We live in an age where we have dozens, if not hundreds, of online accounts. They form a core link between us and the services we engage with every day.
Some of these services, especially those whose digitalization has been accelerated by the pandemic, are now in a rush to verify their users. Carsharing and ride-hailing apps, for example, need to make sure their users are eligible to drive before getting in behind the wheel.
For others, like digital banks and crypto exchanges, verifying users is a legal requirement, and a way of combating money laundering and terrorist financing.
As useful as it is in building trust and driving loyalty, remote identity verification can have its downsides. Uber Eats drivers can’t get verified due to their skin color and out-of-work Americans are unable to get unemployment checks for months on end because fraudsters had posed — and passed — as them online. (1, 2)
It’s clear that there’s plenty of work left to be done. So let’s take a look at some of the ways we can build identity verification online with usability, privacy and security in mind.
Checking that the user’s identity document is real
Identity documents have been around for hundreds of years. What were once long sheets of paper are now items powerful enough to hold all of our personal information in a small nail-sized chip.
Because they act as legal proof of a person’s identity, documents such as ID cards and driver’s licenses can be very useful when it comes to linking first-time users with real people. But still there are gaps that need to be filled.
First, forgery is common. You’re not in the same room with the person anymore, and it can be difficult to detect documents that have been tampered with over a computer screen. It’s also hard to tell if a document is actually physically there as the user is verifying it.
Microblink solves these problems on two levels. Our Document Verification solution first asks the user to tilt the document to check if the ID is present at the time of verification. As the user is tilting their document, our AI models track its movement in real time. This lets us weed out attempts where a user may be scanning a document off their screen.
The other thing we do is we analyze the document for authenticity. Each document type is issued with its own set of unique security features such as logos, coat of arms and various other prints. Making sure these features are in their right place can be a solid line of defense against fraud attempts.
Not only are these checks good for businesses who want reassurance that their users are signing up with real documents, they’re good for users, too. Because the process is fully automated, nobody has to spend hours waiting on approval from a human in the loop.
Thinking about convenience and privacy concerns
Asking users for their ID can be tricky. People are generally wary of sharing their personal information online, especially if they’re using an app for the first time.
To dispel mistrust, let your users know exactly how verifications are processed. A disclaimer linking to your privacy policy goes a long way in showing you care about protecting their personal information.
Another thing you can do to maximize conversions is cut down on unnecessary steps the user needs to take before getting verified.
One of the most obvious examples here is forcing the user to take a photo of their ID. Not everyone has the same definition of what constitutes a good quality photo, and users can easily find themselves in a loop trying to snap an acceptable photo over and over again.
Replacing image upload with ID scanning is a much better alternative. A good ID scanning software will automatically recognize the document in front of the camera, and it will capture the clearest image of the document on its own.
This way the user doesn’t have to preselect their document type or fiddle around with resubmissions.
Getting most of the work done for your users means there’s less chance they’ll get stuck or give up trying to verify their identity.
Adding biometrics to the mix
An ID document, even a real one, is not enough to verify an individual. You have to make sure the document belongs to the person presenting it — which is why the majority of apps ask users to take a selfie as part of their verification.
The problem here is that a malicious user might use a spoof artifact such as a printed photo or video to pass themselves off as someone else. This is where liveness detection comes in.
In short, liveness detection determines whether the person on the other end of the screen is a real human being. Most recently, Instagram has been asking some of its users to take a video selfie in an aim to curb the number of bot accounts on its platform. (3)
These checks are essential for online services and come in many shapes and forms. Some apps ask users to move their head around in a small circle. Others ask them to say a set of randomized phrases out loud.
The underlying technology is for the most part the same — a system analyzes each frame from the camera feed and looks for differences in texture, noise or glare. Our face has unique properties that change as we move our head or speak, and these properties differ from wax masks or phone screens, for example.
Depth analysis
Our Identity Verification solution uses AI to measure relational depth across some 60-90 frontal frames captured as the user is taking their selfie. This is why we ask the user to move the camera closer to their face — a slight transformation of the facial features helps us detect photos, videos and other presentation attacks.
We’ve all heard that the camera adds 10 pounds and there’s certainly some weight to that phrase. Take a look at just how much our face changes depending on the focal length of a camera lens.
We’re deliberately trying to produce this type of distortion to confirm that a real human is taking the selfie. A centered, neutral face also helps us match it with the face on the ID document more easily.
Once we’re sure the user is a real human, we compare their selfie with the portrait on the ID document. If the two images match, we can say with a high degree of certainty that the user is who they claim to be.
The AI responsible for this result can make mistakes, though, and we need to ensure that it represents everyone — not just those with high-end phones or lighter skin. This comes down to having a diverse enough training set, but also to guiding users toward a successful verification.
Ready to start building trust with your users?
Whether it’s to meet regulations or ensure user safety, one thing is clear: proving who you are online will only continue to grow mainstream. And it’s high time apps and websites got it right.
We hope you now have a clearer view of the way ID documents and biometrics can be used to verify users online in a way that’s fair, secure and convenient for everybody.
If you need help building a verification solution for your app or website, we’d love to hear about your use case.
