Have you ever asked the question, “What is digital identity verification?” and wondered what some of the industry best practices are? In this digital identity verification guide, we examine how different regulatory and technological frameworks affect online ID verification and which methods can be of help to your business during the customer onboarding process.
What is identity?
Synonyms of “identity”, as defined across various thesauruses, include: name, oneness, uniqueness, character, individual, existence and so on. In a technological context, digital identity is or should be unique to an individual, prove their existence and define their attributes. The verification of an individual’s name, identity and existence has long been a requirement of complex human societies, especially when concerning the transaction of goods and services.
Today, various forms of identity verification methods are used to authenticate and prove identity, seamlessly blurring the lines between identity as an instrument to verify and as a way to prove “liveness”, ensuring the person who is authenticating their identity is actually a real person and not a fraudulent actor.
Online identity for digital transactions
Whether it takes place within an e-commerce framework or for the purposes of furthering social equality through governmental redistribution, the accurate verification and authentication of an individual’s identity in the digital world is crucial to the functioning of society and the successful application of several different industries ranging from the sharing economy to gaming and banking businesses.
Prior to the advent of our modern communication channels (esp. the internet), transactions were often face-to-face, involved eye contact and usually concluded with a handshake. In this way, the parties involved could ascertain whether or not the other party was acting honestly and whether or not they were who they said they were. Though not totally free from fraud, meeting in-person offered a level of authentication that was and still is hard to beat.
However, a great deal of transacting now takes place online – a tendency which has been greatly amplified by the ongoing Corona pandemic. Thus the verification of one’s identity (built around the standards of liveness we defined earlier in this article) is of growing importance as more industries take their services online.
Identity fraud: Calculating the global impact
News stories of online identity fraud are common across the world. A 2018 report by the London-based Fraud Advisory Panel listed fraud as one of human society’s greatest threats, a risk that dates back to the dawn of human civilization. In fact, fraud has infiltrated all stages of our technological progress in communication over the ages, from the early days of the telegraph and the telephone – right through to the advent of television – and certainly now with the internet.
Perhaps we should not be surprised to learn that our personal identity data is among the most valuable commodities on earth.
Every time there is another large-scale hack of personal identity data, thousands of gigabytes of highly-compromising data are eventually sold across underground darkweb markets. The data often comprises various identity components such as name, address, date of birth and encrypted passwords – but it can also be much more revealing when it comes to our identity and financial documents, including government ID / social security numbers, drivers licence numbers, etc.
In the last 10 years, some of the largest data breaches have also included some very famous brand names:
- LinkedIn, 2012 & 2016: 172 Million user accounts
- Ebay, 2014: 145 Million user accounts
- Equifax, 2017: 147 Million user accounts
- Marriott International, 2014 – 2018: 500 Million user accounts
- Canva, 2019: 137 million user accounts
- Yahoo, 2013-14: 3 billion user accounts
These data hacks represent some of the most popular websites in the world and yet, regardless of the company’s balance sheet or the presumption of online security – no company is truly immune from fraud.
Data is the new oil
Data breaches cost the economy a whole lot of money. How much? First we have to quantify it at a granular level.
In 2017, the Economist magazine stirred controversy when it published a headline that proclaimed data (and not oil) was then the world’s most valuable commodity. But it’s not as strange as it sounds. Like any digital platform, stolen data also needs a place to transact between buyers and sellers.
For example, while oil trades for roughly $US40 a barrel on international markets (October, 2020), a cloned American Express card with the PIN is worth roughly one barrel or $US35 according to a global resource known as the Dark Web Price Index 2020. This is the place to go if you’re curious about the value of your personal documents and the value they hold among criminals.
It’s both frightening and eye-opening.
Stolen Paypal accounts start at roughly 5 times the price of an oil barrel ($US193), while a US driver’s licence rated as ‘high quality’ is worth 12.5 times the price of oil or $US500. The most important identity documents are also worth the most on dark web markets: Stolen US or European Passports usually sell for $US1500 or 37.5 barrels of crude oil.
On a macro-economic level, international tax advisory and risk firm Crowe described the global impact of fraud and the cost to businesses in the latest Financial Cost of Fraud guide. The numbers speak for themselves: Global losses of fraud equated to 6.05% of total global GDP in 2019, equal to $US5.127 trillion dollars, a figure so high, only the recent impact by COVID-19 provides some comparison of the financial impact.
Since the global financial crisis of 2008, fraud has grown 56.5%, averaging 4-7% per year. Crowe writes that the average organisation can expect losses caused by fraud to average around 3% – 6% of their balance sheets. In our related article on cybersecurity, we dig a little deeper about how to manage these digital threats and identity the top 5 tips to keep you safe online.
Not all online platforms are equal when it comes to digital identity verification
How can we use identity as a tool to transact goods and services online and stay safe while doing so? By insisting on stronger digital identity verification requirements.
While most forms of online transacting require the verification of one’s identity, the actual level of verification required differs from platform to platform and the regulatory framework that governs the industry where the product or service is based.
For instance, Ebaykleinanzeigen, a popular platform for buying and selling used goods in Germany, asks only for an email address to establish user authentication. An email of course, can easily be faked. Thus, both buyers and sellers on the site are warned to trust their instinct and to only deal locally and in person. Instinct – though it may be critical to human evolution – is a less than ideal way to measure online risk accurately in the digital 21st century.
And also in Germany, online bank N26 requires all new users during its onboarding process to identify themselves via a live video-identification chat with a human operator. And that’s in addition to sharing highly personal details such as passport and other supporting documents with this operator. This manual method of identity verification is not optional either: It is in fact regulated by a stringent legal framework governing all financial institutions (also known as AML or Anti-Money Laundering checks) that operate within Germany.
In October 2020, TechCrunch (via German weekly magazine Wirtschaftswoche), reported that N26’s customer onboarding processes were found lacking, allowing some fraudulent documents to pass unnoticed and signaled a systemic issue with the bank’s digital identity verification process.
More than a year earlier in May 2019, BaFin (Germany’s Federal Financial Supervisory Authority) issued an order against N26 to “improve its internal safety measures” and to “comply with general Customer Due Diligence (CDD) obligations”. These security gaps demonstrate that all financial services, whatever the size and scale, are just as vulnerable to fraud as the smallest startup. And that’s why Identity verification protocols matter so much – brand reputation is at risk if companies fail to take the issue seriously and address it early.
To date, Germany does not allow the use of biometric facial verification in the banking / financial services sector without a human intermediary to digitally onboard customers. Given this, it is entirely possible to question the accuracy of human operators to verify identity versus the advanced computational power of a machine learning algorithm.
Who would you rather trust?
Why a computer out-performs humans when it comes to identity verification:
- People tire easily when tasked with repetitious work. Fortunately, computers do not suffer from fatigue.
- People can unknowingly share biases towards different faces.
- People are less well-equipped to verify online identity the way a deep learning algorithm can. Can you spot hundreds of subtle changes on another person’s face? A computer is trained to do exactly this.
Different regulatory requirements for digital identity verification
It is generally accepted that opening an online bank account should require a more stringent verification process than signing up for an account allowing users to buy and sell second hand goods. For example, online financial institutions in the EU are governed by the AML5, eIDAS and PSD2 regulatory frameworks, all of which seek to limit financial fraud online.
The governance and use of digital identity verification by businesses and governments is rapidly evolving not only in the EU but also around the world. For instance, there was a time not too long ago when EU businesses transacting in the blockchain industry only required individuals to upload documents and selfies “proving” their identity and current address. This practice came to a swift end with the implementation of the above mentioned AML5 legislation, after it was upgraded from the AML4 standard. The EU blockchain industry had to then comply with the same KYC/AML rules that governed the rest of the financial sector, as in the case of N26 above.
Digital Identity Verification Methods Explained
To accurately verify and authenticate identity, three main ID verification processes have emerged and are often used in tandem during digital onboarding:
- Document verification
- Biometric facial verification
- Liveness detection
1. Document Verification
This solution allows users to get verified with a scan of a government-issued identity document. ID documents (such as a passport or national ID card) are very useful when it comes to verifying identity, particularly as these documents perform a critical regulatory or compliance step during digital onboarding.
The setup is simple: A user only needs a smartphone or desktop camera to scan their ID and process the results almost instantly. But that simplicity can have a downside too. Government-issued documents can be faked, and as you’d expect, there are different levels of quality when it comes to document tampering.
Determined fraudsters will try to find any opportunity to test a system’s weak points and a falsified document is among the most basic of attacks used. Companies need to take this into account when they select a digital identity verification vendor to ensure the safety of their customers and the integrity of their onboarding process.
What they don’t tell you about document verification:
Most digital identity verification solutions claim high pass rates as well as broad document support worldwide. However, many vendors still heavily depend on human interaction in the verification process, employing armies of back-office agents who manually check the verification results.
This not only has an impact on the user experience and overall process speed, but it also poses a significant privacy risk since it is not clear where the data really ends up during the verification process.
The PXL Document Verification Solution
At PXL Vision, we provide a highly secure and fully-automated document verification solution that offers best-in-industry support, including:
- Simple and seamless point-and-shoot user experience – no picture taking and uploading needed
- Automatic detection of identity documents globally, without preselection
- Automatic extraction and verification of document data (MRZ & VIZ) verification of document authenticity using a pain-free, intuitive method
- Authentication of the NFC biometric chip for maximum security
- Intuitive validation of deep security features (holograms, lenticulars, kinegrams etc.)
The user’s documents are then checked for authenticity and then compared to the face scan, which also has built-in liveness detection capabilities (we discuss more about this below).
2. Biometric Facial verification
Facial biometric solutions now provide an almost fully-automated identity verification experience without the downsides of a human operator or the costs associated with higher dropout rates.
In the broader identity verification market, facial verification software vendors tend to offer overly-homogenized and standardised products (e.g. Amazon, Microsoft, etc) and most of these generic solutions are primarily designed to work under ideal lighting and within ‘perfect’ onboarding settings or even controlled hardware environments, where the initial facial scan is unlikely to run into any challenging characteristics that might interrupt or interfere with the digital onboarding process.
What they don’t tell you about facial verification:
Many of these solutions lack the primary ability to adapt to different challenges that regularly pop up during routine customer onboarding and are not optimized for the specific use cases.
During customer onboarding, specific challenges include:
- Poor document photo quality
- Aging of the person
- Beards, glasses and make-up
- Poor lighting conditions and uncontrolled user environments
Therefore, it’s crucial to have a perfectly-tuned solution that is designed to perform optimally under multiple use cases.
3. Biometrics: Liveness Solutions
Identity verification vendors offer different liveness solutions to their customers, but most approaches generally use ‘active’ liveness detection, which requires a user to perform liveness instructions from facial movements to eye blinks and head twitches in order to ‘prove’ they are a real person (sometimes referred to as a ‘challenge response’).
As one might predict, the active form of liveness detection has a few obvious downsides:
- End-users are more likely to experience uncomfortable dropouts due to software limitations.
- A higher number of ID verification attempts ends up costing businesses more money across the onboarding process.
- Results in more unhappy customers and higher customer abandonment rates.
What they don’t tell you about Liveness solutions:
When vendors refer to liveness detection technology, they often conveniently forget to differentiate between the two different technolgical solutions: active vs. passive.
Comparatively, passive liveness detection is an advanced machine-learning based approach, which minimizes the risk to customer onboarding processes by removing the need for complex liveness instructions. A streamlined ‘passive’ approach to facial authentication only requires a simple, fast (and some might add, hassle-free) selfie video.
Passive Liveness is the preferred solution, because:
- It has the added benefit of being less prone to fraudulent spoofing attempts by scammers and fraudsters.
- Requires no active active participation response.
- Improves the overall end user-experience by helping customers to quickly complete their onboarding registrations without dropouts.
How to drive efficiencies for business:
Combining these three key elements in a secure and automated ID verification process can drive significant efficiencies, reducing the cost of customer onboarding, minimize fraud and drive sales conversion by opening new channels for businesses to serve their customers.
Our vision for streamlined online identity verification management
PXL Vision offers a passive liveness biometric facial authentication solution that can accurately onboard customers without the dropout rates of traditional identity verification methods. Our A.I-driven software is a flexible solution, completely customizable and easily implemented into your customer onboarding process.
Reach out to us at sales to chat more about how we can help your business achieve its identity verification goals.