As the internet grows more intelligent, public access to ‘deepfakes’ – an intelligent form of manipulated and synthetic media – has become unavoidably more widespread. This heightened use of fake identities is costing fintechs all over the world hundreds of thousands each and every year.
Here to provide a more comprehensive insight into the tangled world of fake identities is Jacob Sever, the co-founder, and CPO at Sumsub, the international startup that provides companies with AI-driven identity verification tools for onboarding new clients whilst complying with AML/KYC regulations.
As an expert in the fields of ID verification market, personal privacy, anti-fraud trends, and regulatory compliance, Jacob leads the entire product creation and organisation at Sumsub. He’s worked on compliance projects for over 400 companies and gathered insights regarding interaction with regulators and the provision of compliance for all segments that require regulatory attendance. Jacob aims to create a world without money laundering & fraud.
It used to be common for selfies to be accepted as proof of document ownership. Online document verification appeared in the 2000s, and it was selfies or document-holding selfies that initially served as proof of identity.
But over time, new technologies have appeared and identity verification providers and companies have switched to liveness detection also known as ‘facial biometrics identification’ – an easier and more effective fraud prevention solution.
The role of confident liveness verification is especially important now when the fraud rates have been increasing globally over the past year with fraudsters advancing their document editing techniques, mastering ‘synthetic identities’ and creating ‘deepfakes’.
What’s more, the level of fraudulent activity in the US has jumped to 3-times higher than everywhere in the world when it comes to selfie checks, and 2-times higher in regard to liveness verification. According to PwC, last year the US lost $42 billion to fraud. In Europe, the situation is slightly better, while the fraud rates in Africa and Asia are even higher.
So, why are document photos and selfies are not effective enough for user verification?
Fraudsters can get hold of fake documents fairly easily from the comfort of their own homes. Typing ‘buy fake IDs’ on Google Search alone will probably lead you in the right direction with zero efforts to waste. Here are a few common ways to procure such things as a fake ID, passport, or driver’s license:
- Buy fake documents on Darknet (in some countries the package cost is only €1). Most often, the documents are taken from the leaked databases;
- Find them on the Internet or to buy an already verified account on the Darknet for around $300 or on one of the industrial forums;
- Use hacker methods, such as interception of documents and photos, for example, while they are being transferred through unsecured Wi-Fi;
- Make a high-quality forgery by hand and use photo/additional technologies like deepfakes.
With this amount of loopholes to get a fake photo or document, identity verification with the help of nothing but document photos and selfies wouldn’t be enough to assure the desired level of security against spoofing.
To enhance the security of photo and selfie-based checks, some companies try to implement custom requests, for example, asking clients to upload the document with a specific inscription – the date or the name of the service to which the documents are sent. Still, such photos can be faked through social engineering (phishing or fake calls). What’s worse, the process gets more complicated for users who don’t understand what companies need from them. This results in verification failures due to document errors.
In the end, verifying such documents is a complex process in itself, whether it’s a manual or automated check. This all affects the duration and, consequently, the conversion of users who got through the KYC stage.
How you can protect your business against fraud in 3 simple steps – Sumsub’s tried and trusted routines:
The best way to approach identity verification in 2021 is by using a combination of various anti-spoofing techniques, with liveness as the main and most timely tool for user verification.
- Verifying users through sophisticated liveness tools
To fight fraudsters back more effectively and avoid security issues, we’ve developed “Prooface”, our liveness system that allows us to skip the less reliable selfie verification. According to our estimates, the selfie verification system allows 300% more fraud than liveness checking.
Liveness technology verifies that there’s a real person behind the camera, rather than a photograph, pre-recorded video, or any other spoofing attempt. During such a check, we ask users to look into the camera and slightly move their heads in a circle – nothing too overwhelming. It takes just a couple of minutes. On a backend, good liveness analyses image depth, eye reflections, skin texture, and blood flow to detect any types of fraudulent attempts
Through liveness, we’re able to compare users’ genuine biometric data with the photos on their documents – thus verifying that the true document holders are present during verification. All in all, implementing this technology has helped us defeat some of the most common attack vectors in the Americas.
- Monitoring users across blacklists of fraudulent users
We recommend businesses creating their own blacklists for the accounts linked to fraudulent activity and monitor new users across them. The information on the blacklist includes credit card details, customer names, email addresses, and physical addresses of confirmed criminals. Sumsub has one to which we constantly add those who engaged in fraud. We also collect leaked documents to learn the most common forgery tricks scammers use and make more educated decisions when onboarding controversial users.
Blacklists are a good addition to already sophisticated liveness, but relying on this method alone wouldn’t be very secure, since it’s both cheap and easy for criminals to change their IP addresses and pretend to be somebody else, making such blacklists not as helpful.
- Analysing user’s device fingerprint
We usually check whether a photo sent during onboarding was made by the same device it’s been submitted from. It could be a MacBook, Samsung smartphone, etc. If the devices are different, it’s not exactly a reason to block a user, but a dangerous signal that can be taken into account (together with other signals) to make a final decision.
In 2020, 47% of all global companies were affected by scams. Preliminary 2021 data shows that fraud rates are continuing to grow this year, which means that everyday fraud instruments are becoming more complex and widely used. This is why it’s essential to be informed about cybersecurity and to invest both in reliable partners and sophisticated anti-fraud tools that will ensure the utmost security of your clients and quick onboarding.
To gain a better understanding of Sumsub’s true capabilities in fighting identity theft and fraud, we sat down with Jacob to discuss the service:
What do you think makes Sumsub stand out and unique?
Sumsub doesn’t address just one challenge the businesses face, it covers all of them. From KYC and video verification to crypto monitoring and payment fraud prevention, and everything that comes in between and beyond. We’ve built a solution that really helps, and businesses no longer have to search for additional tools elsewhere.
Our goal is to remove any and all inconvenience and confusion when it comes to security in compliance. In addition to removing these challenges, we want to automate the companies’ business routines and further accelerate the verification process while building up the overall safety. After working towards this goal for a few years, we’ve managed to become quite good at giving our clients peace of mind.
What are some of Sumsub’s unique features?
Our most recent new feature is “reusable KYC.” It’s incredibly helpful as it enables partner platforms to verify mutual users just once and share their data with each other. So, if your audience overlaps with that of the other companies that are already verified Sumsub clients, verification can become instant. This feature minimises the amount of burden placed on the users, working as a major accelerator for businesses. More to it, our “reusable KYC” reduces verification costs by 50%.
How have consumers responded to these unique features?
More and more of our clients are adopting “reusable KYC,” realising the benefit of this feature—it not only improves the user experience, but also brings in more users faster.
What do Sumsub’s road map and growth plan look like? How do you plan to continue to differentiate the company from the rest of the competition?
We’ll continue putting our focus on the customer and bringing out new features in line with their needs. Our customers have always defined our growth and showed us the right way to scale.
How do AI algorithms help discover document tampering?
Sumsub’s AI-based technology helps accurately examine the picture structure and detect areas that were graphically edited by performing a pixel and signature analysis. Our solution also checks the authenticity of various security features such as holograms, prints, fonts, colored backgrounds, watermarks, and microprints.
How is biometric/facial recognition AI being used and developed in the US?
In the US, facial recognition is commonly used for identity verification purposes upon user onboarding. It’s also widely used at airports and by the police for the purpose of homeland security and criminal investigations. Despite the growing popularity of such solutions, in recent years, the US citizens and government have shown a lot of concern about biometric data privacy and facial recognition biases against women and minorities. Nonetheless, I believe that technological and regulatory improvement of these issues is just a matter of time.
Can you tell me more about the risk score used to combat social engineering fraud?
Understanding the risks it faces, a company can determine both real and potential threats. This is done through comprehensive audits of business to point out the most vulnerable parts of the operations and the risk levels they are comfortable with.
Businesses usually look at the data —its types, where it’s stored, how securely, and who can access it. They define the sources of potential threats, the ways hackers can exploit their vulnerabilities, the chances of fraudsters succeeding, and the impact it can have on the company.
Having established a clear view of these parameters, a business can move forward to close the loopholes.
What have been some of the greatest innovations for AI and countering fraud in the past decade?
When we entered this field in 2015, there was a lot of negligence in terms of identifying fraud technology and management. Yet, this industry and the demand have blown up enormously since then. The past year saw even further growth since Covid-19 triggered a massive migration of businesses to the digital sphere.
We are now running ahead of fraudsters. Not too far ahead—because they do not sit still either – but far enough. Facial recognition has become a much more developed, widespread, and accurate process, impenetrable by impersonations, rubber masks, pre-recorded videos, and deepfakes.
What do you think still needs to be done in the field?
There’s a lot to be done to make the technologies quicker, sharper, safer.
The AI specialists in fraud prevention will continue to train the algorithms to minimise the occurrence of costly false-positives, money laundering, phishing, spoofing, and insider threats. The goal is to make more sense of generated analytics and to sift through this huge inflow of data in a perfect way to detect criminal activity way ahead of actual losses.