What is digital onboarding?
Digital onboarding is an online process whereby an individual signs up with a company or a government/institutional service in order to later access its products and services. The individual provides their personal data, and if required, a piece of biometric information such as a fingerprint or face scan. The digital onboarding process allows the individual to be easily and securely identified at a later date.
Before the onset of digital onboarding, an individual provided their individual data either in-person or through the mail, which was often an expensive and time-consuming process. As businesses and institutions continue to shift their operations online, the need for a secure and reliable digital onboarding solution has increased. This is all the more true as the Covid-19 pandemic continues, requiring us to minimize person-to-person contact.
Online businesses in particular are massively benefiting from digital onboarding technology. The onboarding of customers into a company’s database allows the businesses to better keep track of their customers and better target their products and services to their customer base.
The current proliferation of well-designed digital identity platforms on the market, which are simple for the end user to operate, is turning a once tedious and time consuming process into a more streamlined and faster one.
The digital onboarding process
For online businesses, the digital onboarding process uses the platform that your company has either developed in-house or chosen from a list of contenders. The platform is used for ensuring compliance (when required) and ultimately for converting potential new customers into paying customers; those who will eventually form your customer base.
For many online businesses, an email and credit card or PayPal account has long been sufficient for onboarding purposes. However, this rather nonchalant onboarding method has been proven insecure with high numbers of fraud cases still being reported. Thus, the concerted effort by the digital onboarding industry to add extra layers of security to the onboarding process.
However, the customer onboarding process is the beginning phase of establishing a relationship with a new customer. And it is crucial to get it right as the customer already begins to form their opinions of your company at this point. It is still possible, and altogether too often the case (as you will see below), that the customer decides to abandon the onboarding process, either because it takes too long to complete or is too difficult.
Digital onboarding and identification
The industry that is growing up around trustworthy digital identities has risen out of this pressing need to make online interactions and transactions safer and more secure. Digital identity solutions are transforming online businesses by adding an important layer of trust and security to the digital realm.
However, global fraud figures reveal a darker side of the digital onboarding process and account-based fraud now makes up one of the most pressing threats to businesses today.
According to US-based Javelin Strategy, a research-based advisory firm in digital finance, the number of consumers who were victims of identity fraud fell to 14.4 million in 2018, down from a record high of 16.7 million in 2017. However, on the flip-side, new account fraud, whereby hackers use a victim’s identification to open new accounts, has been on the rise. Fraudsters open new accounts for credit cards, student loans, mortgages, and the like.
Our article on how to prevent cybersecurity attacks provides a number of useful tips for businesses interested in getting the most protection from their digital identity verification platform. It’s especially relevant during the digital onboarding process.
With the technological solutions now in development by RegTech companies such as ours, online fraud is about to receive a serious blow. As digital onboarding technology continues to progress, especially in the areas of facial biometrics, artificial intelligence and machine learning, it will become possible to create a digital twin that exists online as a representation of our real world selves.
To learn more about identification and digital onboarding, read our article on digital identity verification.
Customer abandonment issues with digital onboarding
Despite the added security that a more robust digital onboarding process offers, a major issue in the industry is that of high customer abandonment rates. This high rate of abandonment is primarily due to poorly-designed digital onboarding platforms that are too difficult or too time consuming to complete. Some of this is due to poor UX design (see our previous article on the effect of UX design on the digital onboarding process) and much of it has to do with the identity verification process itself.
When you dig further into the figures, some digital ID platforms in the European market have even reported 40-50% customer abandonment rates.
This issue is easily visualized through a simple demand side curve. However, instead of price on the y-axis we will write in the time/difficulty of the digital onboarding process. The x-axis will denote the # of customers converted.
A linear agreement is made where the more time that is needed to complete the onboarding process leads to fewer converted customers and vice versa.
The solution then is to rethink and simplify your company’s digital onboarding strategy in order to move the C-point downwards and rightwards along the curve.
Case study: costs associated with shopping cart abandonment at the checkout
Similar to the checkout experience at physical stores, customers do not want to waste time in line. When online, the same customer who simply wants to make a purchase will not stand for an onboarding process that takes too much time or is too difficult to complete. An independent web UX research institute, Baymard Institute, found that abandonment rates for online checkout carts average nearly 70 percent for some online merchants.
To be clear, this high abandonment rate is not only due to a less than satisfactory onboarding experience. In a survey of around 4500 people asking why they had abandoned their shopping cart, 20% responded that the checkout process was “too long / complicated”. Yes, one of the primary reasons for high shopping cart abandonment rates is the length of time it takes to verify a customer’s identification.
Cart abandonment is one of the single greatest costs to a business. The bottom line of your business takes a direct hit when a potential customer abandons their purchase. Moreover, the cost can be immeasurably higher when that customer simply switches tabs on their browser and takes their business to a competitor.
A faster, more streamlined digital onboarding process reduces these abandonment rates. PXL Vision’s digital onboarding solution uses passive liveness detection, which increases the speed of the online ID verification process – topping out at less than a minute on the customer side.
Fast verification times and the prevention of financial fraud
While the use case for online shopping carts is clear, there are other use cases, such as with online banking and finance (Fintech), wherein your onboarding solution needs to comply with a regulatory framework in place – for starters KYC / AML guidelines.
For online banking, one would think that the longer the process takes the more bona fide and trustworthy it ought to be. A streamlined and fast digital onboarding process might even appear to be in conflict with fraud prevention. What we have witnessed, however, is that low quality and poorly designed digital onboarding platforms actually increase the risk.
When low-risk consumers come across a complicated, time consuming onboarding process they are more likely to take their business elsewhere. High-risk consumers, on the other hand, are more likely to complete the processes of overly complex and time consuming onboarding processes, given that they might have fewer options to choose from.
PXL Vision’s flexible online identity verification platform protects their clients against fraud by complying with the strictest of KYC / AML guidelines all the while maintaining fast onboarding speeds. Furthermore, PXL Vision has adopted the most recent AML5 Directive as well as the GDPR into its digital onboarding process, providing access to the entire European market, with more than half a billion potential customers.
5 Ways PXL Vision speeds up / simplifies digital onboarding
- Overall User Experience – A fully automated UX with reduced screens and need for interaction in the onboarding journey
- Clear instructions & Instant feedback – Follow the KISS acronym: Keep It Simple Stupid! Image too blurry? We inform the customer immediately so they can try again
- Multiple ID support – Supporting a wide variety of ID types – and the multiple variations therein + an ongoing assessment of new versions
- Cross-platform and architecture support for the perfect fit into existing business processes
- Compliance – KYC, AML, GDPR and other regulatory legalese taken care of
PXL Vision’s digital onboarding solution is a modular and fully-customizable platform wherein your customers will be able to verify their identity in 20 – 30 seconds. The time savings are substantial and it reduces the potential for customer abandonment in the final stages of the onboarding process.
Fast digital onboarding improves the user experience, increases the conversion rate and expands your customer base.
PXL Vision’s digital onboarding platform
The digital onboarding of new customers is the most crucial aspect of your online business. We understand this and understand the time constraints of today’s consumer in an online marketplace with almost endless choices.
Reduce your company’s abandonment rates today and build your customer base by verifying your new customers’ identities with speed and peace of mind. Find out how PXL Vision can reduce identity verification costs for your business by up to 95%. Contact us today.
Why should you care about user experience (UX) in digital onboarding processes if you want to maximize sales conversions? Well, the pace at which a company onboards new users and its sales conversion rate are two profoundly important success metrics in today’s highly competitive business environment. The company that is fastest in onboarding customers is most likely to be the first to reach global scale.
Yet all too often, a poorly designed UX during the onboarding and identity verification process comes up as a major stumbling block to scaling a company, as it leads to potential customers dropping off. A bad UX can easily become a drag on sales conversion. To convert more customers faster, companies need to make sure that their customer identity verification solution is optimized for sales conversion.
In the race to sign up new customers, competition is fierce. Especially in many new and crowded lines of business such as neo-banking or the sharing economy, companies need to ensure the rapid adoption of their product or service if they want to compete.
Moreover, they know that in the digitized business world, the first company to reach a certain scale unlocks the so-called “first-scaler advantage” and very often ends up dominating the market globally – with the second biggest company being just an also-ran in terms of market share.
Optimizing Sales conversion is all-important in customer onboarding
That is why conversion rate optimization (CRO) is simply vital. In order to reach these goals, companies need to onboard a greater volume of customers faster than their peers.
That said, stringent identity verification requirements are an additional constraint in many lines of business. For example, neo-banks and telecommunications companies have to fulfill Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements. To verify the identity of their customers, this process can be greatly helped by modern software solutions that undertake this task.
A poorly designed user experience is a major bottleneck to sales conversion
An identity verification solution with a poorly designed user experience can become a major bottleneck in a company’s sales conversion drive. This is because identity verification adds another layer to the sales conversion funnel. And with each additional layer, a potential customer is more likely to abandon the process altogether.
However, verifying their customers’ identity is a legal requirement in many sectors. So what do companies have to do then? The answer is to invest in an identity verification solution that is as user-friendly as possible. This minimizes abandonment rates and concomitantly lifts conversion rates.
UX needs to be optimized to increase conversion rates
Firstly, investing in an easy-to-use software solution that is integrated into the product and that enables companies to sign up customers using any common mobile operating system like Android or iOS is required.
Many legacy companies – particularly those with high KYC requirements such as retail banks and insurance companies – still rely on knowledge-based authentication (KBA) over the telephone, thereby overburdening their employees with verification procedures. This has left sales conversion rates to languish. Those firms, too, need a software solution that automates the process.
How to have a positive impact on conversion rates:
1. Increase sales conversion rates on the customer’s side
It is important to make users aware of the necessity and benefits of an identity verification check, just as it is important to explain to them how this check will be conducted. Taking users by the hand through the process will help a company move them through the conversion funnel. For example, a short video to illustrate the process can help.
A large improvement can also be made by comparatively basic things like providing clear instructions and context to the user, by explaining the rationale behind asking for their ID and a video-selfie. Similarly, providing a progress status on how many steps are still needed to finish the process can also aid users. Likewise, the fewer screens the user has to wade through, the better.
2. Increase sales conversion rates on the company side
Companies should invest in a software that can be easily integrated into their existing business processes, whether these are themselves integrated into a cloud-based or on-premises solution. This guarantees them a frictionless user experience.
They should also see that the entire verification process is completed within their own application environment so that there is no jump-off to external applications. A benefit of keeping it internal is the possibility to apply all kinds of a company’s own business rules to optimize for conversion, while still keeping the security of the process high.
Furthermore, it makes sound business sense to have users complete the identity verification step after the check-out process and not beforehand.
3. Onboard customers regardless of their hardware specs
The software solution needs to be flexible enough to integrate equally well into the various operating systems used on any of these platforms and be able to work under the technical constraints of any mobile phone or laptop camera.
Likewise, the solution should independently identify and recognize the type of document the user is showing – e.g. a passport, a national ID or a driver’s license – in order to verify him- or herself. This obviates the need for the user to pre-select the document type, which is a step that can easily be confusing for them.
It must also not be put off guard by external factors such as the poor quality of a document photo, a person’s visible age difference between the time the picture on the ID was taken and now, ornaments like glasses, make-up and piercings, or poor lighting conditions.
4. Enhance UX through the most advanced technological solutions
On the technical side, a solution utilizing passive liveness detection, where the user doesn’t need to do anything, provides better results than software using “active liveness detection”. The active liveness problem needs to do perform gestures like turning his or her head or nodding – which can easily be misunderstood or even antagonize the user.
Passive liveness detection, on the other hand, doesn’t require anything more than looking into the camera and the user is done with the verification process in a matter of seconds.
As the process with passive liveness detection is fast and simple, major stumbling blocks toward onboarding the user have been removed. There is no need to take a selfie and upload the picture. A simple point-and-shoot UX makes the process run smoothly. This lowers abandonment rates significantly.
How to make user experience frictionless
PXL Vision’s technology has been built from the ground up to provide the highest degrees of security and automation, with conversion rate optimization in mind. The seamless integration of PXL Vision’s technology with a cloud or on-premise solution ensures a frictionless user experience.
Our software solution can be used on any customer device and with any operating and is known for its reliability and security.
Contact us to learn how PXL Vision’s technology can make your customer conversion rates skyrocket.
What is a KYC document?
KYC stands for Know Your Customer. Documents which are required for businesses to know your customer are KYC documents. These documents are normally divided into two distinct categories:
- Proof of Identity (POI) document – requires a photo of the individual
- Proof of Address (POA) document – cannot be dated older than 3 months.
Why is this relevant within the identity verification industry? When a business digitally onboards new customers, they are required to ensure they can accurately proof the identity of their customer using KYC checks.
It is important to note that the same document cannot be used to confirm both the user’s identity and the place of residence. At least two documents are required for the KYC process.
The acceptable KYC documents vary depending on which jurisdiction the process is being performed in. Some of the more generally recognized documents are listed here.
Proof of Identity (POI)
The first half of a KYC document must be an official government issued ID. This document must include a photo of them. There are a variety of IDs that are allowed to be used for POI purposes. Which are acceptable and where is determined on a jurisdictional basis.
In 2016, Pricewaterhouse Coopers published a very useful Quick Reference Guide on KYC (available here as a PDF). Some commonly accepted POI examples from around the world are:
- Passports – universally recognized
- National Identification Cards – Aadhaar in India, DNI in Argentina, SIN/SSN in Canada/United States, HKID in Hong Kong, BSN in the Netherlands
- Driving License – United States, Canada, the Netherlands
- Voter ID card – INE in Mexico, India, Jamaica
- Health Card – Canada
How PXL Vision checks POI
Every company that performs proof of identity (POI) checks should have a comprehensive KYC guide that describes the process and requirements for the user.
PXL uses the smartphone (or any other) camera to scan and extract information from the identity document in order to determine the authenticity of the document in an automatic way. Users just need to point their camera at the document, our solution then detects which document it is and extracts information from the document.
Most documents have machine-readable code line(s) (MRZ) on the back side of the document. We extract the information and run various checks on the MRZ itself. We then extract further information from the rest of the document known as the visual inspection zone (VIZ). However, purely extracting information from the document is not enough, we also want to ensure that we are dealing with a real document and not a fake. To assess the authenticity of a document, we analyse hundreds of different visual key features and run a variety of security checks, such as detecting holograms, on the document.
More and more identity documents now come with a biometric NFC chip. Using the smartphone NFC reading capabilities (if available), we are also able to read the information from the document and check whether the chip in the document has been tampered with. This, today provides the highest security in document verification.
In case the fully automated checks fail then, based on the security requirements of our customers or the regulations in place, there are steps in place to manually verify the documents proving identity. PXL Vision provides an easy to use tool for guiding customers’ back office employees through a simple manual verification.
Proof of Address (POA)
The proof of address (POA) KYC document is often vaguely defined. It is, however, one of the basic requirements for KYC checks. Officially issued documents, which have the individual’s name and current address on it, are key. Most POA documents require an issue date in the last 3 months.
Just like with POI documents there are a wide variety of documents that can be used for POA purposes; which are acceptable and where is also determined on a jurisdictional basis.
Most documents should be dated to within three months to show that the address is current. Some commonly accepted POA examples from around the world are:
- Utility bills such as Landline Telephone Bills, Gas bill or Electricity bill (usually not more than three months old)
- Bank Account Statement or Passbook entries (usually not more than three months old)
- Proof of residence issued by a Notary public or a Government Authority
- Identity card or document with an address that is issued by a Central or State Government
- Maintenance bills from official companies (usually not more than three months old)
How PXL Vision checks POA
PXL Vision’s identity verification platform is able to implement an API from another service provider to perform the POA check. For instance, in Switzerland where PXL has a large customer base, an API is used from the Swisspost to check POA documents.
If performing a manual POA check for your business, here are a few pointers to properly verify the documents:
- First, and if applicable, inspect the document for watermarks and security features to see that they are intact.
- Next, look for any signs of photoshopping or other alterations.
- If it is a bank statement, utility bill, maintenance bill or government issued correspondence have a look at the date to ensure that it is no older than 3 months.
- Make sure that the document has the person’s name on it.
- Check if the document has the address (the more specific the better) and confirm it’s existence with an online search of Google Maps.
- If the applicant submits the address without the apartment number while living in a block of flats, the compliance officer must request them to specify the flat as well. Postal boxes are not allowed.
KYC within the broader scope of Anti-Money Laundering (AML)
The submission of KYC documents and the process of checking them is partial to an anti-money-laundering (AML) framework, which banks and financial institutions are legally obliged to follow. The goal of AML is to verify with a high degree of assurance that customers are who they say they are and that they are not likely to be engaged in criminal activity.
The U.S. has had some form of KYC/AML legislation in place since the early 1900s; first rolled out to fight organized crime. However, this existing legal framework was completely overhauled and expanded following the September 11th, 2001 terrorist attacks in New York City.
The new KYC/AML legislation is encompassed by the USA Patriot Act of 2001(PDF), specifically in section: Title III: International Money Laundering Abatement and Antiterrorist Financing Act of 2001. Numerous countries around the world base some of their own KYC/AML processes on the stipulations and requirements found in the Patriot Act.
Who Regulates KYC Compliance?
In addition to the legislation outlined in the US Patriot Act, a variety of other oversight bodies around the world implement and regulate KYC/AML compliance. Some of these oversight bodies are:
- Australia (AUSTRAC – 1989)
- Canada (FINTRAC – 2000)
- Germany (BAFIN – 2002)
- Switzerland (FINMA – 2007)
- Italy (Banca d’Italia – 2007)
- Mexico (Federal Law for the Prevention and Identification of Operations with Resources from Illicit Origin – 2013)
- United Kingdom (The Money Laundering Regulations – 2017)
- India (Reserve Bank of India – 2002)
- South Africa: The Financial Intelligence Centre Act 38 of 2001 (FICA)
Other political organizations, such as the EU, Asia-Pacific countries (APAC) and others have built upon or created their own compliance frameworks. In addition to GDPR regulations, the EU has a new regulatory requirement, PSD2, to reduce fraud and make online payments more secure, as well as the 6th EU Anti-Money Laundering Directive (6AMLD).
Also, numerous countries and international bodies follow the G7’s Financial Action Task Force which is in turn supported by the G20.
Businesses requiring KYC
As mentioned, KYC is mandated by international law for banks and other financial institutions, at least to the extent that they want to participate in the global financial system. However, as governments around the world are beginning to hold financial institutions to ever higher standards, these institutions are in turn requiring the companies they do business with to also be more accountable.
So while banks and financial institutions are required to comply with KYC to limit money laundering and terrorist financing, these banks are now passing on some of the burden to the companies that they do business with.
If your business deals with money transactions in any way, now would be a good time to get in front of these potential future regulations.
At any rate, there is a good argument to be made that some businesses in the non-financial sector should voluntarily implement KYC procedures anyway in order to signal their trustworthiness and protect their business and customers from fraud. We recently published an article on the sharing economy, which demonstrates a solid use case for a KYC procedure where one is not yet mandated.
Compliance with KYC Requirements through digital identity verification
As businesses and institutions continue to move their services online and grow their user base, solutions for fast, easy and low cost online identity verification are needed.
Individuals want the convenience of signing up through digital channels, and they want the process to be quick and painless. Businesses and institutions, on the other hand, have to manage the realities of complying with KYC regulations and factor in the cost of whichever solution they go for.
The right online identification verification solution needs to be able to:
- Extract data from a wide variety of ID documents such as passports, driver’s licenses and other government-issued IDs
- Verify the authenticity and validity of the ID document
- Capture facial biometric data from the customer
- Compare the biometric data and the ID document to validate the customer’s identity
- Securely meet these technical objectives, while being scalable and cost-effective for large, international companies.
- Provide a simple, seamless user experience
KYC verification: Innovative approaches welcomed
European regulators have adopted new online identity verification processes. They are actively promoting new solutions to address specific compliance challenges. Furthermore, they have developed a common approach for a consistent application of standards across the EU known as the electronic IDentification, Authentication and trust Services regulation (eIDAS). The intent of eIDAS is to drive innovation towards using higher levels of information security and innovation.
The European Commision has recognized built-in computer applications that automatically identify and verify an individual from a digital image or a video source (facial biometrics) and built-in security features that can detect presentation attacks.
KYC for your business
Know Your Customer already places a cost burden on businesses operating in the financial industry. Out of concern for money laundering and terrorist financing, governments and banks are making their KYC processes more stringent.
Some of the extra cost for this tightening of regulations is being shifted to businesses not directly involved in the financial sector but still availing themselves of financial services.
If you are one of these businesses, please get in touch with us and find out how we can help you reduce these costs and drive customer conversion with a fully-automated, customizable solution from PXL Vision.
Facial biometrics currently represents the cutting edge of online identity verification and companies such as PXL Vision are focused on taking it to the next level.
The technological innovations that are at the forefront of facial biometrics are being researched and developed at the intersection of artificial intelligence and machine learning. This matters, given the entire industry is constantly looking for new ways to innovate and deliver a better customer onboarding experience.
With the current Covid-19 pandemic situation still upon us, our societies are undergoing a rapid reorganization as we shift more of our services online in order to allow greater social distancing. This shift towards convenience is now accelerating at an exceedingly rapid pace and more customers are digitally onboarding using biometric identity verification services.
From home office to distance learning, internet banking, online shopping and streaming of at-home entertainment, more and more of our daily interactions are taking place online. The OECD reported that the Covid-19 crisis has placed an unprecedented demand on communication networks with some operators claiming a 60% increase in Internet traffic.
As a result of this migration to a more centralized online existence, is the pressing need for a more robust, secure and trusted digital identity verification platform. This is required so we can know and trust our work colleagues and fellow students – or allow banks and online merchants to know who their customers are.
A long practiced method for online identity verification has been founded on biometrics. Biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals. Examples include, but are not limited to fingerprints, palm veins, face recognition, DNA, palm print, hand geometry, iris recognition, retina and odour/scent.
On the other side of online identity verification are the hackers, fraudsters and spammers that work towards bypassing these “secure” verification procedures for their own illegal gain. These criminal individuals are at times successful, providing the impetus for companies to improve the robustness of their online identity verification platforms.
In some cases it is necessary to rethink the identification method used in its entirety. For instance, the still widely used method of fingerprint scans as a biometric sign-on solution, has been proven to be easily beatable. Already back in 2013, a league of whitehat hackers from Germany, the Chaos Computer Club (CCC), demonstrated how easy it was to create a fake fingerprint from a scan.
Hacker Starbug from the CCC quipped: “As we have said now for years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.”
Because it has been proven that biometric fingerprint technology is not as secure as once thought, other methods for online identity verification are being researched and developed.
One of the more promising methods rising out of this research is facial biometrics, which is currently on the forefront of online identity verification. One clear advantage to facial biometrics is that, unlike fingerprints, people do not randomly leave their face prints around. As it happens, people do leave pictures and videos of themselves all over the internet.
Hackers can take this visual media and perform what are commonly called ‘presentation attacks’ on facial biometric secured platforms. Therefore, constant innovation in the industry is required.
One such attempt to get around the new Apple Face ID is posted here by whitehat hacker Andrew Sink. Sink made a mask from his own face in an attempt to fool Apple’s platform and he was surprisingly semi-successful. If an amateur hacker can almost fool Apple’s facial biometrics, what are the implications for businesses trying to secure their customer’s data with less secure software solutions?
Active vs. passive liveness detection
There are two main methods in use when checking if the person behind the camera is a real “live” person. One is known as active liveness detection and the other as passive liveness detection.
To the uninitiated, active liveness detection certainly sounds better than passive liveness detection. Here is why it’s not:
“Move your head from left to right… now blink 5 times… then smile slightly…. now touch your nose and ears at the same time … now do all of the above 2 more times really fast while holding your breath!”
What you just read was an example of the sometimes too elaborate instructions for active liveness detection. A little exaggerated of course, but you get the idea. Not surprisingly, there are often many user dropouts when onboarding with active liveness detection as people become frustrated with the instructions.
The cumbersome user experience aside, active liveness detection is also not immune from hackers as it can easily be spoofed through presentation attacks.
Passive liveness detection explained
Just as the human eye can spot the difference between a real person in front of them and a photo, so too can machines. PXL Vision’s R&D into passive liveness detection employs artificial intelligence and machine learning technologies in order to stay one step ahead of the hackers.
Passive liveness detection is named as such because it doesn’t require the user to perform any of the motion tasks of active liveness detection. The user is instructed to take a normal video selfie of themselves and that is all. With this user-side simplicity, hackers are often unaware that there is a liveness check in progress and thus have no idea that there is even a process to beat.
While both methods require the user to take a selfie to prove who they are, the backend still needs to prove if it is actually a real person. Deep fake images, morphing and AI can fool most systems. Even simple photos and masks cannot be detected if there is no security layer. A replay attack using a video can also bypass most of these processes too. Therefore, what’s the answer?
Identity verification with facial biometrics at PXL Vision:
Successfully verifying an identity using PXL Vision’s software involves a two-step authentication process.
The first step examines the user’s documents and the second step the person:
1. The submitted ID documents must match the person
To meet the first prerequisite, the onboarding user has to “capture” their ID card with their smartphone camera. PXL-Vision extracts all of the relevant data from the user’s identity documents, applying its in-house researched and designed software. The software performs a state-of-the-art enhanced comparison of the Visual Inspection Zone (VIZ) and the Machine Readable Zone (MRZ) of the user’s uploaded identification documents and checks its authenticity by verifying hundreds of visual key features on the document simultaneously. There is also an additional option that detects and checks specific visual security features such as holograms and data from NFC biometric chips.
2. The person submitting the documents must be “live”
The second prerequisite requires the person submitting their documents to be “live”. This measure, extremely important to facial biometrics, is meant to protect us in a world where our biometric data is often accessible through a quick Google search or easily found on our social media channels.
As shown in Sink’s video above, hackers are already hard at work attempting to bypass these facial biometric platforms using presentation attacks. As evident in the video there are a number of “liveness” attributes that are being looked for but it is not yet entirely clear what they are or how to get around them.
After PXL Vision has verified the authenticity of the document and the liveness of the user, another step is made to ensure that the document also belongs to the user. The face verification tool compares the user’s face from the video-selfie to the photo printed on the identity document and/or stored on the NFC chip.
PXL Vision’s facial biometrics innovations
Because all biometric identity verification processes are vulnerable to sophisticated presentation attacks, the goal is to detect these attacks without introducing too much friction into the process.
PXL Vision and its proprietary passive liveness detection software finds itself on the cutting-edge of facial biometrics. By analyzing depth, texture and appearance and employing sophisticated deep learning algorithms, PXL Vision is able to lower fraud rates without causing customer abandonment of digital onboarding processes.
PXL Vision believes in a truly passive liveness detection approach that doesn’t require active participation by the user. It operates in the background, detecting features such as edge, depth and motion detection, as well as passive observation of features such as skin texture.
There is also an emotion analysis function in the works, which determines if the user is being forced to perform a verification. By capturing such a large amount of information in a single take, PXL is able to make a particularly fast decision with a higher than 99% accuracy rate.
Flexibility is key
Given the current backlog and immense need for a large number of online identity verifications, PXL Vision’s technology aims for a flexible and fully-automated approach with as little human involvement as possible. Of course, there will always be the option for a manual check as a backup if anything goes awry.
PXL Vision is the industry leader in facial biometrics and online identity verification
In addition to serving many customers across a variety of industries, PXL Vision provides the ID verification services to SwissID, the national standard in digital identity in Switzerland.
Get in touch with us today to learn more about our innovations in facial biometrics and how our flexible and modular product solutions can assist your business today.
Fake accounts, anonymous users and a multi-billion dollar sharing economy: What does it all have in common? Whether it’s homes, cars, bicycles or scooters for rent – if users can’t feel safe using sharing economy platforms, businesses risk losing their customers.
We take a closer look at how the sharing economy relies on selling safe spaces for the end-consumer, and some of the techniques businesses can employ to prevent the rise of fake accounts, anonymous users and fraudsters on their platforms.
What is the sharing economy?
The myriad companies that make up the sharing economy provide new ways for people to share and use everyday items. From transportation goods (car-sharing services such as Uber and bike-sharing & scooter-sharing services such as Lime) to temporary lodging, including Airbnb, Vrbo and Booking.com, the sharing economy is here to stay.
Alongside adding competition and making goods more accessible, the sharing economy has also helped foster more integrated communities, wherein individuals can share products and resources with one another.
The sharing economy has, in fact, redefined the way we think about property, creating a new economic model which focuses on the sharing and use of goods as opposed to outright owning and then storing goods when not in use. A common occurrence of past generations was to purchase goods (let’s say a bicycle, for example), use it occasionally and then store it in the garage or basement, perhaps forgetting about it, only to find it some years later in a state of disrepair and ultimately selling it or passing it on.
Today, if someone wants to occasionally use a bicycle, they can simply locate one via a smartphone app from an online bike-share provider (such as Mobike or Donkey Republic), use it, and then leave it for the next user.
The same also applies to temporary lodging too, such as with Airbnb, where individuals could offer all or part of their home to vacationers, often leading to unique stays whilst allowing the tourist to live like the locals.
Fake accounts and fraud in the sharing economy are growing
Both buyers and sellers depend on knowing precisely who they are dealing with. Consumers have the right to be comfortable in the knowledge that they can trust a stranger with their own and their family’s safety. And the sharing economy platforms have the duty of care towards their users to provide a safe and fair marketplace for all. In economics, this is known as “collaborative consumption.”
The sharing economy depends on the trust of other users to look after the products, lodgings and devices they share. A lack of trust only leads to adverse negative outcomes.
We take a look at some of the most outrageous examples of sharing economy fraud in recent years:
The great bicycle-sharing scandal
Bicycle sharing schemes have been one of the largest casualties of a poorly enforced and under-regulated sharing economy. As an environmentally-motivated answer to the rise of China’s massive car-ownership problems, several Chinese startups attempted to re-invent the sharing model using big data, ensuring large amounts of venture capital were invested in highly competitive group of global bicycle sharing giants from 2014 – 2018.
Traditionally, the bicycle sharing model was designed around designated drop-off stations for cyclists to lock their bicycles, which restricted users to an inflexible “docked” model. Where the Chinese model departed from this idea, users were no longer restricted to docking stations or drop off-points. As is the case with the overall sharing economy, the smartphone’s GPS had ushered in a new functionality, built on trust and access to almost unlimited user data.
Now that users were freed from restrictive drop-points, bicycles could be left almost anywhere within this ‘dockless’ system. As a result, thousands of bicycles were found strewn across canals, dumped in rivers, tossed across beaches and dunked in harbours all over the world.
Prominent venture capital firms that included Sequoia Capital and Tencent, each played a role in funding the downfall of this collaborative economic model.
Weak User Identity Verification Processes
The reason for this willful environmental vandalism in the bicycle sharing economy? A lack of user culpability and an overall weak identity verification system.
Mobike, for example, which still operates globally, only requires a telephone number and a small holding deposit (10 euros) to gain access to a bicycle. The value of the bicycles are obviously much greater than this token amount and the app’s poor security features (no additional document verification required) allow fake accounts to be easily registered. This encouraged some users to willfully take advantage of a poorly designed identity verification system.
If the user can expect no consequences for their actions, because they can stay essentially anonymous on a sharing platform, why would they be motivated to act appropriately without oversight?
Sharing operators face growing regulatory risk when they don’t secure their systems from launch. Singapore-based company, oBike, were the first to be kicked out of Australia in June, 2018. Victoria’s Environment Protection Authority (EPA) applied new pressure to sharing operators to clean up their act or face permanent bans when they didn’t comply with new bicycle sharing economy regulations.
E-scooter user growth treads a similar precarious path
Eventually, the rapidly-changing regulatory burden and willful vandalism of bicycles were so widespread, that some of the largest Chinese bicycle sharing companies went bankrupt and the venture capital dried up, along with the business model.
By 2019, just as the bicycle sharing model had warned, the rise of the e-scooter was also starting to face the same launch issues: poorly regulated identity verification apps, lack of transport planning and limited regulatory oversight were already causing headaches for governments and planning officials across the world.
When a user is positively convinced of their investment and participation in the sharing economy, economists call that form of motivation, “fractional ownership”. The lack of ownership or responsibility presents an opposite problem though, and is one of the driving points of failure within the underlying ‘sharing’ part of the sharing economy.
The Home sharing economy
Airbnb has more than seven million properties in nearly every city and country across the world. While testament to the stunning growth of the sharing economy, the sheer scale of these platforms lays bare the difficulties associated with confirming the identity of every single person who accesses or provides services.
Where platforms like Airbnb or Vrbo are concerned – the homeowners need to be reassured that they’re renting to legitimate people, and that any damages would be covered if things go wrong. For holidaymakers, it’s crucial to know exactly whose home you’re staying in, so having a user’s identity and credentials verified (and accurately) is vital.
A quick google search returns innumerable horror stories on the various scams and poor experiences that people have had with Airbnb. On the flipside, there are many people who have also had wonderful experiences. It appears to be human nature to report a negative experience than write about a good experience. And the bad reviews hurt the bottom line of Airbnb in a big way.
Financial interests to boost platform safety and accurate verification of users
An investigative story published on Wired exposes the degree to which fraudsters are willing to go in order to scam Airbnb’s users:
“Airbnb empires are being rapidly scaled and monetised, with professional operators creating scores of fake accounts, fake listings and fake reviews to run rings around Airbnb, local law enforcement and the guests who place their trust in the platform.”
The article describes how entire new buildings are being used as Airbnb units and being managed through a variety of international backdoors and secretive accounts to do so. These buildings were never zoned this way and would never have been approved if they were.
Another Airbnb scam involves rental scams. This scam appears worldwide, wherever people are looking for a place to live in a tight housing market (ex. Berlin). A rental place will be posted on a rental website like immobilienscout24.de for instance. Once contacted, someone will invite you to locate the place on Airbnb and make a down payment of 1 month.
As the saying goes, clearer heads prevail; but when you are desperate for a place to live, it is all too easy to jump on any rental offer that comes your way and even forgo seeing it in person before sending a deposit.
The longstanding not-for-profit Better Business Bureau, which operates in the North American market, recently published a report on the sheer size of rental scams occuring on room rental platforms. One survey, cited by the BBB, found that 43% of people using these sites in the United States encountered some sort of fraud. The survey points out though that more than 5 million renters in the U.S. have lost money in this way.
As part of its role, Airbnb is planning to verify 100% of all its listings by the end of 2020, but only after 5 people were tragically killed at a rental listed on its platform. Furthermore, Airbnb users regularly complain of having their accounts hacked. There are numerous websites and forums devoted to stories of Airbnb’s identity verification management systems failing and causing financial damage to users.
As Airbnb plans to launch its IPO in December, 2020, safety steps which include a thorough identity verification platform will be important to maintain consumer confidence behind the brand.
Ride sharing economy
There are currently around 4 million Uber drivers and 2 million Lyft drivers worldwide. Launched, respectively, in 2009 and 2012, the rate of growth of these two ride-sharing services is nothing short of incredible. Ride-sharing is certainly a pinnacle of the sharing economy.
However, due to the fast growth, less than sufficient attention has been given to the operations and the security of the platforms. There has accordingly been a huge influx of fake user accounts and scams run on the platforms.
It is not enough to publish an article or multiple articles on the scams that are out there. Not everyone will read them or follow up on them. And the scammers are always changing their methods to stay ahead of the game anyway.
Uber, for instance, is no stranger to fraud on their platform and much to their credit they have been actively fighting it by employing machine learning technology to stop the myriad scams.
These scams run the gamut from GPS-spoofing apps, where a scammer uses two phones to fake rides all the way to offering fake discounts on chat apps – all the while using stolen credit cards to pay for the rides.
Fake accounts and stolen cards leave ride sharing platforms exposed
The use of stolen credit cards and fake accounts across these ride sharing platforms is reported on by FICO, a data analytics company based in the US that primarily deals with credit ratings. They recently published a report on credit card fraud in the ride-sharing industry which demonstrated how criminals are overwhelmingly using these popular ride-sharing apps to “test” stolen credit card numbers to see if they work.
If fraudulent activity isn’t enough to convince you of the need for a more resilient online identity verification process, then perhaps another real problem of the ride-sharing economy will – sexual assault.
In Uber’s first ever safety report, the company revealed that there were 6000 sexual assaults over a two year span in the US market. While the media took this number and ran with it, a well-researched article on The Conversation points out that, while even 1 case of sexual assault would be too much, Uber’s numbers are lower than other transportation providers.
Of course, there is always a risk when you enter a car with a stranger, whether they have undergone a background check or not. And even though both Uber and Lyft are taking positive steps when it comes to preventing sexual assault and other crimes, they should aim for 0 cases of sexual assault.
The issue of these ride sharing apps is that they use a fairly unsafe digital onboarding process and neither Uber nor Lyft employs background checks on their drivers – and they certainly don’t meet with drivers in person before allowing them to begin work. This means that they should at least implement the most robust and technologically advanced online verification process available, such as that offered by PXL Vision.
Ridesharing apps are the wave of the future but it is still a relatively new technology. And with all new technologies, it is important that the industry continues to innovate and make its product safer for consumers. It is our belief that with a high-quality online identity verification technology in place, the amount of fraud and other harmful activities would go down. If both parties to a ride share transaction could be absolutely certain of the other’s identity then a more secure ecosystem would result.
In our related article on cybersecurity, we take a deeper look at this issue, and provide some essential practical tips for businesses trying to verify customers online – it’s especially relevant to the sharing economy.
How to prevent fake accounts in the sharing economy in 3 simple steps:
1. Identify the appropriate identity verification tool for each use case
A well-designed and flawless digital identity verification process is one that is able to prevent fraudsters from creating fake accounts in the first place.
Every sharing economy business has different needs, depending on how they onboard their customers and the level of risk their customers are exposed to. For example, a customer who hires a bicycle with false credentials is inherently less of a financial risk to a company than a customer who attempts to defraud a car-sharing or house-sharing business – though both are a burden on the industry.
Therefore, the type of identity verification technology/method will need to be scaled to ensure the level of risk is met. Sophisticated ID verification techniques (like facial biometrics) which are designed to weed out fake accounts with accuracy, are going to be vastly more useful than an email or social media single sign-on.
In fact, mobility and sharing economy businesses that act to ensure more secure onboarding techniques will also be more attractive to customers, safe in the knowledge that they are also protected from fraud when they rent a car or hire a vacation home for the summer.
2. Determine the most secure identity verification tool for your business
Various forms of identity verification methods in use today are used to authenticate and prove one’s identity. The most common and least secure method asks users for their email address to which a confirmation link is sent. The issue, of course, is that individuals can have an unlimited number of emails under just as many aliases.
Another method asks for a phone number to which a text code is sent which needs to be entered. This one adds a layer of inconvenience to would be fraudsters, but is still easy to spoof. A number of telecommunication resellers will happily sell you a sim card without any form of ID verification in many parts of the world.
Better methods ask the user to upload important documents or better yet to appear in a live video verification with an agent. Of course live video methods are costly to companies and can also be fraudulently worked.The best verification methods today use fully automated AI technologies for checking the authenticity of government issues identity documents, running facial biometric recognition to check whether the document belongs to the user and “liveness” detection to prevent people from using printed photos, video recordings or 3D masks held against a camera.
The smartest tool currently available on the market uses something known as ‘passive liveness’, which completely avoids the need to perform orchestrated instructions on camera (known as ‘active’ liveness) and significantly reduces customer dropout rates.
Make sure you read our article on passive liveness technology for more detailed information on this very interesting topic!
3. Focus on conversion optimisation
Not to be overlooked, the success of the sharing economy is not only reliant on the overall level of security and how those security features are implemented across different sharing apps, but the rise and subsequent fall of companies operating in this industry often point to one central area of neglect in the sales and marketing process: poor conversion optimisation.
Why is customer conversion key? Simply having a highly secure solution will not help if your users cannot navigate through the onboarding process confidently. It’s not enough to have users download your app, if they are going to bail on as soon as they become frustrated by an inflexible product solution that focuses too much on the tech and not enough on the customer experience.
Have you ever used an app that was difficult to follow, took more steps than necessary to authenticate identity and still failed at the last step? This is where we encounter the term ‘dropouts’ and it’s considered one the largest headaches customers can face during customer onboarding. Compared to national banks or government ID schemes, where security and compliance remain the top priority, the sharing economy only succeeds when conversion and simplicity work side-by-side with the right technical solution.
Can we help?
PXL Vision is the Swiss market leader for a highly secure and fully automated AI-based identity verification solution. PXL Vision’s uniquely flexible technology supports any customer requirement and business process worldwide. Our technology is market-proven and trusted across industries, including Swiss ID, which provides a simple and secure login for a number of prominent services across Switzerland.
To help you get started with your identity verification needs, get in touch with us today and we can help you evaluate the best solution for your business’s needs.
Flexibility is key for digital businesses. Yet all too often, the development of companies is hampered by inflexible solutions that cannot accompany them on their international growth journey. This also holds true for businesses that seek flexible online identity verification solutions. In order to scale globally, companies need a software solution that is flexible enough to deal with a multitude of different compliance, business and financial requirements as well as engineering constraints.
As consumers increasingly conduct their commercial activities online or on mobile, companies are following suit by investing in state-of-the-art software platforms to manage their customers’ trusted digital identities in a secure way, right from the onboarding stage and beyond.
While doing so, companies have to fulfill the demands that customers, regulators, as well as other factors put on them. They have to create interactions with their customers that are built on trust, while optimizing the user experience and preventing fraud.
How to deal with the challenges of scaling globally
This alone will be enough to give a company’s compliance staff a headache. Yet, it becomes even more challenging when considering the various constraints they have to fulfill when a company scales internationally.
Globally there are thousands of ID types, comprising biometric passports, national IDs and driver’s licenses – issued by 196 countries and territories. Identity verification solutions need to be able to recognize every single document type. However, not all of these documents may be machine-readable. For example, biometric passports are fairly harmonized across the globe, but documents such as drivers licenses are not.
This is why companies need to deploy a scalable and flexible software solution if they want to be able to verify a document bearer’s identity.
At the same time, not all countries have the same regulatory maturity and thus require different features and functions – setting aside the fact that customers in country A might not be familiar with the user journey in country B. An inflexible software solution could therefore become a real obstacle to scaling internationally.
Besides the need to be able to deal with myriad documents, regulations, and customer habits, there are some other overarching constraints that companies in any sector will face when deploying an identity verification software solution. Some of these relate to engineering challenges, others to general compliance requirements.
Platform-agnostic design ensures flexible online identity verification
An online identity verification solution should be flexibly deployable across different platforms – on the web and on mobile. Even greater flexibility comes when the software solution can be used as a stand-alone product or integrated into a company’s own app.
So, how can we ensure a flexible online identity verification solution that works for all businesses? In general, the ideal flexible software solution has to be able to authenticate the ID document, match the user’s face to the ID photograph, and check for the user’s liveness. It needs to be able to accurately extract information from the machine-readable and visual inspection zones through the fully automated real-time capture of the document using the smartphone’s camera.
The software needs to be flexible enough to work equally well on iOS and Android, and also perform under the technical constraints of any mobile phone camera. When authenticating an ID document, the software will automatically do a forgery check and validate the ID’s various security features, such as a hologram and lenticular.
Furthermore, any decent software solution has to offer the company peripheral services and tools to support end-to-end identity verification and the onboarding processes.
These may include:
- Scanning and processing of barcodes or QR codes,
- Background checks against various government databases such as lists of politically exposed persons (PEP) and sanctions lists, and
- Undertaking a facial recognition check against existing user databases – all in a matter of just a few seconds.
Besides these demands the software has to fulfill the strictest data privacy settings and do so equally well integrated into a software as a service (SaaS), i.e. cloud-based solution, and in its on-premise variety.
A flexible online identity verification solution should relieve your compliance department
There are many compliance procedures that all companies have to adhere to globally. For example, the European Union’s (EU) General Data Protection Regulation (GDPR) applies to all companies that conduct business in the EU. Likewise, all companies are bound by general and sector-specific know-your-customer (KYC) requirements.
Compliance is important, yet it is also expensive. It has created a lot of overhead for companies and tied up many of their employees in unproductive tasks. A flexible software solution that automates most of the required procedures will aid companies tremendously.
Use case-specific online identity verification is key: Three solutions you should consider
Every use case is different: while telecommunications companies need to optimise for conversion, a bank or a national ID card scheme are driven by the most stringent compliance requirements and security standards. The ideal identity verification solution is flexible enough to accommodate them all.
Here are three industry-specific solutions to keep it mind when it comes to strong online identity verification:
1. Direct banking:
Banking is a line of business in which compliance requirements are extensive. In the European Union (EU), banks have to comply with anti-money laundering (AML) regulations such as AML5, the revised Payment Services Directive (PSD2), other relevant KYC procedures, as well as privacy regulations such as the GDPR.
With many new regulations having been introduced over the past years in all major jurisdictions, the compliance department has become the biggest of all in most banks – whether they are direct or retail.
Fulfilling strict KYC mandates is a cumbersome process with high costs, a lot of friction, and long processing times. This highlights the importance of online identity verification solutions. So-called “challenger banks” or “neobanks” were early adopters of these technologies and that is one reason why they have leap-frogged established banks in many ways.
Telecommunications providers are legally required to perform an identity verification when they onboard new customers. In the past this was accompanied by cumbersome manual processes, which in turn led to high drop-out rates and added significant costs. Customer experience suffered as a result of having to come to a store, while online sales growth languished.
Likewise, telecommunications companies were also frequently exposed to fraud by bad actors showing fabricated ID documents at the point of sale, tricking their shop floor staff into authorizing a sale.
A flexible software solution to onboard new customers can solve these problems. Most telecommunications companies already have a customer-facing smartphone app. Why not implement an option to access telecommunications products and services remotely and thus create a compliant, secure, and convenient solution for both customers and retail employees?
3. Sharing economy
All sharing or gig economy platforms have one thing in common that is integral to the success of their business: they must establish trust – both among the platform users and between the individual user and the company. Yet it is still surprisingly easy to remain anonymous on these platforms.
For a small community platform, this might not be a problem at all and therefore, no huge verification process is required. But think about companies like AirBnB: They scaled from a small website to a billion dollar company. If your solutions, (e.g. for identity verification), cannot keep up, your company will struggle to reach a certain size.
Platform businesses require a simple and flexible solution that includes enough security features to meet their needs while satisfying the demands regarding customer experience.
Nevertheless, if you are planning to go big, you need to plan ahead when it comes to your software.
How PXL Vision helps you stay flexible
PXL Vision’s technology serves the needs of any industry. Our software can swiftly and easily be deployed as a cloud or on-premise solution for full flexibility and independence, allowing complete customization of your end-to-end identity verification and onboarding process. It is up to you: you can choose a plug-and-play solution and start right away or configure the technology to your very own needs.
Click here to learn how PXL Vision’s flexible identity verification technology can help your business scale.
Have you ever asked the question, “What is digital identity verification?” and wondered what some of the industry best practices are? In this digital identity verification guide, we examine how different regulatory and technological frameworks affect online ID verification and which methods can be of help to your business during the customer onboarding process.
What is identity?
Synonyms of “identity”, as defined across various thesauruses, include: name, oneness, uniqueness, character, individual, existence and so on. In a technological context, digital identity is or should be unique to an individual, prove their existence and define their attributes. The verification of an individual’s name, identity and existence has long been a requirement of complex human societies, especially when concerning the transaction of goods and services.
Today, various forms of identity verification methods are used to authenticate and prove identity, seamlessly blurring the lines between identity as an instrument to verify and as a way to prove “liveness”, ensuring the person who is authenticating their identity is actually a real person and not a fraudulent actor.
Online identity for digital transactions
Whether it takes place within an e-commerce framework or for the purposes of furthering social equality through governmental redistribution, the accurate verification and authentication of an individual’s identity in the digital world is crucial to the functioning of society and the successful application of several different industries ranging from the sharing economy to gaming and banking businesses.
Prior to the advent of our modern communication channels (esp. the internet), transactions were often face-to-face, involved eye contact and usually concluded with a handshake. In this way, the parties involved could ascertain whether or not the other party was acting honestly and whether or not they were who they said they were. Though not totally free from fraud, meeting in-person offered a level of authentication that was and still is hard to beat.
However, a great deal of transacting now takes place online – a tendency which has been greatly amplified by the ongoing Corona pandemic. Thus the verification of one’s identity (built around the standards of liveness we defined earlier in this article) is of growing importance as more industries take their services online.
Identity fraud: Calculating the global impact
News stories of online identity fraud are common across the world. A 2018 report by the London-based Fraud Advisory Panel listed fraud as one of human society’s greatest threats, a risk that dates back to the dawn of human civilization. In fact, fraud has infiltrated all stages of our technological progress in communication over the ages, from the early days of the telegraph and the telephone – right through to the advent of television – and certainly now with the internet.
Perhaps we should not be surprised to learn that our personal identity data is among the most valuable commodities on earth.
Every time there is another large-scale hack of personal identity data, thousands of gigabytes of highly-compromising data are eventually sold across underground darkweb markets. The data often comprises various identity components such as name, address, date of birth and encrypted passwords – but it can also be much more revealing when it comes to our identity and financial documents, including government ID / social security numbers, drivers licence numbers, etc.
In the last 10 years, some of the largest data breaches have also included some very famous brand names:
- LinkedIn, 2012 & 2016: 172 Million user accounts
- Ebay, 2014: 145 Million user accounts
- Equifax, 2017: 147 Million user accounts
- Marriott International, 2014 – 2018: 500 Million user accounts
- Canva, 2019: 137 million user accounts
- Yahoo, 2013-14: 3 billion user accounts
These data hacks represent some of the most popular websites in the world and yet, regardless of the company’s balance sheet or the presumption of online security – no company is truly immune from fraud.
Data is the new oil
Data breaches cost the economy a whole lot of money. How much? First we have to quantify it at a granular level.
In 2017, the Economist magazine stirred controversy when it published a headline that proclaimed data (and not oil) was then the world’s most valuable commodity. But it’s not as strange as it sounds. Like any digital platform, stolen data also needs a place to transact between buyers and sellers.
For example, while oil trades for roughly $US40 a barrel on international markets (October, 2020), a cloned American Express card with the PIN is worth roughly one barrel or $US35 according to a global resource known as the Dark Web Price Index 2020. This is the place to go if you’re curious about the value of your personal documents and the value they hold among criminals.
It’s both frightening and eye-opening.
Stolen Paypal accounts start at roughly 5 times the price of an oil barrel ($US193), while a US driver’s licence rated as ‘high quality’ is worth 12.5 times the price of oil or $US500. The most important identity documents are also worth the most on dark web markets: Stolen US or European Passports usually sell for $US1500 or 37.5 barrels of crude oil.
On a macro-economic level, international tax advisory and risk firm Crowe described the global impact of fraud and the cost to businesses in the latest Financial Cost of Fraud guide. The numbers speak for themselves: Global losses of fraud equated to 6.05% of total global GDP in 2019, equal to $US5.127 trillion dollars, a figure so high, only the recent impact by COVID-19 provides some comparison of the financial impact.
Since the global financial crisis of 2008, fraud has grown 56.5%, averaging 4-7% per year. Crowe writes that the average organisation can expect losses caused by fraud to average around 3% – 6% of their balance sheets. In our related article on cybersecurity, we dig a little deeper about how to manage these digital threats and identity the top 5 tips to keep you safe online.
Not all online platforms are equal when it comes to digital identity verification
How can we use identity as a tool to transact goods and services online and stay safe while doing so? By insisting on stronger digital identity verification requirements.
While most forms of online transacting require the verification of one’s identity, the actual level of verification required differs from platform to platform and the regulatory framework that governs the industry where the product or service is based.
For instance, Ebaykleinanzeigen, a popular platform for buying and selling used goods in Germany, asks only for an email address to establish user authentication. An email of course, can easily be faked. Thus, both buyers and sellers on the site are warned to trust their instinct and to only deal locally and in person. Instinct – though it may be critical to human evolution – is a less than ideal way to measure online risk accurately in the digital 21st century.
And also in Germany, online bank N26 requires all new users during its onboarding process to identify themselves via a live video-identification chat with a human operator. And that’s in addition to sharing highly personal details such as passport and other supporting documents with this operator. This manual method of identity verification is not optional either: It is in fact regulated by a stringent legal framework governing all financial institutions (also known as AML or Anti-Money Laundering checks) that operate within Germany.
In October 2020, TechCrunch (via German weekly magazine Wirtschaftswoche), reported that N26’s customer onboarding processes were found lacking, allowing some fraudulent documents to pass unnoticed and signaled a systemic issue with the bank’s digital identity verification process.
More than a year earlier in May 2019, BaFin (Germany’s Federal Financial Supervisory Authority) issued an order against N26 to “improve its internal safety measures” and to “comply with general Customer Due Diligence (CDD) obligations”. These security gaps demonstrate that all financial services, whatever the size and scale, are just as vulnerable to fraud as the smallest startup. And that’s why Identity verification protocols matter so much – brand reputation is at risk if companies fail to take the issue seriously and address it early.
To date, Germany does not allow the use of biometric facial verification in the banking / financial services sector without a human intermediary to digitally onboard customers. Given this, it is entirely possible to question the accuracy of human operators to verify identity versus the advanced computational power of a machine learning algorithm.
Who would you rather trust?
Why a computer out-performs humans when it comes to identity verification:
- People tire easily when tasked with repetitious work. Fortunately, computers do not suffer from fatigue.
- People can unknowingly share biases towards different faces.
- People are less well-equipped to verify online identity the way a deep learning algorithm can. Can you spot hundreds of subtle changes on another person’s face? A computer is trained to do exactly this.
Different regulatory requirements for digital identity verification
It is generally accepted that opening an online bank account should require a more stringent verification process than signing up for an account allowing users to buy and sell second hand goods. For example, online financial institutions in the EU are governed by the AML5, eIDAS and PSD2 regulatory frameworks, all of which seek to limit financial fraud online.
The governance and use of digital identity verification by businesses and governments is rapidly evolving not only in the EU but also around the world. For instance, there was a time not too long ago when EU businesses transacting in the blockchain industry only required individuals to upload documents and selfies “proving” their identity and current address. This practice came to a swift end with the implementation of the above mentioned AML5 legislation, after it was upgraded from the AML4 standard. The EU blockchain industry had to then comply with the same KYC/AML rules that governed the rest of the financial sector, as in the case of N26 above.
Digital Identity Verification Methods Explained
To accurately verify and authenticate identity, three main ID verification processes have emerged and are often used in tandem during digital onboarding:
- Document verification
- Biometric facial verification
- Liveness detection
1. Document Verification
This solution allows users to get verified with a scan of a government-issued identity document. ID documents (such as a passport or national ID card) are very useful when it comes to verifying identity, particularly as these documents perform a critical regulatory or compliance step during digital onboarding.
The setup is simple: A user only needs a smartphone or desktop camera to scan their ID and process the results almost instantly. But that simplicity can have a downside too. Government-issued documents can be faked, and as you’d expect, there are different levels of quality when it comes to document tampering.
Determined fraudsters will try to find any opportunity to test a system’s weak points and a falsified document is among the most basic of attacks used. Companies need to take this into account when they select a digital identity verification vendor to ensure the safety of their customers and the integrity of their onboarding process.
What they don’t tell you about document verification:
Most digital identity verification solutions claim high pass rates as well as broad document support worldwide. However, many vendors still heavily depend on human interaction in the verification process, employing armies of back-office agents who manually check the verification results.
This not only has an impact on the user experience and overall process speed, but it also poses a significant privacy risk since it is not clear where the data really ends up during the verification process.
The PXL Document Verification Solution
At PXL Vision, we provide a highly secure and fully-automated document verification solution that offers best-in-industry support, including:
- Simple and seamless point-and-shoot user experience – no picture taking and uploading needed
- Automatic detection of identity documents globally, without preselection
- Automatic extraction and verification of document data (MRZ & VIZ) verification of document authenticity using a pain-free, intuitive method
- Authentication of the NFC biometric chip for maximum security
- Intuitive validation of deep security features (holograms, lenticulars, kinegrams etc.)
The user’s documents are then checked for authenticity and then compared to the face scan, which also has built-in liveness detection capabilities (we discuss more about this below).
2. Biometric Facial verification
Facial biometric solutions now provide an almost fully-automated identity verification experience without the downsides of a human operator or the costs associated with higher dropout rates.
In the broader identity verification market, facial verification software vendors tend to offer overly-homogenized and standardised products (e.g. Amazon, Microsoft, etc) and most of these generic solutions are primarily designed to work under ideal lighting and within ‘perfect’ onboarding settings or even controlled hardware environments, where the initial facial scan is unlikely to run into any challenging characteristics that might interrupt or interfere with the digital onboarding process.
What they don’t tell you about facial verification:
Many of these solutions lack the primary ability to adapt to different challenges that regularly pop up during routine customer onboarding and are not optimized for the specific use cases.
During customer onboarding, specific challenges include:
- Poor document photo quality
- Aging of the person
- Beards, glasses and make-up
- Poor lighting conditions and uncontrolled user environments
Therefore, it’s crucial to have a perfectly-tuned solution that is designed to perform optimally under multiple use cases.
3. Biometrics: Liveness Solutions
Identity verification vendors offer different liveness solutions to their customers, but most approaches generally use ‘active’ liveness detection, which requires a user to perform liveness instructions from facial movements to eye blinks and head twitches in order to ‘prove’ they are a real person (sometimes referred to as a ‘challenge response’).
As one might predict, the active form of liveness detection has a few obvious downsides:
- End-users are more likely to experience uncomfortable dropouts due to software limitations.
- A higher number of ID verification attempts ends up costing businesses more money across the onboarding process.
- Results in more unhappy customers and higher customer abandonment rates.
What they don’t tell you about Liveness solutions:
When vendors refer to liveness detection technology, they often conveniently forget to differentiate between the two different technolgical solutions: active vs. passive.
Comparatively, passive liveness detection is an advanced machine-learning based approach, which minimizes the risk to customer onboarding processes by removing the need for complex liveness instructions. A streamlined ‘passive’ approach to facial authentication only requires a simple, fast (and some might add, hassle-free) selfie video.
Passive Liveness is the preferred solution, because:
- It has the added benefit of being less prone to fraudulent spoofing attempts by scammers and fraudsters.
- Requires no active active participation response.
- Improves the overall end user-experience by helping customers to quickly complete their onboarding registrations without dropouts.
How to drive efficiencies for business:
Combining these three key elements in a secure and automated ID verification process can drive significant efficiencies, reducing the cost of customer onboarding, minimize fraud and drive sales conversion by opening new channels for businesses to serve their customers.
Our vision for streamlined online identity verification management
PXL Vision offers a passive liveness biometric facial authentication solution that can accurately onboard customers without the dropout rates of traditional identity verification methods. Our A.I-driven software is a flexible solution, completely customizable and easily implemented into your customer onboarding process.
Reach out to us at sales to chat more about how we can help your business achieve its identity verification goals.
Deepfakes, masks and even cut-out photographs: there are multiple ways in which fraudsters can spoof customer onboarding and authentication procedures. Companies need to stay alert to these threats. Advanced biometric authentication and anti-spoofing solutions such as passive liveness detection can help businesses stay ahead of the game.
With the pervasiveness of online and mobile transactions, scams and other fraudulent activities have also become much more prevalent. It is simply a must for companies to invest in up-to-date security measures, and this is especially important when it comes to digitally verifying customer and user identities. In order to protect themselves against fraudsters, companies should implement stringent customer authentication procedures – both at the onboarding stage and beyond.
Facial biometric technologies such as liveness detection solutions can greatly help companies during the onboarding process. The key part of any such biometric authentication solution is that it uses computer vision and deep learning algorithms to detect “liveness” or “presence” in a person — something that goes way beyond the more commonly known concept of facial verification.
Whereas facial verification only establishes that the face in front of the camera corresponds to another, potentially already enrolled face, liveness detection clarifies whether there is a real, live person present, or whether the data stems from an inanimate object — a “spoof” as it’s called.
According to university researcher Dorothy Denning, who coined the term “liveness”, the crucial insight regarding liveness detection is that since a user’s most important biometric data point — his or her face — cannot be kept secret, a biometric identity verification system cannot rely on secrecy, but must rely on a quality intrinsic to the user’s identity — being alive.
The difference between “active” and “passive” liveness detection
Software solutions that are currently in use rely on two different types of liveness detection: Active and passive. A solution is called “active”, if it requires the user to do something in order to prove that he or she is a live person. Usually a user would be required to either turn their head, nod, blink or follow a dot on the phone’s screen with their eyes. With the “passive” approach on the other hand, the user doesn’t have to do anything. That ensures a more streamlined and hassle-free experience for the end-user.
The active approach has been shown to be fraught with difficulties though, and can easily be spoofed by fraudsters in a so-called “presentation attack”. Bad actors can easily trick the system by using a host of different gadgets or “artifacts”, some of which are quite low-tech.
For example, an active liveness detection system that requires users to blink can easily be spoofed by a person wearing a print-out photograph of the individual they are impersonating with a cut-out where the eyes would be. They essentially “wear” that photograph over their face, with their own eyes looking through the cut-out and blinking when required to. More sophisticated hackers have also found ways to overcome active liveness solutions using attack vectors such as deepfakes or video replays.
For more info on the differences between active and passive liveness, make sure you take a look at our liveness detection FAQs on the subject. Here you will find many of the most common questions about this technology answered here too.
Why passive liveness detection is the better anti-spoofing solution
In order to most effectively guard against these types of presentation or spoofing attacks, companies are increasingly relying on “passive” liveness detection software. With passive liveness detection, the user has to do nothing while the software is running in the background.
In fact, users — and potential fraudsters too — may often not even be aware that an identity verification check is taking place.
Four reasons why passive liveness detection is superior to active liveness:
- It closes security gaps in facial biometric systems
- It makes for a smoother process
- It is faster
- It lowers drop-out rates significantly
1. It closes security gaps in facial biometric systems
Passive liveness detection technology runs in the background without users even realizing that it is occuring, so-called “security through obscurity”. It detects features of presentation attacks such as edges, texture and depth to clearly distinguish a live person’s face from an inanimate or spoofed face. It also cannot easily be tricked by animation software that mimics facial expressions, such as smiling or frowning. It can deal with attack vectors such as deepfakes, masks, dolls and so on.
2. It makes for a smoother process
As passive liveness detection is not based on user interaction, it provides a much smoother identity verification process. Using their smartphones, users take a picture of their ID document and in a second step, verify themselves by taking a selfie with their smartphone camera. They don’t need to nod, turn their head or blink (in the active style). This improves user experience significantly.
3. It is faster
The entire passive liveness detection process takes only a couple of seconds. No instructions or manuals to follow. In a process that users in general do not enjoy going through, this can save you significant trouble.
4. It lowers drop-out rates significantly
With active liveness detection requesting actions that can be misunderstood, hard to follow or just ignored – the process can be interrupted at various points. This results in frustrated users dropping out and thus not creating any revenue for the company. As the process with passive liveness detection is fast and simple, major stumbling blocks toward onboarding the user have been removed.
The benefits of passive liveness detection that accrue to companies are clear:
- Higher sales conversion rates
- Lower onboarding costs
- Increased protection from fraudsters and other bad actors
Toward a frictionless user experience
PXL Vision’s passive liveness solution is optimised for conversion, which means significantly fewer dropouts. The seamless integration of PXL Vision’s technology with a cloud or on-premise solution guarantees a frictionless user experience. This translates directly into higher onboarding numbers.
PXL Vision’s software solution is independent of hardware — it can be used on a cheap smartphone as well as on a top-of-the-range device. Its software solution is highly secure, tested to the highest standards and market proven. On top of that, it is extremely fast and can complete the entire verification process within seconds.
Contact us to learn how your business can lower its costs and improve its digital onboarding requirements with PXL Vision’s passive liveness detection solution using our flagship identity verification product, Daego.
There is little doubt that digitisation has made our lives easier. Instead of going to a shop or to the bank for every purchase or transfer, we tend do it online or on mobile. However, this simplicity has come at a price: We are now more exposed to digital security risks – and often unaware of who we are dealing with in an digital interaction, especially as a customer’s true digital identity may not always be known at first. In this article, we discuss five cybersecurity tips that can help you to re-establish trust online and ensure a safe and secure online identity verification process for your customers.
Are your customer’s cybersecurity threatened by digital marketplaces fostering anonymous digital interactions?
Digital platforms make it much easier to stay anonymous online. That’s great for digital privacy, but not so good for data security.
In the course of rapid digitisation, diverse digital business models have emerged. Both the marketplace economy and the shared economy are examples of this phenomenon. The idea behind it is as follows: unused resources, be it one’s own car, home or other everyday items, are offered for temporary use or sold on digital platforms.
Companies offer digital solutions to make the process as smooth and simple as possible. You simply select the desired object, confirm the intended period of use and transfer the fee or purchase price. Neither a conversation nor a personal meeting are necessary to conclude a deal.
Digital Security: How can we learn to trust strangers online? What role does online identity verification play?
What sounds pleasant at first, may quickly become a challenge. The problem: personal interaction is simply missing.
People no longer get to know their business partners in person, but instead communicate with strangers. Nowadays, profiles on platforms, user accounts on eCommerce sites or posts on social media – serve as proof of a person’s existence.
But should we really trust this information? What applies to communication between private individuals naturally also matters a great deal for companies.
As the owner of an online shop or platform, how do I know that my users or customers are genuine? The telecommunications and financial services sectors already face far-reaching regulatory requirements in this area with regard to compliance. In other sectors, however, legislation is still in its infancy.
But time is of the essence and a look at the figures shows that these questions are not trivial. According to a report by Javelin Strategy, identity fraud caused damages of around USD 16.9 billion last year alone.
Yet the problems are manifold and go way beyond mere identity theft. It also happens that users order something without even being able or willing to pay for the item. They provide false identities or addresses and deliberately deceive merchants and other service providers about their age or other characteristics. This is where accurate and streamlined online identity verification plays a role.
How do companies ensure they know each customer’s real identity?
Here are five best-practice cybersecurity tips to consider to ensure a secure verification process:
- Avoid simple single sign-on solutions (SSO) and social logins
- Telephone verification is not a solution for secure identity verification
- Don’t turn your employees into gatekeepers
- Rely on government-certified documents to enhance your digital security
- Use technology as an independent supervisory authority
1. Avoid simple single sign-on solutions (SSO) and social logins
Single sign-on solutions or social logins, where users log in via their social media profile, are popular with many companies, as they not only reduce the complexity of multiple passwords, but also improve the user experience. But these solutions simply are not trustworthy enough.
Even if the provider’s guidelines state that users must use their real identity, the providers in question can only ensure this to a limited extent. Even if some providers now ask for a telephone number in the course of two-factor authentication, there are simple ways to outsmart these systems. Bots that can be used to create fake email addresses en masse, are widely offered on the Internet
2. Telephone verification is not a solution for secure online identity verification
It is not only telephone numbers that are easily forged today. With the latest technology it is now also possible to fake even entire conversations. Just recently, Google has demonstrated this impressively with “Duplex”. A voice assistant was able to simulate a fairly credible customer conversation – including the typical filler words such as “hmm”. In combination with corresponding databases on users, knowledge-based authentication (KBA) can thus easily be circumvented.
3. Don’t turn your employees into gatekeepers
Now one could assume that your employees have an understanding of your customer base. But do they recognise fake profiles and fraudsters by their behavior? Well, that may be the case with crude phishing attempts or scam mailings. But to make an error is human. And the phenomenon of social engineering, which exploits human character traits like helpfulness, trust, fear or respect of authority, is becoming increasingly untrustworthy. So when people succeed in convincing others of something in a face-to-face conversation, just imagine how easy it is in the digital world.
4. Rely on government-certified documents to enhance your digital security
Already being a common practice in the financial sector, the use of official documents for identity verification should be urgently introduced in other sectors as well. Today, official ID documents contain a multitude of security features that are difficult to manipulate, making them predestined for professional authentication. Even though it might not be mandatory for your industry: Verifying users via their ID card or other official documents provides you with a high level of security and reliability. Plus: this one additional security measure imposes hardly any additional effort for you and your customers.
Many companies still avoid the use of ID documents because of the prejudice that this is too great of a hurdle for the user. However, modern verification technologies used by PXL Vision can easily read and extract the data and other security features from documents without heavy user activity being necessary. Official documents can be reliably verified for authenticity within seconds, giving you the assurance that the information belongs to a real person and ensure accurate online identity verification.
5. Use technology as an independent supervisory authority to verify online identity
The safety and security of your customer’s online identity can only be guaranteed with the best technological approach. Many things can be forged today and both software and people can be fooled. But when it comes to how prone something is to errors, technology is vastly superior to humans, especially when these errors can effect how successful you are in performing accurate online identity verification.
Your employees (no matter how well trained they are), can make mistakes. They get tired, have conscious or unconscious biases, as well as preferences and personal motives. They can be tricked with social engineering techniques and their sensory organs can be fooled. A machine, on the other hand, is less prone to such weaknesses and can make decisions in a more neutral manner – and it can do so all around the clock.
We can help
Contact us to learn how PXL Vision’s online identity verification platform can help make your business more secure without damaging the interactions you have with your users.
Zurich, 20th May 2020 – ETH spin-off PXL Vision has developed an AI-based software platform to deliver secure, automated identity verification. The company has now received CHF 4.6 million in a seed financing round to expand its technology and grow internationally. The financing round was led by SIX Fintech Ventures. Other investors include ZKB, High-Tech Gründerfonds, Arab Bank and the experienced business angels Beat Schillig and David Studer.
Billions of personal datasets are stolen every year and are frequently used for fraudulent purposes. Trust in digital interactions is therefore crucial. More and more companies are now moving towards verifying their customers’ identities beyond any doubt. They need digital solutions that are secure, cost-effective, easy to use and compliant with regulatory requirements.
Flexible identity verification in real-time
PXL Vision has developed a digital KYC verification platform that offers a great deal of flexibility to its business customers and is highly modular compared to competitor products. The platform uses Artificial Intelligence in order to verify an identity document in real-time using the smartphone camera, and to confirm the user identity via a liveness check and a face comparison with a video selfie, all with minimal user interaction. Alongside SwissID, the leading Swiss identity provider, several large companies such as Sunrise, Salt, UPC and ZKB rely on PXL Vision’s technology. There are many application fields: from closing a mobile phone contract online, regardless of location, to opening bank accounts electronically within a few minutes, such as with ZKB’s Frankly app for pension savings.
Growth financing completed
Since its foundation three years ago, PXL Vision has established itself on the Swiss market. The team has grown from four to over forty and PXL Vision has been recognized with important entrepreneurial prizes such as the Swiss Economic Award 2019, the W.A. De Vigier Award 2019, and the Swisscom Startup Challenge Award 2019. The company has also successfully completed both the SAP.iO and the F10 Fintech Incubator & Accelerator programs.
“Having demonstrated that we can compete against large and established suppliers in a very competitive market, it is now time to expand beyond national borders,” says PXL Vision CEO Michael Born. Together with Nevena Shamoska, Roxana Porada, Lucas Sommer and Karim Nemr, Born founded PXL Vision in 2017. The experienced interdisciplinary management team had already worked together for several years at Dacuda AG and successfully sold Dacuda assets to Florida-based Magic Leap in February 2017 before founding PXL Vision.
In order to be able to grow even more quickly, PXL Vision has raised CHF 4.6 Million (USD 4.7 million) in seed funding. The financing round was led by SIX Fintech Ventures, the Swiss Stock Exchange VC. The other investors are ZKB, High Tech Gründerfonds and Arab Bank, as well as the experienced Business Angels Beat Schillig (IfJ) and David Studer (Xovis).
“PXL Vision’s unique AI technology and innovation pipeline, its flexible and modular product portfolio and the impressive track record of its experienced management team convinced us. We fully expect PXL Vision to become one of the leading providers of digital identity solutions worldwide,” says Andreas Iten, Head of SIX Fintech Ventures, who will support PXL Vision in the coming growth phase as a member of the management board.
The access to growth capital will enable PXL Vision to further expand its product portfolio and enter new markets and industries. The financing is intended to help PXL Vision move forward rapidly: “We are investing primarily in the intelligence and scalability of our technology, as well as in the international expansion of the business. We will substantially expand the sales, marketing and development teams to further drive growth,” says Karim Nemr, PXL Vision’s Chief Business Officer.
About PXL Vision
PXL Vision AG is a high-tech spin-off of the Swiss Federal Institute of Technology (ETH). PXL Vision offers leading solutions to autonomise and improve identity verification and customer onboarding through automated software solutions, based on the latest developments in computer vision and machine learning. PXL Vision is headquartered in Zurich, Switzerland, and has R&D centers in Novi Sad, Serbia, and Yerevan, Armenia.
PIABO PR GmbH