Internet connectivity will soon be available to most of Earth’s inhabitants. Global internet connectivity is now more than 50 percent; a threshold calculated to have been surpassed sometime in 2018. While the benefits of global connectivity are huge, there are some burgeoning issues that still require a solution.
A clear benefit of global connectivity is the flexibility to interact and transact with anyone from anywhere in the world. And while this is certainly a defining achievement for all humanity it adds the challenge of trust and the pressing need for assurances that you know who you are dealing with online.
This post will explore these above ideas in greater detail and also give a behind the scenes look at the digital identity verification industry in which we play a defining role. At PXL Vision, we are committed to solving the issue of online identity fraud and other security issues related to the “semi-anonymity” state of the internet.
Online global connectivity
While connecting the first half of humanity to the internet certainly had its obstacles, connecting the second half will be exponentially more difficult. The reason for this is that many of the still-to-be-connected live in the global south, where pre-existing infrastructure and also the economic ability to pay for new infrastructure are lacking.
However, from small, rural villages in the mountainous Andes to the vast landscapes of Africa and into the arid lands of the Middle East, there exists the overwhelming will by all globally-minded citizens to connect to the internet. And as the old adage goes: where there is a will, there is a way.
The race towards global internet connectivity is, in fact, playing out before our very eyes. Jeff Bezo’s Project Kuiper and Elon Musk’s Starlink are two such projects that aim to bring us much closer to global internet connectivity. A quote from Starlink’s website neatly summarizes the problem and the solution to connecting the rest of humankind to the internet:
“Starlink is ideally suited for areas of the globe where connectivity has typically been a challenge. Unbounded by traditional ground infrastructure, Starlink can deliver high-speed broadband internet to locations where access has been unreliable or completely unavailable.”
If you want to see the progress of this undertaking for yourself, check out James Darpinian’s satellite tracker website. Enter your coordinates and you can find the best time to view Starlink’s satellites and/or other satellites as they fly over you.
However, this article is not really about the race to connect the other half of the world (as interesting as that topic is) but more about how to introduce a dutiful amount of trust into your online interactions by knowing who you are interacting with.
Trust issues of online identity
The issue of identity on the internet is not new; at least not new when considering the timeline of the internet itself, which dates back to 1989 and the beginning of the world wide web and the quest for global connectivity.
Since the earliest days of the internet, the issue of identity and trust has revolved around the right to anonymity and the concept of privacy. Different schools of thought are equally vocal on this issue: some say anonymity ruined the internet, while others cry foul that the internet is no longer anonymous and wish for a return to the glory days of the past.
The first linked article above leads to an opinion piece in The Atlantic by Walter Isaacson, a former president of the world-renowned humanities’ think tank, the Aspen Institute. A quote there by Isaacson lays bare the motivations of the online identity verification industry:
“So the best approach, I think, would be to try to create a voluntary system, for those who want to use it, to have verified identification and authentication. People would not be forced to use such a system. If they wanted to communicate and surf anonymously, they could. But those of us who choose, at times, not to be anonymous and not to deal with people who are anonymous should have that right as well. That’s the way it works in the real world.”
Regardless of what side you personally take on the underlying debate of identity, anonymity and the internet, the best possible outcome lies somewhere in the middle. Sometimes, anonymity on the internet is nice to have but at other times real, provable identities are equally as important. At any rate, it is easy to stay at least borderline anonymous on the internet if you are careful. You can surf with the “private browsing” setting that most internet browsers have and furthermore only connect to the internet through a VPN. There are also a number of higher-level steps that you could take to browse the internet completely anonymously.
There are a number of “good” reasons to want to remain anonymous on the web; for instance, if you are an activist, journalist or whistleblower. There are also a number of “bad” reasons to want to remain anonymous, such as planning terrorist attacks, fraud and even trolling.
The online identity verification industry is interested in upholding the good reasons and preventing the bad reasons by building trust through identity, where it matters.
External contractors / remote work and fraud
One of the “bad” reasons for anonymity on the internet, which is of particular interest to our operations at PXL Vision, is workforce fraud. Workforce fraud is a complex and growing issue (especially in our current pandemic times), which sees fraudsters taking advantage of remote work opportunities and other contractual agreements by using fake identities.
Once connected, anyone can leverage the power of global connectivity and the internet to their benefit. Of foremost value is the ability to source talent from anywhere on Earth. Established companies and startups alike are both able to benefit from remotely outsourcing some of their operations or hiring external contractors in order to improve their business prospects.
Prior to the advent of the internet, work or business was often concluded face-to-face and involved varying levels of eye contact. The parties involved, whether employer/employee or business/external contractor could ascertain to within a reasonable doubt whether or not the other party was who they said they were.
However, in the 21st century, entire workforces can interact purely online and never actually meet in person. And while this offers numerous advantages, it has also invited some disadvantages such as workforce fraud. This is also precisely why PXL Vision has partnered with SAP® Fieldglass.
Which industries in particular face increased workforce fraud?
Thanks to the push for global connectivity, the tendency towards more remote work is no longer limited to a handful of industries. Nowadays, just about every industry that operates even a portion of its business online can easily outsource some of its efforts to external contractors.
The following list of industries, all of which necessitate a high-level of identity clearance, is far from a complete list of the numerous use cases in the online identity verification industry, but it stands to underline the importance of identity verification in the remote workplace.
The construction industry has traditionally involved varying levels of fraud and that is no different today, with the exception that much of the fraud has moved to online channels. Furthermore, with tight timelines, budgets, and a lot of outsourcing to subcontractors, a digital identity verification solution is really the only way to stay on top of who’s who.
Finance & Banking
Banks heavily rely on external workforces to gain fast and flexible access to the skills they need to stay competitive. Banks must ensure that workers have passed background checks and are who they say they are. Furthermore, it is the banks duty to safeguard customer information, financial data and intellectual property. Digital identity for online finance and banking is also required under most anti-money laundering (AML) initiatives around the world.
Society is on the cusp of a massive shift as the boomer generation is set to retire. Many new workers are entering the insurance industry to work for in-demand positions such as data scientists and IT experts. As in the case for the banking and finance industry, the safeguarding of customer information is a high priority.
The telecommunication industry is a highly-regulated sector for both the network provider and the network’s users. Communication is a matter of national security and is therefore important that the identities of all those working in the industry are verified.
The rail industry is a massive employer for all countries that maintain an extensive network. There are ebbs and flows to the labour needs as well; for example, in the U.S. and Canada during the harvest season. It is important to be able to legally identify this often very remote-based contract labour in a safe and secure way.
Aerospace & Defense
Aerospace and defense are by their very nature critical employers that require a perfect oversight of the people working in the industry.
Much like the railway and telecommunication sectors, utilities such as electricity and water suppliers as well as other related organizations behind public-service infrastructure, require high levels of security. These companies need to know who is working for them and when.
Oil, Gas & Chemical
These are especially volatile industries. A fraudulent worker with terrorist motivations could wreak havoc on a population centre that is located next to a facility dealing in these compounds. If you remotely hire your employees or contractors to later work onsite at one of your oil & gas facilities, you need to know who they are. Furthermore, the infrastructure behind the fossil fuel industry consists of very expensive precision tools and machinery which requires specialist contractors to run.
Other non-work related use cases for online identity verification
As mentioned, there are many other non-workforce-fraud related use cases for online identity verification. For example: online marketplaces are rife with bad actors who take your money and send you nothing in return. Likewise, online gambling sites have long been a compliance and legal free-for-all but many countries are now requiring strict KYC/AML laws in order to continue operations.
The sharing economy in general has faced many issues of fraud – which we wrote about here. For example, Airbnb has had issues with identity fraud and people misusing the platform in a variety of ways. Other room-booking websites take note!
Online dating is also on the rise and is an area where you would want to ensure that the people you are flirting with are who they say they are before you decide to meet them or let them into your home.
Telecommunications, which is covered in the workforce fraud section but also here in that users might want to and at times have to use identity verification controls to log into their smartphone or begin a contract.
Financial services such as online payments and online access to bank accounts requires secure, identity based logins. Also, many fintech companies do not have any brick-and-mortar establishments to visit and all business is done through an app or a website.
How PXL Vision makes global connectivity securer
PXL Vision can help your business secure its operations by verifying the identity of all who participate in your online ecosystem whether it be for hiring remote workers, ecommerce or for participating in the sharing economy. PXL Vision even offers a standalone Plug and Play version named Daego® which stands for digital alter ego, which allows you to immediately use our solution . PXL Vision’s ID platform is furthermore partnered with SAP® Fieldglass, which adds the extra utility of an identity verification solution built into SAP’s vendor management system.
Some new technologies blend so seamlessly into our lives that we often end-up regularly using them without awareness. Near-Field Communication (NFC) is one of these technologies.
What is NFC technology?
Near-Field Communication (NFC) is a set of communication protocols for a two-way wireless data transfer between two electronic devices. “Near-field” refers to the fact that the two devices have to be positioned near one another in order to communicate – with a maximum distance of 10 centimeters or less.
The onset of commercially applicable NFC technology began in the early 2000s. At this time, Sony, Philips and Nokia experimented with and built on earlier technologies and patents such as Radio Frequency Identification (RFID) technology (around since the 1980s) and invented NFC technology.
The confusion around NFC and RFID technology
The terms NFC and RFID are often used interchangeably and oftentimes incorrectly. It is excusable and can hardly be called a mistake given that NFC is actually a specialized subset of RFID technology. Or, put strongly, Near-Field Communication is an evolution of RFID technology.
Generally speaking, both NFC and RFID technologies are forms of wireless communication – i.e. they transfer information through the air between a transmitter and a receiver via radio frequency (RF) waves. Other forms of wireless communication include amongst its ranks: AM/FM radio, Bluetooth and Wi-Fi.
There are a number of important differences between NFC and RFID and that is where some clarification between the two technologies is helpful. Mostly because it is the differences that lead to the varying use cases of each technology. If you are familiar with the difference between scanning printed barcodes and scanning QR codes, you will already better understand the different directions that these technologies have taken.
For deeper insight into these differences take a look at BlueBite, a company that works directly with NFC and RFID technologies. A short synopsis of an infographic on their website labels RFID as “item-centric” and a technology that improves upon printed barcodes. Whereas NFC is labeled as “user-centric” and a technology that improves upon QR codes.
RFID – As an improvement on printed barcodes, RFID does not require a direct line of sight. It has a standard read range of up to 10 metres for passive tags and a 100 metres if the RFID tag is powered. Specialized readers are usually required in order to interact with RFID tags, but there is some crossover here whereby certain NFC-equipped smartphones are able to read these tags. RFID technology is primarily used for (item-centric) supply-chain inventory tracking and for loss prevention at stores – noted by the two electronic towers prominently placed at most store exits. One of these two towers is a transmitter while the other is a receiver and when you pass between them with an RFID tag that has not been deactivated, the alarm will sound.
NFC – As an improvement on QR codes, NFC also does not require a direct line of sight. This is, however, where the differences between RFID and NFC take a hard turn. The read range of NFC maxes out at approximately 10 centimetres – which actually doubles as a feature for improved security (e.g. for payments). NFC is primarily used to add consumer (user-centric) utility to products, such as for product authentication and access to exclusive content.
A final important difference between the two technologies is that Near-Field Communication allows data to flow in both directions. This means that NFC enabled devices can exchange data, whereas RFID only works in one-direction and therefore the amount of data is limited to what an RFID tag can store – which is usually no more than 2KB.
PXL Vision utilizes NFC technology to permit individuals to remotely identify themselves by using their electronic passports or other NFC/RFID equipped identity document. Learn more about our online identity verification solutions by requesting a demo today.
10 Consumer Use Cases for NFC technology
NFC technology is by now nearly ubiquitous across all major smartphone manufacturers. Nearly every new smartphone has NFC technology as a standard. Apple was one of the last companies to get on board with NFC technology and is unfortunately still only halfway there but their latest releases appear to have finally welcomed the technology.
1) Payments – The number one use case for Near-Field Communication technology today is contactless payments with a smartphone. This use case in particular is why the maximum communication distance of 10cm is a feature rather than a hindrance. It would be terribly inconvenient if your phone accidentally paid for someone else’s purchase while standing in line at the supermarket. Google Pay and Apple Pay are the frontrunners for NFC payments, though there are other companies also providing NFC payment apps. Of these, PayPal is probably the best known but there is also Venmo, which works seamlessly with Facebook, but is not supported by most brick-and-mortar retailers.
Other than payments there are a number of other lesser known use cases for NFC technology. A selection of them follows below. Of course, some of the following use cases are not new and were already in use when RFID was the standard.
2) Public transit – NFC to pay for public transit. What a convenience! Many of us grew up fumbling with coins and paper tickets, but now major urban centres all over the world are adopting NFC payment systems. Simply tap your transit card or smartphone onto a terminal and you are permitted to ride. Public transit NFC has led to faster payment times and less platform congestion around ticket machines. NFC is also more environmentally friendly, bypassing wasteful paper tickets. Unfortunately, data privacy has been an issue as many public transportation agencies have been logging the date, time, bus route and bus stops of passengers; for example in Berlin, Germany.
3) Controlled access – NFC or more traditionally RFID technology has long been at the centre of controlled access, such as for institutions, workplaces, hotel rooms, fitness centres and, of course, residential buildings.
4) Travel – Most passports have an embedded RFID chip which can be read by the NFC hardware on your phone. This has, in particular, been a boon for the travel industry as it has led to speedier border crossing / airplane boarding times.
5) Bodily implants – Yes, that’s right! Another use case for NFC is via implants into your body. These could be useful for a number of reasons, but might not be suitable for the needle-squeamish. Of course, we have been implanting our pets with RFID/NFC chips for many years and no one seems to mind. If only dogs could talk!
6) Embedded experiences – NFC connects the physical world to the digital world. Art museums, such as the Museum of London, are using the technology to digitally enhance their exhibits. Stores and supermarkets could also use NFC this way, in order to provide more information about its products, link to loyalty cards, or enhance the check-out experience. However, while there have been some fits and starts to using NFC in these ways, a quick Google search suggests that it has not really caught on yet.
7) Product authentication – To protect against counterfeits/fakes at those high-end stores where they sell Gucci bags. Here’s a Gucci bag that costs 2100 Euros! Hopefully it’s not a counterfeit!
8) Task optimization – You can purchase NFC tags online or elsewhere and then download an NFC read/write app (e.g. NFC Tools/NFC Tasks) to automate certain tasks on your smartphone or other smart devices.
9) Smart homes – There are a number of uses for NFC tags around the home. Firstly, for turning things on and off or adjusting lighting levels. You can set reminders for when to water your plants or set a timer when you start the washing machine. Various smart home kits are available from Amazon, Google, Apple and others.
10) Sharing files – There is an NFC functionality for sharing photos, contacts and other data between two devices using software such as Android Beam. This allows two people to directly share data peer-to-peer without having to first upload it and then download it to the cloud. However, due to the close proximity required for data transfer and its slow speeds, peer-to-peer NFC data transfer has seen rather slow adoption. More often than not, Near-Field Communication is used to bootstrap two devices to connect across another channel such as Bluetooth or WiFi.
5 reasons why NFC adoption will continue to increase
1) It’s secure. NFC transmissions are short range giving the individual more control over how they interact with the technology.
2) It’s versatile. NFC can easily be implemented across a broad range of industries and situations.
3) It’s open technology and standards-based. Universal standards provide more choices for customers and leads to stable systems.
4) It works with multiple systems. For example, smartphone based NFC already works with existing contactless card technologies.
5) It has working committees promoting its adoption. NFC has a number of primarily industry-led organizations working behind the scenes to increase NFC adoption. One of these is the NFC Forum.
The NFC Forum
The NFC Forum launched as a non-profit in 2004. NFC Forum’s mission is to advance the use of Near-Field Communication technology by developing specifications, ensuring interoperability among devices and services and educating the market about NFC technology. The usual major technology companies are behind the NFC Forum, such as Apple, Google, Intel, MasterCard, Samsung, Sony and many others.
According to their website, the NFC Forum is currently developing specifications for a modular NFC device architecture in order to enable a consistently positive user experience. Furthermore, they are educating enterprises, service providers, and developers on how to use NFC technology to deliver impactful solutions and grow their businesses as well as developing specifications, test mechanisms, and guidelines that ensure consistent, secure, and interoperable use cases worldwide.
How PXL Vision leverages NFC technology
Another use case for NFC technology aligns with travel (use case number 4, above). Passports or other government-issued identity documents which are equipped with an NFC/RFID chip can be used for online identity verification purposes. Many passports these days already have an encrypted NFC/RFID chip built-into them with varying types of information (data) on them, depending on the jurisdiction. In some jurisdictions, the data might even be biometric in nature.
The verification of the biometric NFC chip provides the highest security in document verification today. However, not every user device has the reading capability and also most locally used identity documents, such as driver’s licenses or national ID cards don’t yet have a chip embedded.
As an online identity verification company, PXL Vision utilizes NFC technology where feasible, permitting individuals to remotely identify themselves by using their electronic passports or other NFC/RFID equipped identity document. Learn more about this and our other online identity verification solutions by contacting us today.
Digitalization is transforming workforces
Remote work or outsourcing is on the rise and with it so is remote hiring, as well as the need for remote employee management. While the current trend towards remote work is largely fueled by the corona pandemic, the ongoing digitalization of the workplace over the past few decades plays a much larger role – if the work can be completed with a computer, it can be outsourced. While the pros and cons of remote work differ depending on who you ask, one thing is clear: working from home introduces a whole host of new challenges for employers.
The scope of this article focuses on the employer and specifically the challenges of remote recruitment, remote hiring and the remote management of employees. In particular, this article looks at the issue of workforce fraud. Given the nature of remote hiring and remote working, there is essentially no way to ensure (without a doubt) that the person at the other end of the agreement is who they say they are.
There are fraudsters who pose as jobseekers whether for short term freelance assignments or more permanent roles that require advanced skillsets. Employee or contractor fraud occurs across all industries that use remote workers or outsource part or all of their workforce. Fortunately, there are solutions available on the market to combat this fraud in order to ensure the integrity of remote workforces today. These “digital onboarding” solutions are able to verify with a high degree of accuracy that the people working in or for your organization are indeed who they say they are.
The best solutions apply the latest advancements in computer vision, machine learning and facial recognition technologies and have been proven to be extremely accurate in verifying online identities.
PXL Vision’s Daego® is now available in the SAP Store!
Daego® delivers a smooth user experience for verifying the identity of your external workforce. It guides your contractor through a series of simple steps with minimal interaction using facial recognition, passive liveness detection and document scanning.
Remote work and fraud
In principle, the solution for hiring and managing your external workforce is clear: a careful vetting of potential employees followed by a rigorous background check. Following that, a regular (daily or weekly) checkup to ensure that targets are being met and that quality is being maintained. However, in reality, this is a lot easier said than done and the processes involved take resources from your company that could be better used elsewhere.
For the remote hiring phase, in particular, it is difficult to know whether the documents submitted by the potential new hire are indeed authentic and actually belong to that person. What if the documents were purchased off the darknet (see below) and are being used fraudulently?
There is a growing epidemic of identity fraud. Some of these fraudsters pose as job seekers and use fake identities to apply for jobs; whether at small companies, massive corporations, not-for-profits or government institutions. Fraud occurs across all industries that outsource work from banking to construction, healthcare, insurance, energy, rail and utilities; the list goes on.
Fraudsters hide behind well-designed facades of fake identities; they use fake names and titles, as well as fake social media profiles and fake resumes to ply their trade. It is a highly-skilled art, in which not only the gullible fall victim but also the skeptical. Once the fraudulent employee or contractor is successfully onboarded they might finish just enough work to remain below the radar, such that nobody notices. Or perhaps, the finished work or materials used will be of subpar quality and the fraudulent contractor will have disappeared before anyone notices.
Depending on the industry, fraud can take a variety of different forms. In banking, it might be the case that fraudulent employees steal customer access codes and other personal data. In the construction industry, fraud might involve billing for incomplete or subpar work with poor materials. Fraud in healthcare might involve not having the necessary credentials to work in the role applied for. Fraud in the energy sector might see valuable trade secrets stolen and sold to their competitors.
5 outsourcing fraud techniques you should be aware of
- Paid for work, left unfinished. Some fraudulent job seekers ask for an upfront down payment and then never finish the work.
- Lying about the number of hours worked. It is really difficult to track how many hours your remote employees actually work.
- Overestimating budgets or going over budget. With limited oversight of the workflow, it is nearly impossible to budget accordingly. Fraudsters will take advantage of this.
- Intellectual property theft and stolen ideas. Whether patent infringement, trademark or copyright violations, or the disclosure of trade secrets.
- Identity theft. Fraudulent employees could use your name/bank account details and steal from your company accounts.
PXL Vision’s Daego® is now available in the SAP Store!
Daego® delivers a smooth user experience for verifying the identity of your external workforce. It guides your contractor through a series of simple steps with minimal interaction using facial recognition, passive liveness detection and document scanning.
The fraudsters toolbox
The fraudulent jobseeker is well-practiced in the art of, well, applying for jobs. These days most hiring takes place online and interviews are usually held remotely through an internet call. A fraudster can easily spoof the location of this call using a virtual private network (VPN). The fraudster submits copies of the fraudulent documents which they purchased from the darknet. Finally, many companies do not have the wherewithal to do a full background check anyways and they often simply copy over the information as it appears on the identity documents.
You might be wondering just how easy it is to purchase fake documents on the darknet. For the majority of people, the darknet is this seemingly mythical place often talked about but never fully understood. It is, however, very real and easy to get to. Fraudsters who visit the darknet to purchase fake ID documents are also able to learn about the latest tools of their trade there. Have a look here at the current pricing for ID documents and other personal information being sold on the darknet. You might be surprised at how affordable they are. Current reports say that identity theft is rapidly expanding, with estimates that 1 in 5 Europeans have experienced identity theft over the two years from 2018-2019.
In addition to darknet-sourced documents, fraudsters must also be able to cover their tracks. The most important tools are the ones required to cover their “digital fingerprints”. This is possible by using advanced privacy software such as Antidetect and Kameleo, which allows fraudsters to construct fake virtual profiles. In addition, a VPN service and the TOR browser allows the fraudster to spoof their location and hide their online location, which is useful when visiting the darknet.
All of this begs the question, is there anyway to slow down and eventually stop this worrying trend?
PXL Vision’s digital identity verification solution
PXL Vision has the solution in its digital onboarding platform which allows you to verify the identities of the people in your workforce with an accuracy of greater than 99%. Our fully-automated solution takes a photo of the user’s ID documents, followed by a live video selfie of the user. The software then compares the photos from the ID documents to the video selfie of the onboarding user.
PXL Vision has just released its online identity verification solution Daego® – Identity Verification for workforces on the SAP® store where it is directly integrated into the SAP® Fieldglass platform.
SAP® Fieldglass helps businesses to engage with their workforces more efficiently and later manage all aspects of their external workforce from sourcing to on-boarding and off-boarding, invoicing, payment and more.
What is information security?
Information security, or infosec as it is commonly called, is the practice of protecting information by preventing or at least reducing the probability of unauthorized access to data. Information security has a long history – spanning from early recorded instances of Julius Caesar’s Caesar cipher (circa 50 B.C.), to the 1st and 2nd World Wars that tore Europe apart — hastening the invention of the Enigma machine.
Nowadays, emails/usernames and passwords are the primary methods used to access and protect our personal information. This is, of course, logical as the flow of our sensitive information has largely moved onto digital channels, evermore so as our world becomes more internet-connected.
This move towards digitalization and internet connectivity is in fact so relevant that another term, “cybersecurity”, which has to do with the security of computers and computer networks, is often used interchangeably with information security.
CIA: the three principles of information security
There are three primary principles of information security expressed by the acronym CIA. Not for the Central Intelligence Agency (CIA) in the US, but rather for the terms: confidentiality, integrity, and availability. However, it is likely that the CIA in the US also applies the CIA rule when it comes to their own information security.
Confidentiality – data is confidential only when those people who are authorized to access it can do so. In order to ensure confidentiality, you need to be able to identify who is trying to access the data and to block attempts by those without authorization. Unique usernames and strong passwords along with two-factor authentication (covered below) provide varying levels of defence against penetration attacks.
Integrity – implies maintaining the data in its owner-defined state as well as the prevention of attacks or accidental mishaps that could lead to unsanctioned modification. Many of the techniques that ensure confidentiality will also protect data integrity. Data that is protected by strong passwords and other similar infosec techniques is more likely to retain its integrity.
Availability – functions in the opposite sense to confidentiality. While it is important to protect your data from unauthorized access, you also need to ensure that it can be accessed by those who have the proper permissions. Information should be made available to those who have the username and password.
Most users of the internet are only concerned with the confidentiality and availability aspects of infosec, given that the integrity of their data is generally the concern of whichever online services they might be using. The username or email and password combo is where the responsibility of the individual computer user lies today. However, infosec at this point can be a rather contentious topic, especially for individuals who are relative newcomers to the internet and computer technology. Most notably here are those who were already much older or from a country currently in the early stages of internet and widespread computer adoption.
Information security in the digital age
By now, most of the developed world is connected to the internet. And while this connectivity, alongside the internet’s growing user base and high number of services that are moving part or all of their services online brings massive benefits to all involved, severe infosec issues are also on the rise. In particular, the pervasiveness of hackers on the world wide web, who take advantage of unsuspecting users is increasing.
To wit, most services that individuals engage with on the internet requires setting up an account, which normally requires entering in an email/username and password. That is fine in and of itself except that many people reuse the same password and username combination for multiple accounts. This activity can and does turn out disastrous for the individual who has their single username/password cracked. Hackers who manage to crack a password will try the same password or slight variations of it on other accounts of the same user.
It is safe to say that most people have experienced a software attack of one form or another, whether through a virus, Trojan horse or by being lured into a phishing attack. It is also possible that your information has been compromised but that no attack has yet been tried. To help prevent and counteract these attacks, we are instructed about password ethic and warned not to click on any links or enter any personal information on pages that we are not 100% certain about.
Passwords: Single-factor authentication
However, this overt carefulness also adds friction to our online activities and at the end of the day, no matter how careful we are, we are also at the mercy of the online services and companies that we interact with and store our personal information with. Data breaches are all too frequent, and our emails and other sensitive information are regularly leaked. Check your email at Haveibeenpwned?, to see if you have fallen victim to an online hack. The chances are good that you have.
Passwords that are short and simple enough to remember tend to be very easy to crack. A password checker can be used to verify this. On the flipside, passwords that are long and complex enough to be uncrackable are essentially impossible to remember.
All of this is not to suggest that we do away with usernames and passwords as they certainly serve their purpose, especially with regards to the availability aspect of the CIA acronym. There are some partial fixes such as password managers, and while these programs come highly recommended they still require a certain level of trust of the software that you end up deciding to use. Rather, online information security requires something more. One solution is to use two-factor or multi-factor authentication techniques.
What is two-factor authentication (2FA)?
Two-factor authentication (2FA) or multi-factor authentication, as it is also called, is the act of using more than one factor or method to prove one’s identity. This differs from single-factor authentication which, in online cases, is the username and password combo.
When you visit a bank to withdraw some money (who does that anymore?) the bank teller asks to see your bank card and a piece of photo ID. The bank teller checks the bank card and ID to make sure they are still valid, have your name on them and that the ID contains your photograph. If the photo and name match the person, then the teller can verify that you are who you claim to be. The next step of the process would involve using your bank card by inputting your secret pin number. These two steps combined is an example of two-factor authentication.
However, in the online space, the process of authentication is a little bit different because you are no longer relying on a person to verify and authenticate that you are who you say you are, but you are instead entering your mostly private username and totally private password into an online account. If someone other than you illegitimately gains control of your username/password, they can then pretend to be you by simply entering in the information online. This is precisely why online multi-factor authentication has become really important in recent times.
The act of providing proof in order to authenticate oneself is generally divided into three different categories. These are: something you know, something you have and something that you are.
How can facial authentication technology help with information security?
Facial authentication technology uses face scans in order to add an extra level of protection to your login process. In the above box on primary methods of authentication, face scans are categorized as something you are and it is clear that your face belongs to you. Facial authentication technology offers a superior level of account protection especially when combined with strong usernames and passwords.
After the user has been verified using their username and password, the user’s face can then be used for further account authentication. A face scan can be used as a second factor and incorporates sophisticated algorithms that can pick out the slightest abnormalities and either grant or reject access to the user.
Passwords and facial authentication technology
Long and complex passwords coupled with the use of a variety of different usernames/emails is one of the easiest and best ways to stay safe online. However, doing so would require a password manager (unless you are gifted with a didactic memory) which brings forth a host of other potential issues. What happens if you forget your master password? Or somebody cracks your master password? or you inadvertently leave your password manager logged-in on a device allowing access to all of your passwords?
In these cases, two-factor authentication could be your saviour and it should be employed whenever possible. One of the best ways to accomplish 2FA right now is through facial authentication technology. Fingerprints and retina scans, while still okay for most purpose, have all been proven as beatable, most publicly by the German-based Chaos Computer Club.
All of the major smartphone companies have integrated facial recognition technology into their newest devices. The top 4: Samsung, Huawei, Apple and Xiaomi have different names for the tech but the algorithms used are similar. Furthermore, because traditional authentication methods are no longer sophisticated enough to keep up with today’s advanced fraud landscape, high-risk industries like banking and finance are turning to face-based identity authentication and verification instead.
PXL Vision is a leading provider of facial biometric technologies
Get in touch with us today to learn more about our innovations in facial biometrics and how our flexible and modular product solutions can assist your business today.
What is BaFin?
BaFin is the acronym of the Bundesanstalt für Finanzdienstleistungsaufsicht in Germany, which translates to the Federal Financial Supervisory Authority. Similar to the Securities and Exchange Commission (SEC) in the US, or the Financial Conduct Authority (FCA) in the UK, BaFin regulates and supervises Germany’s financial sector.
BaFin was created by the Financial Services and Integration Act of 2002, which merged three existing Federal agencies: the Banking Supervisory Office, the Supervisory Office for Securities Trading and the Insurance Supervisory Office. It is one of the largest financial supervisory authorities in Europe, with around 2500 employees.
BaFin has two headquarters – both in cities located along a historically important river system – and about a 2-hour drive from one another. The first office is in Bonn, which is also the former capital of West Germany, and is situated along the Rhine. BaFin’s second office is in Frankfurt am Main, which is located on the Main river, the longest tributary of the Rhine.
PXL Vision leverages the experience and knowledge of its legal team in online identity verification and applies the latest technologies in identity verification in order to streamline the online ID process for your business. Request a demo today to learn more about our company.
BaFin’s decision to headquarter themselves in Frankfurt am Main is no coincidence as the city is considered one of the financial capitals of the world and is also home to the European Central Bank. What better way to keep an eye on the country’s financiers then by locating the financial supervisory offices in the same city?
However, in an interest to be or at least to be seen as humble, BaFin’s Frankfurt headquarters are located far from the city’s impressive, skyscraper-laden downtown. Instead, they are located in the not so remarkable far-North of the city, in a subdivision of Frankfurt proper. BaFin’s less than stunning locations are likely chosen on purpose, given that the authority funds itself by taxing the financial institutions that it supervises.
 The location of Bonn’s headquarters is not anymore impressive.
What does BaFin do?
BaFin is responsible for ensuring the stability and integrity of the German financial system, which is the largest financial market in Europe. It is an independent institution and reports directly to the German Federal Ministry of Finance. BaFin exercises its authority over Germany’s financial system across all of its different financial intermediaries: banks, financial services companies, insurance companies, stock exchanges, and other obligated entities.
One particularly important role of BaFin is the identification and elimination of financial crime in order to prevent the financing of terrorism. BaFin accomplishes this through its anti-money laundering (AML) framework under the authority of Section 50 of the Money Laundering Act – known in Germany as the Geldwäschegesetz (GwG). In order to comply with BaFin’s AML rules, banks and other financial institutions must develop and implement a risk-based AML program with strong KYC and other customer due diligence measures.
According to BaFin’s website, the organisation follows an industry-appropriate approach which they base on recognised European supervisory standards. BaFin’s duties and responsibilities include but are not limited to: the licensing of new banks and financial institutions and the supervision of existing institutions in order to ensure their compliance. Furthermore, BaFin collects financial statements and reports in order to evaluate them under the auspices of Germany’s central bank.
BaFin has the authority to initiate legal action against financial institutions that violate its rules and regulations and they also have the power to impose financial penalties, remove personnel from their positions in banks and, if necessary, appoint external supervisors to take over the management. However, BaFin prefers to work with offending institutions in order to resolve any issues with as little interference as possible.
Why is BaFin important?
As mentioned, a sizeable charge of BaFin’s regulatory work revolves around anti-money laundering (AML) and the prevention of terrorism financing. The latter of which entered rather forcefully into effect after the 9/11 World Trade Centre attacks on New York City.
The overarching goal of AML is to verify with a high degree of assurance that customers are who they say they are and that they are not likely to be engaged in criminal activity. Exact numbers on how much money is laundered around the world are difficult to come by given that it is an illicit activity that goes unreported. Various agencies, however, have estimated that money laundering accounts for approximately 2-5 percent of global GDP.
BaFin and the Wirecard scandal
At this point in time it would be remiss to write an article on BaFin and not mention the Wirecard scandal. Wirecard AG, a German payment processor, entered into insolvency in the summer of 2020 after revelations that €1.9 billion was missing from its accounts. While many of the case’s finer details are still being investigated, a documentary by RTL, a German broadcaster, is set to be released in early 2021, which will likely be a very engaging watch.
In short, the Wirecard scandal falls under the auspices of BaFin and the organisation has been heavily criticised for its poor handling of the situation. As the regulator for one of the world’s most influential economic powers, BaFin is tasked with representing Germany on the global stage. It is BaFin’s responsibility to ensure the stability and integrity of the German financial system and it clearly failed on all accounts with regards to the Wirecard scandal.
An article published in Forbes at the end of 2020 is a little less hard on the financial regulator, reasoning that “the regulatory structure for fintechs requires improvements in order to encompass the next generation of finance”.
How PXL Vision helps businesses maneuver through BaFin’s regulatory framework
Among other regulations, BaFin requires German-based banks and other financial service providers to perform online identification and verification through a compliance professional for new account openings. This process will be complicated and tedious for many companies, especially for ones that aren’t used to working with BaFin.
PXL Vision leverages the experience and knowledge of its legal team in online identity verification and applies the latest technologies in identity verification in order to streamline the online ID process for your business. Request a demo today to learn more about our company.
What is machine learning?
Machine learning (ML) is a subset of artificial intelligence (AI). While the field of AI itself covers a lot of territory, it essentially boils down to the simulation of human intelligence in machines (computers).
ML involves the programming of algorithms that can learn from themselves and even make their own predictions.
ML allows machines to learn from past experiences – much as humans do – by analysing their output and using it as an input for the next operation.
ML algorithms learn from data to solve problems that are too complex to solve with conventional programming.
Deep learning is a subset of machine learning which is derived from running multiple layers of ML algorithms together at the same time.
Note: The terms machine learning and deep learning are often used interchangeably. Most machine learning today is actually conceived at the deep learning level.
A short history of digital technology: from mainframes to machine learning
In order to better understand how artificial intelligence and machine learning fits into modern digital technology, it is useful to consider the technologies in a historical context.
The technological trajectory that brought us AI and by extension machine learning is best summed up in a diagram published in the “Digital Transformation Initiative” report by the World Economic Forum and Accenture. The diagram (Figure 1) outlines the combinatorial effects of technology: “where the capability of technologies working in tandem far exceed their capabilities when deployed separately”.
Notice how each new technology looks like a wave building off of the technology that came before it – this is the combinatorial effect of technology.
The birth of mainframe computers in the 1950s, led by IBM* and a handful of other companies, made way for the personal computer (PC) of the 1980s. Later, the Apple and Microsoft operating systems (OSs) further forged the home PC market which then steered the rapid scaling of the internet. The early eCommerce internet (web 1.0) preceded the mobile and cloud-computing internet of today (web 2.0) which has ushered in big data and the internet of things (IoT). This abundance of data now feeds the algorithms used in AI and machine learning.
The curve representing AI and ML has taken-off sometime around the year 2010. A question mark implies that it is anybody’s guess as to when this curve will start to come down, but if the prior technological leaps are of any indication, the cumulative capability of AI and ML technology will be immense.
* IBM is still a major player in the digital transformation and is especially active in machine learning (link to IBM’s machine learning landing page, which offers a relatively accessible, technical explanation of machine learning).
Expert systems: early forerunners to AI and ML
Expert systems are considered as the direct descendants of AI and machine learning. While most accounts date the beginning of AI research to a 1956 workshop at the ivy-league Dartmouth College, research into AI began in earnest in the 1980s when so-called “expert systems” proliferated.
Expert systems were designed to solve complex problems by reasoning through large bodies of knowledge. There were, however, a number of issues with these systems which prevented them from catching-on at the time.
First, these systems required a human expert to provide the knowledge base. In many cases, this was too costly for organizations, as it would divert their employees from their regular work. Additionally, some of these human experts felt threatened by the encroaching AI, believing that it would negatively impact the value of their expertise.
Second, these systems were based on the notion that expert knowledge consists of a collection of rules (if-then statements or conditional computing). When these systems were faced with a problem that they didn’t have the knowledge to, they were unable to solve the problem.
Third, knowledge is only part of the equation to “intelligence”, the other part relies on when and how to use it, or how to adapt it to a variety of constantly changing situations.
Things are clearly different now, the expert systems of yesteryear have essentially morphed into machine learning that can harness data from the internet and can be programmed to learn from its own data output.
Machine learning in action
Machine learning has already led to immense changes in our society. However, if you do not directly work in the technology sector or engage with the topic, the extent that this technology has changed and continues to change society might be unclear.
The chances are actually quite high that you currently use multiple products or services that employ machine learning technologies, as a growing number of companies are leveraging ML over an exceedingly wide variety of industries.
Netflix for starters, uses customer data to predict what audiences want. In fact, Netflix employs ML technology so effectively that they have all but eliminated the industry standard of pilot episodes. Instead, the company will invest from the beginning in multiple seasons of new shows which they are certain will be a hit because their algorithms tell them so. Other streamed media, from Spotify to YouTube, also rely heavily on machine learning algorithms in order to deliver content that matches user’s likes.
Just as well, all of the major social media platforms from Facebook to Twitter, Instagram and TikTok employ ML algorithms to deliver more of the content that their user’s want.
Online shopping portals such as Amazon leverage ML algorithms to recommend other things that you might want to buy based on your past searches. Furthermore, the constantly changing prices of goods on Amazon and other online stores are also decided by an ML algorithm. Savvy shoppers will save items in their baskets and wait until the price lowers. Extra savvy shoppers will use services, such as camelcamelcamel, that show the price of goods over time on Amazon et al., and use this to their advantage.
Most email filtering programs employ ML in order to stop spam. Chatbots use a combination of pattern recognition and natural language processing in order to interpret a user’s query and provide suitable responses. Even Hello Barbie used a ML algorithm that was able to reply to its users from 8000 different responses. However, due to privacy concerns, the doll and the service was discontinued.
IBM’s Watson has long been famous amidst fans of Jeopardy for regularly (always?) winning against the show’s previous highest scorers. Watson is powered by an ML algorithm which enables computers to process text and voice data as well as understand human language the way people do. Watson was already introduced in 2010 and yet most are probably still unaware that ML technology was and is at work in the background. Nowadays, Watson has many more applications besides playing Jeopardy.
Another major ML project is self-driving cars which, when road-worthy, will most likely be better at driving than humans as AI does not get distracted or drunk. Self-driving cars use ML to continuously identify objects in their environment, predict how the objects will move and guide the car around the objects as well as towards the driver’s destination. Now, if we can only figure out a way to keep the hackers at bay.
The myriad digital assistants on the market, such as Apple’s Siri, Amazon’s Alexa and Google’s Assistant also make use of ML natural language processing.
The list goes on and on for AI, machine learning and its uses and it is being added to everyday as more and more use cases are dreamed up and developed.
How machine learning is used in facial recognition technology
The industry around facial recognition technology is rapidly maturing due to advances in AI, ML and deep learning technologies. Facial recognition is a technology that is capable of recognizing a person based on their face. It employs machine learning algorithms which find, capture, store and analyse facial features in order to match them with images of individuals in a pre-existing database. There are many strong use cases for the technology which you can read about in our blog here.
How facial recognition technology works is fairly difficult to grasp and a quality explanation would go far beyond the parameters of this article. For our purposes, we will consider the four overarching problems that a machine needs to solve in order to recognize a face. They are: face detection, face alignment, feature extraction, face recognition and face verification.
Face Detection – The machine must first locate the face in the image or video. By now, most cameras have an in-built face detection function. Face detection is also what Snapchat, Facebook and other social media platforms use to allow users to add effects to the photos and videos that they take with their apps.
Face Alignment – Faces that are turned away from the focal point look totally different to a computer. An algorithm is required to normalize the face to be consistent with the faces in the database. One way to accomplish this is by using multiple generic facial landmarks. For example, the bottom of the chin, the top of the nose, the outsides of the eyes, various points around the eyes and mouth, etc. The next step is to train an ML algorithm to find these points on any face and turn the face towards the centre.
Feature Measurement and Extraction – This step requires the measurement and extraction of various features from the face that will permit the algorithm to match the face to other faces in its database. However, it was at first unclear which features should be measured and extracted until researchers discovered that the best approach was to let the ML algorithm figure out which measurements to collect for itself. This process is known as embedding and it uses deep convolutional neural networks to train itself to generate multiple measurements of a face, allowing it to distinguish the face from other faces.
Face Recognition – Using the unique measurements of each face, a final ML algorithm will match the measurements of the face against known faces in a database. Whichever face in your database comes closest to the measurements of the face in question will be returned as the match.
Face Verification – Face verification compares the unique properties of a given face to another face. The ML algorithm will return a confidence value to assess whether the faces match or not.
PXL Vision’s Facial-Recognition / Verification Solution
PXL Vision provides leading solutions for the automation and enhancement of digital identity verification and customer onboarding through tailored software solutions powered by the latest developments in artificial intelligence and machine learning technologies.
The team has extensive experience and expertise in building highly complex machine learning technologies and the passion and know-how to bring them to the market.
Contact PXL Vision today for more information on how our facial recognition software can meet your business needs.
What is compliance?
In general terms, compliance means to conform to a rule, such as a policy, directive, regulation or law. Compliance is the goal that businesses and organizations need to achieve in order to ensure that they are aware of and take the necessary steps to comply with the relevant laws, policies, and regulations of the industry and jurisdictions in which they operate.
Compliance in the financial industry
Compliance varies widely between industries and within different jurisdictions. In the financial industry, compliance plays an important role when businesses and institutions carry out the due diligence requirements which manage the risks of financial crime.
A large sub-section of financial compliance has to do with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations. AML refers to the laws, regulations and procedures intended to prevent criminals from disguising illegally obtained funds as legitimate income. KYC are the steps that businesses take to comply with AML by verifying their customers’ identities.
KYC processes are employed by companies of all sizes for the purpose of ensuring their proposed customers, agents, consultants, or distributors are who they claim to be. Banks and other financial institutions are increasingly demanding that customers provide ever more detailed due diligence information. KYC regulations were initially imposed only on banks and financial institutions but nowadays non-financial industry entities are also liable to oblige.
Of note is that there is no global political authority that applies and enforces conformity to these KYC and AML regulations. Instead, various governments around the world have cooperated to establish a host of institutions and practices which have collectively intertwined to form a defacto regulatory framework as part of the global financial system.
Financial compliance in Germany
BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht), is Germany’s Federal Financial Supervisory Authority which works to ensure, as well as enforce when necessary, regulatory compliance in Germany’s financial market. Most countries around the world have established an authority to regulate the financial activity in their country, and in some cases of its citizens, no matter where they reside (such as in the United States of America).
In BaFin’s English translation of its AML proceedings (in German: Geldwäschegesetz – GwG) we read:
“In accordance with section 51(8) of the Anti-Money Laundering Act, BaFin provides the obligated persons and entities under its supervision with regularly updated interpretation and application instructions for the implementation of due diligence obligations and internal safeguarding measures in accordance with the statutory provisions on the prevention of money laundering and terrorist financing. BaFin also currently issues circulars on topics relating to the prevention of money laundering and terrorist financing.”
This finely worded introduction is followed by a 66-page downloadable PDF in English of the most recent version of the AML proceedings for Germany. The document has also been transposed into a click-through website for added convenience. It is important to note that these English language versions have been translated from the German language as a favour to the non-German speaking audience residing and/or running a business in Germany. The official “binding” version is the German edition, found here as a PDF.
The complexity of financial compliance in Germany
For the purposes of this post we will outline various Parts and Sections of the English language translation of the GwG in order to outline some of the compliance complexities in Germany and, by extension, the global financial system.
The aim is to promote the idea that outsourcing your businesses’ due diligence requirements is a smart business move. In doing so, you will be able to focus more effort on your company’s product / service and its core operations – with the assurance that you are BaFin compliant.
There are a number of companies such as ours which have developed compliance software, commonly referred to as digital onboarding software or as an online identity verification platform, for this purpose.
*Note: The following excerpts are taken from bafin.de’s Geldwäschegesetz – GwG (Money Laundering Act – AML) website. It is in no way complete and is also heavily edited for expediency. It is recorded here for demonstration purposes and to provide an example of the complexities of compliance in Germany. The entire GwG is between 60-70 pages in length and consists of 7 Parts, 59 Sections and 2 Annexes.
Part 2 – Risk management – GwG
Section 4 Risk management
(1) In order to prevent money laundering and terrorist financing, the obliged entities must have in place effective risk management systems that are appropriate for the nature and size of their business.
Section 5 Risk analysis
(1) The obliged entities are to determine and evaluate the risks of money laundering and terrorist financing associated with the business activities they engage in.
Section 7 Money laundering reporting officer
(1) Obliged entities under section … are to appoint a money laundering reporting officer at senior management level and a deputy. The money laundering reporting officer is responsible for compliance with the provisions under anti-money laundering and counter terrorist financing law.
Section 8 Recording and retention requirement
(1) The obliged entity is to record and retain
- data collected and information gathered in the fulfilment of its due diligence requirements
(3) The records may also be stored digitally on a storage medium. The obliged entities must ensure that the stored data
- are consistent with the data and information gathered,
- are available for the duration of the retention period and
- can be made readable within a reasonable period of time at any time.
Part 3 – Customer due diligence requirements – GwG
Section 10 General due diligence requirements
(1) The general due diligence requirements are:
- identifying the contracting party and, where applicable, the person acting on their behalf in accordance with section … and checking whether the person acting on behalf of the contracting party is entitled to do so.
Section 11 Identification
(1) Obliged entities are to identify contracting parties and, if applicable, persons acting on their behalf and (beneficial owners, before establishing a business relationship or executing a transaction.
(4) In the identification, the obliged entity is to collect the following information:
- in the case of a natural person:
- a) their first name and surname,
- b) their place of birth,
- c) their date of birth,
- d) their nationality and
- e) a residential address
- in the case of a legal person or a partnership:
- a) the company, name or trading name,
- b) the legal form,
- c) the commercial register number if available,
- d) the address of the registered office or head office and
- e) the names of the members of its representative bodies or the names of its legal representatives and, if a member of its representative body or the legal representative is a legal person, the data listed under letters (a) to (d) for this legal person.
Section 12 Identity verification, authorisation to issue regulations
(1) In the cases set out in section 10 (1) no. 1, the verification of the identity of natural persons is to be carried out on the basis of
- a valid official identity document which includes a photograph of the holder and satisfies the passport and identification requirements in Germany, in particular a German passport, identity card or substitute of a passport or identity card, or a passport, identity card or substitute of a passport or identity card recognised or accepted under German provisions for foreign nationals…
Section 13 Identity verification procedures, authorisation to issue regulations
(1) Obliged entities verify the identity of natural persons by one of the following procedures:
- appropriate examination of the document presented physically or
- another procedure suitable for verifying identity under anti-money laundering and counter terrorist financing law and having a security level equivalent to the procedure set out in no. 1.
Section 15 Enhanced due diligence requirements, authorisation to issue regulations
(1) The enhanced due diligence requirements are to be fulfilled in addition to the general due diligence requirements.
(2) Obliged entities are to fulfil enhanced due diligence requirements if they find out, through a risk analysis or by taking into account the risk factors specified in annexes 1 and 2 in an individual case, that a higher risk of money laundering or terrorist financing may arise.
If you were able to make it through the above legalese, you will have made it through some of the complexities involved in attaining financial compliance in Germany. And these are just the Parts dealing with risk management and due diligence, which involves risk analysis, reporting officers, data retention, due diligence, enhanced due diligence, proper identification procedures, and so on. This is precisely why the identity verification industry exists.
Compliance in Germany: Kafka’s nightmare
This article was originally going to be titled Compliance in Germany: Kafka’s nightmare. However, further research suggested that the comparison of the famed German-language novelist and the bureaucratic nightmare of regulatory compliance at BaFin was not very apt. However, not wanting to leave out the comparison in its entirety, here is a short read for the interested.
Prague-born author, Frank Kafka, writer of the world-renowned The Trial and The Metamorphosis, wrote about the soul-crushing bureaucracy of the Austro-Hungarian empire. The word Kafkaesque is often applied to complex, bizarre and impersonal administrative situations where the individual feels powerless to understand or control what is happening. If Kafka had written in the 21st Century, it would probably have an entrepreneur as the protagonist, attempting to comply with BaFin’s AML regulations.
How to ensure BAFIN Compliance in Germany and around the world
There are identity verification solutions that take the guess work out of KYC/AML due diligence requirements. Digital onboarding software can be individualized to work within the scope of your industry and for the jurisdictions in which your business operates.
Learn how PXL Vision can help you cut through the bureaucratic nightmare of due diligence requirements.
Who is FINMA and why does the latest revision matter?
FINMA is Switzerland’s market supervisory authority and is responsible for the financial regulation of the country’s banks, insurance companies, stock exchanges and other financial intermediaries.
Up for revision is FINMA’s Circular 2016/7 “Video and online identification”, which was drafted with the standing motion to be regularly reviewed and updated. The revisions under consideration aim to further simplify digital onboarding procedures for the Swiss banking industry whilst maintaining the same or a higher security standard.
Because FINMA is revising its due diligence requirements for video and online identity verification, this provides a new opportunity to use technologies such as NFC. The proposed revisions to the FINMA Circular, dated November 16th, 2020, have been written to take advantage of recent technological developments in biometric technologies. The revisions are currently in the consultation period until February 1st, 2021 and are expected to enter into force by mid-2021.
FINMA’s “Circular 2016/7 Video and online identification”
The original FINMA “Circular 2016/7 Video and online identification” provided financial intermediaries with 2 possible ways to onboard customers digitally. First, for “Video Identification”, they assigned equal validity to real-time video identification as they did for in-person identification. This especially permitted startup fintech companies to ramp up their offerings by allowing them to conduct Know Your Customer (KYC) due diligence via live video feed. This process, however, is still quite expensive, not available 24/7, and still quite cumbersome, as many do not feel comfortable holding a live video call with an unknown agent, being asked all kinds of personal questions.
Second, for “Online Identification”, the Circular also allowed for a completely machine-based identity verification, with a lot of room for interpretation when it comes to the detailed requirements. But this process would still require customers to perform trial or micro deposits (small money transfers) from an existing bank account to the new account to assist in linking the new customer to their identity.This process is time consuming, often taking several days for the transactions to clear and also required agents or extra processes to send and confirm the transactions. Also, many potential customers may not have a bank account to start with, thus not qualifying for this kind of account opening.
FINMA’s Circular 2016/7 Revisions
The revisions to FINMA’s Circular 2016/7 aim at permitting financial intermediaries to forego this time consuming and costly micro deposit process – provided that they are able to scan and decipher the client’s NFC biometric passport chip. NFC biometric chip validation today provides the highest possible degree of security in mobile identity document verification.
“For this purpose, clients scan their biometric passport chip with a smartphone app and transmit their personal data and photo (but no other biometric data) to the financial intermediary.”
– FINMA Circular 2016/7 “Video and online identification” – partial revision, 16 November 2020
While this is great news for the Swiss banking industry as it allows further automation of the identification process, we believe that it does not go far enough, as it does not reflect the expectations of the industry.
4 reasons why the FINMA revision is better for the Swiss Banking Industry:
1. Verification via microdeposits is time consuming
Financial institutions have been using micro deposits to validate ownership of linked accounts for a long time but the process has a serious flaw. Namely, that it can take up to five business days for the transaction to clear.
In a world where consumers expect online services to be instant, five days is simply too long. People are simply not willing to wait for services, particularly when there is an abundance of substitute services available. Delays of any sort are directly associated with customers abandoning online processes, from shopping cart abandonment to setting up online accounts. The revision will ensure this frustrating and time-consuming part of the onboarding process is finally streamlined using technology.
2. Provides an additional option for online identification
The more, the merrier when it comes to options – adding flexibility to businesses and customers alike. When approved, the revisions will provide an additional option, in that it allows financial intermediaries to forego the micro deposit process, provided that they are equipped to scan and extract info from NFC chips. These days, most countries are using biometric chips in their passports. Swiss citizens certainly are, as they are members of the Schengen area where biometric passports are now a requirement for all newly issued documents. The micro deposit option will still be an option for situations where it might be preferred.
3. Highest security in document verification
Biometric passport NFC chips are considered by most governments to be extremely secure. The realization that paper-based passports could be easily altered or falsified drove a worldwide move to electronic passports (ePassports).
The large number of lost or stolen passports across the globe led to a huge pool of paper-based passports easily purchasable on the darknet by counterfeiters and other malicious actors.
4. Improves scaling
Alongside greater security, another advantage of biometric passports is speed. According to the FINMA Circular, financial intermediaries should be enabled to automate their identification processes in order to improve their scaling while maintaining at least the same security level.
To get an idea of how quickly biometric data can be extracted and processed from a passport, visit a major international airport with ePassport gates. Provided that there are not any other running problems and that you are not a wanted terrorist, entry is usually granted in seconds.
Why the FINMA Revision doesn’t go far enough
While the Revision is a great first step by the Swiss financial regulator and is certainly headed in the right direction in terms of technology, it still falls behind what is desired. A number of financial intermediaries and banking associations working in the Swiss financial industry, who had pushed for a revision of Circular 2016/7 in the first place, were asking for a fully automated process, and are rather disappointed with the current draft of FINMA.
Today’s technology in document verification, liveness detection and face verification, is at least as secure if not more secure than human verification, whether in-person or through live-video verification. There are numerous well-established studies proving this for face verification – it’s clear that human operators cannot perform with the same security, reliability and accuracy as facial-verification software.
Furthermore, documents containing an NFC chip are not yet distributed en masse. While it may be true that most people have an international passport with NFC capabilities, these documents are not primary documents in that people do not carry them around all the time. Thus, NFC support is not yet scalable across the masses.
FINMA will accept public statements until 1 February, 2021 and, based on the responses, will decide whether to revisit the proposal in the Circular or move forward with it.
PXL Vision’s NFC Solution
PXL Vision’s reinforced document verification tool is equipped to extract and verify the authenticity of NFC biometric chip data. This product can be paired with identity proofing and database checks to ensure that your financial intermediary meets the due diligence requirements set forth by the authorities in the jurisdictions where your company operates.
Contact us today to learn more about PXL Vision’s wide array of products for online identity verification.
A digital identity verification process can be used to verify the age of individuals online and add a layer of authentication to e-commerce activities. Until recently, age checks or age verification required a different kind of approach and the purchase of controlled substances or other age-restricted goods was mainly policed at the local, in-store level.
However, it appears that age verification has taken a backseat to society’s concerns when it comes to these same purchases online. We take a closer look at what this means for e-commerce platforms and the nature of the internet. Does trust matter anymore? And how can age checks ensure the right people at the right age are provided access?
Age verification, age checks and controlled substances
Given the complexity of policing products across different geographic jurisdictions, it first needs to be asked: what types of use cases require age verification today? But the answer still hasn’t changed.
The purchase of age-restricted goods such as cigarettes (specifically e-cigarettes), alcohol, prescription drugs, adult-content and now marijuana (in the US/Canada) is and has been illegal for minors for many decades (with some exceptions). The overarching intent has always been to protect youngsters from making bad decisions that can harm their still developing brains.
While it has always been possible to illegally purchase these forbidden goods as a minor, the effort of getting around the age verification process in place at the time was sometimes too much or the cost too high to even bother. However, with the advent of the internet, the online sale of these goods is now essentially a free-for-all and age checks are mostly a voluntary process.
The ease with which minors are able to purchase these goods demonstrates a real need for regulations to catch-up to the innovations permitted by the internet.
One such solution to ensure that age checks are consistent, could be to enforce the use of an identity verification solution at the point-of-sale and also at the delivery/pick-up of any age-restricted goods.
A 2012 study by researchers at the University of North Carolina recruited eight participants, ages 18 to 20, to try to buy wine, beer and other alcoholic beverages online (the legal age in the US is 21). In the study, if the online vendors asked for age verification, the participants could lie and say they were of age but if asked for their ID card upon delivery they had to comply. The participants placed orders at 100 different online retailers and most deliveries were made by the US-based FedEx or UPS. Of those orders, 45 were successfully delivered and only 28 were outright rejected due to an unsuccessful age check. At that time the study’s lead-researcher Rebecca Williams, PhD said:
“We were amazed at how easy it was for minors to buy alcohol online. Using their real ID and a prepaid Visa card, they could place an order for alcohol in just a few minutes and often have it delivered to their door in a matter of days without anyone ever trying to verify their age.”
Fast forward to 2020, this time in Australia at the University of New South Wales where a similar study was commissioned. Researchers in this study found that 69% of the 65 most popular online alcohol retailers had left alcohol unattended at an address without verifying the purchaser’s age.
As in the 2012 study, the lead researchers of this study were also shocked, saying that unchecked online purchasing was “creating new problems around minors accessing alcohol” and calling for “online standards to be just as tough as when you walk into a pub or a bottle shop.”
Age verification in the ‘good old days’
Those who are old enough to belong to the earlier half of the millennial generation might recall a time when age verification required a workaround. That usually meant a fake ID or an ID with an altered date of birth to illegally purchase alcohol or cigarettes at a store.
More often than not in those analogue times, age checks required the clerk at the liquor store to scrutinize the younger shopper’s ID, perhaps bending it ever so slightly towards the light to see if the date had been altered. They would squint their eyes and maybe even ask the card-holder for their birthday as a final step towards age authentication. These unruly minors would memorize the details of the card and practice their answers – lowering their voices if necessary to sound more “of age”. On the other side, periodic secret-shoppers would enforce the age regulation by testing the clerks and their resolve. Fines were hefty for both stores and its employees, such that most store clerks were usually on guard.
Could you imagine if age verification required the same broken process today?
That’s why online verification is so important to ensuring safe processes are already place for those under 18 years in the current online environment.
Real world testing: Why age checks matter
Today, minors can skip the rehearsal to this in-store drama and simply purchase alcohol, cigarettes and other controlled substances online without any sort of age verification required (depending on the website).
In most jurisdictions, IDs are supposed to be checked upon delivery at the door. However, this is rarely enforced as was evident from the two studies outlined above.
It is also not enforced in Germany, where our office is based and where we decided to test the process. In Germany, the purchase of certain kinds of alcohol requires the purchaser to be over 18 years of age. For our test purposes, the purchase was carried out at bevbox.de, which verified age through a simple website pop-up. This pop-up gives you two options “yes” and “abort”. In clicking “abort”, it simply asks you the same question again. By clicking “yes” and confirming that you are of age, a cookie is downloaded to your browser and you are never asked again.
A couple days later the package arrived and was simply dropped off at the front door with no further ID-verification was required. “They actually just left it in the stairwell, I was a little worried that a neighbour would have taken it” recalls the employee.
Another German based drink delivery website, urban-drinks.de, requires users to enter their date of birth for age verification purposes upon checkout. After purposefully entering an underage birthday, the website states that “you have to be at least 18 years old”. Then by simply changing the birthdate, the transaction was processed.
What about the payment?
Paying for age-restricted goods online has never been easier. Even despite the fact that most jurisdictions around the world require individuals to be at least 18 in order to open a bank account. The primary issue here is that opening a bank account requires signing a contract which can only be done by an adult.
There are, however, numerous ways around this. One option is to purchase a prepaid debit card, offered by multiple companies as well as Visa and Mastercard and sold at a wide variety of stores. Even though the terms and conditions of prepaid cards state that they are not to be purchased by anyone under 18 (does anyone read these terms and conditions anyway?) If you are unable to fool a store clerk or convince an adult to buy one for you then you are out of luck. Or are you?
The PayPal way: How young people get around age verification
With a little bit of internet savvy, which the younger generation has in spades, it is incredibly easy to open a fake PayPal account, anonymously purchase age-restricted goods from a huge array of legitimate online vendors that accept PayPal, and then have the goods shipped to your front door.
It is important to mention that what follows does not imply that we condone spoofing PayPal and illegally using its services. It is instead for demonstration purposes of how online payment systems and shopping platforms are in dire need of more control and regulations:
Most online shops accept PayPal. And while opening a PayPal account requires the account holder to be 18 or above, it is all too easy to get around this – albeit illegally according to PayPal’s terms and conditions (which few people ever read).
Opening a PayPal account doesn’t actually require any age verification outside of an email and phone number that can receive SMS texts. A free anonymous email can easily be set up from multiple websites. And if you don’t have a phone or don’t want to use your own phone number, then you can use a number from a website like receive-smss.com.
Click on the above link and select a phone number that is from your country or the country where you want to open a PayPal account. Next, open a PayPal account using the PayPal website from that same country. When PayPal asks for a phone number enter in your fake phone number and then wait for the SMS code which you will enter into the PayPal site and voila!
PayPal will limit these unverified accounts to $500 per month and even lock you out of your account if they suspect you of breaking the terms and conditions. So, the idea is to use the account for small amounts of money and only load it on when you are about to use it. You can fund your account by performing online work or selling something online and asking for payment with PayPal. With nearly 350 million PayPal users worldwide this won’t be too difficult to accomplish.
Additionally, with a little more difficulty and a higher chance of getting caught you can also fake an ID verification and use PayPal without limit. There are many tutorials on the Internet explaining this process.
For more information on the subject, take a look at our cybersecurity article for more tips on how to keep safe online.
Under age purchases: Tread with caution
The ease with which underage minors can purchase alcohol and other age-restricted goods on the internet is rather terrifying.According to the Center for Disease Control (CDC) in the US, youth who drink alcohol are more likely to experience problems at school, have other social problems, are more likely to get in trouble with the law, have physical issues, memory problems, get alcohol poisoning and the list goes on. The CDC maintains though that drinking among high school students, at least in the US, has generally been declining in recent decades. There are, however, other age-restricted goods besides alcohol that are likely to have negative consequences on the developing brain. For instance, marijuana and cigarettes and especially e-cigarettes and “weed” vaporizers.
Adding momentum to the issue is the intersection of social media influencers and the ease with which minors can procure age-restricted goods. Many online influencers revel in the “lifestyle” of smoking, drinking, vaping – having a good time! And this is all it takes for their underage followers to want to do the same.
The Orlando based Addiction Center knows this all too well. One study posted to their website which surveyed 2000 adolescents on their social media use and consumption of age-restricted goods, showed that social media users were 5 times more likely to buy cigarettes, 3 times more likely to drink and 2 times more likely to use marijuana.
The regulators had better start regulating
All of this begs the question of how did we get to this point? The glaring issue is clearly one of technological innovation outpacing regulation and yet, questions regarding age verification and age checks (and similar legislative matters) continue to be a challenge for global regulators.
A spate of recent testimonies at the US Congress involving the tech titans of Facebook, Apple, Amazon, Google et. al. provides sufficient evidence of this. At a hearing with Facebook’s Mark Zuckerberg, one congressional member asked how Facebook made money since its service was free. Zuckerberg laughed and replied that it was paid for by ads!
It is of course understandable that regulators are careful not to overstep and harm the innovations of their jurisdictions – one fear being that other countries could then use the opportunity to gain an advantage. There is, however, clearly a problem when a sitting of the world’s most highly regarded regulators demonstrate a limited understanding of how the internet works.
PXL Vision’s solutions
PXL-Vision is confident that regulations on online age verification will soon come into force. This legislation would likely involve electronic scans of an individual’s ID and a biometric face-scan to ensure that the person using the card and card holder are the same person.
As in previous times, merchants selling age-restricted goods will again be required to verify the age of their customers. The full legislation would also likely involve regular checkups to ensure that the online vendor’s procedures and processes are in place.
The PXL Age Verification Solution
At PXL Vision, we provide a highly secure and fully-automated age verification solution that is specifically tuned to maximize sales conversion in e-commerce and reduce the drop-out rate in the order process.
PXL Vision was recently approved by the Kommission für Jugendmedienschutz (KMJ) or The Commision for the Protection of Minors in the Media (About Us: in English) as one of only a handful of fully-compliant age verification solutions to protect minors and add trust to digital interactions.
Reach out to us today to see how we can help your online business achieve its age verification goals.
What is digital onboarding?
Digital onboarding is an online process whereby an individual signs up with a company or a government/institutional service in order to later access its products and services. The individual provides their personal data, and if required, a piece of biometric information such as a fingerprint or face scan. The digital onboarding process allows the individual to be easily and securely identified at a later date.
Before the onset of digital onboarding, an individual provided their individual data either in-person or through the mail, which was often an expensive and time-consuming process. As businesses and institutions continue to shift their operations online, the need for a secure and reliable digital onboarding solution has increased. This is all the more true as the Covid-19 pandemic continues, requiring us to minimize person-to-person contact.
Online businesses in particular are massively benefiting from digital onboarding technology. The onboarding of customers into a company’s database allows the businesses to better keep track of their customers and better target their products and services to their customer base.
The current proliferation of well-designed digital identity platforms on the market, which are simple for the end user to operate, is turning a once tedious and time consuming process into a more streamlined and faster one.
The digital onboarding process
For online businesses, the digital onboarding process uses the platform that your company has either developed in-house or chosen from a list of contenders. The platform is used for ensuring compliance (when required) and ultimately for converting potential new customers into paying customers; those who will eventually form your customer base.
For many online businesses, an email and credit card or PayPal account has long been sufficient for onboarding purposes. However, this rather nonchalant onboarding method has been proven insecure with high numbers of fraud cases still being reported. Thus, the concerted effort by the digital onboarding industry to add extra layers of security to the onboarding process.
However, the customer onboarding process is the beginning phase of establishing a relationship with a new customer. And it is crucial to get it right as the customer already begins to form their opinions of your company at this point. It is still possible, and altogether too often the case (as you will see below), that the customer decides to abandon the onboarding process, either because it takes too long to complete or is too difficult.
Digital onboarding and identification
The industry that is growing up around trustworthy digital identities has risen out of this pressing need to make online interactions and transactions safer and more secure. Digital identity solutions are transforming online businesses by adding an important layer of trust and security to the digital realm.
However, global fraud figures reveal a darker side of the digital onboarding process and account-based fraud now makes up one of the most pressing threats to businesses today.
According to US-based Javelin Strategy, a research-based advisory firm in digital finance, the number of consumers who were victims of identity fraud fell to 14.4 million in 2018, down from a record high of 16.7 million in 2017. However, on the flip-side, new account fraud, whereby hackers use a victim’s identification to open new accounts, has been on the rise. Fraudsters open new accounts for credit cards, student loans, mortgages, and the like.
Our article on how to prevent cybersecurity attacks provides a number of useful tips for businesses interested in getting the most protection from their digital identity verification platform. It’s especially relevant during the digital onboarding process.
With the technological solutions now in development by RegTech companies such as ours, online fraud is about to receive a serious blow. As digital onboarding technology continues to progress, especially in the areas of facial biometrics, artificial intelligence and machine learning, it will become possible to create a digital twin that exists online as a representation of our real world selves.
To learn more about identification and digital onboarding, read our article on digital identity verification.
Customer abandonment issues with digital onboarding
Despite the added security that a more robust digital onboarding process offers, a major issue in the industry is that of high customer abandonment rates. This high rate of abandonment is primarily due to poorly-designed digital onboarding platforms that are too difficult or too time consuming to complete. Some of this is due to poor UX design (see our previous article on the effect of UX design on the digital onboarding process) and much of it has to do with the identity verification process itself.
When you dig further into the figures, some digital ID platforms in the European market have even reported 40-50% customer abandonment rates.
This issue is easily visualized through a simple demand side curve. However, instead of price on the y-axis we will write in the time/difficulty of the digital onboarding process. The x-axis will denote the # of customers converted.
A linear agreement is made where the more time that is needed to complete the onboarding process leads to fewer converted customers and vice versa.
The solution then is to rethink and simplify your company’s digital onboarding strategy in order to move the C-point downwards and rightwards along the curve.
Case study: costs associated with shopping cart abandonment at the checkout
Similar to the checkout experience at physical stores, customers do not want to waste time in line. When online, the same customer who simply wants to make a purchase will not stand for an onboarding process that takes too much time or is too difficult to complete. An independent web UX research institute, Baymard Institute, found that abandonment rates for online checkout carts average nearly 70 percent for some online merchants.
To be clear, this high abandonment rate is not only due to a less than satisfactory onboarding experience. In a survey of around 4500 people asking why they had abandoned their shopping cart, 20% responded that the checkout process was “too long / complicated”. Yes, one of the primary reasons for high shopping cart abandonment rates is the length of time it takes to verify a customer’s identification.
Cart abandonment is one of the single greatest costs to a business. The bottom line of your business takes a direct hit when a potential customer abandons their purchase. Moreover, the cost can be immeasurably higher when that customer simply switches tabs on their browser and takes their business to a competitor.
A faster, more streamlined digital onboarding process reduces these abandonment rates. PXL Vision’s digital onboarding solution uses passive liveness detection, which increases the speed of the online ID verification process – topping out at less than a minute on the customer side.
Fast verification times and the prevention of financial fraud
While the use case for online shopping carts is clear, there are other use cases, such as with online banking and finance (Fintech), wherein your onboarding solution needs to comply with a regulatory framework in place – for starters KYC / AML guidelines.
For online banking, one would think that the longer the process takes the more bona fide and trustworthy it ought to be. A streamlined and fast digital onboarding process might even appear to be in conflict with fraud prevention. What we have witnessed, however, is that low quality and poorly designed digital onboarding platforms actually increase the risk.
When low-risk consumers come across a complicated, time consuming onboarding process they are more likely to take their business elsewhere. High-risk consumers, on the other hand, are more likely to complete the processes of overly complex and time consuming onboarding processes, given that they might have fewer options to choose from.
PXL Vision’s flexible online identity verification platform protects their clients against fraud by complying with the strictest of KYC / AML guidelines all the while maintaining fast onboarding speeds. Furthermore, PXL Vision has adopted the most recent AML5 Directive as well as the GDPR into its digital onboarding process, providing access to the entire European market, with more than half a billion potential customers.
5 Ways PXL Vision speeds up / simplifies digital onboarding
- Overall User Experience – A fully automated UX with reduced screens and need for interaction in the onboarding journey
- Clear instructions & Instant feedback – Follow the KISS acronym: Keep It Simple Stupid! Image too blurry? We inform the customer immediately so they can try again
- Multiple ID support – Supporting a wide variety of ID types – and the multiple variations therein + an ongoing assessment of new versions
- Cross-platform and architecture support for the perfect fit into existing business processes
- Compliance – KYC, AML, GDPR and other regulatory legalese taken care of
PXL Vision’s digital onboarding solution is a modular and fully-customizable platform wherein your customers will be able to verify their identity in 20 – 30 seconds. The time savings are substantial and it reduces the potential for customer abandonment in the final stages of the onboarding process.
Fast digital onboarding improves the user experience, increases the conversion rate and expands your customer base.
PXL Vision’s digital onboarding platform
The digital onboarding of new customers is the most crucial aspect of your online business. We understand this and understand the time constraints of today’s consumer in an online marketplace with almost endless choices.
Reduce your company’s abandonment rates today and build your customer base by verifying your new customers’ identities with speed and peace of mind. Find out how PXL Vision can reduce identity verification costs for your business by up to 95%. Contact us today.