GIACT – a London Stock Exchange Group business – is looking at forming a collaborative partnership with Mastercard to mutually share its digital identity verification solutions with Mastercard’s open banking capabilities.
The partnership will pursue faster and more seamless onboarding for legitimate customers using their self-governed real-time data to enable verification of 95% of U.S. deposit accounts.
The two financial services are exchanging tools which will merge their digital transformation offering to customers, adding additional layers of security to banking services while ensuring they are privacy preserving of consumers’ data.
GIACT will be able to deploy its Nacha-compliant account verification solutions across its expanding Customer and Third-Party Risk businesses. Customers’ have the freedom to share and authorise their permissioned data including to confirm the bank account owner, the income account balance and transactions with a single bank account.
Together GIACT and Mastercard are looking to create a single, smooth onboarding customer journey to ascertain their customers’ verifiable credentials (also called “Knowing Your Customer” KYC) to authenticate them and outcast fraudsters.
All the research suggests that satisfied customer unlock further commercial growth for banks by opening more accounts and increasing their deposits.
Phil Cotter, Head of Customer and Third-Party Risk Solutions, LSEG Group said, “The partnership with Mastercard builds on our continued investment in digital identity fraud solutions for LSEG customers. By providing customers with consumer-permissioned open banking account verification through Mastercard, our customers can more effectively manage fraud and meet their compliance obligations, whilst providing a differentiated digital experience to their customers”.
The junta Department of Communications have set about deactivating accounts of SIM card holders in Myanmar whose registrations mismatch databases provided by the Ministry of Immigration and Population.
A cut off deadline was set for 31 January 2023, encouraging account users to check if their registration information was correct to prevent fraudulent activities and unsafe financial transactions.
When registering a SIM card users must supply their full name, Citizenship Scrutiny Card or National Registration Card number and clear photographs.
In 2020, Myanmar’s Ministry of Transport and Communications reported closing 34 million SIM card accounts due to poor registrations, retracting physical SIM cards after the June 30 deadline was set.
SIM cards hold identifiable data relating to any individual holder to safeguard physical as well as digital and financial security.
Out of a total circulation of 23 million registered SIMs, 6.3 million cards were deactivated in the same year (2020).
The Information Commissioner’s Office (ICO) has approved a fourth GDPR certification scheme aimed at training and qualification providers following the success of other schemes looking at areas including children’s data privacy and age assurance technology.
The certification scheme criteria across the board will enable users and candidates to have total freedom over who they share their personal data with and instil confidence that their data privacy rights will be met.
Emily Keaney, Deputy Commissioner, Information Commissioner’s Office commented:
“All four of these certification schemes are hugely positive developments for organisations to be a part of. Not only do they offer certainty to businesses to get things right, but they also provide a binding framework for organisations to sign up to, ensuring they raise the bar when it comes to data protection.
In an era where trust and accountability are paramount, these schemes are a way of reassuring your customers, clients and suppliers that you hold additional expertise in a given area, are committed to building data privacy into your work and adhere to strong standards.
The newest of these four schemes in particular additionally shows that organisations value their candidates’ personal information and have taken additional steps to protect it.”
Previously, Tony Allen from the Age Check Certification Scheme – the guardian body of certification standards whic developed criteria for two schemes relating to age assurance and children’s online privacy – made light of the fact that there are not enough standards governing GDPR compliance.
Many UK authorities have pushed to upgrade legal requirements for companies to verify the age of users accessing pornography sites alongside significantly strengthening the Online Safety Bill.
France’s online safety bill recently voted in favour of extending privacy obligations over users’ data to social media platforms as well as porn websites, allowing users to have “double anonymity” through the exchange of tokens between digital ID providers and end sites.
AEGEAN’s digital wallet gov.gr will be made more interoperable with customers’ digital IDs, available in a new mobile application to advance on the Ministry of Digital Governance recently announced ambitions to store a digital version of ID documents on smartphones.
AEGEAN and OLYMPIC domestic flight passengers can add their digital ID on their mobile boarding pass after check-in and personal details sections are completed.
The “Digital ID” service is available through the the AEGEAN App and interconnected with the established Gov.gr Wallet.
Dimitris Gerogiannis, CEO of AEGEAN announced: “We are very pleased with this new digital service that we can offer to our passengers, thanks to the new digital possibilities provided to everyone by the gov.gr platform. An idea that was envisaged right after the announcement of the ability to store a digital version of the ID documents on smartphones by the Ministry of Digital Governance and was implemented, thanks to the excellent cooperation of a joint AEGEAN and the Ministry team. The integration of the digital ID in the boarding pass, in a fast and secure way, is part of a series of new services that we have developed in the last two years to accelerate travel experience. We thank the team of the Ministry of Digital Governance for the excellent cooperation and the opportunity they gave to all of us, through the applications they have developed the last few years, to make the boarding process even easier and faster, both for our passengers and for the ground services”.
The launch of the highly-anticipated European Travel Information and Authorisation System (ETIAS) was originally due to be launched in 2021 but a global pandemic has pushed it back multiple times and now its speculative due date is in 2024.
No exact date was given in sight of the continued disruption and little warning with this latest change by the European Union that appeared in a website update.
One reason for the delay could be unforeseen technical issues or resourcing issues as well as budget.
The push back will give travellers more time before they must obtain an ETIAS and likewise allow providers to improve their data capture capabilities for broader biometric checks into and leaving the EU and Schengen Area territory.
Once implemented, non-EU citizens that obtain visa-waiver status, now applying to the UK and US, will have to apply for a ETIAS to enter any of the 26 countries in the Schengen Zone.
Similar schemes are implemented to enter the UK (Electronic Travel Authorization) which processes nearly 30 million applications each year and the Electronic System Travel Authorization (ESTA) which manages travel into the U.S. from 40 countries.
Facial biometric recognition will be embedded throughout the passenger journey from check-in to boarding at Frankfurt Airport with SITA and NEC confirmed as the contractors.
It is a similar scenario across many major hub airports across Europe and America which are being optimised with the return of normal travel and customer experiences to satisfy.
It cuts waiting times to check in luggage to 15 seconds and enhances efficiencies in the airport using passengers’ faces as the only form of identification.
With a short timeline for competition, by Spring 2023, the solution for uniform, simple-to-use biometric touchpoints is being promoted and available to be rolled out at all interested airports.
The full extent of refurbishment will include biometric kiosks and touchpoints being installed from “enrolment at a kiosk or counter, to pre-security automated gates and self-boarding gates” so passengers can expect to seamlessly pass through breezy airport procedures which were previously slow and cumbersome.
The project is ground-breaking in high-tech digital travel – both for aviation and air travel – and combines Star Alliance Biometrics with SITA and NEC’s technology, same-day enrolment, and fully capable biometric hubs, incorporated under the SITA Smart Path platform.
The Star Alliance is a member alliance of 26 airlines and airports which have separately already embarked on a network of biometric deployments, but will take further direction from with the innovative deployment of SITA Smart Path at Frankfurt Airport. Once passenger biometrics is collected from any of the participating airport and airlines, travellers can expect seamless recognition every-time.
Additionally, Lufthansa passengers enrolled for the Star Alliance biometrics program will automatically have their biometric data shared with SITA Smart Path for effortless travel experiences.
In collaboration, NEC is providing its No.1 NIST ranked NEC I:Delight facial recognition technology, in “powered by industry-leading contactless biometric solutions that make touchpoints touchless, NEC I:Delight shapes personalised experiences that are safe, secure and hygienic while being seamlessly enjoyable”.
Sergio Colella, SITA President for Europe, said: “We are delighted to be working with key industry players to bring the benefits of biometric technology to passengers everywhere. With this implementation, Fraport is leading the industry in responding to shifting passenger demands for greater autonomy and convenience, while helping to maximize operational efficiencies”.
Lithuanian airports are among the most prepared to implement the impending EU Entry/ Exit System, completing contractual work to adapt spaces in the airport along the passenger travel journey.
Self-service kiosks and touchpoints have been erected and assessment has taken place of more spaces where additional biometric screening is likely be carried out, without becoming cumbersome.
Vidas Kšanas, Director of the Safety and Security Department at Lithuanian Airports, shared an enlightening insight on the seamlessness and data exchange capabilities of touchpoints:
“Once the screening starts, third-country citizens will not only receive detailed information on the procedures to be followed but will also have the opportunity to perform most of the services completely independently in the self-service terminals”.
Citizens of third countries that border with European countries but not part of the EU or Schengen area will be obliged to complete registration and border checks validating their identity, which obtains their personal data.
Lithuanian airports are ahead of preparing for the EU led Entry/ Exit System in contracting suppliers and mapping airport domains for deploying biometric infrastructure.
The biometric data collected from passengers as they travel will include their fingerprint and facial images which are stored in databases. The EU Entry/ Exit System spells the end of passport stamps.
The total cost of refurbishing Vilnius, Kaunas and Palanga airports in Lithuania is around EUR 3 million.
Ping Identity, the intelligent identity solution for the enterprise, has formed a new strategic alliance with Deloitte, a leader in global security consulting services, to help the organizations’ shared clients improve advanced Identity Access Management (IAM) Solutions selection and onboarding. Through the alliance, Ping and Deloitte’s shared clients will be able to streamline digital identity management and effectively authorises which employees, customers, vendors, and suppliers can access sensitive corporate resources.
Deloitte brings to the alliance its significant experience in identity and access management across strategy, implementation and operations-managed services for both workforce and customer IAM solutions in a global customer ecosystem. Ping Identity brings its strength in single sign-on (SSO) and multi-factor authentication (MFA) technologies as well as advanced capabilities like identity authorization, risk and fraud mitigation, and overall IAM orchestration. Deloitte and Ping’s shared clients will have access to intelligent identity solutions able to scale enterprise-wide and to offer customers a secure and frictionless experience.
Andre Durand, CEO and founder of Ping Identity said: “We’re moving into an experience-first world where identity is paramount to enable security and frictionless interactions”.
“Our IAM solutions align well with Deloitte’s deep knowledge of connected customer journeys and trusted customer experiences. This alliance will help more organizations reduce risk and accelerate time-to-value as they look to modernise their identity strategies”.
As part of the alliance, Deloitte will receive Ping Identity’s dedicated sales training, certifications, product roadmap updates, and marketing resources that strengthen and secure access to the cloud, mobile, SaaS, and on-premises applications across the hybrid enterprise.
“As the digitisation of businesses continues to increase, providing a trusted employee and customer experience is imperative for organizations,” said Nakul Sharma, a Deloitte Risk & Financial Advisory managing director, Deloitte & Touche LLP.
“Offering visibility and transparency around how data is used is important to building trust throughout the enterprise as well as with consumers. Our alliance with Ping is an important step in our ecosystem growth to offer Deloitte clients enhanced identity management solutions to help secure identities and data across digital engagement channels.”
What were the most common forms of fake documents in 2022?
In 2022, passports remained the most common fake document seen by our customers – the same as our previous 2 years’ analysis. They made up 45% of the total of all fake documents we saw in 2022. This is up 6% on last year’s figure.
At the same time, there has been a major drop in the number of fraudulent ID cards presented in 2022 with ID cards making up only 18% of all fake documents. This decline reflects the ongoing trend: in 2020, fraudulent ID cards almost equalled passports with 39% of the total and in 2021, they made up 29%. As EU ID cards no longer prove eligibility for Right to Work in the UK, applicants may have switched to providing fraudulent Sharecodes or other fraudulent documents instead.
Matt Green-Armytage, Operations Director says, “You might believe that it’s easier to spot a fake passport due to your familiarity with them; you’ve probably seen lots, so you think you’re more likely to be able to spot a fake. On the other hand, because they’re so familiar, you may scrutinise them less and actually be at higher risk of accepting a fraudulent document.”
Of course, it’s important to remember that you must not discriminate against any candidate. And HR and onboarding teams should afford the same level of scrutiny to all documents, regardless of their perceived familiarity with them.
Which country were most fake documents from in 2022?
Once again, throughout 2022 we saw fraudulent identity documents from a huge range of countries. However, the fraudulent identity document which our customers saw most often was a British passport. From all of the fake documents we detected last year, over half (55%) were British.
In 2020 and 2021, France led the league table however. This seismic shift can be explained by the fact that European documents no longer give workers or renters the same rights and access in the UK. The initial move into fraudulent Biometric Residence Cards (BRPs) in 2022 has now also declined as BRPs were removed from the list of eligible Right to Work documents in April 2022. Fraudsters now have limited viable options and are therefore forced to present UK and Irish documents, or an eVisa, to prove their Right to Work or Right to Rent status.
Irish documents have also seen a huge increase in 2022, taking them to the second most commonly seen fraudulent document. In 2021, only 4% of fake documents seen by our customers were Irish and just a few years ago, the TrustID customer base rarely saw a fake Irish document. In particular, our customers have seen a significant increase in fraudulent Irish passport cards, which holders can present online through the digital Schemes and, if accepted, would give them indefinite Right to Rent or Right to Work with no restrictions.
Christie Lewis, Head of the Identity Document Team at TrustID adds, “The number of fraudulent British and Irish documents presented to our customers has grown significantly this year. Their holders know that, if their identity check is successful, they can gain work or rent a property without needing a follow-up check in the future.”
Which sectors were most targeted by identity fraud in 2022?
In 2022, the sector that encountered the greatest number of fraudulent documents was medical recruitment. 17% of all fakes seen across our customer base were from those recruiting medical staff. Two years ago, that figure was 9%, and in 2021 13%. Medical recruiters should look out for passports and biometric residence permits, as they make up a staggering 42% and 37% of all the fakes seen in 2022 by our customers in that sector.
Understaffing in the medical sector may have led to fraudsters trying to capitalise on a potential opportunity, believing that recruiters who need to quickly fill roles may not pay as much attention when checking identity documents. In this sector, getting checks right is critical to protect patients and staff, so using an IDSP can be an efficient and reliable way to ensure that you are only employing legitimate candidates.
While medical recruitment rose from third to first place, construction recruitment fell from first to third; the pair effectively swapping places. Construction recruiters still see a high number of fake documents though – 13% of all fraudulent documents in 2022. However, this has dropped from 25% in 2021 and 38% in 2020.
The biggest standouts from 2022 and what to be aware of in 2023
2022 has seen a shift towards British and Irish documents. These documents are sophisticated, secure, and full of security features. But the fraudsters perhaps believe that they will be seen as a familiar and trusted document and less likely to be thoroughly scrutinised. Of course, successfully presenting these documents would also give the holder an unlimited right to access services in the UK, including work and property.
Whilst guidance for employers and landlords continues to evolve and change, British and Irish documents remain a constant and so there will never be a need for a successful applicant to be checked again.
That said, at TrustID, we have also seen many cases of fraudsters changing their approach to meet the latest guidance, with the document they present to different potential employers changing. For example, an applicant attempting to gain employment using a fraudulent Spanish document in 2020 and then moving to present a fake BRP in 2021. When BRPs no longer gave eligibility in 2022, they presented instead a fraudulently obtained Sharecode.
In 2023, as online identity checks become increasingly prevalent, it’s important to watch out not only for fraudulent documents, but also for genuine documents presented by imposters. Whether you are checking physical documents or using online options, you must make sure that your applicant matches the person presenting the document. You can either do this face-to-face or using a secure video link. Identity validation services can also help thanks to liveness and face matching technology, which analyses a selfie photo against the image of your applicant.
Digital bank BBVA has joined a two-year-old consortium, Dalion, which works on deriving a digital identity management model based on blockchain.
The project which collaborates with nine leading Spanish companies was incepted in October 2019, launching digital identity solutions inspired by self-sovereign privacy on Quorum and Alastria’s blockchain network.
Dalion promotes self-managed user digital identity leveraging blockchain technology that allows users to have control over their private data while ensuring firms strengthen their digital interactions with customers. Users will be able to choose whether to share their data with companies or not instead of sharing their entire identity.
“BBVA believes that digital identity will be a key element in the digital relationship of all kinds of companies with their customers, and the banking sector can play a key role in offering innovative services around digital identity,” explains Antonio Macías Vecino, Head of Payments Discipline at BBVA in Spain. “In this context, Dalion and its current partners offer a framework of guarantees to be able to address this type of initiatives.”
