Authenticating your identity remotely via an app has become a reality with a new solution from South African company iiDENTIFii.
Identity theft has grown into a serious business, with everyone from individual criminals to crime syndicates involved in stealing personal data and pretending to be someone else in order to commit a crime. The crimes under the label of identity theft range from impersonating someone in order to empty their bank accounts, opening credit accounts in their name with the intention to buy goods and abscond, impersonating someone with authority to steal from corporate accounts or gain access to assets, and many other schemes which make the criminals rich while leaving the victim with an enormous mess to clear up.
PwC’s ‘2018 Global Economic Crime and Fraud Survey’ noted that 49% of global organisations admit to experiencing economic crime over the previous two years. Locally, the South African Banking Risk Information Centre (SABRIC) reported that in 2018 digital banking fraud across all platforms resulted in over R262 million in losses, with the number of incidents increasing by over 75%.
In today’s mobile and technologically-inclined world, identity theft is easier than ever as people carelessly leave personal information in numerous places where they are easy to collect. Additionally, many companies holding such personal information are even more careless and don’t take the appropriate steps to protect this valuable information – the Internet has thousands of stories like these from all around the world.
To make matters even more risky, many companies are trying to make full use of the digital technologies we all have today, like smartphones, to do away with the need to have people come into an office in person to register new accounts. Banks, for example, would like to deal with customers and offer more services remotely, but this can be difficult without a means to accurately verify each person’s identity. The natural progression towards digitisation is due to it being far more convenient, far more efficient, and much more cost effective. (Of course, it’s not only banks looking to change their business models in the era of digitisation, many companies in various industries want to do similar remote verification.)
And although we are inclined to think that remote verification is risky, it must be said that going into a branch with an identity document to verify yourself is not much more accurate. In that scenario you are relying on an employee behind the counter to compare the face in front of them to a face on a piece of paper; we accept this as an accurate verification, but is it always beyond question? In general, people get this type of face-to-face verification wrong as much as 40% of the time.
An innovative digital technology company has come up with a solution that allows companies to accurately and reliably verify people’s identities remotely by using their smartphones, tablets, or laptops. The company is iiDENTIFii and Lance Fanaroff, a director of the company, spoke to Hi-Tech Security Solutions about the system it offers. This remote identification and authentication platform has already found its way into some major companies, such as Standard Bank and other listed financial institutions.
Identification by selfie
When explaining the solution, Fanaroff says that the advancements in technology today has made it possible, if not easy to use a mobile phones, 3D facial identity algorithms, document capturing and systems linked to official government ID bureaus to accurately identify and authenticate someone remotely. iiDENTIFii’s technology platform has been built with a skilled team based locally and abroad, together with certain strategic technology components from various countries around the world. It provides the certainty of registering and on-boarding people having verified their identity, while also confirming that they are ‘alive’.
“Businesses can now authenticate new or existing customers without them having to show up in person,” explains Fanaroff. “The entire process is seamless, secure, remote and digital.”
The system works by asking the individual wishing to open an account and/or register with a company to open the respective business’s app and take a selfie with their smartphone. While the selfie is being taken, patented technology also confirms whether it’s a live person, and not a fraudster trying to spoof the individual’s identity. They then automatically extract the data from the individual’s identity document, together with any possible company on-boarding forms, and all the data captured and extracted is then triangulated with an official government identity bureau.
A key feature of the technology is that it can be integrated into a bank’s or retailer’s (or any company’s) mobile platform by means of a software development kit (SDK), providing the ability to customise its functionality according to each institution’s specific requirements, in a seamless and cost effective manner.
“Our highly configurable identity verification platform provides real-time authentication of consumer and corporate customers around the globe, using a fully integrated RESTful API gateway,” explains Fanaroff.
It stands to reason that one would question the ability of the system to accurately identify someone via an image from a smartphone. Fanaroff explains that the technology within the app makes use of advanced facial recognition algorithms and 3D image detection to prove that the person is alive and is not simply sending a picture or video clip through. In addition, these complex facial recognition algorithms incorporate both AI (artificial intelligence) and ML (machine learning).
Proof of life
Liveness detection here is key and it has been automated to avoid any possibility of spoofing or using a fake face or a video clip. Many companies use other forms of liveness detection, such as asking the person to perform a gesture (a wink for example) to prove they are alive. While useful, these can be faked very easily in today’s world of artificial intelligence, thereby making the proof of liveness in on-boarding very vulnerable to attack. The iiDENTIFii method cuts out the possibility of human error, and makes the spoofing of their remote liveness detection almost impossible.
As noted, iiDENTIFii makes use of 3D imaging algorithms and patented technology that take various factors into account when determining if the subject is alive. It also caters for ageing, so that an identity document with an image of a 19-year-old person can still be matched with the selfie of the person when they are 40 or older.
From the documents sent with the image, the individual’s name, surname and ID number and barcode are extracted automatically and then matched with the facial biometric and personal information at an issuing authority or government department – like Home Affairs. With everything verified, the person can be on-boarded with confidence and there is no unnecessary time and money wasted by trips into a branch office.
This initial verification and on-boarding takes around 30 seconds, on average, with subsequent transactions occurring faster.
Failure is possible
While the solution does guarantee the accuracy of its authentication process, it does not guarantee that every person will be authenticated. Various factors can have an impact on the process, from the lighting situation, to the location the user is in, to connectivity in the area, and even the type of phone being used – very old or much cheaper phones may not produce the image quality required.
Fanaroff notes that when verification fails, the individual is not told why they failed. This is to ensure criminals don’t attempt to ‘fix’ the problem before trying again. Naturally, exceptions can be automatically sent to another channel for verification by another means.
Simpler, more convenient experience
This type of customer engagement will become more common in future as we move into a world where remote customer experiences become more important, and, more importantly, as seamless customer experience becomes the norm – for example with branch-less banking. The level of verification can also vary depending on the task the user wants to perform: checking the status of your store credit account will require less verification than transferring money from your bank, for example.
When combining this type of verification and authentication, companies and individuals could even use blockchain technology to create an identity chain which can’t be tampered with (changing one ‘block’ will make the whole chain invalid). This will serve as a strong identity authentication mechanism for every person, and will potentially be able to be used globally.
Other areas in which South African consumers could benefit from this type of technology would be with the FICA (Financial Intelligence Centre Act) registration, where remote verification can be done in seconds.
Finally, Fanaroff notes that the same process can be done via an individual’s laptop, using the webcam to confirm the person’s identity and to check for liveness. iiDENTIFii has and still is testing the solution on a variety of mobile devices to ensure its customers will be able to handle almost any device on the market.
“This game-changing technology has already been extensively tried, stress-tested at scale, and approved by a number of prominent South African banks and other registered financial institutions, and has also been accepted as legally compliant by ENSAfrica,” Fanaroff adds.
“With regard to PoPIA (Protection of Personal Information Act) and data privacy issues, iiDENTIFii has proactively aligned itself with global best practices and is now also compliant with the requirements of the EU:GDPR and thereby ensures that the rights of data subjects whose personal data is processed on behalf of iiDENTIFii’s customers are respected at all times.”
As digitisation takes hold of every area of life and business, solutions that make identity verification as seamless and frictionless as possible will become the norm, increasing the speed and convenience of identity checks while reducing the opportunities for fraud and identity theft.