The question of how we effectively and securely identify people online and enable them to perform digital tasks in a safe and secure manner is one of the fundamental issues of our time. Alan Goode, CEO, Goode Intelligence shares his insight in this article.
The question of how we effectively and securely identify people online and enable them to perform digital tasks in a safe and secure manner is one of the fundamental issues of our time. The first challenge to overcome is that there are multiple definitions of what digital identity is. The market for identity solutions is also complex and fragmented, with many competing technologies being used to solve some of the problems facing our digital lives. Even NIST in its Digital Identity Guidelines struggles to pin down identity, stating that: “Without context, it is difficult to land on a single definition that satisfies all.”
With no simple or single solution to this problem, there is a significant opportunity for technology companies to develop targeted solutions to solve specific problems. Is digital identity a means to simply support digital onboarding and comply with anti-money laundering (AML) and know your customer (KYC) regulations? Or is it something bigger – a digital equivalent of a passport or national identity scheme, and are we entering an era of person-centric digital identity or self-sovereign identity?
eIDV services lead the way
In the absence of universal digital identities that can be used across services and cross-border digital identity, eIDV (electronic identity and document verification) services solve a key problem: how to prove a person’s identity for access to online/remote services.
eIDV services also remedy the issue of trust between service providers and their users. As David Britton, VP Industry Solutions of Experian, explained when interviewed for the recent Goode Intelligence Digital Identity & Document Verification Market report (1): “Right now we are in a state of transition where we will have a combination of old and new identity – physical ID documents and digital identity. This is where eIDV is solving an immediate problem.”
The ability to ‘onboard’ new customers to services through remote digital channels, web and mobile is a pressing need for many organisations looking to reduce their physical footprint and to support digital transformation projects while reducing the risk of fraud. eIDV services address this by proving an individual’s identity, while also supporting digital onboarding and meeting the latest AML, KYC and customer due diligence (CDD) regulations.
Specifically, digital identity and document verification systems answer these questions:
* Is it a real user?
* Is the user authorised to use the data presented?
* Can the service provider conduct business with the user?
* What is the risk of doing business with the user?
Features of eIDV
eIDV services offer a combination of ever-more accurate facial recognition, document verification, and a growing variety of verifiable identity sources (data and signals), increasingly powered by machine learning (ML) and artificial intelligence (AI). As a result, service providers are adopting these solutions in ever-increasing numbers.
Goode Intelligence has determined that there are four main elements of digital identity and document verification services, linked to the four questions outlined above:
* Genuine presence assurance: establishing that the entity is a real person and not synthetic. This is usually managed by using a camera, either smartphone or webcam, to capture the entity’s face and then using a number of technologies to ensure that it is a live face.
* Corroboration and risk mitigation: the validation of captured images, faces and documents. Depending on the risk appetite, a range of techniques – including collecting device and network signals and data – will be used to feed into the risk engine to verify the entity’s identity and validity, in order to perform a certain task, such as opening up an account.
* Document capture: the secure capture of the trusted document that is being presented to a service provider, and verification that this document is not a fake and has not been tampered with.
* Orchestration: co-ordinating the workflow that manages the processes and ties all the disparate technologies and data sources together.
Genuine presence assurance
A key challenge in remote identity verification is to offer ‘genuine presence assurance’. In other words, it is essential to know that you are dealing with a living person and not a ‘fake’ one that is trying to spoof the system into thinking that it is genuine. As Clive Bourke, EMEA & APAC president at Daon, explains: “Methods to prevent impersonation which ensure it is a real person, are vital. Liveness detection algorithms that combine both passive and active assessments provide the best protection against fraud.”
Biometric systems plays a key role here in enabling digital identity verification services. They replace humans when it comes to verifying the identity of a person in remote, unattended scenarios. So instead of a bank or telecoms company employee verifying the image on a government-issued document against the face of the customer in-branch or in-store, facial recognition software captures their facial image, then verifies it against the image extracted from the government-issued document.
An essential part of genuine presence assurance is liveness and spoof detection, commonly called presentation attack detection (PAD). A robust facial recognition system used for digital identity verification must be able to deter common spoof attacks, and determine whether a person is real and present during the identity verification process. Modern facial recognition algorithms offer multiple benefits here, including:
* Quality assurance of the live image captured and the scanned image, to make sure they are suitable for facial recognition.
* Liveness techniques including eye blink, head movement, texture, light reflection, sharp lines, perspective changes and behaviour.
* Facial watchlist searching of previous fraudulent applications.
* Facial search of previous applicants in a specific period or high-risk cohort of applicants or all applicants, to detect applications which have different claimed identity data but the same person’s face.
The accuracy of facial algorithms has also improved significantly, due to the availability of machine learning and deep neural network (DNN) capabilities, combined with much larger and more diverse data sources and the ability to continuously train algorithms on real data.
Another major challenge in digital identity verification is to establish that any documents being presented to a service provider are not a fake and have not been tampered with. This could include documents such as passports (biometric and non-biometric), driver’s licences and national identity cards.
Depending on the workflow, this activity is generally either the first or second process that will be followed as part of the end-to-end digital identity verification service. Using a government-issued document with an image for identity verification meets AML/KYC regulation and has traditionally been carried out in a physical office or retail store under the supervision of a trained person (for instance in a bank branch when opening an account). But with the growth of digital services and the switch from having physical bank branches and retail stores, document capture and verification is moving to digital.
In this approach, the identity information is captured from the document either using a smartphone camera or personal computer webcam; or it can be done via NFC – near field communications – when an identity chip exists (eg, with biometric passports). The introduction of machine learning and AI technology is having a positive effect on accuracy rates and reliability here. However, it is important not to oversell the capabilities of AI in this area, especially when applied to document authentication and verification. Even with the help of AI, accuracy rates are generally in the 80 percent bracket and human analysis is often required to increase accuracy.
It is clear that document capture and verification accuracy is an important metric in terms of assessment. The solution has to be able to capture fake identity documents in order to ensure AML/KYC compliance and to ensure that fraud rates are manageable. But as stated above, document verification has varying levels of accuracy: Goode Intelligence’s research shows that accuracy rates, where auto verification is successful, are currently running at around 80 percent; some 15 percent of solutions are generally viewed as being suspicious and in need of additional verification – usually by human analysts – and five percent fail and are viewed as fraudulent. As Clive Bourke at Daon said: “Document accuracy is not where it should be. The combination of machine learning and human review may add grit into the process and introduce cost but serves to provide a positive outcome for customers.”
Accuracy rates can be higher with biometric passports where information, including biometric data, is read from a chip using NFC and then verified. Of course, not all passports are biometric and this technique is still only available on certain Android devices. However, a recent announcement by Apple points to iPhones supporting this feature in the next version of iOS (v13), for iPhone 7 handsets and above, available in later 2019. Leveraging NFC for biometric chip reading improves the quality of the images used, by extracting directly from a chip rather than using a scanned image.
Solving the trust issue
The final components in successful digital identity and document verification are corroboration, orchestration and risk management, as follows:
* Corroboration involves using signal and data collection to improve the accuracy rates in identity verification.
* Orchestration, or workflow, services are an imperative for service providers aiming to offer comprehensive end-to-end identity and document verification services. They use behavioral biometrics to prevent fraudsters getting as far as the front door.
* The risk management or decision-making element of identity and document verification is increasingly important. These services ultimately establish, based on the data passed to them, whether a person’s identity can (a) be trusted, (b) is not illegal and (c) is tied to a person that is authorised to perform a certain action (eg, opening up a bank account or reserving a shared room).
Identity signals and data can offer a significant means of improving the accuracy of identity verification, supplementing other components such as document verification and facial recognition. These data sources range from the traditional – ie, name, social security number and mobile number – to what David Britton at Experian calls “the digital exhaust consumers are emitting”, such as their data derived from social networks. These sources include:
* MNO (mobile network operator) data – including active data from MNOs and the mobile device itself.
* Citizen data – sourced from a utility or government database.
* Credit data – derived from a registered credit agency or bureau, which manages consumer credit information on individuals.
* Electoral rolls – government data on citizens enrolled to vote.
* Government-issued and collated databases and data – including national insurance data, driver’s licences and passports.
* Consumer data – sourced from direct marketing campaigns.
* Property files – data issued by the government, detailing property ownership.
* Utility data – relating to national utility providers such as telephone, gas, electricity and water.
* Watchlists – country screening programme lists, such as those run by the US Treasury Department’s Office of Foreign Assets Control (OFAC) or the Australian Government Department of Foreign Affairs and Trade (DFAT).
There are a number of market drivers for digital identity and document verification services. They include supporting digital onboarding, age verification, meeting AML and KYC legislation, and providing a foundation for trust in the sharing economy. As a result, a range of industries are leading the drive to adopt these services. They include financial services and insurance; telecoms; eCommerce, notably the sharing economy and adult markets; gaming, including gambling and video gaming; and physical retail.
Looking at two leading markets in particular:
* In the financial services and insurance sector, the adoption of electronic identity and document verification has been strongly driven by a combination of AML/KYC compliance, fraud reduction and digital transformation programmes. As Clive Bourke of Daon said in an interview with Goode Intelligence in February 2019: “Across banks there is a growing interest in eIDV. Every second bank that Daon engages with in terms of sales engagement is interested in this area.”
The ability to quickly and securely onboard new customers using smartphones has many benefits to financial service providers and fits in with the strategy of challenger banks and FinTech providers who only have a digital presence. For these banks, the ability to run financial services without a physical branch is a prime consideration, so the ability to onboard new customers and allow them to open accounts by proving their identity on a smartphone or via a web session is essential. This is why challenger banks such as Monzo, Revolut and Starling are leading the way in supporting digital identity and document verification.
* Telecoms is also seeing strong adoption growth of eIDV, around two main scenarios: where the telecom operator is a service provider of electronic identity and document verification; and where the provider is a buyer of eIDV services for its own customers.
There is significant opportunity for telecom providers to play a pivotal role in the identity verification market as MNOs hold valuable information about mobile subscribers including name, mobile number and geolocation information. Vendors such as Gemalto, a Thales company, are strong in this sector.
In conclusion, the development of biometric -based digital and electronic identity and document verification services provide a means to effectively identify people online, enabling them to perform digital tasks in a safe and secure manner. As a result, these solutions are now being adopted across a number of organisations and industries worldwide.
About the author
Alan Goode is the CEO, chief analyst and founder of Goode Intelligence, a leading UK-based research, consulting and events company specialising in identity, authentication and biometrics. Alan is an expert in biometrics, authentication and identity, with 13 years of research and analysis experience and prior to that 17 years of senior management and technology consultancy experience. He is a frequent speaker and industry awards judge, including the GSMA Global Mobile Awards for the past eight years.
Goode Intelligence’s Digital Identity & Document Verification; Market & Technology Analysis, Adoption Strategies & Forecasts 2019-2024 report provides detailed analysis of the digital identity and document verification services market.
- ‘Digital Identity & Document Verification Market & Technology Analysis Adoption Strategies & Forecasts 2019-2024’. Goode Intelligence, 24 May 2019. Accessed September 2019. https://www.goodeintelligence.com/report/digital-identity-document-verification-market-technology-analysis-adoption-strategies-forecasts-2019-2024/