Digital identity verification

October 23, 2020


Financial Services E-commerce Identity Verification

Guide: What is digital identity verification and how does it work?

Have you ever asked the question, “What is digital identity verification?” and wondered what the industry best practices are? In this digital identity verification guide, we examine how different regulatory and technological frameworks affect online ID verification and which methods can be of help to your business during the customer onboarding process.

What is identity?

Synonyms of “identity”, as defined across various thesauruses, include: name, oneness, uniqueness, character, individual, existence and so on. In a technological context, digital identity is or should be unique to an individual, prove their existence and define their attributes. The verification of an individual’s name, identity and existence has long been a requirement of complex human societies, especially when concerning the transaction of goods and services.

Today, various forms of identity verification methods are used to authenticate and prove digital identity; seamlessly blurring the lines between identity as an instrument used to verify and as a way to prove “liveness” - ensuring that the person who is authenticating their identity is actually that person and not some bad actor.

Digital identity for online transactions

Whether it takes place within an e-commerce framework or for the purposes of furthering social equality through governmental redistribution, for example, the accurate verification and authentication of an individual’s digital identity is crucial to a well-functioning society and the successful application of several different industries ranging from the sharing economy to online gaming and banking businesses.

Prior to the advent of modern communication channels (esp. the internet), transactions were often face-to-face, involved eye contact, and were usually concluded with a handshake. In this way, the parties involved could more or less ascertain whether or not the opposite party was acting honestly and whether or not they were who they said they were. Though not totally free from fraud, meeting in-person offered a level of authentication that was and still is hard to beat.

However, nowadays a great deal of transacting takes place online – a tendency which has been further amplified by the ongoing Covid-19 pandemic. Thus, the verification of one’s identity (built on the standards of liveness) is of growing importance as more industries take their services online.

What is digital identity verification and how does it work?

Online identity fraud: Calculating the global impact

News stories of online identity fraud are common across the world. A 2018 report by the London-based Fraud Advisory Panel listed fraud as one of human society’s greatest threats, a risk that dates back to the dawn of human civilization. In fact, fraud has infiltrated all stages of our technological progress in communication over the ages, from the early days of the telegraph and the telephone – right through to the advent of television – and certainly now with the internet.

Perhaps we should not be surprised then to learn that the data underlying our online identity is among the most valuable commodities on Earth. This is precisely how Mark Zuckerberg and the founders of Google got so rich.

Every time there is another large-scale hack of personally identifiable information (or PII in industry speak), thousands of gigabytes of highly-compromising data are sold across underground darkweb markets. The data often comprises various identity components such as name, address, date of birth and encrypted passwords – but it can also be much more revealing when it comes to our identity and financial documents, including government ID / social security numbers, drivers licence numbers, etc.

Think you are safe because you only use well-known portals on the internet? Think again! In the last 10 years, some of the largest data breaches have involved some of the most well-known brand names:

  • LinkedIn, 2012 & 2016: 172 million user accounts
  • Ebay, 2014: 145 million user accounts
  • Equifax, 2017: 147 million user accounts
  • Marriott International, 2014 – 2018: 500 million user accounts
  • Canva, 2019: 137 million user accounts
  • Yahoo, 2013-14: 3 billion user accounts

These data hacks represent some of the most popular websites in the world and yet, regardless of the company’s balance sheet and the presumption of online security – no company is immune from fraud.

Data is the new oil

Data breaches cost the economy a whole lot of money. How much? First we have to quantify it at a granular level.

In 2017, the Economist magazine stirred controversy when it published a headline that proclaimed data (and not oil) was then the world’s most valuable commodity. But it’s not as strange as it sounds. Like any digital platform, stolen data also needs a place to transact between buyers and sellers.

For example, while oil trades for roughly $US 40 a barrel on international markets (October, 2020), a cloned American Express card with the PIN is worth roughly one barrel or $US 35 according to a global resource known as the Dark Web Price Index 2020. This is the place to go if you’re curious about the value of your personal documents and the value they hold among criminals.

Stolen Paypal accounts start at roughly 5 times the price of an oil barrel ($US 193), while a US driver’s licence rated as ‘high quality’ is worth 12.5 times the price of oil or $US 500.  The most important identity documents are also worth the most on dark web markets: Stolen US or European Passports usually sell for $US 1500 or 37.5 barrels of crude oil.

On a macro-economic level, international tax advisory and risk firm Crowe described the global impact of fraud and the cost to businesses in the latest Financial Cost of Fraud guide. The numbers speak for themselves: Global losses of fraud equated to about 6% of total global GDP in 2019, equal to $US 5.127 trillion dollars, a figure so high, only the recent impact from Covid-19 provides some comparison of the financial impact.

Since the global financial crisis of 2008, fraud has grown 56.5%, averaging 4-7% per year. The average organisation can expect losses caused by fraud to average around 3% – 6% of their balance sheets. In a related article on cybersecurity, we dig a little deeper into how to manage these digital threats and identity the top 5 tips to keep you safe online.

Not all online platforms are equal when it comes to digital identity verification

How can we use digital identity as a tool to transact goods and services online and prevent fraud while doing so? The answer: by insisting on stronger digital identity verification requirements.

While most forms of online transacting require the verification of one’s identity, the actual level of verification required differs from platform to platform and the regulatory framework that governs the industry where the product or service is based.

For instance, Ebaykleinanzeigen, a popular platform for buying and selling used goods in Germany, asks only for an email address to establish user identity. An email of course, can easily be faked. Thus, both buyers and sellers on the site are warned to trust their instinct and to only deal locally and in person. Instinct – though it may be critical to human evolution – is a less than ideal way to measure online risk accurately in the digital 21st century.

Another example from Germany, online bank N26 requires all new users during its onboarding process to identify themselves via a live video-identification chat with a human operator. And that’s in addition to sharing personal information such as passport and other supporting documentation with this operator. This manual method of identity verification is not optional either: It is in fact regulated by a stringent legal framework governing all financial institutions (also known as AML or Anti-Money Laundering checks) that operate within Germany.

In October 2020, TechCrunch (via German weekly magazine Wirtschaftswoche), reported that N26’s customer onboarding processes were found lacking, allowing some fraudulent documents to pass unnoticed and signaled a systemic issue with the bank’s digital identity verification process.

More than a year earlier in May 2019, BaFin (Germany’s Federal Financial Supervisory Authority) issued an order against N26 to “improve its internal safety measures” and to “comply with general Customer Due Diligence (CDD) obligations”.  These security gaps at N26 demonstrate that all financial service providers, whatever the size, are just as vulnerable to fraud as the smaller startups are.

To date, Germany does not permit the use of automated biometric facial verification in the banking / financial services industry - without a human intermediary - to digitally onboard customers.  It is, thus, interesting to question the accuracy of human operators to verify identity versus the advanced computational power of a machine learning algorithm. Who would YOU rather trust?

How a computer out-performs humans when it comes to online identity verification:

  • People tire easily when tasked with repetitious work. Fortunately, computers do not suffer from fatigue.
  • People can unknowingly harbour biases towards different faces.
  • People are less well-equipped to verify online identity the way a deep learning algorithm can. Can you spot hundreds of subtle changes on a person’s face? A computer is trained to do exactly this.

Different regulatory requirements for digital identity verification

It is generally accepted that opening an online bank account should require a more stringent verification process than signing up for an account allowing users to buy and sell second hand goods. For example, online financial institutions in the EU are governed by the AML5, eIDAS and PSD2 regulatory frameworks, all of which seek to limit financial fraud online.

EU Legislation

The governance and use of digital identity verification by businesses and governments is rapidly evolving not only in the EU but also around the world. For instance, there was a time not too long ago when EU businesses transacting in the blockchain industry only required individuals to upload documents and selfies “proving” their identity and current address.

This practice came to an abrupt end with the implementation of the above mentioned AML5 legislation, after it was upgraded from the AML4 standard. The EU blockchain industry had to then comply with the same KYC/AML rules that governed the rest of the financial sector, as in the case of N26 above.

Digital Identity Verification Methods Explained

To accurately verify and authenticate identity, three main ID verification processes have emerged and are often used in tandem during digital onboarding:

  1. Document verification
  2. Biometric facial verification
  3. Liveness detection

1. Document Verification

This solution allows users to get verified via an electronic scan of a government-issued identity document. Government-issued identity documents (such as a passport or national ID card) are used when it comes to verifying identity, particularly as these documents perform a critical regulatory or compliance step during the digital onboarding process.

The setup is simple: A user only needs a smartphone camera to scan their ID and process the results. But this simplicity can have a downside too. Government-issued documents can be faked, and as you’d expect, there are different levels of quality when it comes to document tampering.

Determined fraudsters will try to find any opportunity to test a system’s weak points and a falsified document is among the most basic of attacks used. Companies must take this into account when shopping for a digital identity verification vendor in order to ensure the safety of their customers and the integrity of their onboarding process.

What they don’t tell you about document verification:

Most digital identity verification vendors claim high pass rates as well as broad document support worldwide. However, many vendors still heavily depend on human interaction in the verification process, employing armies of back-office agents who manually check the verification results.

This not only has an impact on the user experience and overall process speed, but it also poses a significant privacy risk since it is not clear where the data really ends up during the verification process.

PXL Vision's document verification solution

PXL Vision provides a highly secure and fully-automated document verification solution that offers best-in-industry support, including:

  • A simple and seamless point-and-shoot user experience – no picture taking and uploading needed
  • Automatic detection of identity documents globally, without preselection
  • Automatic extraction and verification of document data (MRZ & VIZ) verification of document authenticity using a pain-free, intuitive method
  • Authentication of the NFC biometric chip for maximum security
  • Intuitive validation of deep security features (holograms, lenticulars, kinegrams etc.)

The user’s documents are then checked for authenticity and then compared to the face scan, which also has built-in liveness detection capabilities (we discuss more about this below).

2. Biometric facial verification

Facial biometric solutions provide an almost fully-automated identity verification experience without the downsides of a human operator or the costs associated with higher dropout rates.

What they don’t tell you about facial verification:

Many solutions lack the ability to adapt to different challenges that regularly pop up during routine customer onboarding and, furthermore, are not optimized for specific use cases.

During customer onboarding, specific challenges include:

  • Poor document photo quality
  • Aging of the person
  • Beards, glasses and make-up
  • Poor lighting conditions and uncontrolled user environments

Therefore, it’s crucial to have a perfectly-tuned solution that is designed to perform optimally under multiple scenarios.

3. Biometrics: Liveness Solutions

Identity verification vendors offer different liveness solutions to their customers, but most approaches generally use ‘active’ liveness detection, which requires a user to perform liveness instructions from facial movements to eye blinks and head twitches in order to ‘prove’ they are a real person (sometimes referred to as a ‘challenge response’).

As one might predict, the active form of liveness detection has a few obvious downsides:

  • End-users are more likely to experience uncomfortable dropouts due to software limitations.
  • A higher number of ID verification attempts ends up costing businesses more money throughout the onboarding process.
  • Results in more unhappy customers and higher customer abandonment rates.

What they don’t tell you about liveness solutions:

When vendors refer to liveness detection technology, they often conveniently forget to differentiate between the two different technological solutions available: active vs. passive.

Comparatively, passive liveness detection is an advanced machine-learning based approach, which minimizes the risk to customer onboarding processes by removing the need for complex liveness instructions. A streamlined ‘passive’ approach to facial authentication only requires a simple, fast (and some might add, hassle-free) selfie video.

Passive Liveness is the preferred solution, because:

  • It has the added benefit of being less prone to fraudulent spoofing attempts by scammers and fraudsters.
  • Requires no active participation response.
  • Improves the overall end user-experience by helping customers to quickly complete their onboarding registrations without dropouts.

How to drive efficiency for business:

Combining these three key elements in a secure and fully automated digital ID verification process can drive significant efficiencies, such as: reducing the cost of customer onboarding, minimizing fraud and driving sales conversion by opening new channels for businesses to serve customers.

PXL Vision offers a best-in-class, inhouse-built, passive liveness biometric facial authentication solution that can accurately onboard customers without the dropout rates found in traditional identity verification methods. Our AI driven software solution is flexible, customizable and can be implemented directly into your existing customer onboarding process.

Download our Buyer's Guide here for a full in-depth overview of the digital identity verification industry. This 40-page guide was internally researched and written by our experienced identity experts.

Don’t miss the latest news, trends and insights in digital identity

Related insights

Facial biometrics innovation

Read more

Related posts

Active and Passive Liveness Detection

Read more

Online Identity Verification - cybersecurity

Read more

Facial biometrics innovation

Read more

Like what you read? Subscribe to stay informed!