Remember Alex, the teen who last year accidentally spent over $700 at Sephora on her mom’s credit card? Unfortunately, the anecdote is far from the worst things that can happen in handling sensitive virtual transactions. Frauds and identity thefts are serious issues for an increasing number of businesses seeking to move their operations to virtual space, and the issue of matching a person’s digital identity with their real-life identity is not an easy problem to tackle.
Overcoming trust, security and user experience challenges
What kind of solutions are out there to curtail security risks? Most recent trends have shown moving towards a more holistic approach to verification, where multiple factors work together as parts of an integrated verification process. This is largely affected by increasingly stricter regulations for businesses, such as KYC (Know Your Customer) for financial institutions. One such approach which has been present for a while is multi-factor authentication. It’s a method where there are multiple steps that provide evidence of identity to an authentication mechanism. A common example of MFA is an additional security question that is sometimes required next to the username and password. However, now it offers even greater protection, because it is able to combine several data sources to verify one’s identity. Aside from passwords, security questions, and SMS authentication, biometrics (in the form of fingerprint, iris, face, or voice recognition) is increasingly used as an important factor in matching identity data with a live person. This makes remote identity verification just as secure as if it were done live, in branch offices. The most advanced solutions ensure accurate and safe verification process, but are also easy to integrate, fast, and user-friendly.
Possibilities are numerous, but here’s our quick walkthrough of how a remote identity verification process would look like in a couple of steps:
STEP 1 - ID scan: Instead of entering ID data manually, any document data can be extracted with BlinkID, an easy-to-integrate SDK which enables real-time data extraction with high precision. Considering sensitivity of such data, scanning and extraction is done offline and locally on a device. The client decides how to handle the information from the security point of view.
STEP 2 - Liveness detection: This step ensures that the user is an actual person. There is a number of software solutions which offer variations of face movement recognition (Visage Technologies, BioID, Applied Recognition, and many more). With one such software integrated into the verification process, all the user has to do is point the phone camera towards them and do a few movements, such as blinking or smiling.
STEP 3 - Face match: Finally, this step brings the first two together - it matches the data extracted from the user’s identity document with the user’s real-life identity. There are intelligent facial ID recognition solutions being developed around the world, which combine biometrics with artificial intelligence and machine learning to offer precise and accurate user identification (look up Innov8tif, Microsoft, Megvii or NEC).
Biometrics solutions can be added into any of these steps to contribute to the security of the identity verification process (eye-scanning technology, voice recognition, finger- or palm prints, and alike).
What about twins?
Skeptics may argue that remote identity verification may not be able to tackle some challenges of live identity verification. For example, no matter how advanced biometrics and liveness detection softwares may be, could they tell the difference between identical twins? To this we say - could a person behind the counter in a branch office tell them apart? Live identity verification, in this case, is equally, if not less secure than remote verification.
The process we described takes seconds to complete because it eliminates the need to manually enter the required data. However, it’s clear that a complete KYC process cannot be completed with only these three or four steps and that additional checks and regulatory compliance are required. That is why all of the solutions usually come in the form of SDK or API and they are easily integrated into any app. From the users’ perspective, these are simple actions that could be done anywhere without being time-consuming. After all, isn’t that the main purpose of all new services in a mobile-centric world - to offer seamless engagement without compromising UX?
Beginning of July, Zagrebačka banka, a part of the Unicredit Group, launched remote account opening service within their mobile banking app. It features a very simple, three-step identity verification process. Additional security and background checks of the complete process are extensive, but this doesn’t affect the user experience and a bank account can be opened in less than five minutes.
Besides remote account opening, there are many use-cases where identity verification is necessary: from hotel and airport check-ins, security checks, citizenship and immigration assessments to voter registration, amongst others.
We hope you found this insight into ID verification useful. If you have any questions, feel free to get in touch with us below. We’d be happy to have a chat with you about how you can use advanced OCR to improve your business processes!