New Zealand has launched a trust framework for digital identity, a crucial step towards the country's digital transformation.
The selfie phenomenon: Companies’ greatest new ally
At some point who hasn’t taken a selfie? An action that, at first, was simply used for fun has become part of a security process to secure digital transactions for companies all around the world. A selfie taken of oneself online provides all the necessary information for the identification of an online user.
In a world where we spend more hours surfing the Internet and interacting through a screen, a big problem has arisen: knowing the identity of those who are on the other side of the connection. Since we are simply numbers on the web and are not recognised by our individual identities, cybercriminals exploit this system and we become their main target when committing cybercrimes or identity theft. The answer to the problem has to be greater transparency, with more focus on identity verification.
Businesses and consumers alike need to be confident that the people they communicate and transact with online are exactly who they say they are. This is true across the board – from social networks and online marketplaces, to online banking applications and gaming platforms.
Businesses and consumers alike need to be confident that the people they communicate and transact with online are exactly who they say they are. This is true across the board – from social networks and online marketplaces, to online banking applications and gaming platforms.
Biometric authentication in companies
Biometric authentication, that is, the unique identification of a person by assessing one or more distinctive biological traits, is becoming a key element of identity verification, driven by the astounding rates of smartphone usage that support and enable such biometric technology.
Businesses need to be able to verify the identity of new customers during the online account creation process, but they must also be able to provide an experience that is fast and intuitive. Consumers are increasingly intolerant of poor online account opening processes, and companies risk losing customers and revenue if they don’t get it right. However, if brands can offer seamless, hassle-free and secure account creation, then it allows them to build long and fruitful relationships with their clients.
Not surprisingly, self-service systems are becoming a simple and quick way for consumers to verify the authenticity of the identity documents they have presented.
Using the mobile phone for identity verification and authentication
Customers are already allowed to open an account with a selfie at many financial institutions. This eliminates the need to go to a branch, send confidential identity documents through the mail, or wait a day or two for the account opening process to be completed. Instead, the customer uploads a photo ID and passport to verify who they are.
Verification and authentication process
When considering biometric-based authentication methods for the purposes of regulation compliance or fraud prevention, it is vital to understand the various trade-offs between security, risk, accuracy, ease of use and cost. Achieving the level of security required for a particular use, while providing acceptable performance for the other key attributes, is something that can already be achieved regularly with the current state of the art technology. As with any risk-based approach, it is a matter of determining the level of risk and matching the system security requirements that are appropriate to that level.
It is also important to note that authentication occurs after registration and identity verification. In order to authenticatesomeone, the identity of that person must first be verified to ensure that the person registering is a real person. There are three factors that can determine authentication:
- Knowledge. Something the customer knows, such as a PIN or password.
- Possession. Something the customer has, such as an ID card or smartphone.
- Heritage. Something the customer is, such as biometrics.
The implementation of multi-factor authentication, where two of the three factors are authenticated, is sufficient to meet the highest security requirements of the NIST (National Institute of Standards and Technology). This criterion is in line with the EU standards for Strong Customer Authentication (SCA). Of course, compliance with these security standards presupposes that the factor has sufficient integrity and confidentiality to uniquely identify the user.
Biometrics in the verification process
Fortunately, biometrics can also be used in the identity verification process. Companies can authenticate the identity document presented by the person by comparing the photograph on the document with a separate photograph (selfie) of the person. The person matches the identity and therefore must be the owner of this document. As banks can attest, online processes make in-person identity checks unnecessary.
Biometrics can be integrated into the identity workflow to make the verification process robust, secure and compliant. This is where and why the most modern of phenomena, self-identification, is coming into play. Using the smartphonecamera to take a live photo of the user and comparing that identity to the ID photo can help weed out even the most sophisticated of fraudsters. For the user, the experience is straightforward.
They take a photo of their ID, take a photo of themselves and the process is done.
Strong security is necessary
While some business do not require the most extreme level of security, they must all have effective security measures in place to ensure that the actual user of the account performs the requested actions. However, the process becomes inoperable if companies deploy systems that consume too much of users’ time or risk customer abandonment. There must be a balance between risk and ease of use, speed and security.
This is why today’s smartphones are an advantage, as they have put powerful biometric technologies in the hands of billions of people. By combining possession of a smartphone (something the customer has) with biometrics (something the customer is), authentication has become scalable for general public use.
If a transaction requires authentication, as in the case of SCA, a bank can send a notification to a secure app on a customer’s smartphone. If the notification is confirmed, that is a strong confirmation that the customer has both the device and secure access to the application. While password access to the application would also pass the MFA requirement,login with a fingerprint or facial scan is much quicker and easier for the customer. The goal is seamless security, and biometric authentication achieves this. However, it is crucial to ensure that the original identity is properly verified against a wide range of strong identity data sources. After all, if a criminal, fraudster or other mala fide party already has an account, authentication provides no deterrent.
Conclusion
Selfies have existed for longer than you think, although they did not have a name assigned to them as such. Who would have imagined that, in the future, we would have to thank this peculiar way of taking a photo for being the fundamental instrument used by large companies and institutions to guarantee the identity of online users.
Who would have thought that, on the other side of that small lens, there would be large intelligent systems verifying and authenticating our identities and that, just by looking at our phone, we would be communicating with millions of people from all over the world.
No, however, we are on a mission to prevent a friendly process from becoming our own worst enemy with the threat of thousands of scammers for whom our customers become easy online targets . It is important, now more than ever, to build trust. It is more important now more than ever to conduct truly secure digital transactions.