Over the past decades, the development of the Internet and social networks, in particular, have led generations of people to metamorphoses. The ease of finding and obtaining any information, as well as the opportunity to share it (and sometimes an obsessive desire) unwittingly formed the culture of disregard for confidentiality.
At the same time, there are still many situations where it is necessary to keep information confidential, such as in business, government, and personal relationships, but it is becoming increasingly difficult to protect. And I’m not talking about ways to control unauthorized access to this information. I am talking about the preservation of confidential information by those to whom this information has been entrusted, although sometimes it can be controversial and raise issues around freedom of speech and the freedom of the press.
Back in the 18th century, Benjamin Franklin said: “Three can keep a secret if two of them are dead.” However, neither in those days nor today, humanity has found an effective way of communication without the need to entrust secrets to at least someone. Let a limited circle of people, but someone still needs to know them.
The effective way to protect confidential information is a combination of technology, policy, and education to create a culture of confidentiality and security that can adapt to changing technologies and social norms.
If you ask most cybersecurity experts a question on the topic of ways and technologies to protect confidential documents from leakage, then most of the answers will focus on the means of protection that somehow control or restrict unauthorized access to these documents. However, according to statistics, 3/4 of all leaks are not hacking – this is a leak by those who had authorized access to documents. That is, access control tools do not work here. The only way to force those who have been entrusted with documents to comply with their non-disclosure obligations is to ensure a guaranteed determination of the culprit of the leak. Only the inevitability of disclosure and an understanding of responsibility can ensure compliance with the security requirement and radically reduce intentional leaks.
Thus, it becomes obvious that in these cases we have to talk about detective solutions, which can be divided into two non-interchangeable principal approaches. The first is the classification of document files and the addition of metadata to files containing information about who this file belonged to when it was merged. But the metadata disappears as soon as the document ceases to be a file and becomes an image on the screen or a paper document. The screen can be photographed, a paper document can be copied. Therefore, a second approach becomes necessary – the marking of documents should be used. It can be visible, in the form of static or dynamic watermarks, or more resistant to removal and more user-friendly – invisible Anti-Leaks marks based on a steganographic approach to labeling.
You can easily find information about specific vendors of these solutions on the Internet, or by contacting multi-vendor system integrators. Each of the security systems has its strengths, but it’s important to note that these technologies are just tools and require specialized knowledge and expertise to use effectively. Additionally, unmasking anonymous leakers can be controversial and raise issues around privacy and freedom of speech, so it’s important to carefully consider the potential consequences before taking any action.
Report supplied by Yris Brice Wandji Piugie, Artificial Intelligence, Biometrics Researcher at Fime
Increasingly, strong security measures are required to protect valuable data from fraudsters. However, as security measures increase in complexity, the process becomes more cumbersome for consumers.
Banks and vendors face the challenge of meeting security regulations, such as PSD2, while providing a seamless authentication journey for consumers. To meet PSD2’s Strong Customer Authentication regulation, multi-factor authentication can be used to provide additional layers of security. As part of this, biometric technology is frequently applied – with one such method being keystroke dynamics.
Stéphanie Pietri (SP), Communications Director at Fime, speaks to Yris Brice Wandji Piugie, Artificial Intelligence, Biometrics Researcher at Fime, about Fime’s new research paper which explores new ways to deploy keystroke dynamics to authenticate users.
Stéphanie Pietri (SP):What is keystroke dynamics?
Yris Brice Wandji Piugie (YBWP): Keystroke dynamics is a behavioural biometric modality that analyses how a user types on a keyboard. It analyses the manner and rhythm of the user’s typing before storing the data to be compared to future typing. Keystroke dynamics can be used as a multi-factor authenticator, as it combines the knowledge of a password and the manner of typing.
SP: What did Fime do?
YBWP: Fime has developed a new approach to using keystroke dynamics, introducing deep learning architectures. Deep learning is a machine learning technique which uses neural networks to analyse data and learn from examples.
Fime took keystroke dynamic data from 110 users who typed in the same password from the GREYC-NISLAB database. The data was converted into 3D images or 2D colour images that could be used to represent a user’s behavioural typing style and compared with others. Fime then used a matching algorithm to determine how closely each biometric credential matched with an existing template in the database. Using 3D images or 2D colour images to train the neural network, this algorithm was used to evaluate the degree of similarity between how the password was entered.
To measure the performance of a biometric authentication system, two important error rates are used: False Match Rate (FMR) and False Non-Match Rate (FNMR). The False Match Rate error measures the likelihood that the system will incorrectly match a person to someone else that is enrolled in the system. The False Non-Match Rate error measures the likelihood of the system failing to recognise a person who has enrolled in the system. The Equal Error Rate (EER) is when the FMR is equal to the FNMR. We evaluated the performance of the authentication system in terms of Equal Error Rate (EER).
The lower the value of EER, the better the performance of the authentication system.
SP: What were the findings of this research?
YBWP: Overall, the research validates the use of keystroke dynamics for user authentication but highlights the need for a large data set.
We found that when we look at the performance per password (looking at each dataset individually), using different passwords generated different results. We also found that using a small number of samples (7) for a user led to poor results, with an EER value between 14 and 18%.
This is because deep learning techniques require a larger amount of data – the larger the dataset, the better the performance. This highlights the need for large keystroke dynamics datasets to optimize the performance of these deep learning methods. In future, having a larger database, we would expect to get even better results, for example with an EER value very close to 0%.
In addition, when comparing our research to other research conducted using the same GREYC-NISLAB database, we found that our approach performed better with a lower EER value.
SP: What are the benefits of this approach?
YBWP: The aim of this research was to evaluate the use of keystroke dynamics as a behavioural biometric, and how deep learning can be used to improve the reliability of this type of authentication. As the power of machine learning is harnessed, behavioural biometrics can become more accurate.
This approach reduces friction because it does not require current users to change their behaviour since they have to type passwords in anyway.
SP: What does this mean for the future of biometrics?
YBWP: This research is a positive step forward for us to better understand how keystroke dynamic-based authentication methods can be enhanced to deliver a seamless customer experience. While removing all passwords is something that we may see in the future, this is not expected anytime soon. Therefore, it makes great sense to harness the data available to increase security and reduce friction without changing consumer habits.
This research is also the first step in using behavioUral biometrics, and we do not intend to stop here. In the future, you could use behavioUral biometrics such as stride length when walking, or the way someone moves, to authenticate them. As the user experience grows in importance, we can expect to see demand to increase for this type of authentication.
For future research, we plan to add psychological features such as the user’s emotions when entering passwords for the training and testing process to improve accuracy, since emotional states could be identified from the input behavioural style. We intend also to improve (and expand) the keystroke dynamics datasets that are needed to make further significant progress to solve this authentication challenge.
Fime is dedicated to continuing its research to improve the performance, reliability and strength of biometric authentication. As part of this, it aims to support the development of secure, seamless and inclusive biometric systems. Read the full paper here.
The opportunity to redesign your country’s passport or national ID is often as daunting as it is exciting. Which new technologies will help you fight counterfeiting and protect people’s identities? Which visual elements will showcase your national heritage, aspirations and culture? Which security features will help you streamline the authentication process?
The organisers been inundated with applications to our Meet the Document Examiner sessions at Identity Week Europe.
So much so that we’ve added NEW sessions and therefore extended the deadline to 12pm on Thursday 16th June.
If you have a new document security feature idea, a secure document design issue or a new document in preparation, get the chance to have it analysed and reviewed by a team of forensic document experts!
Successful applicants will get to meet and analyse their chosen document with an team of forensic document experts selected from National Document Fraud Unit (NDFU), Home Office, United Kingdom; Identity Fraud & Documents Centre of Expertise (ECID), The Netherlands; Centre of Excellence for Combatting Document Fraud, FRONTEX, Poland and Homeland Security Investigations (HSI) Forensic Laboratory, United States.
Meetings will be scheduled in 20-minute blocks from 10am on Wednesday 29th June 2022. There are a limited number of meeting spaces, so submissions will be selected on merit of content and interest.
These meetings are not a sales pitch opportunity, but designed for collaborative technical information exchange and expert advice.
#IdentityWeekEurope is your opportunity to see the technology and trends shaping the future of identity in financial services, travel, healthcare, retail, government, social media and more – Don’t miss out and register free now.
The expo floor will be buzzing with hundreds of exhibitors, live demonstrations, seminar sessions and product launches.
Just some of the brands you’ll meet include DocuSign, Portuguese Mint Official Printing Office (INCM), Portals, secunet, cryptovision and ICAO.
DocuSign – Stand 400
DocuSign helps organisations connect and automate how they prepare, sign, act on and manage agreements. With 1 million+ customers and more than a billion users, DocuSign is one of the world leaders in their field.
INCM – Stand 733
The Portuguese Mint Official Printing Office (INCM) specialises in tailored solutions developed for governments and private companies, from ID Documents production to strong authentication solutions.
Portals – Stand 806
Portals have been making paper for the world’s leading security printers for over 300 years. Refining their processes and driving innovation to meet the needs of partners. Producing the highest quality security documents and banknotes.
secunet – Stand 812
secunet helps airports and governments to develop their own sustainable border control strategy and offers expertise as well as turn-key solutions, such as eGates, self-service kiosks or high-end facial image capturing technologies.
cryptovision – Stand 214
cryptovision is a world-leading specialist for cryptography and electronic identity solutions. 100 million people make use of cryptovision products every day across sectors like defense, automotive, financial, government and more.
ICAO- Stand 326
The International Civil Aviation Organization (ICAO), a UN specialised agency, facilitates the development of the standards and regulations that underpin the global air transport system. Fostering the growth of a safe, efficient, secure, economical civil aviation sector.
IDology, a GBG Company and leading identity verification provider, announces the launch of ExpectID Business, adding Know Your Business (KYB) to its ExpectID platform. ExpectID Business automates KYB verification for compliance and raises the bar on business-to-business fraud protection. By digitizing business verification, companies can more efficiently scale operations while onboarding new customers faster. IDology’s ExpectID platform fuses KYB and KYC due diligence with multiple layers of risk detection and fraud protection for one powerful, programmatic solution that enables businesses to transact with trust.
Ninety-eight percent of B2B retailers, manufacturers and marketplaces experienced financial losses and related reputational risks due to successful fraud attacks last year alone. While any business that deals with the transfer of money is required to perform a KYC or KYB check, meeting KYB verification requirements is particularly challenging for financial services providers and fintechs. Conventional KYB verification is often a tedious, manual process that creates unnecessary friction and onboarding delays. With rising expectations for frictionless B2B customer experiences, lengthy processes can negatively impact client acquisition and intensify competitive pressures. At the same time, in defending against ever-increasing and sophisticated global cyber fraud threats, conventional KYB solutions often fall short of delivering a comprehensive risk perspective needed to stay ahead of evolving B2B fraud schemes.
One Powerful, Programmatic Solution
ExpectID Business goes beyond basic KYB and KYC verification to provide a deep, comprehensive and holistic perspective of the risk associated with both the business and the authorized users. It delivers actionable intelligence to streamline onboarding workflows for legitimate businesses, while dynamically escalating higher-risk customers to enhanced layers of authentication.
ExpectID Business utilizes a proven, multi-layered orchestration platform that uniquely:
Accelerates Onboarding While Reducing Risk. ExpectID Business accesses high-quality, diverse data sources to verify more U.S. businesses and confirm the connection between a business and authorized users, while also evaluating risk. By seamlessly locating and verifying more customers, trust is established in business-to-business relationships with less friction.
Deters Fraud with Machine Learning and Cross-Industry Consortium Intelligence. The powerful combination of intelligence from IDology’s anti-fraud consortium and machine learning supervised by its team of fraud analysts delivers real-time and always-on transparent insights that businesses need to detect and stop fraud before and after verification and enables businesses to fine-tune onboarding models with greater precision.
Replaces Costly Manual Processes with Programmatic Ones. Proactively identifies higher-risk businesses to avoid costly and resource-intensive, deeper due diligence. This also enables more confident approvals while safeguarding the customer experience, removing unnecessary friction and delays. With a proven and stable orchestration platform that leverages machine learning, ExpectID Business reduces the manpower burden of KYB due diligence and the inherent risk of human error.
Combines Business Verification with Watchlist Screening. Checks multiple watch lists and conducts an OFAC check for both the business and the primary user with real-time data and faster response times for always-on protection and compliance
“Fraud and money laundering are growing threats to the B2B sector, making KYB a major pain point for businesses,” said Heidi Hunter, Chief Product Officer at GBG Americas (Acuant and IDology). “A better KYB solution is needed to stay compliant, prevent fraud and reduce costs while safely onboarding corporate customers. With ExpectID Business, we’re giving our customers the data insight and guidance they need to quickly and confidently onboard legitimate customers and equally important, identify higher-risk customers to avoid the costs associated with more complex background checks.”
Vision-Box, a global industry leader in biometric recognition, digital identity, and seamless travel management, has unveiled its latest solution built upon a new generation of biometric technology set to transform the travel experience: Seamless Kiosk – The New Generation of Biometric Technology.
Seamless Kiosk has been developed to provide an exceptional user experience through its biometric and biographic capture performance, increasing the passenger handling process speed with an accessible design and a smart passenger guide system, based on artificial intelligence that better helps any user to follow the instructions intuitively with a new immersive camera system.
Seamless Kiosk is equipped with an audible and highly tactile assistive interface for navigation and selection of screen-based content and braille signs to support passengers with impaired vision, an inability to read, restricted reach, or limited dexterity. It is also compliant with Europe, United States and Canada’s disability acts.
Seamless Kiosk provides the most flexible solution in the market, with customisable capabilities and features enabling it to fit any use case for passenger processing, delivering elevated level of security, fast and precise biometric processing to the latest International Air Transport Association (IATA) recommendations and International Civil Aviation Organisation (ICAO) standards. With a small footprint, Vision-Box’s latest solution combines the newest Common Use Self-Service (CUSS) 2.0 platform and Border Control processing, including Entry/Exit System (EES) requirements.
With its full-frontal face capture module optimized with automatic height and dynamic illumination adjustments, Seamless Kiosk enables an accurate capture process, which enhances the user experience. The solution is compliant with the standards from International Organization for Standardization (ISO) on biometric data interchange formats (ISO/IEC 19794-5) and biometric presentation attack detection (ISO/IEC 30107-1).
Key technological features of Seamless Kiosk include:
Modular design for different configurations of travel documents and barcode reader, card reader, fingerprint scanner and accessibility keypad
Printer module customisable for different use cases – e.g., receipt, boarding pass, and bag-tag printing
Biometric-by-design solution compliant with most strict standards such as Alternative Dispute Resolution (ADA), Customer Service Agent (CSA) and Experimental Aircraft Association (EAA)
Integrated with Vision-Box Orchestra Digital Identity Management Platform, which is fully certified by Privacy by Design, to deliver a unique biometric user registration and management experience.
Its launch application is based on CUSS 2.0, and it is also compatible with legacy CUSS versions.
Speaking about this latest launch, Alessandro Minucci, Head of Product at Vision-Box says:
“We are very pleased to launch Seamless Kiosk, a truly nimble device which can be deployed in multiple markets such as identity management, travel & tourism, and border control, allowing the user to enjoy the best seamless experience, with the highest accuracy and speed via a biometric-by-design solution. At Vision-Box, we seek to push the boundaries of design and technology to offer a more human experience.”
For 20 years now Vision-Box has developed, rolled-out and supported thousands of intelligent self-service kiosks around the globe, from passport enrolment to border control, up to next-generation biometric check-in kiosk, for multiple markets at different industry segments, from identity management to travel.
Author: Maria Pihlström, Director, Global Marketing and Comms at Fingerprints
In mid-May Fingerprints was jointly exhibiting alongside Freevolt Technologies at IFSEC 2022, in London, one of the leading security events in Europe. Attendees at the show learnt how the two companies are combining their innovative tech to develop S-Key, Freevolt’s flagship biometric access card. To learn more, Fingerprints’ Marketing Director, Maria Pihlström sat down with Gonzalo de Gisbert, Freevolt’s Head of Product and Business Development.
Please can you provide a brief overview of Freevolt and its flagship product, S-Key?
Innovation and R&D are a core part of Freevolt’s fabric thanks to its academic roots. It was first established as a spin-off from research completed at one of the world’s leading universities, Imperial College London, that was investigating technologies that can harvest radiofrequency (RF) energy from common networks (NFC, cellular, Wi-Fi). We are taking this ground-breaking research and using it to develop the next generation of biometric smartcards, which is seen in our flagship product: S-Key.
S-Key is a battery-less biometric smartcard providing stronger authentication for the access control industry. Because it is battery-less, drawing its power using Freevolt’s RF harvesting system, it requires no special software or changes of existing smartcard infrastructure, enabling it to work seamlessly with 3rd party systems e.g., HID, Salto etc. Another benefit of it being battery-less is that it comes with significantly lower costs. Once a card is deployed, it requires no charging or battery swaps. It also means no costly disposal processes or cell recycling.
Using Fingerprints’ solution, it offers all the benefits of biometrics from one of the world’s leading experts: enhanced security without sacrificing convenience, supporting worryless access.
Having built a smart card from the ground up, using our Freevolt energy harvesting technology, our company now has the opportunity to build on this platform for other use cases such as cryptocurrency, healthcare, payments etc.
What do you think are the key issues facing the access control industry today?
Over the past couple of years, physical and logical access control strategies have had to respond to many new challenges. Flexible and distributed workplaces mean businesses have had to extend their enterprise cybersecurity settings to protect digital estates wherever and whenever employees are working. But it’s not just with cybersecurity where organizations need to rethink access control, as there are new physical security threats to tackle.
Lower footfall in offices means that it’s harder to know if someone you see should or shouldn’t be there. Pre-COVID if you saw an unfamiliar face in the office, you would be inclined to challenge that individual. After two years of remote and flexible working patterns, and with no sign that they will go away, new faces might be more common, and people may become more complacent. What’s preventing this ‘new face in the office’ from using a lost/stolen/borrowed/skimmed non-biometric access card or compromised credentials such as PINs and passwords?
Furthermore, access control strategies now must respond to hygiene worries around shared surfaces such as PINs and touchpads, urging the need for touchless solutions. Granting access through fingerprint verification on your card is a great way to unlock contactless 2-factor security measures without sacrificing convenience or hygiene.
As a solution provider, what drove you to consider integrating biometric tech in S-Key?
We turned towards biometric tech as it is becoming increasingly common in our daily lives as consumers are attracted to the convenience and security embedded in their smartphones, PCs, and even smart locks. Also, given today’s security challenges, many are using biometrics to avoid relying solely on PINs, passwords and traditional access cards, which can be cumbersome and vulnerable, not to mention that they can also be stolen/hacked.
What key criteria were on your list when you were searching for a biometric partner?
When we were searching for a biometric partner, we were looking not just at expertise, but also those that can also help us meet the unique objectives with S-Key.
We wanted a partner that was not only a general expert in sensors and biometric solutions, but someone who had experience in being a market leader across other verticals. We landed on Fingerprint Cards as they are exactly that, having a market leading position in the mobile phone market with a rich history in biometrics since the tech first started coming onto the scene. As such, we are able to channel Fingerprints’ expertise and innovative skills directly into our product, and also work closely with them taking into account the unique design challenges when integrating biometric sensors.
Traditionally, biometric solutions present a challenge with data protection, especially for regulations such as the UK and European GDPR. Yet with the S-Key, this is not an issue as we use the on-device approach championed by Fingerprints, where the biometric data is enrolled, securely stored, matched and authenticated on the card itself. That means no databases of data in the cloud. This supports S-Key’s ability to work seamlessly with existing infrastructure without the need for costly retrofits or software updates to handle biometric data. It also reflects our belief in privacy and that individuals should retain full control of their data. Being able to leverage Fingerprints’ software libraries alongside its sensors was key to developing a secure, privacy-first product that we would be happy to trust our own biometric data with.
Beyond access control, what other potential use cases are possible with biometric cards and what’s on the horizon for Freevolt and the S-Key?
Our vision for S-Key is to bridge the gap between physical and logical access. You might come to work, using your card to get into the building, log onto your machine, release a secure printing job, etc. etc. We really see this unified solution as a key value proposition for widespread adoption.
We also have several other projects in the healthcare and cryptocurrency spaces whereby Freevolt really provides an edge, thanks to its ability to work with just about any RF power source using NFC. Think powering a card with your mobile phone to validate a transaction, or clocking in and out of work, etc.
It’s an exciting time for us here at Freevolt as we continue to invest in our core technology to keep it ahead of the market competition and explore new opportunities in the access control space. We’re glad to be working with Fingerprints as part of our journey.
The guide offers actionable solutions for two key problems facing crypto companies today: 1) compliance with all applicable laws and regulations and 2) building the KYC process to quickly onboard users while maintaining a high level of fraud resistance. That’s why the Sumsub team has compiled all the essentials for compliant, high-conversion KYC in one place.
Compliance with KYC/AML requirements is crucial for crypto companies as it prevents money laundering and terrorist financing, detects suspicious activities, and shields from stiff regulatory fines.
In the past, regulations affected only a few players in the crypto industry. Nowadays, regulators are eyeing the industry as a whole, implementing laws and rules that impact a much wider spectrum of companies. In this guide, Sumsub’s legal experts give details on which crypto companies are regulated as well as the regulatory specifics across different countries.
Another significant issue for crypto businesses is building effective KYC flows. If a company is obliged to perform multiple user checks, it’s important to make them as smooth as possible to keep pass rates high. That’s why the Sumsub team has shared three best practices for building successful verification flows, with which crypto companies can reduce drop-offs significantly and verify clients properly without losing them in the process.
Notably, the guide offers actionable solutions, rather than just theoretical advice. So, not only does it go through the principles of level-based verification, it also provides step-by-step instructions for implementation. All this is backed up by real-life cases, detailing the wide success enterprise crypto clients have achieved through Sumsub’s customizable KYC flow.
Sumsub is an international tech company that helps businesses onboard online clients and comply with AML/KYC regulations with AI-driven identity verification tools. It was founded by three brothers—Andrew, Jacob, and Peter Sever—and uses forensic anti-fraud software to make identity verification fast, secure, and transparent for clients.
Sumsub’s business model is based on adjusting verification & identification services to global compliance requirements. Thanks to a strong in-house legal team, Sumsub has grown into a leader within this sector, helping businesses comply with regulations in 197 countries and territories. The company’s methodology follows FATF recommendations—the international standard for AML/CTF rules.
Sumsub offers an all-in-one, customizable solution that verifies users no matter their language or location—helping businesses scale to international markets faster and adhere to global compliance requirements more efficiently. The platform is easily adjustable and offers a wide range of solutions, from fully-automated identity verification to agent-assisted verification.
Sumsub takes a risk-based approach and follows both global and local regulatory norms (FATF, FINMA, FCA, CySEC, MAS). All data is kept on Amazon GDPR-compliant servers, which are located in the EU. Overall responsibility for all data lies with the DPO (Data Protection Officer).
With a little over three months to go, it’s full steam ahead on preparations for identity’s leading event in Asia.
As of this morning, we now have over 50 speakers announced!
By booking your conference seat in advance, you’re saving US$300 which is over 40% off! But don’t delay because prices go up next week!
Book your conference pass here >>
KEYNOTE SPEAKER David Roi Hardoon
Chief Data and AI Officer
Union Bank of Philippines
A self-proclaimed data ‘artist’, David has extensive experience across both industry and academia in identity, consistently applying advanced technology with an analytical mindset to shape and deliver new innovation.
I’m an image
As a Keynote Speaker at Identity Week Asia 2022, David will shed light on the future of ID in financial service from a data science and compliance perspective within Union Bank of Philippines. He will also share his perspective on the future of AI in compliance for financial services.
Veridas, a company specializing in developing biometric solutions for digital identity verification, has created a free Buying Guide. In it, Veridas seeks to offer help to all those companies and institutions that want to improve and digitize their customer and user registration process, to provide them with all the elements that, in their opinion, are key and should be considered to evaluate an Onboarding technology and make the best possible purchasing decision.
Not all identity document verification technologies release the same number of artificial intelligence algorithms on a document to verify its authenticity and ‘read’ it; nor are all biometric facial recognition engines equally accurate; nor is the design of all flows to verify a person’s identity smooth and offer an agile and comfortable user experience.
Therefore, not all vendors are equally prepared to fight fraud, nor do they treat sensitive data under the same standards. This Buying Guide leads, in detail, through all the technological layers that make a Digital Onboarding process excellent.
Among the conclusions and recommendations mentioned in the Guide are the following: set common evaluation standards that certify the level of accuracy of solutions under the same conditions, strengthen fraud detection in the field of identity document verification, or prioritize manufacturers with fully automated solutions and proprietary technology.
In addition, the Guide is accompanied by an evaluation tool, a comparative table with all the elements (categories, topics and questions) that are key to comparing potential digital onboarding providers and, thus, making the best purchasing decision.
Veridas has performed more than 60 million identity verifications for clients worldwide. It has been operating globally since 2017 in sectors such as Banking, Insurance, Telecommunications, Mobility or Public Administrations. In addition, its biometric engine is
regularly subjected to the highest international standards, is considered one of the best in the world by the National Institute of Standards and Technology (NIST).
Onfido, the leading global digital identity verification and authentication provider, today announced the expansion of its Real Identity Platform, improving fraud accuracy by 54% and fully automated performance by 12x. The platform simplifies identity for everyone. Now customers can reduce the complexity of sourcing and managing multiple identity verification vendors to meet local compliance regulations and can more easily mitigate fraud threats in an increasingly global marketplace. The Real Identity Platform includes four new products:
Onfido Verification Suite, a curated library of identity verification services including award-winning document and biometric solutions, trusted data sources, and innovative anti-fraud measures.
Onfido Studio, a powerful identity orchestration layer acts as the mission control for identity verification, enabling organizations to build and optimize multiple identity verification flows using the entire verification suite and no-code workflows.
Smart Capture, a flexible, easy-to-integrate SDK that delivers over 90% first-time pass rates, with NFC verification, accessibility features, and intelligent end-user feedback to correct things like blurred or cropped images.
Onfido Atlas™, the state-of-the-art AI decisioning engine that powers the entire platform, providing fully automated identity verification and authentication at global scale, with 95% of checks completed in less than 10 seconds. Its built-in anti-bias capabilities are unparalleled in the industry.
These additions to the platform enable organizations to optimize and automate the user experience while providing the highest levels of risk assurance.
“Managing multiple vendors across end-user workflows is one of the biggest challenges banks can face in compliance and fraud prevention,” said Kavin Mistry, Head of Digital at TSB. “Onfido’s Real Identity Platform brings all this together, reducing that complexity and providing a valuable array of verification signals that will help make managing our customer’s identity much simpler.”
The Onfido Real Identity Platform allows organizations to build multiple workflows optimized for different market conditions, geographies, and risk tolerance that achieve the lowest fraud and highest end-user conversion rates, without the need to invest in additional customer support.
According to Gartner®: “Making identity proofing, fraud detection and user authentication capabilities work together across the user journey can improve risk mitigation, reduce costs and boost innovation in product or service offerings, but remains challenging for organizations to execute on,” said Akif Khan, Senior Director Analyst at Gartner.
“With the addition of multi-dimensional identity verification signals, organizations can now get a more holistic view of their customers and make faster, more informed decisions about which products or services to offer and when to offer them,” said Alex Valle, Chief Product Officer of Onfido. “By combining this with the flexibility of easily integrating identity verification at any point in the customer journey through drag-and-drop workflows, organizations can create the perfect user experience without compromising on fraud protection, all through a single API and best-in-class SDK.”
Onfido Verification Suite provides a curated library of globally trusted data sources and identity verification services. The suite provides tailored user experiences designed around specific fraud and regulatory use cases, compliance requirements, global needs, risk appetite, and business objectives. This library extends and tightly integrates with Onfido’s award-winning document and biometric identity verification solutions. The trusted data verification sources include Watchlist (PEPs and Sanctions), Ongoing Monitoring, ID Record Check, AAMVA (American Association of Motor Vehicle Administrators), Tax ID (India), Social Security Number (US), and Proof of Address. Accompanying these are additional fraud detection verifications including Phone Verification (network signal and device integrity), IP Reputation, Geolocation, Email Risk Verification and Known Faces.
Onfido Studio: Simplifying Digital Identity Orchestration Onfido Studio enables organizations to orchestrate business logic with no code and powerful analytics to make intelligent, data-driven decisions. Quickly build workflows that respond to changing market conditions, whether expanding into new geographies, aligning with changes in internal policies, changing risk tolerance, or keeping compliant with regulations or evolving sanctions. Simply drag and drop a document and biometric check or one of many other verifications or fraud signals into your customer journey to optimize customer onboarding or authentication.
Onfido Smart Capture: Over 90% first-time pass rates
Smart Capture provides a powerful and flexible SDK that enables customers to quickly create a world-class onboarding experience that is easy to use and optimized for fraud prevention. It includes NFC scanning, image quality enhancements, face detection, and advanced document capture features such as barcode, MRZ and edge detection. Also included are advanced on-device fraud detection capabilities including device tampering and IP intelligence. Smart Capture is WCAG level 2.1 accredited for accessibility. 70% of Onfido’s customers use Smart Capture SDK due to its flexibility, ease of integration, and proven performance – resulting in 90% first-time pass rates and 20% increase in first-time document and selfie capture success.
The Real Identity Platform is powered by Atlas, state-of-the-art AI that enables fully automated identity verification with 95% of checks processed in less than 10 seconds, a 12x improvement. It also powers a year-over-year improvement in fraud accuracy by 54%. Atlas is built on over 10,000 micromodels that decipher the slightest nuances of global ID documents, and refined on tens of millions of checks each year, all to deliver unparalleled accuracy and automation to each verification. With a cornucopia of training sets and oversight from the ICO (Information Commissioner’s Office), Atlas effectively safeguards against facial biometric bias, improving false acceptance rates by 10x to 0.01%.
Onfido’s Real Identity Platform supports fast, frictionless fraud prevention and compliance at global scale that adapts to the unique needs, markets and risks of each customer, from financial services and healthcare, to gaming, telecommunications, retail, and hospitality.
“Time is a precious resource for organizations when it comes to engineering and developer talent. Effectively managing a team’s workload is essential when considering onboarding flows or initiating major changes to stay compliant with financial regulations across multiple countries,” said Ron Kalifa OBE, Chair of FinTech Review. “Onfido is helping to keep the UK at the forefront of fintech innovation by enabling businesses to scale internationally, enabling them to navigate compliance and complex fraud vectors more easily.”
Additional customers welcomed the announcement:
“A challenge telecommunications companies face in remaining compliant and mitigating fraud is managing the sheer number of vendors used across multiple customer workflows, getting them to interact correctly, and then deriving actionable insights,” said Artur Stankiewicz, Chief Digital Officer at Orange Poland. “Onfido’s Real Identity Platform strips away that complexity by offering multiple verification methods in a one-stop solution that simplifies customer identification.”
“We’re always looking for ways to reduce user friction and help our customers onboard faster, while remaining secure and compliant,” said Peter Lu, Director of Product at KOHO. “As we continue to expand throughout Canada, Onfido’s Real Identity Platform will scale with us, allowing us to decide our fraud tolerance and apply the correct level of identity proofing at different points along the customer journey.”
“As the largest African money-transfer platform, we must walk a fine line between managing the growing complexity of AML/KYC regulations in all the countries we operate in and ensure a fast, frictionless customer onboarding experience,” said Hasan Luongo, VP of Global Marketing at Chipper Cash. “Onfido’s Real Identity Platform simplifies this complexity and will enable us to grow more rapidly in the face of evolving fraud vectors and global regulations.”
“As a fast-growing, fully digital financial services startup our customer experience is our first priority,” said Sebastian Robles, CEO at Kredito. “We’re always looking for ways to reduce user friction and help our customers onboard faster,” said Robles. “We’re excited to start using Onfido’s Real Identity Platform to simplify our customer onboarding process without making any compromises on fraud prevention, compliance or security.”
 Gartner®, Market Guide for Identity Proofing and Affirmation, March 2022. Akif Khan, 2 March 2022. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
The Transportation Security Administration (TSA), in collaboration with the State of Maryland and Apple, deployed a new technology that allows airline passengers to use their Maryland-issued mobile driver’s license or mobile identification card in Apple Wallet to safely and seamlessly present and verify their identity for airport security screening purposes at Baltimore/Washington International Thurgood Marshall (BWI) and Ronald Reagan Washington National (DCA) airports. Maryland joins Arizona as the second state to offer this feature.
Starting today, individuals with driver’s licenses or state IDs issued by Maryland will be able to add a digital version of their license or ID to Apple Wallet and present it at TSA airport security checkpoints for identity verification purposes if they are enrolled in TSA PreCheck® and are using a TSA PreCheck designated checkpoint lane.
“This marks another milestone in TSA’s efforts to continue providing a secure and seamless airport security screening process at BWI,” said Christopher Murgia, TSA’s Federal Security Director for BWI. “Mobile device technologies are continually evolving to provide a safer experience for residents, and TSA is committed to expanding use of these technologies wherever possible to enhance airport security and facilitate greater accuracy in identity verification at TSA checkpoints.”
To present their ID in Apple Wallet, passengers will simply tap their iPhone or Apple Watch at the TSA’s Credential Authentication Technology reader at the travel document checking podium. The TSA officer will then verify the passenger’s identity and flight status for a secure, fast, convenient and touchless identity verification experience.
With driver’s license and state ID in Apple Wallet, identification data is encrypted and transmitted digitally, eliminating the need for passengers to show or hand over their device to a TSA officer. All passengers, including those traveling through BWI and DCA with a Maryland driver’s license or state ID, must continue to carry and have readily available their physical driver’s license or identification card, or other acceptable ID listed on the TSA website. This physical ID may be required by the TSA officer.
TSA recommends that eligible travelers complete the process of adding a mobile ID to their Apple Wallet before arriving at the TSA checkpoint. Only passengers with TSA PreCheck added to their boarding pass will be eligible at this time, with the capability to roll out to other passengers soon.
TSA introduced the concept of the mobile driver’s license in April 2021 with a notice in the Federal Register and a press release announcing a request for information regarding mobile driver’s licenses. This effort is one of the steps TSA is taking under President Biden’s Executive Order on Transforming Customer Experience. TSA’s interest in this technology is driven by potential security and privacy enhancements provided by mobile driver’s licenses compared to physical cards. In addition, touchless identity verification will have health and safety benefits in response to the pandemic.
FacePhi sets up its new subsidiary in the UK and declares its commitment to the EMEA area
The new subsidiary will be led by General Manager EMEA, Enrico Montagnino, who joined the company last April to lead the conquest of this new region.
The tech company seeks to consolidate its presence in Europe, the Middle East and Africa and open new markets with the creation of a specialised international sales team.
FacePhi, the leading company in technology for user digital identity verification, reinforces its commitment to Europe, the Middle East and Africa with the establishment of a new subsidiary in the United Kingdom. FacePhi EMEA thus becomes the third branch created by the tech company, which already has subsidiaries in South Korea, FacePhi APAC, and in Uruguay, FacePhi LATAM, in addition to its headquarters in Spain.
This new delegation will be led by Enrico Montagnino, EMEA General Manager, who joined the company last April with the aim of establishing FacePhi’s presence in this market and thus accelerate the implementation of FacePhi solutions in the region. The subsidiary will incorporate profiles such as sales staff, administration, human resources, marketing and projects in the Anglo-Saxon region, in addition to a sales team that will work from strategic countries in the EMEA area to close new business opportunities.
“The United Kingdom is a strategic country, a gateway to new markets from which we want to meet the needs of our customers and expand the use cases of our technology,” said Javier Mira, president and CEO of FacePhi. “The demand for our solutions has grown a lot in recent years in this region and, thanks to this sales-focused team, we want to continue expanding our presence around the world,” Mira said.
“The opening of this new subsidiary represents a key step for FacePhi, a company that is in a moment of expansion and growth,” said Enrico Montagnino, EMEA General Manager at FacePhi. “The possibility of leading a multidisciplinary team of these characteristics is a challenge and shows the firm’s commitment to its projects and customers,” said Montagnino.
FacePhi EMEA, the company’s third subsidiary
Since the beginning of 2022, FacePhi has been articulating an international structure that began in 2019 with the opening of its first subsidiary, FacePhi APAC, in Seoul, South Korea. After several years as a support office, in March 2022 FacePhi consolidated its presence in Latin America with the inauguration of its subsidiary in Montevideo, Uruguay, FacePhi LATAM. Today, after hiring its new General Manager EMEA, Enrico Montagnino, last April, the company decides to commit to its expansion in Europe, the Middle East and Africa and, therefore, constitutes FacePhi EMEA, its new subsidiary in the United Kingdom.
With the opening of these three subsidiaries, FacePhi reaffirms its commitment to the internationalisation of its solutions and the consolidation of a global team with unstoppable growth that allows them to be present in any region and industry.
A new study from Juniper Research has found that the value of biometrically authenticated remote mobile payments will reach $1.2 trillion globally by 2027; rising from $332 billion in 2022. These transactions use biometrics, typically facial and fingerprint recognition, to authenticate remote mobile payments. This growth of 365% is driven by recent regulatory changes, with the introduction of SCA (Strong Customer Authentication) pushing greater adoption.
For more insights, download the free whitepaper: Mobile Payments ~ A Biometric Future
The SCA requirement of PSD2 (Second Payment Services Directive) has pushed financial institutions to implement biometric authentication. To meet this requirement, financial institutions have capitalised on smartphone biometric authentication capabilities; accelerating the technology’s adoption. The research found that the volume of biometrically authenticated remote mobile payments will grow by 383% over the next 5 years, reaching 39.5 billion globally by 2027.
To maintain trust and reduce fraud, financial institutions are implementing step-up authentication, where certain transactions are escalated for biometric approval based on risk scoring. Therefore, vendors must offer multiple ways to authenticate, as well as developing new techniques to keep biometrics secure.
Facial Recognition to Boost Mobile Biometrics Adoption in Payments
The report found that facial recognition is paving the way for greater adoption of biometrics in mobile payments, with OEM-Pay solutions leveraging the near ubiquity of facial recognition capabilities to provide frictionless checkout experiences for customers. With the use of facial recognition increasing, the technology has become a target for malicious actors using advanced spoofing techniques, such as digital injection attacks. In response, mobile authentication vendors must prioritise the design and implementation of enhanced liveness detection, and anti-spoofing techniques, to combat the ever-evolving role of fraudulent players and ensure that security is not compromised.
The Information Commissioner’s Office (ICO) has fined Clearview AI Inc £7,552,800 for using images of people in the UK, and elsewhere, that were collected from the web and social media to create a global online database that could be used for facial recognition.
The ICO has also issued an enforcement notice, ordering the company to stop obtaining and using the personal data of UK residents that is publicly available on the internet, and to delete the data of UK residents from its systems.
The ICO enforcement action comes after a joint investigation with the Office of the Australian Information Commissioner (OAIC), which focused on Clearview AI Inc’s use of people’s images, data scraping from the internet and the use of biometric data for facial recognition.
Clearview AI Inc has collected more than 20 billion images of people’s faces and data from publicly available information on the internet and social media platforms all over the world to create an online database. People were not informed that their images were being collected or used in this way.
The company provides a service that allows customers, including the police, to upload an image of a person to the company’s app, which is then checked for a match against all the images in the database.
The app then provides a list of images that have similar characteristics with the photo provided by the customer, with a link to the websites from where those images came from.
Given the high number of UK internet and social media users, Clearview AI Inc’s database is likely to include a substantial amount of data from UK residents, which has been gathered without their knowledge.
Although Clearview AI Inc no longer offers its services to UK organisations, the company has customers in other countries, so the company is still using personal data of UK residents.
John Edwards, UK Information Commissioner, said:
“Clearview AI Inc has collected multiple images of people all over the world, including in the UK, from a variety of websites and social media platforms, creating a database with more than 20 billion images. The company not only enables identification of those people, but effectively monitors their behaviour and offers it as a commercial service. That is unacceptable. That is why we have acted to protect people in the UK by both fining the company and issuing an enforcement notice.
“People expect that their personal information will be respected, regardless of where in the world their data is being used. That is why global companies need international enforcement. Working with colleagues around the world helped us take this action and protect people from such intrusive activity.
“This international cooperation is essential to protect people’s privacy rights in 2022. That means working with regulators in other countries, as we did in this case with our Australian colleagues. And it means working with regulators in Europe, which is why I am meeting them in Brussels this week so we can collaborate to tackle global privacy harms.”
Details of the contraventions
The ICO found that Clearview AI Inc breached UK data protection laws by:
failing to use the information of people in the UK in a way that is fair and transparent, given that individuals are not made aware or would not reasonably expect their personal data to be used in this way;
failing to have a lawful reason for collecting people’s information;
failing to have a process in place to stop the data being retained indefinitely;
failing to meet the higher data protection standards required for biometric data (classed as ‘special category data’ under the GDPR and UK GDPR);
asking for additional personal information, including photos, when asked by members of the public if they are on their database. This may have acted as a disincentive to individuals who wish to object to their data being collected and used.
The joint investigation was conducted in accordance with the Australian Privacy Act and the UK Data Protection Act 2018. It was also conducted under the Global Privacy Assembly’s Global Cross Border Enforcement Cooperation Arrangement and the MOU between the ICO and the OAIC.