Posts

https://de.surveymonkey.com/results/SM-LDBRT6FZ7/
Blog

The Digitialization Movement: Remote work and Identity Verification For External Contractors

Digitalization is transforming workforces in 2021

Remote work and outsourcing are on the rise and with it so is remote hiring, as well as the need for remote employee management. While the current trend towards remote work is largely fueled by the corona pandemic, the ongoing digitalization of the workplace over the past few decades plays a much larger role – if the work can be completed with a computer, it can be outsourced. While the pros and cons of remote work differ depending on who you ask, one thing is clear: working from home introduces a whole host of new challenges for employers.

Identity verification: Know Exactly Who You Are Working WithThe scope of this article focuses on the employer and specifically the challenges of remote recruitment, remote hiring and the remote management of employees. In particular, this article looks at the issue of workforce fraud. Given the nature of remote hiring and remote working, there is essentially no way to ensure (without a doubt) that the person at the other end of the agreement is who they say they are.

Digitalization and Digital Onboarding

There are fraudsters who pose as jobseekers whether for short term freelance assignments or more permanent roles that require advanced skillsets. Employee or contractor fraud occurs across all industries that use remote workers or outsource part or all of their workforce. Fortunately, there are solutions available on the market to combat this fraud in order to ensure the integrity of remote workforces today. These “digital onboarding” solutions are able to verify with a high degree of accuracy that the people working in or for your organization are indeed who they say they are.

The best solutions apply the latest advancements in computer vision, machine learning and facial recognition technologies and have been proven to be extremely accurate in verifying online identities.


PXL Vision’s Daego® is now available in the SAP Store!
Daego® delivers a smooth user experience for verifying the identity of your external workforce. It guides your contractor through a series of simple steps with minimal interaction using facial recognition, passive liveness detection and document scanning.


Remote work and fraud

In principle, the solution for hiring and managing your external workforce is clear: a careful vetting of potential employees followed by a rigorous background check. Following that, a regular (daily or weekly) checkup to ensure that targets are being met and that quality is being maintained. However, in reality, this is a lot easier said than done and the processes involved take resources from your company that could be better used elsewhere.

For the remote hiring phase, in particular, it is difficult to know whether the documents submitted by the potential new hire are indeed authentic and actually belong to that person. What if the documents were purchased off the darknet (see below) and are being used fraudulently?

There is a growing epidemic of identity fraud. Some of these fraudsters pose as job seekers and use fake identities to apply for jobs; whether at small companies, massive corporations, not-for-profits or government institutions. Fraud occurs across all industries that outsource work from banking to construction, healthcare, insurance, energy, rail and utilities; the list goes on.

Fraudsters hide behind well-designed facades of fake identities; they use fake names and titles, as well as fake social media profiles and fake resumes to ply their trade. It is a highly-skilled art, in which not only the gullible fall victim but also the skeptical. Once the fraudulent employee or contractor is successfully onboarded they might finish just enough work to remain below the radar, such that nobody notices. Or perhaps, the finished work or materials used will be of subpar quality and the fraudulent contractor will have disappeared before anyone notices.

Depending on the industry, fraud can take a variety of different forms. In banking, it might be the case that fraudulent employees steal customer access codes and other personal data. In the construction industry, fraud might involve billing for incomplete or subpar work with poor materials. Fraud in healthcare might involve not having the necessary credentials to work in the role applied for. Fraud in the energy sector might see valuable trade secrets stolen and sold to their competitors.

5 outsourcing fraud techniques you should be aware of

  • Paid for work, left unfinished. Some fraudulent job seekers ask for an upfront down payment and then never finish the work.
  • Lying about the number of hours worked. It is really difficult to track how many hours your remote employees actually work.
  • Overestimating budgets or going over budget. With limited oversight of the workflow, it is nearly impossible to budget accordingly. Fraudsters will take advantage of this.
  • Intellectual property theft and stolen ideas. Whether patent infringement, trademark or copyright violations, or the disclosure of trade secrets.
  • Identity theft. Fraudulent employees could use your name/bank account details and steal from your company accounts.

PXL Vision’s Daego® is now available in the SAP Store!
Daego® delivers a smooth user experience for verifying the identity of your external workforce. It guides your contractor through a series of simple steps with minimal interaction using facial recognition, passive liveness detection and document scanning.


The fraudsters toolbox

The fraudulent jobseeker is well-practiced in the art of, well, applying for jobs. These days most hiring takes place online and interviews are usually held remotely through an internet call. A fraudster can easily spoof the location of this call using a virtual private network (VPN). The fraudster submits copies of the fraudulent documents which they purchased from the darknet. Finally, many companies do not have the wherewithal to do a full background check anyways and they often simply copy over the information as it appears on the identity documents.

darknet fraudYou might be wondering just how easy it is to purchase fake documents on the darknet. For the majority of people, the darknet is this seemingly mythical place often talked about but never fully understood. It is, however, very real and easy to get to. Fraudsters who visit the darknet to purchase fake ID documents are also able to learn about the latest tools of their trade there. Have a look here at the current pricing for ID documents and other personal information being sold on the darknet. You might be surprised at how affordable they are. Current reports say that identity theft is rapidly expanding, with estimates that 1 in 5 Europeans have experienced identity theft over the two years from 2018-2019.

In addition to darknet-sourced documents, fraudsters must also be able to cover their tracks. The most important tools are the ones required to cover their “digital fingerprints”. This is possible by using advanced privacy software such as Antidetect and Kameleo, which allows fraudsters to construct fake virtual profiles. In addition, a VPN service and the TOR browser allows the fraudster to spoof their location and hide their online location, which is useful when visiting the darknet.

All of this begs the question, is there anyway to slow down and eventually stop this worrying trend?

PXL Vision’s digital identity verification solution

PXL Vision has the solution in its digital onboarding platform which allows you to verify the identities of the people in your workforce with an accuracy of greater than 99%. Our fully-automated solution takes a photo of the user’s ID documents, followed by a live video selfie of the user. The software then compares the photos from the ID documents to the video selfie of the onboarding user.

PXL Vision has just released its online identity verification solution Daego® – Identity Verification for workforces on the SAP® store where it is directly integrated into the SAP® Fieldglass platform.

SAP® Fieldglass helps businesses to engage with their workforces more efficiently and later manage all aspects of their external workforce from sourcing to on-boarding and off-boarding, invoicing, payment and more.


Like what you read? Subscribe to stay informed!


Blog

How global connectivity is fueling the growth of the identity verification industry 

2021 is the year of global connectivity for digital businesses

Internet connectivity will soon be available to most of Earth’s inhabitants. Global internet connectivity is now more than 50 percent – a threshold calculated to have been surpassed sometime in 2018. While the benefits of global connectivity are huge, there are some burgeoning issues that still require a solution.

A clear benefit of global connectivity is the flexibility to interact and transact with anyone from anywhere in the world. And while this is certainly a defining achievement for all humanity it adds the challenge of trust and the pressing need for assurances that you know who you are dealing with online.

This post will explore these above ideas in greater detail and also give a behind the scenes look at the digital identity verification industry in which we play a defining role. At PXL Vision, we are committed to solving the issue of online identity fraud and other security issues related to the “semi-anonymity” state of the internet, namely online identity verification as one of the big issues for 2021 and beyond.

Online global connectivity

While connecting the first half of humanity to the internet certainly had its obstacles, connecting the second half will be exponentially more difficult. The reason for this is that many of the still-to-be-connected live in the global south, where pre-existing infrastructure and also the economic ability to pay for new infrastructure are lacking.

However, from small, rural villages in the mountainous Andes to the vast landscapes of Africa and into the arid lands of the Middle East, there exists the overwhelming will by all globally-minded citizens to connect to the internet. And as the old adage goes: where there is a will, there is a way.

The race towards global internet connectivity is, in fact, playing out before our very eyes. Jeff Bezo’s Project Kuiper and Elon Musk’s Starlink are two such projects that aim to bring us much closer to global internet connectivity. A quote from Starlink’s website neatly summarizes the problem and the solution to connecting the rest of humankind to the internet:

“Starlink is ideally suited for areas of the globe where connectivity has typically been a challenge. Unbounded by traditional ground infrastructure, Starlink can deliver high-speed broadband internet to locations where access has been unreliable or completely unavailable.”

If you want to see the progress of this undertaking for yourself, check out James Darpinian’s satellite tracker website. Enter your coordinates and you can find the best time to view Starlink’s satellites and/or other satellites as they fly over you.

However, this article is not really about the race to connect the other half of the world (as interesting as that topic is) but more about how to introduce a dutiful amount of trust into your online interactions by knowing who you are interacting with.

Trust issues of online identity

The issue of identity on the internet is not new; at least not new when considering the timeline of the internet itself, which dates back to 1989 and the beginning of the world wide web and the quest for global connectivity.

Since the earliest days of the internet, the issue of identity and trust has revolved around the right to anonymity and the concept of privacy. Different schools of thought are equally vocal on this issue: some say anonymity ruined the internet, while others cry foul that the internet is no longer anonymous and wish for a return to the glory days of the past.

The first linked article above leads to an opinion piece in The Atlantic by Walter Isaacson, a former president of the world-renowned humanities’ think tank, the Aspen Institute. A quote there by Isaacson lays bare the motivations of the online identity verification industry:

“So the best approach, I think, would be to try to create a voluntary system, for those who want to use it, to have verified identification and authentication. People would not be forced to use such a system. If they wanted to communicate and surf anonymously, they could. But those of us who choose, at times, not to be anonymous and not to deal with people who are anonymous should have that right as well. That’s the way it works in the real world.”


Talk to a PXL Vision ExpertAre you interested in automated identity verification processes for your business? Let’s talk about how facial recognition, passive liveness detection and document scanning can be integrated into your business processes: Secure, fast and easy to use.


Regardless of what side you personally take on the underlying debate of identity, anonymity and the internet, the best possible outcome lies somewhere in the middle. Sometimes, anonymity on the internet is nice to have but at other times real, provable identities are equally as important. At any rate, it is easy to stay at least borderline anonymous on the internet if you are careful. You can surf with the “private browsing” setting that most internet browsers have and furthermore only connect to the internet through a VPN. There are also a number of higher-level steps that you could take to browse the internet completely anonymously.

There are a number of “good” reasons to want to remain anonymous on the web; for instance, if you are an activist, journalist or whistleblower. There are also a number of “bad” reasons to want to remain anonymous, such as planning terrorist attacks, fraud and even trolling.

The online identity verification industry is interested in upholding the good reasons and preventing the bad reasons by building trust through identity, where it matters.

External contractors / remote work and fraud

One of the “bad” reasons for anonymity on the internet, which is of particular interest to our operations at PXL Vision, is workforce fraud. Workforce fraud is a complex and growing issue (especially in our current pandemic times), which sees fraudsters taking advantage of remote work opportunities and other contractual agreements by using fake identities.

Once connected, anyone can leverage the power of global connectivity and the internet to their benefit. Of foremost value is the ability to source talent from anywhere on Earth. Established companies and startups alike are both able to benefit from remotely outsourcing some of their operations or hiring external contractors in order to improve their business prospects.

Prior to the advent of the internet, work or business was often concluded face-to-face and involved varying levels of eye contact. The parties involved, whether employer/employee or business/external contractor could ascertain to within a reasonable doubt whether or not the other party was who they said they were.

However, in the 21st century, entire workforces can interact purely online and never actually meet in person. And while this offers numerous advantages, it has also invited some disadvantages such as workforce fraud. This is also precisely why PXL Vision has partnered with SAP® Fieldglass.

Which industries in particular face increased workforce fraud?

Thanks to the push for global connectivity, the tendency towards more remote work is no longer limited to a handful of industries. Nowadays, just about every industry that operates even a portion of its business online can easily outsource some of its efforts to external contractors.

global connectivity - remote workforce identification

The following list of industries, all of which necessitate a high-level of identity clearance, is far from a complete list of the numerous use cases in the online identity verification industry, but it stands to underline the importance of identity verification in the remote workplace.

Construction 

The construction industry has traditionally involved varying levels of fraud and that is no different today, with the exception that much of the fraud has moved to online channels. Furthermore, with tight timelines, budgets, and a lot of outsourcing to subcontractors, a digital identity verification solution is really the only way to stay on top of who’s who.

Finance & Banking 

Banks heavily rely on external workforces to gain fast and flexible access to the skills they need to stay competitive. Banks must ensure that workers have passed background checks and are who they say they are. Furthermore, it is the banks duty to safeguard customer information, financial data and intellectual property. Digital identity for online finance and banking is also required under most anti-money laundering (AML) initiatives around the world.

Insurance

Society is on the cusp of a massive shift as the boomer generation is set to retire. Many new workers are entering the insurance industry to work for in-demand positions such as data scientists and IT experts. As in the case for the banking and finance industry, the safeguarding of customer information is a high priority.

Telecommunication

The telecommunication industry is a highly-regulated sector for both the network provider and the network’s users. Communication is a matter of national security and is therefore important that the identities of all those working in the industry are verified.

Railway 

The rail industry is a massive employer for all countries that maintain an extensive network. There are ebbs and flows to the labour needs as well; for example, in the U.S. and Canada during the harvest season. It is important to be able to legally identify this often very remote-based contract labour in a safe and secure way.

Aerospace & Defense

Aerospace and defense are by their very nature critical employers that require a perfect oversight of the people working in the industry.

Utilities

Much like the railway and telecommunication sectors, utilities such as electricity and water suppliers as well as other related organizations behind public-service infrastructure, require high levels of security. These companies need to know who is working for them and when.

Oil, Gas & Chemical

These are especially volatile industries. A fraudulent worker with terrorist motivations could wreak havoc on a population centre that is located next to a facility dealing in these compounds. If you remotely hire your employees or contractors to later work onsite at one of your oil & gas facilities, you need to know who they are. Furthermore, the infrastructure behind the fossil fuel industry consists of very expensive precision tools and machinery which requires specialist contractors to run.

Other non-work related use cases for online identity verification

As mentioned, there are many other non-workforce-fraud related use cases for online identity verification. For example: online marketplaces are rife with bad actors who take your money and send you nothing in return. Likewise, online gambling sites have long been a compliance and legal free-for-all but many countries are now requiring strict KYC/AML laws in order to continue operations.

The sharing economy in general has faced many issues of fraud – which we wrote about here. For example, Airbnb has had issues with identity fraud and people misusing the platform in a variety of ways. Other room-booking websites take note! 

Online dating is also on the rise and is an area where you would want to ensure that the people you are flirting with are who they say they are before you decide to meet them or let them into your home.

Telecommunications, which is covered in the workforce fraud section but also here in that users might want to and at times have to use identity verification controls to log into their smartphone or begin a contract.

Financial services such as online payments and online access to bank accounts requires secure, identity based logins. Also, many fintech companies do not have any brick-and-mortar establishments to visit and all business is done through an app or a website.

How PXL Vision makes global connectivity securer

PXL Vision can help your business secure its operations by verifying the identity of all who participate in your online ecosystem whether it be for hiring remote workers, ecommerce or for participating in the sharing economy. PXL Vision even offers a standalone Plug and Play version named Daego® which stands for digital alter ego, which allows you to immediately use our solution . PXL Vision’s ID platform is furthermore partnered with SAP® Fieldglass, which adds the extra utility of an identity verification solution built into SAP’s vendor management system.


Like what you read? Subscribe to stay informed!


NFC reader in airport for FINMA
Press

NFC tech on the rise in identity verification

More companies and federal agencies are using NFC technology to allow for fast and secure identity verification processes. 

PXL Vision expressly welcomes FINMA‘s willingness in the proposed draft amendment to expand the scope of online identification. Since the use of a biometric NFC document chip is an extremely secure procedure, FINMA’s approval within the scope of identification is purposeful and logical.

The process started in November 2020 and new regulations will likely be published by July 2021.

PXL Vision has worked and researched NFC technology since 2018, creating time saving and lower cost tech for their customers.

However, NFC technology is not the only effective method. PXL’s whitepaper responding to the FINMA revision highlights even more suitable options for digital and automated verification of identities that can already be implemented with today’s state of the art technology: https://pages.pxl-vision.com/de/finma-whitepaper (German).

Read more: PXL Vision launches NFC verification technology capability for all customers.

Berlin TV Tower, Germany
Press

Get ready Germany, Switzerland’s No.1 ID verification company has big expansion plans

Berlin TV Tower, GermanySince the start of 2021, PXL Vision’s expansion into Germany has gained momentum. As of May 1, the company’s German market presence has strengthened to include 10 German-based employees and plans to expand further with more hires throughout the year.

The company, which is known for its best-in-class identity verification technologies that enable digital identities, is the market leader in Switzerland.

PXL Vision CEO Michael Born believes there are big opportunities to help improve identity verification solutions for businesses across Germany, a country that is working steadily to transform its digital regulations and legal requirements around customer onboarding and ID verification.

“The German market is a key expansion priority for PXL Vision”, Mr Born said.

“The Marketing & Sales team will be continuously enlarged and additional employees will join PXL Vision, especially in the areas of product development and compliance.”

“With the end of the pandemic on the horizon, PXL Vision has also started looking for suitable premises in Berlin, an ideal location to attract further talent and grow rapidly in the German startup capital.”

Big Growth Horizons for PXL Vision

Tanja Bartsch, PXL Vision’s Head of Sales, is extremely optimistic about the company’s big plans for Germany and praised the company’s management for their cultural inclusivity, transparency and open communication.

For Ms Bartsch, the belief in trying new things has been an important mindset that has helped the company excel in the German market.

“If someone has an idea – then we go for it. We call it instant execution,” she said. “We do not worship perfection”.

“Even if the idea might be flawed, this makes us so much faster than any other company in our space.”

Since the company was founded in 2017, PXL Vision has won numerous large business awards in Switzerland for its biometric verification technology and has quietly dominated the Swiss market with a number of key customer wins.

In a period of fewer than three years, PXL Vision has managed to sign contracts with major Swiss customers such as SwissID, Swisscom, Swiss Life, Sunrise/UPC, ZKB, Migros and Mobility, becoming the leading provider of automated customer verification in record time.

“This exponential growth that we are encountering here at PXL Vision, I have not encountered anywhere else before. I contribute that to the fact we are really working as a community here, where everyone can freely bring their strengths to the table, and their creativity”, Ms Bartsch said.

Celebrating one small step at a time

PXL Vision offers its customers maximum technical flexibility & multiple options for implementation, supporting any existing business process. Their fully flexible business model Is backed by years of research and development and offers in-depth industry experience in identity verification techniques.

This success story is now to be repeated in Germany and other selected markets.

“We do not have our focus on the things that are not working, but relentlessly on the things that are working”, Ms Bartsch added.

“We have been celebrating every small step of the way, every little achievement.”

“For us, success is a journey and an iterative process best achieved when walking down the road – even if it is not perfectly paved.”

 

KYC Document
Blog

What is a KYC document? Know Your Customer rules explained for businesses

What is a KYC document?

KYC stands for Know Your Customer. Documents which are required for businesses to know your customer are KYC documents. These documents are normally divided into two distinct categories:

  • Proof of Identity (POI) document – requires a photo of the individual
  • Proof of Address (POA) document – cannot be dated older than 3 months.

Why is this relevant within the identity verification industry? When a business digitally onboards new customers, they are required to ensure they can accurately proof the identity of their customer using KYC checks.

It is important to note that the same document cannot be used to confirm both the user’s identity and the place of residence. At least two documents are required for the KYC process.

The acceptable KYC documents vary depending on which jurisdiction the process is being performed in. Some of the more generally recognized documents are listed here.

Proof of Identity (POI)

The first half of a KYC document must be an official government issued ID. This document must include a photo of them. There are a variety of IDs that are allowed to be used for POI purposes. Which are acceptable and where is determined on a jurisdictional basis.

In 2016, Pricewaterhouse Coopers published a very useful Quick Reference Guide on KYC (available here as a PDF). Some commonly accepted POI examples from around the world are:

  • Passports – universally recognized
  • National Identification Cards – Aadhaar in India, DNI in Argentina, SIN/SSN in Canada/United States, HKID in Hong Kong, BSN in the Netherlands
  • Driving License – United States, Canada, the Netherlands
  • Voter ID card – INE in Mexico, India, Jamaica
  • Health Card – Canada

How PXL Vision checks POI

Every company that performs proof of identity (POI) checks should have a comprehensive KYC guide that describes the process and requirements for the user.

PXL uses the smartphone (or any other) camera to scan and extract information from the identity document in order to determine the authenticity of the document in an automatic way. Users just need to point their camera at the document, our solution then detects which document it is and extracts information from the document.

Most documents have machine-readable code line(s) (MRZ) on the back side of the document. We extract the information and run various checks on the MRZ itself. We then extract further information from the rest of the document known as the visual inspection zone (VIZ). However, purely extracting information from the document is not enough, we also want to ensure that we are dealing with a real document and not a fake. To assess the authenticity of a document, we analyse hundreds of different visual key features and run a variety of security checks, such as detecting holograms, on the document.


Talk to a PXL Vision ExpertDo you need to perform a KYC check for your business? Let’s talk about our KYC solution which uses facial recognition, passive liveness detection and document scanning and how it can be integrated into your business processes: Secure, fast and easy to use.


More and more identity documents now come with a biometric NFC chip. Using the smartphone NFC reading capabilities (if available), we are also able to read the information from the document and check whether the chip in the document has been tampered with. This, today provides the highest security in document verification.

In case the fully automated checks fail then, based on the security requirements of our customers or the regulations in place, there are steps in place to manually verify the documents proving identity. PXL Vision provides an easy to use tool for guiding customers’ back office employees through a simple manual verification.

Proof of Address (POA)

The proof of address (POA) KYC document is often vaguely defined. It is, however, one of the basic requirements for KYC checks. Officially issued documents, which have the individual’s name and current address on it, are key. Most POA documents require an issue date in the last 3 months.

Just like with POI documents there are a wide variety of documents that can be used for POA purposes; which are acceptable and where is also determined on a jurisdictional basis.

Most documents should be dated to within three months to show that the address is current. Some commonly accepted POA examples from around the world are:

  • Utility bills such as Landline Telephone Bills, Gas bill or Electricity bill (usually not more than three months old)
  • Bank Account Statement or Passbook entries (usually not more than three months old)
  • Proof of residence issued by a Notary public or a Government Authority
  • Identity card or document with an address that is issued by a Central or State Government
  • Maintenance bills from official companies (usually not more than three months old)

How PXL Vision checks POA

PXL Vision’s identity verification platform is able to implement an API from another service provider to perform the POA check. For instance, in Switzerland where PXL has a large customer base, an API is used from the Swisspost to check POA documents.

If performing a manual POA check for your business, here are a few pointers to properly verify the documents:

  1. First, and if applicable, inspect the document for watermarks and security features to see that they are intact.
  2. Next, look for any signs of photoshopping or other alterations.
  3. If it is a bank statement, utility bill, maintenance bill or government issued correspondence have a look at the date to ensure that it is no older than 3 months.
  4. Make sure that the document has the person’s name on it.
  5. Check if the document has the address (the more specific the better) and confirm it’s existence with an online search of Google Maps.
  6. If the applicant submits the address without the apartment number while living in a block of flats, the compliance officer must request them to specify the flat as well. Postal boxes are not allowed.

KYC within the broader scope of Anti-Money Laundering (AML)

The submission of KYC documents and the process of checking them is partial to an anti-money-laundering (AML) framework, which banks and financial institutions are legally obliged to follow. The goal of AML is to verify with a high degree of assurance that customers are who they say they are and that they are not likely to be engaged in criminal activity.

The U.S. has had some form of KYC/AML legislation in place since the early 1900s; first rolled out to fight organized crime. However, this existing legal framework was completely overhauled and expanded following the September 11th, 2001 terrorist attacks in New York City.

The new KYC/AML legislation is encompassed by the USA Patriot Act of 2001(PDF), specifically in section: Title III: International Money Laundering Abatement and Antiterrorist Financing Act of 2001. Numerous countries around the world base some of their own KYC/AML processes on the stipulations and requirements found in the Patriot Act.

Who Regulates KYC Compliance?

In addition to the legislation outlined in the US Patriot Act, a variety of other oversight bodies around the world implement and regulate KYC/AML compliance. Some of these oversight bodies are:

  • Australia (AUSTRAC – 1989)
  • Canada (FINTRAC – 2000)
  • Germany (BAFIN – 2002)
  • Switzerland (FINMA – 2007)
  • Italy (Banca d’Italia – 2007)
  • Mexico (Federal Law for the Prevention and Identification of Operations with Resources from Illicit Origin – 2013)
  • United Kingdom (The Money Laundering Regulations – 2017)
  • India (Reserve Bank of India – 2002)
  • South Africa: The Financial Intelligence Centre Act 38 of 2001 (FICA)

Other political organizations, such as the EU, Asia-Pacific countries (APAC) and others have built upon or created their own compliance frameworks. In addition to GDPR regulations, the EU has a new regulatory requirement, PSD2, to reduce fraud and make online payments more secure, as well as the 6th EU Anti-Money Laundering Directive (6AMLD).

Also, numerous countries and international bodies follow the G7’s Financial Action Task Force which is in turn supported by the G20.

Businesses requiring KYC

As mentioned, KYC is mandated by international law for banks and other financial institutions, at least to the extent that they want to participate in the global financial system. However, as governments around the world are beginning to hold financial institutions to ever higher standards, these institutions are in turn requiring the companies they do business with to also be more accountable.

So while banks and financial institutions are required to comply with KYC to limit money laundering and terrorist financing, these banks are now passing on some of the burden to the companies that they do business with.

If your business deals with money transactions in any way, now would be a good time to get in front of these potential future regulations.

At any rate, there is a good argument to be made that some businesses in the non-financial sector should voluntarily implement KYC procedures anyway in order to signal their trustworthiness and protect their business and customers from fraud. We recently published an article on the sharing economy, which demonstrates a solid use case for a KYC procedure where one is not yet mandated.

Compliance with KYC Requirements through digital identity verification

As businesses and institutions continue to move their services online and grow their user base, solutions for fast, easy and low cost online identity verification are needed.

Individuals want the convenience of signing up through digital channels, and they want the process to be quick and painless. Businesses and institutions, on the other hand, have to manage the realities of complying with KYC regulations and factor in the cost of whichever solution they go for.

The right online identification verification solution needs to be able to:

  • Extract data from a wide variety of ID documents such as passports, driver’s licenses and other government-issued IDs
  • Verify the authenticity and validity of the ID document
  • Capture facial biometric data from the customer
  • Compare the biometric data and the ID document to validate the customer’s identity
  • Securely meet these technical objectives, while being scalable and cost-effective for large, international companies.
  • Provide a simple, seamless user experience

Learn how PXL Vision is able to offer all of this with a flexible, modular approach to online identity verification. Contact us today.

KYC verification: Innovative approaches welcomed

European regulators have adopted new online identity verification processes. They are actively promoting new solutions to address specific compliance challenges. Furthermore, they have developed a common approach for a consistent application of standards across the EU known as the electronic IDentification, Authentication and trust Services regulation (eIDAS). The intent of eIDAS is to drive innovation towards using higher levels of information security and innovation.

The European Commision has recognized built-in computer applications that automatically identify and verify an individual from a digital image or a video source (facial biometrics) and built-in security features that can detect presentation attacks.

cost of KYC

KYC for your business

Know Your Customer regulations already places a cost burden on businesses operating in the financial industry. Out of concern for money laundering and terrorist financing, governments and banks are making their KYC processes even more stringent.

Some of the extra cost for this tightening of regulations is being shifted to businesses not directly involved in the financial sector but still availing themselves of financial services.

If you are one of these businesses, please get in touch with us and find out how we can help you reduce these costs and drive customer conversion with a fully-automated, customizable solution from PXL Vision.


Talk to a PXL Vision ExpertDo you need to perform a KYC check for your business? Let’s talk about our KYC solution which uses facial recognition, passive liveness detection and document scanning and how it can be integrated into your business processes: Secure, fast and easy to use.


Like what you read? Subscribe to stay informed!


NFC contactless payment
Blog

What is Near-Field Communication (NFC)? 10 Everyday Use Cases

Some new technologies blend so seamlessly into our lives that we often end-up regularly using them without awareness. Near-Field Communication (NFC) is one of these technologies.

What is NFC technology?

Near-Field Communication (NFC) is a set of communication protocols for a two-way wireless data transfer between two electronic devices. “Near-field” refers to the fact that the two devices have to be positioned near one another in order to communicate – with a maximum distance of 10 centimeters or less.

The onset of commercially applicable NFC technology began in the early 2000s. At this time, Sony, Philips and Nokia experimented with and built on earlier technologies and patents such as Radio Frequency Identification (RFID) technology (around since the 1980s) and invented NFC technology.

The confusion around NFC and RFID technology

The terms NFC and RFID are often used interchangeably and oftentimes incorrectly. It is excusable and can hardly be called a mistake given that NFC is actually a specialized subset of RFID technology. Or, put strongly, Near-Field Communication is an evolution of RFID technology.

Generally speaking, both NFC and RFID technologies are forms of wireless communication – i.e. they transfer information through the air between a transmitter and a receiver via radio frequency (RF) waves. Other forms of wireless communication include amongst its ranks: AM/FM radio, Bluetooth and Wi-Fi.

There are a number of important differences between NFC and RFID and that is where some clarification between the two technologies is helpful. Mostly because it is the differences that lead to the varying use cases of each technology. If you are familiar with the difference between scanning printed barcodes and scanning QR codes, you will already better understand the different directions that these technologies have taken.

For deeper insight into these differences take a look at BlueBite, a company that works directly with NFC and RFID technologies. A short synopsis of an infographic on their website labels RFID as “item-centric” and a technology that improves upon printed barcodes. Whereas NFC is labeled as “user-centric” and a technology that improves upon QR codes.

RFID – As an improvement on printed barcodes, RFID does not require a direct line of sight. It has a standard read range of up to 10 metres for passive tags and a 100 metres if the RFID tag is powered. Specialized readers are usually required in order to interact with RFID tags, but there is some crossover here whereby certain NFC-equipped smartphones are able to read these tags. RFID technology is primarily used for (item-centric) supply-chain inventory tracking and for loss prevention at stores – noted by the two electronic towers prominently placed at most store exits. One of these two towers is a transmitter while the other is a receiver and when you pass between them with an RFID tag that has not been deactivated, the alarm will sound.

NFC – As an improvement on QR codes, NFC also does not require a direct line of sight. This is, however, where the differences between RFID and NFC take a hard turn. The read range of NFC maxes out at approximately 10 centimetres – which actually doubles as a feature for improved security (e.g. for payments). NFC is primarily used to add consumer (user-centric) utility to products, such as for product authentication and access to exclusive content.

A final important difference between the two technologies is that Near-Field Communication allows data to flow in both directions. This means that NFC enabled devices can exchange data, whereas RFID only works in one-direction and therefore the amount of data is limited to what an RFID tag can store – which is usually no more than 2KB.


Request a DemoPXL Vision utilizes NFC technology to permit individuals to remotely identify themselves by using their electronic passports or other NFC/RFID equipped identity document. Learn more about our online identity verification solutions by requesting a demo today.


10 Consumer Use Cases for NFC technology

NFC technology is by now nearly ubiquitous across all major smartphone manufacturers. Nearly every new smartphone has NFC technology as a standard. Apple was one of the last companies to get on board with NFC technology and is unfortunately still only halfway there but their latest releases appear to have finally welcomed the technology.

NFC technology payment. Contactless, wireless payment with credit plastic card, smartphone, POS terminal

1) Payments – The number one use case for Near-Field Communication technology today is contactless payments with a smartphone. This use case in particular is why the maximum communication distance of 10cm is a feature rather than a hindrance. It would be terribly inconvenient if your phone accidentally paid for someone else’s purchase while standing in line at the supermarket. Google Pay and Apple Pay are the frontrunners for NFC payments, though there are other companies also providing NFC payment apps. Of these, PayPal is probably the best known but there is also Venmo, which works seamlessly with Facebook, but is not supported by most brick-and-mortar retailers.

Other than payments there are a number of other lesser known use cases for NFC technology. A selection of them follows below. Of course, some of the following use cases are not new and were already in use when RFID was the standard.

2) Public transit – NFC to pay for public transit. What a convenience! Many of us grew up fumbling with coins and paper tickets, but now major urban centres all over the world are adopting NFC payment systems. Simply tap your transit card or smartphone onto a terminal and you are permitted to ride. Public transit NFC has led to faster payment times and less platform congestion around ticket machines. NFC is also more environmentally friendly, bypassing wasteful paper tickets. Unfortunately, data privacy has been an issue as many public transportation agencies have been logging the date, time, bus route and bus stops of passengers; for example in Berlin, Germany.

3) Controlled access – NFC or more traditionally RFID technology has long been at the centre of controlled access, such as for institutions, workplaces, hotel rooms, fitness centres and, of course, residential buildings.

4) Travel – Most passports have an embedded RFID chip which can be read by the NFC hardware on your phone. This has, in particular, been a boon for the travel industry as it has led to speedier border crossing / airplane boarding times.

5) Bodily implants – Yes, that’s right! Another use case for NFC is via implants into your body. These could be useful for a number of reasons, but might not be suitable for the needle-squeamish. Of course, we have been implanting our pets with RFID/NFC chips for many years and no one seems to mind. If only dogs could talk!

6) Embedded experiences – NFC connects the physical world to the digital world. Art museums, such as the Museum of London, are using the technology to digitally enhance their exhibits. Stores and supermarkets could also use NFC this way, in order to provide more information about its products, link to loyalty cards, or enhance the check-out experience. However, while there have been some fits and starts to using NFC in these ways, a quick Google search suggests that it has not really caught on yet.

7) Product authentication – To protect against counterfeits/fakes at those high-end stores where they sell Gucci bags. Here’s a Gucci bag that costs 2100 Euros! Hopefully it’s not a counterfeit!

8) Task optimization – You can purchase NFC tags online or elsewhere and then download an NFC read/write app (e.g. NFC Tools/NFC Tasks) to automate certain tasks on your smartphone or other smart devices.

9) Smart homes – There are a number of uses for NFC tags around the home. Firstly, for turning things on and off or adjusting lighting levels. You can set reminders for when to water your plants or set a timer when you start the washing machine. Various smart home kits are available from Amazon, Google, Apple and others.

10) Sharing files – There is an NFC functionality for sharing photos, contacts and other data between two devices using software such as Android Beam. This allows two people to directly share data peer-to-peer without having to first upload it and then download it to the cloud. However, due to the close proximity required for data transfer and its slow speeds, peer-to-peer NFC data transfer has seen rather slow adoption. More often than not, Near-Field Communication is used to bootstrap two devices to connect across another channel such as Bluetooth or WiFi.

5 reasons why NFC adoption will continue to increase

1) It’s secure. NFC transmissions are short range giving the individual more control over how they interact with the technology.

2) It’s versatile. NFC can easily be implemented across a broad range of industries and situations.

3) It’s open technology and standards-based. Universal standards provide more choices for customers and leads to stable systems.

4) It works with multiple systems. For example, smartphone based NFC already works with existing contactless card technologies.

5) It has working committees promoting its adoption. NFC has a number of primarily industry-led organizations working behind the scenes to increase NFC adoption. One of these is the NFC Forum.

The NFC Forum

The NFC Forum launched as a non-profit in 2004. NFC Forum’s mission is to advance the use of Near-Field Communication technology by developing specifications, ensuring interoperability among devices and services and educating the market about NFC technology. The usual major technology companies are behind the NFC Forum, such as Apple, Google, Intel, MasterCard, Samsung, Sony and many others.

According to their website, the NFC Forum is currently developing specifications for a modular NFC device architecture in order to enable a consistently positive user experience. Furthermore, they are educating enterprises, service providers, and developers on how to use NFC technology to deliver impactful solutions and grow their businesses as well as developing specifications, test mechanisms, and guidelines that ensure consistent, secure, and interoperable use cases worldwide.

How PXL Vision leverages NFC technology

canada passport front with NFC chip

Another use case for NFC technology aligns with travel (use case number 4, above). Passports or other government-issued identity documents which are equipped with an NFC/RFID chip can be used for online identity verification purposes. Many passports these days already have an encrypted NFC/RFID chip built-into them with varying types of information (data) on them, depending on the jurisdiction. In some jurisdictions, the data might even be biometric in nature.

The verification of the biometric NFC chip provides the highest security in document verification today. However, not every user device has the reading capability and also most locally used identity documents, such as driver’s licenses or national ID cards don’t yet have a chip embedded.


Contact UsAs an online identity verification company, PXL Vision utilizes NFC technology where feasible, permitting individuals to remotely identify themselves by using their electronic passports or other NFC/RFID equipped identity document. Learn more about this and our other online identity verification solutions by contacting us today.


Like what you read? Subscribe to stay informed!


What is digital onboarding and how to reduce business costs during ID verification
Blog

What is digital onboarding and how to reduce business costs during ID verification

What is digital onboarding?

Digital onboarding is an online process whereby an individual signs up with a company or a government/institutional service in order to later access its products and services. The individual provides their personal data, and if required, a piece of biometric information such as a fingerprint or face scan. The digital onboarding process allows the individual to be easily and securely identified at a later date.

Before the onset of digital onboarding, an individual provided their individual data either in-person or through the mail, which was often an expensive and time-consuming process. As businesses and institutions continue to shift their operations online, the need for a secure and reliable digital onboarding solution has increased. This is all the more true as the Covid-19 pandemic continues, requiring us to minimize person-to-person contact.

Online businesses in particular are massively benefiting from digital onboarding technology. The onboarding of customers into a company’s database allows the businesses to better keep track of their customers and better target their products and services to their customer base.

The current proliferation of well-designed digital identity platforms on the market, which are simple for the end user to operate, is turning a once tedious and time consuming process into a more streamlined and faster one.

The digital onboarding process

For online businesses, the digital onboarding process uses the platform that your company has either developed in-house or chosen from a list of contenders. The platform is used for ensuring compliance (when required) and ultimately for converting potential new customers into paying customers; those who will eventually form your customer base.

For many online businesses, an email and credit card or PayPal account has long been sufficient for onboarding purposes. However, this rather nonchalant onboarding method has been proven insecure with high numbers of fraud cases still being reported. Thus, the concerted effort by the digital onboarding industry to add extra layers of security to the onboarding process.

However, the customer onboarding process is the beginning phase of establishing a relationship with a new customer. And it is crucial to get it right as the customer already begins to form their opinions of your company at this point. It is still possible, and altogether too often the case (as you will see below), that the customer decides to abandon the onboarding process, either because it takes too long to complete or is too difficult.

Digital onboarding and identification

The industry that is growing up around trustworthy digital identities has risen out of this pressing need to make online interactions and transactions safer and more secure. Digital identity solutions are transforming online businesses by adding an important layer of trust and security to the digital realm.

However, global fraud figures reveal a darker side of the digital onboarding process and account-based fraud now makes up one of the most pressing threats to businesses today.

According to US-based Javelin Strategy, a research-based advisory firm in digital finance, the number of consumers who were victims of identity fraud fell to 14.4 million in 2018, down from a record high of 16.7 million in 2017. However, on the flip-side, new account fraud, whereby hackers use a victim’s identification to open new accounts, has been on the rise. Fraudsters open new accounts for credit cards, student loans, mortgages, and the like.


Talk to a PXL Vision ExpertReduce your company’s abandonment rates today and build your customer base by verifying your new customers’ identities with speed and peace of mind. Find out how PXL Vision can reduce identity verification costs for your business by up to 95%. Contact us today.


Our article on how to prevent cybersecurity attacks provides a number of useful tips for businesses interested in getting the most protection from their digital identity verification platform. It’s especially relevant during the digital onboarding process.

With the technological solutions now in development by RegTech companies such as ours, online fraud is about to receive a serious blow. As digital onboarding technology continues to progress, especially in the areas of facial biometrics, artificial intelligence and machine learning, it will become possible to create a digital twin that exists online as a representation of our real world selves.

To learn more about identification and digital onboarding, read our article on digital identity verification.

Customer abandonment issues with digital onboarding

Despite the added security that a more robust digital onboarding process offers, a major issue in the industry is that of high customer abandonment rates. This high rate of abandonment is primarily due to poorly-designed digital onboarding platforms that are too difficult or too time consuming to complete. Some of this is due to poor UX design (see our previous article on the effect of UX design on the digital onboarding process) and much of it has to do with the identity verification process itself.

When you dig further into the figures, some digital ID platforms in the European market have even reported 40-50% customer abandonment rates.

This issue is easily visualized through a simple demand side curve. However, instead of price on the y-axis we will write in the time/difficulty of the digital onboarding process. The x-axis will denote the # of customers converted.

A linear agreement is made where the more time that is needed to complete the onboarding process leads to fewer converted customers and vice versa.

The solution then is to rethink and simplify your company’s digital onboarding strategy in order to move the C-point downwards and rightwards along the curve.

Case study: costs associated with shopping cart abandonment at the checkout

Similar to the checkout experience at physical stores, customers do not want to waste time in line. When online, the same customer who simply wants to make a purchase will not stand for an onboarding process that takes too much time or is too difficult to complete. An independent web UX research institute, Baymard Institute, found that abandonment rates for online checkout carts average nearly 70 percent for some online merchants.

To be clear, this high abandonment rate is not only due to a less than satisfactory onboarding experience. In a survey of around 4500 people asking why they had abandoned their shopping cart, 20% responded that the checkout process was “too long / complicated”. Yes, one of the primary reasons for high shopping cart abandonment rates is the length of time it takes to verify a customer’s identification.

digital onboarding shopping cartCart abandonment is one of the single greatest costs to a business. The bottom line of your business takes a direct hit when a potential customer abandons their purchase. Moreover, the cost can be immeasurably higher when that customer simply switches tabs on their browser and takes their business to a competitor.

A faster, more streamlined digital onboarding process reduces these abandonment rates. PXL Vision’s digital onboarding solution uses passive liveness detection, which increases the speed of the online ID verification process – topping out at less than a minute on the customer side.

Fast verification times and the prevention of financial fraud

While the use case for online shopping carts is clear, there are other use cases, such as with online banking and finance (Fintech), wherein your onboarding solution needs to comply with a regulatory framework in place – for starters KYC / AML guidelines.

For online banking, one would think that the longer the process takes the more bona fide and trustworthy it ought to be. A streamlined and fast digital onboarding process might even appear to be in conflict with fraud prevention. What we have witnessed, however, is that low quality and poorly designed digital onboarding platforms actually increase the risk.

When low-risk consumers come across a complicated, time consuming onboarding process they are more likely to take their business elsewhere. High-risk consumers, on the other hand, are more likely to complete the processes of overly complex and time consuming onboarding processes, given that they might have fewer options to choose from.

PXL Vision’s flexible online identity verification platform protects their clients against fraud by complying with the strictest of KYC / AML guidelines all the while maintaining fast onboarding speeds. Furthermore, PXL Vision has adopted the most recent AML5 Directive as well as the GDPR into its digital onboarding process, providing access to the entire European market, with more than half a billion potential customers.

5 Ways PXL Vision speeds up / simplifies digital onboarding

  •  Overall User Experience – A fully automated UX with reduced screens and need for interaction in the onboarding journey
  • Clear instructions & Instant feedback – Follow the KISS acronym: Keep It Simple Stupid! Image too blurry? We inform the customer immediately so they can try again
  • Multiple ID support – Supporting a wide variety of ID types – and the multiple variations therein + an ongoing assessment of new versions
  • Cross-platform and architecture support for the perfect fit into existing business processes
  • Compliance – KYC, AML, GDPR and other regulatory legalese taken care of

PXL Vision’s digital onboarding solution is a modular and fully-customizable platform wherein your customers will be able to verify their identity in 20 – 30 seconds. The time savings are substantial and it reduces the potential for customer abandonment in the final stages of the onboarding process.

Fast digital onboarding improves the user experience, increases the conversion rate and expands your customer base.

PXL Vision’s digital onboarding platform

The digital onboarding of new customers is the most crucial aspect of your online business. We understand this and understand the time constraints of today’s consumer in an online marketplace with almost endless choices.


Talk to a PXL Vision ExpertReduce your company’s abandonment rates today and build your customer base by verifying your new customers’ identities with speed and peace of mind. Find out how PXL Vision can reduce identity verification costs for your business by up to 95%. Contact us today.


Like what you read? Subscribe to stay informed!


Press

PXL Vision’s Daego® Now Available on SAP® Store to Help Reduce Contractor Identity Fraud

PXL Vision SAP

By integrating with SAP® Fieldglass® solutions, PXL Vision’s Daego® solution delivers cutting-edge identity verification for external talent onboarding.

 

Zurich, Switzerland — 11th February 2021 — PXL Vision announced today that its Daego® – Identity Verification software solution is now available for free trial and purchase on the SAP® Store, which recently merged with SAP App Center as the single digital marketplace for SAP and partner offerings. As PXL Vision’s first listing on the SAP® Store, Daego® integrates with the SAP® Fieldglass® Contingent Workforce Management solution to help deliver cutting-edge identity verification to companies seeking to onboard third-party contractors. 

PXL Vision is a Swiss market leader for highly secure and fully automated AI-based identity verification solutions. PXL Vision’s uniquely flexible technology supports a wide range of customer requirements and business processes worldwide. Companies from industries as diverse as financial services, telecommunications, mobility, the sharing economy and retail as well as the public sector are already using PXL Vision’s technology to verify their customers’ identity. The use of PXL Vision’s identity verification platform is now extended to the onboarding of third-party contractors.

We are proud that Daego® is now available on SAP Store and integrated with SAP Fieldglass solutions to help companies verify the identity of their third-party vendors,” said Karim Nemr, Chief Business Officer of PXL Vision. “By using Daego®, businesses using SAP® Fieldglass® solutions can reduce fraud and introduce enhanced due diligence on third-party contractors.

PXL Vision’s Daego® is a standalone end-to-end digital identity verification solution that can be integrated into any existing SAP Fieldglass environment. Daego® delivers a smooth user experience during an identity verification process through user guidance that requires minimal interaction, thereby allowing businesses to complete this onboarding step smoothly and quickly. 

Benefits include:

  • Reduced contractor identity fraud by adopting enhanced customer due diligence
  • Quick, efficient and secure onboarding process for contractors
  • Minimal deployment time thanks to the integration with SAP Fieldglass solutions.

SAP recently brought together SAP Store and SAP App Center into one single marketplace at store.sap.com. It delivers a simplified and connected digital customer experience for finding, trying, buying, and renewing more than 1,800 solutions from SAP and its partners. There, customers can find the SAP solutions and SAP-validated partner apps they need to grow their business. And for each purchase made via SAP Store, SAP will plant a tree. 

PXL Vision is a partner in the SAP PartnerEdge® program. As such, it is empowered to build, market and sell software applications on top of market-leading technology platforms from SAP. The SAP PartnerEdge program supports partners to facilitate building high-quality, disruptive applications focused on specific business needs – quickly and cost-effectively. The program provides access to all relevant SAP technologies in one simple framework under a single, global contract.

About PXL Vision

PXL Vision is a Swiss market leader for highly secure and fully automated AI-based identity verification solutions. PXL Vision’s uniquely flexible technology supports any customer requirement and business process worldwide. 

PXL Vision AG is a Swiss high-tech spin-off of the Swiss Federal Institute of Technology (ETH). It was founded by former key employees of Dacuda AG, an award-winning computer vision company that sold its 3D division to Magic Leap at the beginning of 2017.

PXL Vision provides leading solutions for the automation and enhancement of identity verification and customer onboarding through tailored software solutions powered by the latest developments in Computer Vision and Machine Learning.

Our team has a proven track record in developing and deploying mass market products that are used by millions of people worldwide.

PXL is headquartered in Zurich, Switzerland, with R&D centers and offices in Serbia, Armenia, Estonia and Canada.


Talk to a PXL Vision ExpertAre you interested in automated identity verification processes for your business? Let’s talk about how facial recognition, passive liveness detection and document scanning can be integrated into your business processes: Secure, fast and easy to use.


# # #

Any statements in this release that are not historical facts are forward-looking statements as defined in the U.S. Private Securities Litigation Reform Act of 1995. All forward-looking statements are subject to various risks and uncertainties described in SAP’s filings with the U.S. Securities and Exchange Commission, including its most recent annual report on Form 20-F, that could cause actual results to differ materially from expectations. SAP cautions readers not to place undue reliance on these forward-looking statements which SAP has no obligation to update and which speak only as of their dates.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE in Germany and other countries. Please see https://www.sap.com/copyright for additional trademark information and notices. All other product and service names mentioned are the trademarks of their respective companies.

A young woman is holding smart phone with scanning facial
Blog

How to Improve Information Security with Facial Authentication Technology

What is information security?

Information security, or infosec as it is commonly called, is the practice of protecting information by preventing or at least reducing the probability of unauthorized access to data. Information security has a long history – spanning from early recorded instances of Julius Caesar’s Caesar cipher (circa 50 B.C.), to the 1st and 2nd World Wars that tore Europe apart — hastening the invention of the Enigma machine.

Nowadays, emails/usernames and passwords are the primary methods used to access and protect our personal information. This is, of course, logical as the flow of our sensitive information has largely moved onto digital channels, evermore so as our world becomes more internet-connected.

This move towards digitalization and internet connectivity is in fact so relevant that another term, “cybersecurity”, which has to do with the security of computers and computer networks, is often used interchangeably with information security.

CIA: the three principles of information security

There are three primary principles of information security expressed by the acronym CIA. Not for the Central Intelligence Agency (CIA) in the US, but rather for the terms: confidentiality, integrity, and availability. However, it is likely that the CIA in the US also applies the CIA rule when it comes to their own information security.

Confidentiality – data is confidential only when those people who are authorized to access it can do so. In order to ensure confidentiality, you need to be able to identify who is trying to access the data and to block attempts by those without authorization. Unique usernames and strong passwords along with two-factor authentication (covered below) provide varying levels of defence against penetration attacks.

Integrity – implies maintaining the data in its owner-defined state as well as the prevention of attacks or accidental mishaps that could lead to unsanctioned modification. Many of the techniques that ensure confidentiality will also protect data integrity. Data that is protected by strong passwords and other similar infosec techniques is more likely to retain its integrity.

Availability – functions in the opposite sense to confidentiality. While it is important to protect your data from unauthorized access, you also need to ensure that it can be accessed by those who have the proper permissions. Information should be made available to those who have the username and password.

Most users of the internet are only concerned with the confidentiality and availability aspects of infosec, given that the integrity of their data is generally the concern of whichever online services they might be using. The username or email and password combo is where the responsibility of the individual computer user lies today. However, infosec at this point can be a rather contentious topic, especially for individuals who are relative newcomers to the internet and computer technology. Most notably here are those who were already much older or from a country currently in the early stages of internet and widespread computer adoption.

Information security in the digital age

By now, most of the developed world is connected to the internet. And while this connectivity, alongside the internet’s growing user base and high number of services that are moving part or all of their services online brings massive benefits to all involved, severe infosec issues are also on the rise. In particular, the pervasiveness of hackers on the world wide web, who take advantage of unsuspecting users is increasing.

To wit, most services that individuals engage with on the internet requires setting up an account, which normally requires entering in an email/username and password. That is fine in and of itself except that many people reuse the same password and username combination for multiple accounts. This activity can and does turn out disastrous for the individual who has their single username/password cracked. Hackers who manage to crack a password will try the same password or slight variations of it on other accounts of the same user.


Request a DemoRequest a demo today to learn more about our innovations in information security and how our flexible and modular product solutions can assist your business today.


It is safe to say that most people have experienced a software attack of one form or another, whether through a virus, Trojan horse or by being lured into a phishing attack. It is also possible that your information has been compromised but that no attack has yet been tried. To help prevent and counteract these attacks, we are instructed about password ethic and warned not to click on any links or enter any personal information on pages that we are not 100% certain about.

Passwords: Single-factor authentication

However, this overt carefulness also adds friction to our online activities and at the end of the day, no matter how careful we are, we are also at the mercy of the online services and companies that we interact with and store our personal information with. Data breaches are all too frequent, and our emails and other sensitive information are regularly leaked. Check your email at Haveibeenpwned?, to see if you have fallen victim to an online hack. The chances are good that you have.

Password management. Information SecurityPasswords that are short and simple enough to remember tend to be very easy to crack. A password checker can be used to verify this. On the flipside, passwords that are long and complex enough to be uncrackable are essentially impossible to remember.

All of this is not to suggest that we do away with usernames and passwords as they certainly serve their purpose, especially with regards to the availability aspect of the CIA acronym. There are some partial fixes such as password managers, and while these programs come highly recommended they still require a certain level of trust of the software that you end up deciding to use. Rather, online information security requires something more. One solution is to use two-factor or multi-factor authentication techniques.

What is two-factor authentication (2FA)?

Two-factor authentication (2FA) or multi-factor authentication, as it is also called, is the act of using more than one factor or method to prove one’s identity. This differs from single-factor authentication which, in online cases, is the username and password combo.

When you visit a bank to withdraw some money (who does that anymore?) the bank teller asks to see your bank card and a piece of photo ID. The bank teller checks the bank card and ID to make sure they are still valid, have your name on them and that the ID contains your photograph. If the photo and name match the person, then the teller can verify that you are who you claim to be. The next step of the process would involve using your bank card by inputting your secret pin number. These two steps combined is an example of two-factor authentication.

However, in the online space, the process of authentication is a little bit different because you are no longer relying on a person to verify and authenticate that you are who you say you are, but you are instead entering your mostly private username and totally private password into an online account. If someone other than you illegitimately gains control of your username/password, they can then pretend to be you by simply entering in the information online. This is precisely why online multi-factor authentication has become really important in recent times.

The act of providing proof in order to authenticate oneself is generally divided into three different categories. These are: something you know, something you have and something that you are.

information security

 

How can facial authentication technology help with information security?

Facial authentication technology uses face scans in order to add an extra level of protection to your login process. In the above box on primary methods of authentication, face scans are categorized as something you are and it is clear that your face belongs to you. Facial authentication technology offers a superior level of account protection especially when combined with strong usernames and passwords.


Request a DemoRequest a demo today to learn more about our innovations in information security and how our flexible and modular product solutions can assist your business today.


After the user has been verified using their username and password, the user’s face can then be used for further account authentication. A face scan can be used as a second factor and incorporates sophisticated algorithms that can pick out the slightest abnormalities and either grant or reject access to the user.

Passwords and facial authentication technology

Long and complex passwords coupled with the use of a variety of different usernames/emails is one of the easiest and best ways to stay safe online. However, doing so would require a password manager (unless you are gifted with a didactic memory) which brings forth a host of other potential issues. What happens if you forget your master password? Or somebody cracks your master password? or you inadvertently leave your password manager logged-in on a device allowing access to all of your passwords?

In these cases, two-factor authentication could be your saviour and it should be employed whenever possible. One of the best ways to accomplish 2FA right now is through facial authentication technology. Fingerprints and retina scans, while still okay for most purpose, have all been proven as beatable, most publicly by the German-based Chaos Computer Club.

All of the major smartphone companies have integrated facial recognition technology into their newest devices. The top 4: Samsung, Huawei, Apple and Xiaomi have different names for the tech but the algorithms used are similar. Furthermore, because traditional authentication methods are no longer sophisticated enough to keep up with today’s advanced fraud landscape, high-risk industries like banking and finance are turning to face-based identity authentication and verification instead.

PXL Vision is a leading provider of facial biometric technologies

Get in touch with us today to learn more about our innovations in facial biometrics and how our flexible and modular product solutions can assist your business today.


Like what you read? Subscribe to stay informed!


Businessman draw growth graph
Blog

BaFin: Germany’s Federal Financial Supervisory Authority

What is BaFin?

BaFin is the acronym of the Bundesanstalt für Finanzdienstleistungsaufsicht in Germany, which translates to the Federal Financial Supervisory Authority. Similar to the Securities and Exchange Commission (SEC) in the US, or the Financial Conduct Authority (FCA) in the UK, BaFin regulates and supervises Germany’s financial sector.

BaFin was created by the Financial Services and Integration Act of 2002, which merged three existing Federal agencies: the Banking Supervisory Office, the Supervisory Office for Securities Trading and the Insurance Supervisory Office. It is one of the largest financial supervisory authorities in Europe, with around 2500 employees.

BaFin has two headquarters – both in cities located along a historically important river system – and about a 2-hour drive from one another. The first office is in Bonn, which is also the former capital of West Germany, and is situated along the Rhine. BaFin’s second office is in Frankfurt am Main, which is located on the Main river, the longest tributary of the Rhine.


Request a DemoPXL Vision leverages the experience and knowledge of its legal team in online identity verification and applies the latest technologies in identity verification in order to streamline the online ID process for your business. Request a demo today to learn more about our company.


BaFin’s decision to headquarter themselves in Frankfurt am Main is no coincidence as the city is considered one of the financial capitals of the world and is also home to the European Central Bank. What better way to keep an eye on the country’s financiers then by locating the financial supervisory offices in the same city?

BaFin: Germany’s Federal Financial Supervisory Authority
The skyline of downtown Frankfurt am Main, Germany

However, in an interest to be or at least to be seen as humble, BaFin’s Frankfurt headquarters are located far from the city’s impressive, skyscraper-laden downtown. Instead, they are located in the not so remarkable far-North of the city, in a subdivision of Frankfurt proper[1]. BaFin’s less than stunning locations are likely chosen on purpose, given that the authority funds itself by taxing the financial institutions that it supervises.

[1] The location of Bonn’s headquarters is not anymore impressive.

What does BaFin do?

BaFin is responsible for ensuring the stability and integrity of the German financial system, which is the largest financial market in Europe. It is an independent institution and reports directly to the German Federal Ministry of Finance. BaFin exercises its authority over Germany’s financial system across all of its different financial intermediaries: banks, financial services companies, insurance companies, stock exchanges, and other obligated entities.

BaFin, Germany - AMLOne particularly important role of BaFin is the identification and elimination of financial crime in order to prevent the financing of terrorism. BaFin accomplishes this through its anti-money laundering (AML) framework under the authority of Section 50 of the Money Laundering Act – known in Germany as the Geldwäschegesetz (GwG). In order to comply with BaFin’s AML rules, banks and other financial institutions must develop and implement a risk-based AML program with strong KYC and other customer due diligence measures.

According to BaFin’s website, the organisation follows an industry-appropriate approach which they base on recognised European supervisory standards. BaFin’s duties and responsibilities include but are not limited to: the licensing of new banks and financial institutions and the supervision of existing institutions in order to ensure their compliance. Furthermore, BaFin collects financial statements and reports in order to evaluate them under the auspices of Germany’s central bank.

BaFin has the authority to initiate legal action against financial institutions that violate its rules and regulations and they also have the power to impose financial penalties, remove personnel from their positions in banks and, if necessary, appoint external supervisors to take over the management. However, BaFin prefers to work with offending institutions in order to resolve any issues with as little interference as possible.

Why is BaFin important?

As mentioned, a sizeable charge of BaFin’s regulatory work revolves around anti-money laundering (AML) and the prevention of terrorism financing. The latter of which entered rather forcefully into effect after the 9/11 World Trade Centre attacks on New York City.

The overarching goal of AML is to verify with a high degree of assurance that customers are who they say they are and that they are not likely to be engaged in criminal activity. Exact numbers on how much money is laundered around the world are difficult to come by given that it is an illicit activity that goes unreported. Various agencies, however, have estimated that money laundering accounts for approximately 2-5 percent of global GDP.

BaFin and the Wirecard scandal

At this point in time it would be remiss to write an article on BaFin and not mention the Wirecard scandal. Wirecard AG, a German payment processor, entered into insolvency in the summer of 2020 after revelations that €1.9 billion was missing from its accounts. While many of the case’s finer details are still being investigated, a documentary by RTL, a German broadcaster, is set to be released in early 2021, which will likely be a very engaging watch.

In short, the Wirecard scandal falls under the auspices of BaFin and the organisation has been heavily criticised for its poor handling of the situation. As the regulator for one of the world’s most influential economic powers, BaFin is tasked with representing Germany on the global stage. It is BaFin’s responsibility to ensure the stability and integrity of the German financial system and it clearly failed on all accounts with regards to the Wirecard scandal.

An article published in Forbes at the end of 2020 is a little less hard on the financial regulator, reasoning that “the regulatory structure for fintechs requires improvements in order to encompass the next generation of finance”.

How PXL Vision helps businesses maneuver through BaFin’s regulatory framework

Among other regulations, BaFin requires German-based banks and other financial service providers to perform online identification and verification through a compliance professional for new account openings. This process will be complicated and tedious for many companies, especially for ones that aren’t used to working with BaFin.


Request a DemoPXL Vision leverages the experience and knowledge of its legal team in online identity verification and applies the latest technologies in identity verification in order to streamline the online ID process for your business. Request a demo today to learn more about our company.


Like what you read? Subscribe to stay informed!


  • 1
  • 2
  • 4