Identity Verification – Theft and Fraud

Data Breach Photo

Identity theft and fraud are a big deal – everyone knows it.

Companies are super aware and are now offering identity services. Five years ago, it was enough to know who a customer was online. This is verified by just visiting any industry trade show and the halls will be packed with identity verification products. It seems every company wants to get in on the action.

Why now?

The public is very aware of security incidents that have compromised their data and that of others. And it’s making them ask the tough questions: What does identity mean to them? They will ask who is causing the incidents? They will want to know who has their documents and data. Then they will ask how everything is being stored and secured.

The industry has responded by spawning countless solutions. There is eventually going to have to be regulation covering all these different products. Moreover, there must be some sort of gold standard for identity truth and how to confirm it.

Jumio vice president of products Philipp Pointner is among those experts.

Can I See Some ID?

When a brick-and-mortar store asks to see a customers government-issued IDs they are comfortable with presenting it. Why not have them do the same with online businesses?

Perhaps counterintuitively,

“The key to the future may lie in the past”, Pointner said.

Jumio, the software company that Pointner is president of, can recognize various types of ID from 250 different countries, Pointner explained, including multiple generations of IDs from all 50 U.S. states. The company knows exactly what these government-issued identity documents should look like, from security characteristics to items encoded in the document to how the photo should be held in place (to prevent fake IDs being used).

Where Device Verification Falls Short

Fingerprinting devices can determine whether the device making a transaction is the same one that the user was on when he created the account. When using a fingerprint device it can determine whether the user is on the same device originally used to set up the account. But it cannot account for a device that has been stolen. Or account for fraudsters who are able to make remote web traffic appear to come from a local point of origin.

Location services are now used to show when a purchase is being made from within a reasonable radius of the customer’s usual activity. But it also runs into the same roadblock if fraudsters are spoofing IP addresses.

Biometrics have made huge leaps forward in recent years, Pointner noted. They can confirm that a certain human characteristic (fingerprint, eye print, voice print or other identifiers) is present. These characteristics are used to verify that the same person is conducting the activity.

However, he argues that biometrics fall short at the point of origin: Who is enrolling the fingerprint? Is this person who he or she is claiming to be? Whether it’s the same fingerprint this time. Then, the next time becomes irrelevant if the person who enrolled it in the first place is a fraudster. In that case, Pointner said, a real-world identity check does offer some advantage. Because a merchant or bank teller can hold up a photo ID next to a customer’s face and compare the two.

“The photo is what ties it to the real-world person,” Pointner said. “Jumio does the same thing online, making it a ‘person-present’ transaction.”

From Plastic to Digital Identity

The big question is whether customers would willingly use a method like this? Especially since security researchers have cast doubt on the integrity of Apple’s new Face ID authentication method by fooling it with masks. Pointner still thinks the answer is yes — if not today, then tomorrow.

People have grown used to recording videos of themselves, he said, especially younger generations that are taking a hundred selfies a day. Why not leverage what they’re already doing on Snapchat, Instagram, Facebook and elsewhere to keep their data safer?

Pointner believes physical ID cards will one day give way to digital IDs. Due to Governments experimenting with this approach, he explained. Further stating, others use distributed ledger and blockchain technology to create identity systems, an application that makes sense if innovators can make it work.

These methods will also make a lot of sense to them, as digital natives grow up. Certainly more sense than the paper, plastic and static identifiers that their parents once used.

Do not trash that nice leather wallet just yet…

“Digital identities are definitely going to come,” Pointner said, “but the plastic will stay in our wallets for a while longer.”