internationally.
Besides the need to be able to deal with myriad documents, regulations, and customer habits, there are some other overarching constraints that companies in any sector will face when deploying an identity verification software solution. Some of these relate to engineering challenges, others to general compliance requirements.
Platform-agnostic design ensures flexible online identity verification
An online identity verification solution should be flexibly deployable across different platforms – on the web and on mobile. Even greater flexibility comes when the software solution can be used as a stand-alone product or integrated into a company’s own app.
So, how can we ensure a flexible online identity verification solution that works for all businesses? In general, the ideal flexible software solution has to be able to authenticate the ID document, match the user’s face to the ID photograph, and check for the user’s liveness. It needs to be able to accurately extract information from the machine-readable and visual inspection zones through the fully automated real-time capture of the document using the smartphone’s camera.
The software needs to be flexible enough to work equally well on iOS and Android, and also perform under the technical constraints of any mobile phone camera. When authenticating an ID document, the software will automatically do a forgery check and validate the ID’s various security features, such as a hologram and lenticular.
Furthermore, any decent software solution has to offer the company peripheral services and tools to support end-to-end identity verification and the onboarding processes.
These may include:
- Scanning and processing of barcodes or QR codes,
- Background checks against various government databases such as lists of politically exposed persons (PEP) and sanctions lists, and
- Undertaking a facial recognition check against existing user databases – all in a matter of just a few seconds.
Besides these demands the software has to fulfill the strictest data privacy settings and do so equally well integrated into a software as a service (SaaS), i.e. cloud-based solution, and in its on-premise variety.
A flexible online identity verification solution should relieve your compliance department
There are many compliance procedures that all companies have to adhere to globally. For example, the European Union’s (EU) General Data Protection Regulation (GDPR) applies to all companies that conduct business in the EU. Likewise, all companies are bound by general and sector-specific know-your-customer (KYC) requirements.
Compliance is important, yet it is also expensive. It has created a lot of overhead for companies and tied up many of their employees in unproductive tasks. A flexible software solution that automates most of the required procedures will aid companies tremendously.
Use case-specific online identity verification is key: Three solutions you should consider
Every use case is different: while telecommunications companies need to optimise for conversion, a bank or a national ID card scheme are driven by the most stringent compliance requirements and security standards. The ideal identity verification solution is flexible enough to accommodate them all.
Here are three industry-specific solutions to keep it mind when it comes to strong online identity verification:
1. Direct banking:
Banking is a line of business in which compliance requirements are extensive. In the European Union (EU), banks have to comply with anti-money laundering (AML) regulations such as AML5, the revised Payment Services Directive (PSD2), other relevant KYC procedures, as well as privacy regulations such as the GDPR.
With many new regulations having been introduced over the past years in all major jurisdictions, the compliance department has become the biggest of all in most banks – whether they are direct or retail.
Fulfilling strict KYC mandates is a cumbersome process with high costs, a lot of friction, and long processing times. This highlights the importance of online identity verification solutions. So-called “challenger banks” or “neobanks” were early adopters of these technologies and that is one reason why they have leap-frogged established banks in many ways.
Telecommunications providers are legally required to perform an identity verification when they onboard new customers. In the past this was accompanied by cumbersome manual processes, which in turn led to high drop-out rates and added significant costs. Customer experience suffered as a result of having to come to a store, while online sales growth languished.
Likewise, telecommunications companies were also frequently exposed to fraud by bad actors showing fabricated ID documents at the point of sale, tricking their shop floor staff into authorizing a sale.
A flexible software solution to onboard new customers can solve these problems. Most telecommunications companies already have a customer-facing smartphone app. Why not implement an option to access telecommunications products and services remotely and thus create a compliant, secure, and convenient solution for both customers and retail employees?
3. Sharing economy
All sharing or gig economy platforms have one thing in common that is integral to the success of their business: they must establish trust – both among the platform users and between the individual user and the company. Yet it is still surprisingly easy to remain anonymous on these platforms.
For a small community platform, this might not be a problem at all and therefore, no huge verification process is required. But think about companies like AirBnB: They scaled from a small website to a billion dollar company. If your solutions, (e.g. for identity verification), cannot keep up, your company will struggle to reach a certain size.
Platform businesses require a simple and flexible solution that includes enough security features to meet their needs while satisfying the demands regarding customer experience.
Nevertheless, if you are planning to go big, you need to plan ahead when it comes to your software.
How PXL Vision helps you stay flexible
PXL Vision’s technology serves the needs of any industry. Our software can swiftly and easily be deployed as a cloud or on-premise solution for full flexibility and independence, allowing complete customization of your end-to-end identity verification and onboarding process. It is up to you: you can choose a plug-and-play solution and start right away or configure the technology to your very own needs.
Click here to learn how PXL Vision’s flexible identity verification technology can help your business scale.