Cloud biometrics vs on-device biometrics

Cloud Biometrics vs On-Device Biometrics: What’s the Difference?

19 October 2021

A key question for anyone evaluating biometric technologies is: should the authentication take place on-device or in the cloud?

At iProov, we believe that cloud-based, or server-side, biometric authentication is the only option to securely authenticate users remotely. If you use iProov, you are buying a cloud-hosted solution. We use the cloud because:

  • Devices are vulnerable. They can be stolen, hacked, lost, or damaged. If the authentication is taking place on the device, then any organization using biometric authentication has to trust the integrity of the device being used. At iProov we take a secure approach by assuming that neither the user nor the device can be trusted.
  • The cloud enables active threat monitoring. iProov is able to monitor and analyze attacks on our systems in real-time because we use the cloud. Our iProov Security Operations Center (iSOC) observes attack techniques and applies machine learning to help us adapt quickly to novel threats, which increases the security and protection that we can provide to our customers and their users.

In this article, we’ll discuss the advantages and applications of cloud-based versus on-device authentication.

Cloud vs on-device biometrics: what’s the difference?

Scenario 1, cloud-based biometrics (with iProov Genuine Presence Assurance): You need to send a large sum of money to a friend. You access your bank via your mobile device or computer. First, your bank needs to double-check that you are the genuine account holder so it can authorize the transaction. To do this, it prompts you to iProov with Genuine Presence Assurance. You present your face to the user-facing camera and a short sequence of lights illuminate your face. The imagery and unique sequence of lights is sent to the server to be analyzed and verified against the image you provided at onboarding. This ensures you are the right person, a real person, and are authenticating right now.

The entire authentication process happens server-side, independently from the device. This means that a device affected by malware, for example, will not compromise the authentication process.

Scenario 2, device-based biometrics: You begin the process of transferring money via your mobile device. Again, your bank needs to confirm that you are who you say you are, so you authenticate using biometrics (such as by presenting your face to the camera or fingerprint to a sensor). Only this time, the entire authentication process takes place on the device, which means it is dependent on the device being secure. If the device has been stolen or hacked, the bank or other organization would not be able to detect this and the transaction could potentially be fraudulent.

So, the former processes the authentication on a cloud server, and the other processes the authentication locally. The main difference is the additional security that cloud-based authentication affords over device-based authentication, but there are also many other advantages to using the cloud.

Cloud for verification, authentication and identity recovery

Before we move on to look at the advantages of cloud in more depth, let’s consider when organizations use biometrics for online identity verification and how the cloud is used in each one:

  • Identity verification for onboarding: When you use iProov to onboard an online customer, the process will likely involve the verification of the user’s physical face against the image in a trusted document, such as a passport or driver’s license. This process needs to be completed in the cloud.
  • Authentication: Once the user has onboarded, they can use iProov to authenticate themselves on an ongoing basis. Apple Face ID and other on-device authentication can work for low-risk scenarios, but if a customer wishes to transfer money or complete other secure processes, a cloud-based authentication is needed to ensure it is the legitimate user and that the device has not been compromised.
  • Identity recovery: If a user loses their device, or it breaks or gets stolen, they lose the ability to authenticate themselves. Cloud-based identity verification is necessary to enable them to securely access their apps and services via another device without needing to re-enroll.

Organizations, therefore, need to offer cloud-based authentication, as it forms an essential part of the online customer lifecycle – critical for onboarding, identity recovery and for any transactions that carry risk.

The benefits and advantages of cloud-based biometric authentication

1: Security

Why is cloud-based biometric authentication more secure than on-device?

  • Cloud-based biometric authentication is unaffected by vulnerabilities on the device (or execution environment). The biometric process is hardware-independent, and the device is simply the medium or facilitator. The security is in the cloud, not on the device.
  • Biometric authentication software operating in the cloud is opaque to an attacker and more difficult to reverse-engineer than on-device authentication.
  • With on-device authentication, the onus is on the device owner to keep their device updated with the latest device software and security patches. This means that it can take longer for organizations and system providers to address new threats, which creates vulnerabilities. With iProov, algorithm updates can be made within the cloud to ensure defenses against new and evolving threats are updated rapidly.
  • If you are using iProov’s Genuine Presence Assurance, you also benefit from active threat monitoring. This is an iProov-specific advantage, where the iSOC provides you with continuous security against new threats. Response to new and evolving attacks can be much faster and more efficient in the cloud. Defenses and algorithms can be updated continually in response to new threats, which makes life much harder for attackers, as the cloud-based processes are a moving target. This ultimately means that we learn more about the attackers than they learn about us.

On-device authentication can be trusted ifand only ifthe integrity and identity of the device and its user can be trusted. If a device is compromised through malware or a digitally injected attack, then the user’s biometric data could be extracted or spoofed.

This means that, for an organization, each device is a source of risk. Due to these potential insecurities, on-device biometric authentication should only be used for low-risk, everyday scenarios such as unlocking a device.

The bottom line is: with cloud-based biometrics, organizations can protect themselves against the risk of fraudulent authentications taking place on compromised devices. This is a huge advantage as cybersecurity threats evolve.

2: Privacy

The privacy of data depends on the company collecting it and the operational environment.

For instance, at iProov we use a privacy firewall and strong encryption techniques to protect highly sensitive data to safeguard the user’s confidentiality. The biometric imagery is stored as an encrypted biometric template, which is referred to using an anonymous pseudonym. This is not associated with anything that could reveal the users’ identity, so would be completely worthless to attackers.

This means that even if attackers manage to break into iProov’s cloud-based system, there would be nothing worth stealing. But if an attacker manages to break into user devices, they have access to the user’s identity – their image, their personal data, and access to their apps and services.

Ultimately, privacy of data comes down to how it is used, the company using it, and the laws and regulations they adhere to. Cloud-based identity verification providers, such as iProov, are regularly audited and comply with ISO 27001 and 27701 certifications, validating the security and privacy capabilities of the cloud for managing data securely.

3: Hardware: extend to other devices

It’s easier for cloud-based applications to be deployed across a wide range of platforms and hardware. iProov technology in particular can be deployed on any device with a user-facing camera, including:

  • Mobile devices, such as iOS and Android
  • Computers and laptops
  • Tablets
  • Kiosks
  • Web browsers

Once the user is ‘iProoved’ with a particular organization, they’re immediately able to access the service or account on any device.

With an on-device solution, a user would lose access to that organization’s online services if the device they had verified on was lost, stolen, or damaged. Identity recovery would be necessary to get them up and running again. This is because the device ID will be linked to a user’s ‘profile’, and if the device ID changes they would need to re-onboard and reverify. However, with iProov, once you’ve verified you can simply authenticate on any device, even if the original device was lost, broken or stolen.

4: Inclusivity

The cloud can also enable organizations to reach the widest possible audience online. With iProov, you can ensure that users have access to your digital services even if they don’t have access to a smartphone, computer, or tablet.

iProov’s cloud-based technology can be extended to kiosks to ensure that people are not excluded from securely accessing services. These kiosks can either be offered unsupervised in shopping malls or travel hubs, or situated in banks or government offices where staff can be on-hand to offer support.

And across all of these devices, iProov ensures a consistent user interface—designed to combat selfie anxiety—to reassure customers.

5: Convenience and user experience

iProov’s cloud-based technology also makes identity recovery simple. Data shows that people replace their phones around every three years, which means many people need to recover their identity on services or apps every year. This poses two main problems:

  • Inconvenience for the user (often involving a tedious recovery process) which could increase churn rates and cause frustration for users
  • Security risk if the phone is sold without being wiped or is stolen

Because iProov authentication occurs on the cloud and not on the device, recovering identity on a new or replacement device is simple. iProov creates trust in the person holding the device rather than the device itself. All that’s needed is a brief Genuine Presence Assurance face verification on each device, rather than resubmitting all of your documentation or needing to speak to a customer service representative to prove your identity.

This also means that, if required, user journeys can be started on one channel and completed in another.

Here’s what it looks like in practice: A bank’s customer is travelling abroad and loses their mobile phone and credit cards. To access cash and arrange for replacement cards, they use a friend’s device. They authenticate themselves in the same way they would have done on their own device—an effortless biometric face scan processed on the cloud. This simple process enables the user to access the required services with a recognisable, reassuring customer experience. No biometric information is left on the shared device, reducing risk and protecting privacy.

Cloud biometrics vs on-device biometrics: a summary

  • Cloud-based biometrics are necessary throughout the online customer lifecycle; for onboarding, identity recovery and for any authentication that is not low-risk.
  • On-device authentication is useful for every-day activities, such as the unlocking of personal devices, where the threat is low.
  • Cloud authentication is needed for activities where there is a risk that fraud or other crime could be committed if a device has been compromised.
  • iProov’s cloud-based service offers greater security than on-device systems. On-device authentication can be trusted if—and only if—the integrity and identity of the device and its user can be trusted. iProov assumes the user and the device have been compromised.
  • iProov also provides active-threat monitoring, which is made possible by the cloud, through the iProov Security Operations Center (iSOC) to quickly respond to evolving attack types.
  • A user’s identity is afforded additional privacy in the cloud because the data remains secure even if a device is compromised.
  • It’s easier for cloud-based applications to be hardware-agnostic. iProov works across mobile devices, tablets, computers, and kiosks.
  • The cloud enables greater inclusivity to reach the widest possible audience. iProov can be extended to kiosks to ensure that people are not excluded from securely accessing digital services if they do not have access to a smartphone or other device with a user-facing camera.
  • The cloud offers greater convenience to the end-user, for example making the user experience for identity recovery much easier.

This is why iProov is trusted by some of the world’s most demanding organizations—such as the US Department of Homeland Security, the UK Home Office, Knab, and Rabobank—to provide secure online user verification and authentication.

If you’d like to know more about how our cloud-based biometric technology can help your organization to verify and authenticate users, click here to book a demo.

Back to Resources

iProov Liveness Assurance

How iProov developed Liveness Assurance

30 September 2021

Since 2011, iProov has focused on controlled illumination as a means of assuring genuine presence of a remote user. This technology has proven to be unrivalled in its usability and the robustness of its security.

iProov has also been interested in motion as a biometric and signal of genuineness since 2014. In that year, iProov won a grant from Innovate UK (the UK government’s innovation agency, known at the time as the Technology Strategy Board) for a project looking at the feasibility of using hand movements as a biometric.

In 2014, iProov also won Innovate UK funding to study the way changes in images resulting from device movement, in itself a weak indicator of liveness, could be combined with motion sensor data to provide an adequately strong signal of liveness.

This project was very successful and in 2015 iProov filed patents, subsequently granted in US and overseas, covering this innovation.

The Innovate UK project also addressed the case where motion sensors were not available. This gave rise to some innovations on which patents were filed in 2014 and subsequently granted in many countries worldwide.

iProov was aware of the potential security vulnerabilities that affect liveness technologies based on device motion. This led iProov to focus instead on developing the much higher integrity solution made possible by iProov’s patented Flashmark technology. This was subsequently launched as Genuine Presence Assurance and has won many international awards for its exceptional security and usability.

In the first half of 2020, iProov was able to use the wealth of liveness technology that it had already developed to bring a product to market to meet low risk applications where traditional levels of liveness would be sufficient. This product could continue to provide extremely good usability and high conversion rates (in contrast with competitive offerings). This has earned it significant success in the commodity liveness assurance market.

iProov was also able to combine its Liveness Assurance product with its unique, market-leading Genuine Presence Assurance technology to create another unique offering in 2020: Flexible Authentication. This enables organizations to select the level of ceremony/security trade-off appropriate to each transaction, on a transaction-by-transaction basis, using a single SDK, a single integration and single commercial contract.

Now processing large volumes of liveness assurance, iProov continues to develop its technology and to educate the market on when its use is appropriate. There are many use cases, particularly in government and financial services, when liveness simply does not offer adequate security and Genuine Presence Assurance is the only robust way to safeguard the citizen, the organization and society. Today, Genuine Presence Assurance is the only solution available on the market that adequately defends high value or high profile targets against the full range of attacks launched by determined adversaries. It is also the only solution that has been approved by several national government testing programs.

iProov continues to devote the energies of dozens of research scientists in its rapidly growing Science team to focus on this area. By developing new techniques to defend against tens of thousands of real world attacks against high value targets, iProov can keep its customers and their customers safe through assuring the genuine presence of online users.

Back to Resources

Will Morgan meet the iProover head of development

Meet the team: a day in the life of iProov’s Head of Development 

28 September 2021

This month we introduce to you Will Morgan, our Head of Development. Will talks us through his career journey so far, recounts a day in the life of his role, and shares his biggest achievements at iProov.

Hi, Will! Can you tell us about your story so farwhat came before iProov?

I started building websites as a teenager and built up a great network of friends as we all learned to write software. Although, it must be said that some of the people I encountered weren’t quite so friendly—a few of our sites were repeatedly hacked! It was a great learning experience though, and when you’re setting out with a self-built tech forum the stakes are much lower, so you can pick up a lot while having fun along the way. 

I learned a huge amount about web technology and software in generalmore than I could have got out of college. So I went into the industry full time at quite a young age, with freelancing paying the bills. This is how I met Joe Palmernow the President of iProov Inc. We worked on some projects together before our paths diverged for a few years.

I then helped to run a web agency in my early twenties with friends, which was a formative experience. It provided a rich variety of opportunities and challenges, both on the tech and business side of things. It set me up with a lean and iterative mindset to development. The teams would take products from ideation into high quality, production grade deployments in under 100 days without compromising on quality, then carefully maintain and iterate as requirements emerged or the customer’s needs pivoted. I really appreciated the pure innovation and optimism there.

After 10 years and no university gap year, I took a month out to decide what to do next. I did consider trying to race bikes, but a series of crashes made me think again, although pedalling fast is a great way to clear the mind.

What brought you to iProov? What were your first impressions?

Joe reached out and asked if I was available to help extend and test part of an early iteration of iProov’s technology.

From the beginning, iProov was a welcome change from the caricature of startup lifeno money wasted on ping pong tables; just a dozen or so really driven people focused on breaking new ground. That being said, I’d never worked at a place with a robotic vacuum cleaner that would crash into everyone’s chair on a Monday morning.

Given my background in smaller companies where people wear many hats, and recent experience in moving ‘good and fast’, things just clicked. It’s been five years and I’m still learning a lot from my colleagues here. 

What does being Head of Development at iProov involve? 

It’s a really diverse remit, touching most technical areas of the iProov system. I’m jointly responsible with the various tech leads and heads of department for how we build new things and maintain our services. These days I’m involved with web technologies, iPortal, our data warehouse, and security.

Team development is really important. As iProov has grown, it’s been very rewarding to see my teams develop and specialize in their areas, and do ever-cooler things that solve problems or improve a tangible metric. This allows me to spend more time looking at logs, dashboards, and encouraging people to experiment with novel technologies and techniques to improve the products.

Describe a day in the life of a Head of Development at iProov…

It’s fast-paced and no day is the same. A lot of time is spent context-sharing and brainstorming how things come together and work end to end through the iProov system. I’m spending a lot of time experimenting, researching and sharing findings with various people across the business, then gluing my eyes to a dashboard to see how things improve when that feature or patch is released.

It’s also important for an engineering team to be commercially informedboth in what the industry is doing, as well as understanding our existing customers’ integrations. There’s a lot of collaboration with our Product Team and our Customer Success Team. And then there’s hiring – the company is also growing, so recruitment. Lots of that.

What would you say is the most interesting aspect of your job?

Identifying the reasons behind a particular user action or behaviour is always a fun puzzle to solve. This could be anything from trying to troubleshoot a user experience issue during accessibility and usability improvement work, to analyzing an attempted attack on the system and watching the steps the attacker took before they gave up.

Hearing from our solutions consulting team on the potential new use cases for iProov is exciting, especially learning about other companies that we can partner with to combine technologies for a particular industry.

On a lighter note, it’s been hilarious reading fraudsters complain online about our customers moving to iProov because they know their game is over!

And how has iProov changed since you joined?

Besides the obvious growth and acquiring many happy customers, we’ve started to really fly the flag for our service and tell our story worldwide. We’ve become more self-assured but without the hubris. 

One of our values at iProov is that we ‘achieve the remarkable’. What would you highlight as the most remarkable achievements of the Development team?

I have a fabulous and driven team. However, it’s actually three teams so here’s a remarkable achievement for each one:

  1. Data: Building a realtime data platform that now powers most of our day to day analytics and research. It has revolutionized the insights we can get and the speed at which we can access and produce those insights. 
  2. iPortal: Automating our provisioning process and making it configurable, meaning no more manual changes and thousands of hours saved ticking boxes!
  3. Web: Delivering iProov in a browser, which is definitely a remarkable achievement, and providing stellar customer service.

 

If you feel inspired by Will’s journey and are interested in joining the iProov team, check out our current vacancies. Follow us on LinkedIn and Twitter to keep updated with new openings. We are always looking for new talent. 

And meet more of the iProov team below!

Back to Resources

What is the best authentication method? 5 types of authentication shown on cover image: SMS OTP, Voice, Password, Fingerprint, and Face verification

What Is the Best Authentication Method? 5 Types of Authentication 

7 September 2021

A wide variety of methods are available to authenticate users remotely, ranging from passwords and one-time passcodes (OTPs), to fingerprint scanning and face authentication.

Each relies on a different factor to establish trust: 

  • Something you know (like passwords)
  • Something you have (using your phone for OTPs)
  • Something you are (biometrics, such as your face).

In recent years organizations have started to move away from knowledge-based authentication. Passwords are not secure, because they can be shared, guessed or stolen. Passwords also cause user frustration, because they are easily forgotten. This ultimately leads to drop-off and poor completion rates. You can read more about the end of passwords here. 

Instead, organizations are moving toward passwordless solutions. Biometric forms of authentication use something you are to prove your identity. These are convenientyou always have your face with you, for exampleand while they can be copied (using a photo), they cannot be stolen. And in the case of iProov’s Genuine Presence Assurance, biometric authentication technology can deliver the highest levels of security and inclusivity.

Why do we need authentication?

Authentication is needed to securely identify your online users. It’s most commonly used when logging into an account or authorizing a financial transaction remotely, for example. Ultimately, authentication is needed to restrict and allow access to personal information and accounts. As the demand for remote services grows, and cybercrime increases, so does the demand for secure authentication online. 

Secure user authentication…

  • Protects your customers from the emotional and financial impact of identity theft
  • Defends your organization against financial loss through fraud and other crime
  • Reduces the risk of your organization being used for money laundering
  • Helps to ensure that your organization is complying with regulations, such as KYC
  • Ensures your organization is reassuring its users and protecting its reputation

But which authentication method is the “best”, or right authentication method for you? 

How to choose the right authentication method

For your users, the best authentication method will be something that offers convenience, speed, and reassurance. For your organization, the best solution will deliver the appropriate level of security, high completion rates, and will be inclusive to the largest number of customers or citizens.

The things you need to consider include:

  • Security: If the risk profile of the transaction is high, you’ll need a more secure method of authentication. For example, an activity with high financial value (like moving funds from a bank account, or accessing a pension fund or government benefits) will require the highest level of authentication security. 
  • Usability: If authentication is overly complex, people find workarounds—for example, when passwords require multiple special characters, people tend to write them down, which makes them less secure and user-friendly. Consider who your service is aimed at but remember to be inclusive. Most online services need to offer maximum inclusivity, so simplicity and effortlessness are always the aim.
  • Convenience: Customers value convenience, and some authentication methods are better than others in this regard. For example, a customer making a payment on their desktop computer who then needs to fetch their mobile device for an OTP will likely experience frustration.
  • Reassurance: It’s possible to make things too easy. If a customer is making a large payment and doesn’t experience any sort of security authentication, they may be unnerved, which could cause them to distrust your company.
  • Completion rates: If your authentication process asks the user to follow too many instructions, or if it takes too long, or it needs repeated attempts before it succeeds, there’s a high risk of drop-offs and lost business. This impacts any organization, whether it’s a retailer dealing with abandoned baskets or citizens failing to return to access online government services.
  • Privacy: The authentication method should not compromise a user’s privacy. For instance, a commuter on a train wanting to complete a transaction on their mobile device may not appreciate needing to speak out loud with voice recognition.

Let’s look at five of the most popular methods of online authentication.

1. Face authentication

Facial authentication uses a face scan done by a human on any device with a front-facing camera to prove they are who they say they are. For face authentication to be secure, it needs to verify that the user is the right person, a real person, and that they are authenticating right now. This is what iProov’s Genuine Presence Assurance technology delivers. 

Some other forms of face authentication use single images to match a physical face to a trusted image, but they can be spoofed by “presentation attacks”, including photographs shown to the device’s camera. iProov technologies use multiple frames to securely determine the authenticity of an individual. 

Facial authentication has many advantages over other biometric methods. One is that everyone has a face, and most government-issued ID documents have a photo but don’t include fingerprint or other biometric data. This means that a user could scan their identity document using their mobile device and then scan their face to prove that they are who they claim to be—completing an entire verification process all from the comfort of their couch. 

Face authentication can also be done on general-purpose hardware. Any smartphone or computer or other devices with a user-facing camera can support face authentication, while fingerprint or iris scans need specialist hardware.

This transforms the way that governments and enterprises can securely verify the identity of online users. Citizens can apply for bank accounts, credit cards, healthcare, tax, or any other secure service without needing to visit a physical building for an identity check. 

Face authentication and verification are sometimes referred to as “face recognition”⁠—but these are completely different technologies. Learn the difference here. 

2. Fingerprint scanning

Fingerprint authentication compares a user’s fingerprint to a stored template to validate a user’s identity. Fingerprints are complex and unique, which makes them impossible to guess. They are also convenient to use on a smartphone or other device that has the capability to read a fingerprint. 

There are limitations with fingerprint authentication.  Firstly, because not everyone has a fingerprint scanner on their device, fingerprint authentication is not an accessible and inclusive method for all. It’s a method limited to those who own more expensive devices.  

And, just like passwords, there are security concerns. Fingerprints can be copied using silicon rubber, plus they can be hacked on most devices in around 20 minutes. Fingerprint authentication can be good for low-risk scenarios where quick access is needed but it lacks the accessibility of other methods such as face authentication.

3. Voice authentication

Voice authentication measures the physical and behavioral markers in a user’s speech to confirm their identity. Using all the information in human speech enables an effective means of authentication that works on a phone or video call. 

Voice has become a popular form of verification with financial institutions but is prone to background noise, can be overheard, and can be spoofed by a recording or deepfake.

4. SMS One-Time Passcodes

SMS One-Time Passcodes (OTPs) are unique, time-based codes that are sent to the phone number tied to a user’s account. OTPs prove possession of a device/SIMsomething you havebecause only one person should have access to their SIM and text messages.

There are a number of issues with this form of authentication.

  1. SMS codes can add complexity and additional steps to the authentication process. If customers are using a computer to complete a task online and are asked to find their mobile device to retrieve an SMS code, it can be frustrating and potentially cause the user to drop off and abandon the transaction. 
  2. SMS codes are not secure – they can be hacked and diverted. Devices are also often lost, stolen, and shared. OTPs are only as secure as the device they are sent to.
  3. SMS codes are in-band authentication, which offers less security than you might expect. If a user is buying something via a mobile app and the app provider sends an SMS code to that mobile device to verify the purchase, the SMS code is not actually providing any additional securitythe code is being sent to the same device and is, therefore ‘in-band’. If the device has been compromised, the OTP is worthless. iProov face authentication is out of band: it assumes that the device has been compromised and so the authentication is processed securely and privately in the cloud. An iProov authentication is therefore independent of the device being used. Even if a bad actor had full access to another’s device, the authentication process remains secure.

5. Passwords

Passwords are ubiquitous, and the authentication method we’re most familiar with. But they’re not secure. They’re often forgotten, stolen, lost, or sharedas we highlighted in our flagship report, The End of Password. Plus, our research has found that consumers are growing increasingly frustrated with passwords, causing them to abandon their baskets when they forget them.

Passwords, and knowledge-based authentication in general, suffers a fatal flaw: the more secure you make it, the less accessible it is for users. The passwords that fraudsters cannot guess or hack are also harder for people to remember. And as we create more and more accounts, it becomes harder and harder to remember them all.  Other threat vectors such as brute force attacks and credential stuffing are a big concern too. 

Our previous research also found that over 50% of users have abandoned purchases because they forget their password and retrieving it took too long, so there’s a clear commercial penalty here. 

This ubiquity makes passwords the common choice for authentication. But the truth is that passwords are better used in conjunction with other more secure and effortless methods of authentication, such as face authentication. These applications include multi-factor authentication and step-up authentication. However, one strong authentication is better than two weak ones.

iProov uses face biometrics for authenticating users securely and inclusively

Here at iProov, we provide biometric face verification to some of the world’s most secure organizations to enable them to authenticate online users. 

Consumers prefer methods that do not add additional complexity or effort to their services, transactions, and accounts. So, we eliminated the complexitywhile still retaining national-grade security. This enables you to onboard and authenticate customers and users, with the minimal number of steps for users. 

iProov’s biometric authentication provides:

  1. Genuine presence assurance: To deliver secure biometric face authentication, you must be able to establish that an online user is the right person, a real person, and that they are authenticating right now. Genuine presence assurance detects digital injected attacks, as well as artifact and imposter attacks.
  2. Cloud-based authentication: Cloud-hosted authentication solutions do not rely on the user’s device for security and are less susceptible to biometric security compromise. Cloud-based authentication also enables continuous active threat monitoring to constantly evaluate and respond to evolving attacks. 
  3. Device and platform-agnostic capability: Users should be able to seamlessly authenticate themselves on any device without the need for specific hardware or devices. 
  4. Effortless user experience: Authenticating with iProov is as simple as staring at your user-facing camera. Users do not need to read or follow instructions, or swap devices, and the user interface is inclusive and accessible. 

And that’s why some of the world’s most security-conscious organizations, including…

…choose iProov to verify, authenticate, and onboard their users.

Summary of the best authentication methods

  • The need for organizations to implement secure online authentication of remote users is growing, as cybercrime is increasing and regulations are changing 
  • There are many authentication methods available that offer different approaches within three categories: something you know, something you have, something you are
  • It’s important to consider which authentication method suits your use case, taking security, usability, convenience, reassurance, completion rates, and privacy into consideration.
  • Face authentication offers many benefits over other methods. A face scan can be verified against a trusted document, making it possible to securely validate the identity of the user. iProov’s facial biometric technology in particular is very inclusive as it can be completed on any device with a user-facing camera.
  • iProov’s Genuine Presence Assurance technology delivers face authentication with the highest levels of security, convenience, privacy, and inclusivity.

If you’d like to see the benefits of using face authentication to secure and streamline user authentication for your organization, book your demo here. You can read up further on our customers and case studies here. 

Back to Resources

CBE Andrew Bud

What is it like to receive a CBE? An interview with Andrew Bud, CEO of iProov

27 August 2021

Andrew Bud, iProov’s Founder and CEO, was made a CBE (Commander of the Order of the British Empire) in the Queen’s 2020 New Year’s Honours List. Andrew’s award was for services to exports in science and technology.

A CBE is the highest-ranking award below a Knighthood of the Order of the British Empire, followed by OBE and then MBE. It is awarded to people who have made a distinguished contribution to the nation in any field. Recipients must also meet the highest standards of probity and integrity.

Congratulations on your achievement, Andrew. What was it like to go to the palace for the investiture? Can you tell us what Princess Anne said to you?

The investiture itself was a striking experience because it was deeply formal, yet very unstuffy. There was a relaxed majesty combined with perfect manners and an effortless sense of poise. The whole occasion had a sense of being very intimate and I felt very intensely the privilege of being there.

Princess Anne was extremely well briefed on who I was and what iProov is doing. She asked me several questions that showed real knowledge – she asked about my personal trajectory from engineer to entrepreneur, and we also talked about other industry and technical matters, including the threat of deepfakes. She also made me laugh!

St James’ Palace is also one of the most beautiful of English Baroque buildings. It was marvelous to have the opportunity to visit and admire it.

How did you find out that you had been awarded a CBE and what was the process behind it all?

I received a letter from the Cabinet Office at the beginning of November 2019. Nothing really prepares you for that letter. It said that the Prime Minister was recommending me to be appointed Commander of the British Empire. My wife said that my hands shook as I read it.

It remained the deepest of secrets until the nomination was published in the Official Gazette a few days after Christmas. I told my children about it a few hours beforehand.

Soon afterwards, I received the invitation to Buckingham Palace for the investiture at the beginning of April 2020. Of course, that was then canceled due to the pandemic. By the time it could happen, Buckingham Palace was undergoing building work, so it took place at St. James’ Palace instead. That meant I could bring only my wife and no other family member, but also that she could participate in the investiture, which is unusual.

How did it feel, being nominated? What does this mean to you?

I can’t overstate the wonderful strangeness of it all. I’ve been a struggling entrepreneur most of my life. I’ve been involved in some great things, and it’s true they brought recognition from my peers, which was extremely welcome and gratifying.

But as an entrepreneur, you can tend to think of yourself as that guy way off the mainstream doing his best with a large responsibility unnoticed by the wider world. Then when something like this happens, a very public recognition, it’s a very startling experience.

I was particularly delighted to see my children’s responses. It really surprised them – I think they too have an image of me as a dedicated entrepreneur laboring away in the dark, so discovering that their Dad’s contribution to technology had been recognized at the highest level was special for them. And the greatest thing you can possibly do, I think, is to make your children proud of you. That’s one of my metrics for success in life.

You were made a CBE for services to exports in science and technology – can you tell us a bit about your career and what led to this?

I was very proud that the CBE recognized my work in building exports in science and technology. I started out as an engineer, which led me to lead a project to build the world’s first consumer digital wireless telephone, and subsequently to pioneer wireless data and mobile phone networks with Olivetti in Italy.

I then spotted the enormous opportunity of SMS and set up mBlox, which became the world’s largest provider of SMS transmission for enterprise applications.

I think the CBE also recognizes my 20 years with the Mobile Ecosystem Forum (MEF), an international trade association I helped found. I’ve been the chairman of that for 13 years.

Almost a decade ago I embarked on a new challenge with the search for trust in digital identity. This is perhaps even bigger and more vital than anything I’ve done before.

You’ve established iProov with a mission to bring trust to the internet through biometric authentication. What’s next for you and for iProov?

The CBE also recognizes the scale of iProov’s achievements in winning major business right across the world – in the United States, Europe, Africa, Singapore and Australia. Now I have an added obligation to ensure that iProov builds further on the worldwide impact that this award recognizes.

We have made great strides on our journey to keep people safe online around the world, but it’s a multi-year mission spanning many countries, different sectors, and billions of people. The challenges from cybercriminals will only increase, so we have to continually exert ourselves to stay ahead of the brilliant and well-resourced people who are trying to do harm online.

Ultimately, to fulfill its mission, iProov will have to become a very large global company employing thousands of people worldwide. The next step for me is making sure that happens.

To learn more about Andrew, read more about his CBE here, his fellowship with the Royal Academy of Engineering here, or listen to his interview with the Mobile Ecosystem Forum here.

To learn more about iProov, you can visit our About Us page, read our record-breaking growth in the first half of 2021, or apply to work with us. If you’d like to learn more about iProov’s technology, book a demo.

 

dfdf

Back to Resources

Tinder trials online dating identity verification

Tinder Trials Online Dating Identity Verification. Here’s How They Can Get It Right With Face Biometrics

26 August 2021

We were very interested to see that Tinder will be introducing ID verification to its dating app. They’re aiming to make users feel safer and provide “more confidence that their matches are authentic”. 

iProov predicted this back in December 2020. Dating apps and websites are increasingly being targeted by fraudsters who use deceptive dating practices, such as catfishing, to steal money or cause embarrassment to victims. In 2020, record losses of $304m were attributed to romance scamsup 50% from 2019.  

So the reasons for more security are clear. But Tinder is famous for its swipe left/right simplicity. How can they, and other social networks, make the ID verification process as effortless as possible for users? 

iProov isn’t providing the technology for Tinder, but we know how online dating apps and social networks can achieve security with simplicity: Genuine Presence Assurance. With Genuine Presence Assurance, service providers can achieve security, usability, inclusivity, and privacy to make ID verification as strong and hassle-free as possible.

Why is identity verification needed on online dating platforms?

Scenario: A man sees he has a “match” on a dating app. They make introductions and exchange messages, eventually moving their conversation onto another messaging platform. The identity of the two individuals is not verified at any point during this process, beyond names and photos. 

After a few weeks, the match says that they’re struggling to make their rent payment and asks if they could borrow money until the first of the month. The man sends the money. He then never hears from the match againit was a fake profile,  created using pictures easily found on social media, and the story was fabricated. The man uninstalls the app.

This is just one of many ways in which people are vulnerable on dating apps. Other threats include predators and account hijackers. Some people have been scammed by accounts using celebrities’ photos, and one woman even encountered a deepfake video created to support a fake profile on a dating site. 

Tinder has realized that many of its users want some protection from these threats: they want to know who’s on the other side of the screen. Of course, ID verification can’t stop someone from transferring money to a scammer. But with the right identity verification solution, like iProov’s Genuine Presence Assurance, you can enable users to take extra precautions against fake profiles. 

A number of things can be achieved using biometric face verification:

1. Accountability

Accountability is the most important thing that biometric face verification brings to an online dating platform or social network. If you have to use your real face and identity to register, it could discourage criminal or antisocial behavior because users understand that their actions can be linked back to them. 

Accountability helps with three types of users that people will want to avoid:

  1. Criminals: These are the users that specifically use the platform to target victims for fraud or other criminal purposes.
  2. Trolls: These people are using the platform to be abusive, or to cause offense or emotional distress to other users.
  3. Ordinary people that behave antisocially when there’s no accountability: These could be users that start out with a genuine interest in using the platform. But they send an inappropriate joke, which could escalate to abuse or trolling, or they make another user feel uncomfortable or threatened, which they would never do in real life. When people think there are no repercussions to their actions online, they may behave in an unacceptable way. This behavior can be discouraged by accountability.

2. Increased safety and security

Users can feel safer talking to or meeting with someone if their identity is verified. There have been many cases of predators using fake profiles, with the number of recorded sexual offenses involving online dating sites doubling over four years. Users are also less likely to be targeted by fraudsters or trolls. 

3. A better user experience 

Enabling users to be confident that they are talking to a verified, genuine person reduces the likelihood of someone wasting their time on the platform, leading to increased engagement and brand trust.

4. Defend brand reputation 

Online dating services and social networks have a responsibility to protect their users from harm, whether physical, emotional, or financial. 

For something as important as dating, which often leads to real-life meetings, you want to be sure that people are who they say they are online.

How can liveness help the online dating sector? 

Liveness detection enables online dating services to authenticate the identity of an online user. It uses a biometric face scan to verify that a remote individual is the right person and a real person. This process can help to defend against the creation of fake dating profiles, which can then be used for fraud, catfishing and trolling. Read more about iProov Liveness Assurance.

How can Genuine Presence Assurance ensure that online dating ID verification is secure, inclusive, and convenient? 

iProov’s Genuine Presence Assurance delivers all the benefits of liveness detection – it provides greater accuracy that a user is the right person and a real person. It also verifies that the user is authenticating right now – this protects against the use of digital injected attacks that use deepfakes or other synthetic media

How does it work?

When a user onboards to an online dating app or social network, the service can ask the user to iProov. They verify their identity by scanning a trusted document, such as a driver’s license, and then scanning their face to confirm that they are the owner of that identity.

iProov Genuine Presence Assurance delivers four benefits:

  • Security: iProov verifies that the person is the right person, a real person, and that they are authenticating right now. 
  • Effortlessness: If it isn’t easy to use, people won’t use it. People love Tinder because of its simplicity – you simply swipe left or right. iProov’s Genuine Presence Assurance is just as convenient to use: the user looks at their device, the device looks back.
  • Inclusive: It’s very important that social networks and online dating apps are as inclusive as possible. Otherwise, the companies could be accused of excluding sections of the population. iProov’s solution requires no reading and comprehending complex instructions – you simply look at your device’s user-facing camera. 
  • Privacy: iProov is respectful of user privacy. Face verification is very different to face recognition, which is often used in surveillance and other applications. With face verification, a user knows it is happening, they collaborate with it, they get a direct benefit from it and their privacy is respected.

The additional benefit of implementing Genuine Presence Assurance is that it can be used for ongoing authentication. Whenever users return to use the app again, they present their face and prove they are the right person, a real person, and that they are authenticating right now. This means that nobody else can ever access that account, or send messages, or carry out any activity that they then insist they had not done.

Identity verification for online dating: a summary

  • Online dating is vulnerable to various forms of fraud, crime, and identity manipulation such as catfishing and romance scams. So, it comes as no surprise that services such as Tinder are turning to identity verification.
  • Identity verification can help genuine users feel safe and secure while ensuring the authenticity of their matches. At the same time, it mitigates the risk of fake profiles and introduces accountability, ultimately dissuading fraudsters, criminals, and trolls from using the platform. 
  • However, identity verification needs to be done right. iProov’s biometric face verification is secure, convenient, inclusive, and respectful of user privacy. 

If you’d like to know how iProov technology could secure and streamline identity verification for your online dating app or other social network, book your iProov demo here today.

Back to Resources

Insurance and biometrics image cover with picture of umbrella and title: How Can Insurers Use Biometric Face Verification To Protect Against Online Crime?

How Can Insurers Use Biometric Face Verification To Protect Against Online Crime?

18 August 2021

In 2017, French police made a grim discovery: in an old freezer at the bottom of a woman’s garden, they found the body of her 90-year old mother who had died 10 years earlier.

The daughter was concealing the death so she could claim a pension worth $2400 a month.

This story is an extreme example of a global problem: how can insurance companies establish proof of life in a digital world? How can pension and annuity providers be certain that a person claiming from a fund is the genuine holder of the account?

iProov’s Genuine Presence Assurance technology is the answer. iProov provides online biometric face verification to enable insurers confirm that a remote user is the right person, a real person, and that they are authenticating right now. This helps providers of insurance products and services to: 

  • Protect against online fraud
  • Deliver a secure yet effortless digital customer experience. 
  • Comply with KYC and AML regulations
  • Maximize customer inclusion and accessibility 
  • Defend against reputational risk

Proof of life is just the start. Insurance companies can use online face verification in a number of ways. You can read our full guide to the benefits of Online Face Verification in Insurance here.

Here are two more examples:

Protecting against account takeover for pensions and annuities

Insurers can use online face verification to protect against account takeover. This is particularly important for high-value insurance products, as many people check their pension or annuity accounts infrequently.

The scenario: a policyholder has a pension that they pay into regularly through their paychecks. They rarely check or access their pension account. A fraudster gains access to the account. The fraudster could have obtained a password and username from a data breach on an unconnected site, or used social engineering. 

The fraudster then poses as the policyholder and logs onto the online portal, where they change the holder’s address, phone number, and email address. After that, any security checks, such as one-time passcodes sent to a mobile device, are compromised as the genuine holder is no longer receiving the alerts. When the true policyholder tries to access the account, they find that they have been locked out. When they do get access, the funds are missing. 

By impersonating the policyholder, this fraudster can access large amounts of money. Because the true account holder may only check their account once a year or less, account takeover fraud could go undetected and unreported for some time.

Preventing money laundering in insurance

Criminal networks can use insurance policies to ‘launder’ ill-begotten financial gains by depositing large sums that they then drawdown, turning dirty money into clean money. Insurance companies must protect against this.

The scenario: a criminal wanting to launder money through the international financial system buys a life insurance policy using funds from one or more bank accounts. The account is based overseas, and the amounts are small enough to avoid attracting the attention of the insurer’s fraud teams. The criminal can then cash in the policy early and request for the funds to be returned to another bank account, often in a different country. 

Download our full guide to the benefits of Online Face Verification in Insurance.

How can liveness help the insurance sector?

Liveness detection enables insurance companies to authenticate the identity of an online user. It uses a biometric face scan to verify that a remote individual is the right person and a real person. This process can help to defend against cybercrime, such as account takeover or new account fraud. 

Why the insurance sector needs Genuine Presence Assurance 

Liveness enables organizations to verify that a user is the right person and a real person. Genuine Presence Assurance verifies that they are the right person, a real person and that they are authenticating right now. The latter is very important as it protects the insurer against digital injection attacks, which use synthetic media such as deepfakes in a way that is highly scalable and capable of causing a lot of harm.

How many people buy insurance online? 

Insurers need to ensure that their customers have secure, effortless access to services online. More people than ever before are buying insurance on their computers and mobile devices, as data from a recent iProov survey shows:

 

Graph representing insurance in biometrics statistcs - highlights in text below

  • 86% of people in the United Kingdom have bought insurance online, either on a computer, mobile device, or both.
  • On average, 64% of people had bought insurance online across the 6 surveyed countries.
  • Purchasing insurance on a computer is more common than purchasing on a mobile device across all surveyed countries. The UK has seen the highest levels of adoption, and Canada has the least.

Insurers need to make digital services more secure, more convenient, and more inclusive for all. Defending against fraud, building customer and reputational trust, maximizing customer inclusion and accessibility, and complying with regulations—that’s the why. iProov face biometric verification technology is the how. 

Defending against online insurance crime with biometrics: a summary

  • The insurance sector, particularly pensions and annuities, is vulnerable to digital crime, such as account takeover fraud and money laundering. 
  • Customers need safe and convenient access to online insurance services. Biometric face verification and authentication from iProov enable effortless remote access for customers, while offering the highest levels of security.
  • iProov’s Genuine Presence Assurance helps protect insurance companies against digital crime and gives customers the reassurance they want from their insurer.

To read all of the data and more insights on how biometrics help prevent online crime in the insurance sector, download the report. We cover the following topics in full:

  1. Confirming proof of life 
  2. Improving access to online portals
  3. Reducing the risk of account takeover 
  4. Knowing your customer at onboarding 
  5. Building trust online

Access the full report here. 

If you’d like to learn more about the benefits of using biometric face authentication to secure and streamline your digital services, book your iProov demo here today.

Back to Resources

Anti money laundering compliance with biometrics cover image iproov

How Does Biometric Face Verification Help Protect Banks Against Money Laundering?

6 August 2021

The Financial Conduct Authority (FCA) has written an open letter to retail banking chief executives in the UK. It raises concerns surrounding weak financial crime controls and anti-money laundering (AML) compliance in the sector. 

UK retail banks have until the 17th September 2021 to analyze, identify, and resolve issues around “common control failings in anti-money laundering frameworks.” Failure to change may result in potential regulatory action, so banks need to take urgent steps toward securing their AML and financial crime management. 

iProov can help banks with AML and other fraud protection. iProov’s remote facial biometric verification technology enables banks to verify that an online user is the right person (ie, that the user matches the image from a trusted photo ID), a real person (not a photograph or video used in a presentation attack) and that the authentication is taking place right now (not a digitally injected attack).

How does iProov’s biometric technology help retail banks protect against online money laundering?

Part 1: Customer verification during online onboarding

Verifying the identity of a new remote customer is the first and most crucial step in a bank’s online anti-money laundering efforts. It’s how banks ensure that they’re engaging with a legitimate individual from the beginning, which enables you to filter out potential bad actors, bots, and fraudulent identities straight away.

The UN estimates that the amount of money laundered globally each year is 2 – 5% of the world’s GDP. Fines are common: in total, global penalties for non-compliance with AML regulations totalled $36bn between 2008-2020. Verifying and enrolling your customers in a way that complies with regulatory guidelines is essential. 

iProov’s simple-to-use, inclusive facial biometric technology enables you to verify each and every remote customer with the highest level of assurance. With Genuine Presence Assurance, retail banks can ask new customers to complete a brief and effortless facial scan during the online onboarding process. This confirms that a remote individual is who they claim to be, by verifying their physical face against the image in their photo ID. 

This helps banks to:

  • Reduce the time and cost involved in onboarding new customers. iProov technology replaces manual verification to increase accuracy and reduce costs. It also speeds up the process, enabling customers to quickly get access to their new accounts, while maintaining high levels of security. This helps to maximize customer completion rates and reduce drop-off during application.
  • Mitigate the risk of fraud and financial crime. iProov enables you to ensure that new customers are who they say they are.
  • Reduce the risk of compliance penalties and reputational damage from negative publicity. iProov enables banks to meet regulatory guidelines while reassuring customers and protecting the organization’s reputation.

Part 2: Ongoing authentication 

Once you have verified a customer during onboarding, the customer will also need to authenticate themselves on an ongoing basis when they access their account online or make transactions.  

An account could be created and verified legitimately, but then be compromised through account takeover fraud, identity theft, phishing, or other activity. Biometric face authentication ensures that the person trying to access an account (the ‘visitor’) is the same person that created the account (the ‘owner’). 

iProov also provides banks with flexible authentication. A returning online customer that wants to check a balance or complete another lower-risk activity can use Liveness Assurance to authenticate. A brief face scan verifies the person is the right person and a real person. 

But if that customer wants to complete a higher risk transaction—for example, transfer money to a new payee, change a PIN or request a new debit or credit card—iProov Genuine Presence Assurance can be used to provide additional security against fraud.  

Money laundering in retail banking: why is face biometric verification needed? 

When criminals need to ‘wash’ dirty money through financial systems, they’ll use a number of methods to try to avoid detection. A few examples:

Scenario 1: Account Takeover 

A criminal gains access to a legitimate bank account. They may have gained access to a real person’s account in a number of ways, such as credential cracking, phishing, or malware. Once they have full control of the compromised account, the fraudster then uses it to channel or ‘layer’ transactions, which obfuscates stolen money and conceals their criminal origins by passing money through multiple ‘legitimate’ transactions. The legitimate account owner may never notice, as the money simply passes through. Or when they do notice, it’s likely too late.

Scenario 2: Synthetic Identity Fraud and Account Creation 

Rather than taking over an existing account, a criminal creates a completely new account with a bank. They go through the entire onboarding process using a ‘synthetic identity’. This is done by creating identities using a blend of fake, real, and stolen data — such as an address or phone number, or a utility bill — to create a ‘person’ who doesn’t exist. Criminals can then launder money through this new account, which for all intents and purposes looks like a real account to the bank, with real transactions. 

Scenario 3: Money Mules 

A foreign university student sets up a legitimate bank account in the UK. When their studies finish, they return home. They are then contacted by a criminal who offers to purchase the account from them. The fraudster then uses this legitimate account to move money from account A to account B. In return, the student gets a monetary reward. This is a serious offense and form of money-muling: people agreeing to transfer money in and out of a legitimate bank account on behalf of criminals, either knowingly or unknowingly. This type of fraud has grown exponentially during COVID-19, particularly targeting younger age groups.

These are just a few of the ways that criminals and fraudsters can use financial institutions to launder money.

iProov’s remote face verification technology helps banks to mitigate against these risks of money laundering in several ways:

  • Preventing unauthorized account access and account takeover: iProov’s face biometric security ensures that only the legitimate account holder can access their account. A criminal can steal passwords or mobile devices (or other knowledge or possession-based security factors) but they can’t steal a face. They can copy a face, using a photo or mask or deepfake, but iProov’s Genuine Presence Assurance is designed specifically to detect spoof attacks. With iProov, only the verified account holder, determined during the onboarding process, can log in and authorize transactions. 
  • Detecting synthetic IDs at the point of onboarding: iProov verifies a new customer’s face against a trusted ID document during the onboarding process. If the physical face of the remote customer doesn’t match the ID document that is being provided, the application can be prevented. This provides protection against synthetic identity fraud, impersonation, and applications by bots or other new account fraud.
  • Preventing fraudulent payments: High-risk transactions can be flagged so that the user can be authenticated using Genuine Presence Assurance. This ensures that activity is legitimate, preventing fraudulent payments in real-time.
  • Protecting against money mules: Secure biometric verification and authentication from iProov can also protect against some money mule activities. For example, iProov can prevent legitimate customers’ accounts from being used as money mules without their knowledge, as the person using the account wouldn’t ‘match’ the face biometric of the legitimate owner.

How iProov can help: case studies in banking

We’re working with a number of banks around the world to verify and authenticate customers online, helping to deliver AML and KYC compliance. These include:

  • Knab
  • Rabobank
  • ING

You can view all of our case studies here

A summary: biometrics for anti-money laundering and financial crime control

  • The FCA issued an open letter to UK retail bank chief executives highlighting weak financial crime controls and AML compliance in the sector
  • Banks will likely be required to demonstrate how they are strengthening anti-money laundering and financial crime controls by 17 September 2021. 
  • iProov can help banks to prevent money-laundering and other financial crime. 
  • iProov’s Genuine Presence Assurance technology uses face verification and authentication to enable banks to deliver security, compliance with regulations, and maximum completion rates while ensuring an effortless and reassuring user experience 

If you’d like to see how iProov’s Genuine Presence Assurance technology can secure and streamline your customer onboarding and authentication processes, book an iProov demo here.

Alternatively, you can read more on iProov’s work with fininancial services organizations and on KYC compliance.

Back to Resources

How many people use face authentication? Featured image statistics

How Many People Use Face Authentication?

7 July 2021

Face authentication and verification have become ubiquitous in the lives of consumers globally. Apple Face ID, launched in 2017, has enabled millions of people to unlock their phones several times a day using a simple face scan instead of a passcode or fingerprint. Those same people are also using their face to access mobile apps — face authentication is used for mobile banking, payment, shopping, and other services. (Read more about the difference between face verification and face authentication here.)

It’s important to note that on-device face authentication services are useful, but they don’t provide the security that many banks, governments, and other organizations need. Device-based authentication authenticates the user so that the device is satisfied that the person is who they claim to be. With iProov’s cloud-based authentication the organization can be satisfied that the user is who they claim to be, but also that the user is authenticating in real-time. 

The problem with on-device biometric authentication is that the organization is having to depend on the device’s face authentication technology. If the device has been compromised, the service provider would have no way of knowing and imposters could be given access. This is why secure processes require cloud-based face authentication with Genuine Presence Assurance (GPA).

One thing is for sure: millions of consumers are now very comfortable with using their face for online security. So how many people are using face authentication across the world? 

How many people use face authentication to access their mobile banking app? 

We asked 1000 consumers in the US, UK, Canada, Australia, Spain, and Italy if they currently use face authentication to access their mobile banking app on their devices. 

We found that 38% of people are already using face authentication to access their mobile banking app. An additional 32% of people would use it if they could. Combined, the results look this:

How many people use face authentication for mobile banking? Graph

We also found that around 30% of people do all of their banking remotely on their mobile devices, meaning that a significant proportion of all banking is now accessed using facial biometric technology.

The takeaway here? Consumers are comfortable using facial biometrics on their device, and they are happy using it to access their bank account remotely. 

This means that the opportunity for banks and other organizations is huge. By implementing secure biometric face authentication from iProov, banks can enable customers to complete even the most secure processes online, such as adding a new payee, transferring a large amount of money, changing a PIN or requesting a debit card. This reduces costs, minimizes customer frustration and provides a truly secure, inclusive, and convenient mobile banking experience. 

So what do people like about face authentication?

Why do people like face authentication?

We asked people to tell us why they like using face authentication, allowing them to choose several options. Speed and convenience were the top reasons selected:

What do people like about using face authentication and face verification biometric statistics

Speed

iProov’s reassuring ceremony takes just a few seconds to authenticate users. To use your phone you have to look at it, so authenticating just by looking at it requires the least effort from the user. iProov’s solution is truly passive, as there are no steps for the user to take: just look into the front-facing camera and you’re done. 

Convenience

Face authentication is incredibly convenient. Standard solutions like passwords are often forgotten, requiring a lengthy recovery process. SMS one-time passcodes (OTPs) either require the user to switch between apps and copy a code, or sometimes even require two separate devices. Face authentication is consistently convenient for the user. 

Users always have their face right there — you don’t need to remember anything, carry a security token, or do anything. You just present your face to the device’s front-facing camera. Plus, there is no special hardware required, unlike with a fingerprint reader.

iProov’s Genuine Presence Assurance can be used on any device — including mobile devices, desktop computers, tablets, and kiosks — affording additional convenience. An important additional benefit of iProov’s cloud-based technology is that if your device is lost, stolen, damaged, or out of battery you can easily access your account from any device (unlike on-device biometrics).

Earning trust online with face authentication

To summarise:

  • We asked 1000 people across six countries if they use or would like to use face authentication to log in to their mobile banking app. The results ranged from 70% in the US and 69% in the UK, all the way up to 77% of people in Spain and Italy. An average of 70% of people across the six countries use or would like to use face authentication for mobile banking.
  • We then asked what people liked about using face authentication. The top two answers were speed and convenience.
  • iProov can help onboard, verify, and authenticate your customers using facial biometric technology. Genuine Presence Assurance offers the highest levels of security and user experience.

iProov is already trusted by leading organizations, such as the US Department of Homeland Security, the UK Home Office, and leading banks to deliver secure face authentication. Genuine Presence Assurance is crucial for organizations looking to deliver national-grade security without sacrificing the user experience.

If you’d like to see the benefits of using face authentication to secure and streamline online services for your organization, book your demo here.

Back to Resources

iProover 5b 1 |

Meet the team: ‘The Deepfake Guru’ fighting online crime at iProov

28 June 2021

The iProov Science function is made up of multiple teams, with each team playing a key role in iProov technology innovation. This month we caught up with Jim Bremner, Head of AI. Jim talks to us about his journey at iProov, from Research Scientist to Head of AI, and shares his insights into what it’s like to tackle the increasing threat of deepfakes.

Hi Jim! Can you tell us about your journey to iProov?

I studied Physics at Imperial College London because I thought physics was really cool. I liked that I could work on something technical that had so many unusual and interesting aspects to it. I graduated with a Physics MSci and like a lot of physics graduates, I enjoyed the studying but felt a yearning for something more applied. My degree supplied all the theory I needed to start my journey with artificial intelligence and machine learning. So I started working on small projects to get me up to date with where the field was at the time. I was then involved in a Machine Learning Fellowship where I was able to nail down the practical aspects of applying my theory to real-life projects. I learned a lot about computer vision problems, involving interesting ways of visualizing and making sense of image data. Which was how I became interested in iProov and face biometrics…

So why did you choose iProov, specifically?

iProov face verification is solving a problem that is really interesting – how does one tell whether someone on the other side of a smartphone isn’t an attacker trying to steal someone’s identity?  How can you tell they are real? A solution wasn’t obvious to me at first, so that gave me the sense that there was actually quite a lot of open ground – as opposed to an established industry where the techniques weren’t as disruptive. I knew iProov and biometrics had a great balance of these qualities.  iProov also has a really big reach, so I knew that I would be making a difference across a lot of people’s lives. 

How has the battle against deepfakes changed since you started working here?

The battle against deepfakes has been my main focus through my time at iProov. Yet when I started at iProov, ‘deepfakes’ wasn’t a commonly known term. So the idea that I’d be working on trying to protect against them was maybe quite novel because they’d only been around for a couple of years at that point. I remember telling friends and family about my new role and they were interested to discover there was actually a need for it.  

Fast forward a couple years and not only is it really easy for anyone – even with the basic understanding of technology – to go and generate their own deepfakes from a mobile app, but the tools themselves have become a lot more powerful and work in an increasingly difficult environment. So nowadays you only need a single image of someone (which you can get from social media) to create a pretty convincing deepfake, whereas that wasn’t really the case when I started in the industry.

So you are now ‘The Deepfake Guru’! Walk us through an average day in the fight against deepfakes.

The Science team at iProov is focused on staying many steps ahead of the attackers. So we have to keep our ear close to the ground in terms of what’s happening out there with new deepfakes or synthetic media creation techniques; reading a lot of literature and academic papers and getting ideas from them on detecting different types of attacks. 

Post lunch, there’s time for intensive thinking through the problems we’re trying to solve. A lot of the problems aren’t straightforward (which I suppose is why we’re trying to solve them!) and they require a bit of solitary thought. I actually do my best thinking on my cycle home. It gives me that forced time where I can’t actually do anything else apart from think (and maybe think about where I’m going with my bike as well).

So tell us, what’s the best kept secret about working in the AI team at iProov?

Hmmm, I will schedule this into my cycle-home-think-time and get back to you.

Ok, ok. But can you tell us why we should be so worried about deepfakes? 

People should be worried about them, especially in digital identity, because we’re seeing deepfake attacks all the time. They’re at the stage now where the quality is so good that if you’re not working hard to stop them, they’ll quite easily pass as real. This is why we invest so much time and effort into them.  

I feel we are slightly turning the corner in terms of fake news, deepfakes and misinformation. I think more and more people are realizing they can’t trust what they read online. I’m hoping that the same happens with visual media. By showing people concrete examples again and again e.g. a deepfakes of Trump declaring war, they understand what is possible with technology then hopefully it becomes clear these are a threat.

I hear there are a few opportunities opening up to join iProov’s cutting-edge AI Team! What three qualities does someone need to work in the AI team?

I’d say firstly it is important for someone to be very inquisitive. We have to make sure that we protect ourselves against a multitude of attack types which requires exploration of all different possibilities to try and break your own system. If you’re not curious about certain situations that might arise, then we will leave ourselves open to certain types of attack. So having a natural curiosity is key. 

Creativity is really important, because a lot of the answers to the problems we are trying to solve don’t exist. We need to create those solutions ourselves. That requires a lot of creativity in terms of concepts, but also how you might implement these concepts as well.

A third one would be empathy. Empathy in a different context to how it’s normally used: this would be empathy towards the attackers. We have to put ourselves in the attacker’s shoes and try to think like an attacker. This gives you a good sense of what we need to look out for because in truth there are many ways people can attack and understanding their motive means we can stay ahead. 

If you feel inspired by Jim’s iProov journey and are interested in joining the iProov team – check out our current vacancies. Follow us on LinkedIn and Twitter to keep updated with new openings – we are always looking for new talent. 

And meet more of the iProov team below!

Back to Resources

Biometric authentication vs verification - this infographic explains the difference between them

Biometric Authentication vs Biometric Verification: What’s the Difference?

25 June 2021

Biometric verification and biometric authentication both use unique physical characteristics (a biometric) to prove that a person is who they say they are securely online. But each has a different process and different use cases. 

Biometric verification is the act of matching a unique biometric characteristic (i.e. a face) against a trusted identity document (such as a driver’s license). This is typically used when an individual is onboarding or enrolling for a service online for the first time.

Biometric authentication validates the unique biometric characteristic (i.e. the face)  against the biometric template created during the verification process. This is used when an individual is returning to use an online service after they have onboarded or enrolled. 

The best biometric solutions do more than just match biometric data: they must also ensure that the person presenting their biometric is a real person (not a photograph or video used in a presentation attack) and that they’re presenting right now (not a digitally injected attack).

Let’s take two real-world scenarios to further clarify the difference between the two…

What is biometric verification?

Scenario 1: You’re signing up remotely for a new online bank account. To onboard securely, you complete the application and are asked to verify your identity. You scan your driver’s license (or other trusted identity document) using your mobile device. You then scan your face using your device’s user-facing camera. The biometric technology matches your live face against the face on the license. In this scenario, Genuine Presence Assurance is needed to ensure that you are the right person and a real person, verifying in real-time. The process proves that you are who you say you are – your identity is approved and the bank opens your new account. This is an example of biometric verification. Your face biometric is verified against the photo in a trusted identity document to confirm you are who you say you are.

What is biometric authentication?

Scenario 2: A week later, you want to check your bank balance online. The bank asks you to authenticate by presenting your face to the camera, which is then matched against the biometric template that you created during the onboarding process. In this scenario, biometric authentication can be delivered using liveness detection, which confirms you are the right person and a real person. If you wanted to transfer $5000 to a friend, the bank can use Genuine Presence Assurance instead of liveness for additional security. This is an example of biometric authentication. You reconfirm your face biometric against the biometric you provided during onboarding to confirm that you have the right to access the account. 

Both biometric verification and authentication are integral parts of secure, convenient online security processes. The right biometric solution can help your organization to prevent fraud or other cybercrime without inconveniencing your customers.

iProov’s cloud-based facial biometric technology provides the most secure and convenient way to verify remote users (…and we explain why below!).

Why do you need biometric verification?

Biometric verification should prove three things:

  1. That the presented biometric data matches a trusted identity document
  2. That the biometric data is presented by a real person 
  3. That the biometric data is presented in real-time

Step 1 ensures that the biometric data matches a real-world, verified identity. This usually happens by verifying the presented biometric against government records, using a trusted identity document such as a passport or driver’s license. Biometric verification is not just about two pieces of data matching each other – it must also match a government-verified identity.

Step 2 ensures that the person presenting their biometric is a real person – many solutions are caught out by attacks that use artifacts, such as masks or photographs. 

Step 3 is where iProov’s Genuine Presence Assurance technology is unique. Liveness solutions cannot guarantee that the face being presented during the onboarding or authentication process is actually being presented right now. This leaves them vulnerable to digitally injected attacks, which inject media directly into the data stream and bypass the camera and other device sensors. Digitally injected attacks can use synthetic media such as deepfakes, where a fraudster creates a fake person or takes a photo of a real person and animates it. iProov’s Genuine Presence Assurance supports you across all three steps.

The onboarding of an online user is critically dependent on that person being the right person, a real person, completing the process right now – fraudsters using stolen or fake identities can do a lot of damage if they are not spotted at the onboarding stage. You can read more about the patented Flashmark technology behind this here. 

Once you have all three, you can safely and securely identify users during onboarding. Biometric often verification forms a part of organizations’ regulatory processes, such as Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance. These regulations set out that organizations must be able to prove that they’ve verified the identity and assessed the risks of those they’re doing business with. 

Biometric verification eliminates the need for lengthy manual processes during onboarding, such as scanning and signing documents. There’s no need to travel and verify your identity in person. Biometric verification allows your users to verify their identity no matter where they are, and enables them to do it in an effortless way.

Without the security that biometric verification provides during onboarding, you leave the door open for scammers and fraudsters to abuse your online services. One 2021 report found that 1 in 7 new account creations are fraudulent, and another found identity theft in the US rose by 72% between 2018-2019.

Biometric verification safeguards against:

  • Financial loss due to illegitimate or fraudulent applications
  • Additional overheads due to fraudulent customers, the cost of manual verification, and becoming overwhelmed by high volumes of illegitimate applications
  • Negative publicity if your onboarding process lacks security, enabling bad actors and impersonation attacks
  • Financial penalties from regulators

Examples of when you need biometric verification:

  • Opening a new bank account
  • Onboarding customers or citizens remotely 
  • Onboarding or registering for any digital service, such as age screening
  • Applying for government aid and services
  • Applying for a visa 

Why do you need biometric authentication?

Biometric authentication reconfirms that a person is who they claim to be every time they log in or make a transaction. This ensures that the person attempting access ( the ‘visitor’) and the person who created the account (the ‘owner’) are the same person, by matching biometric data. 

iProov offers Flexible Authentication to enable organizations to apply the right level of security to each authentication, using either Liveness Assurance or Genuine Presence Assurance. If an individual wants to access their bank account to check a balance, for example, Liveness Assurance offers effortless convenience with the appropriate level of security. If the user wants to transfer $5000, then Genuine Presence Assurance delivers the additional reassurance that the request is not part of a digitally injected attack.

There are scenarios in which you can have authentication without verification: for example, Apple’s FaceID does not require you to verify your identity to set up the authentication which locks your device. But most applications require verification before authentication. 

Biometric authentication is crucial because verifying a person’s identity once is not enough. You must also regularly ensure the account has not been compromised. Authentication enables you to continuously ensure that the person onboarded with your organization is the same person attempting to log in each time. 

It’s like creating a password for your bank account: you enter it again every time you log in or make a large transaction. The difference is that biometric solutions, such as face verification, achieve this with greater ease for the user and stronger security.

Biometric authentication safeguards against:

  • Financial loss due to identity theft and account take-over 
  • Loss of customer trust and negative publicity if data is accessed illegally
  • Customer frustration caused by alternative authentication methods, eg passwords

Examples of when you need biometric authentication:

Biometric authentication is often used as a replacement for passwords, or as an additional factor as in multi-factor authentication and step-up authentication. Applications include… 

  • Unlocking a device, such as your phone
  • Signing into a verified account, such as a bank account
  • Approving a transaction, such as an Apple Pay payment or bank transfer (particularly in light of European Strong Customer Authentication regulations)
  • Accessing company software applications or sensitive data, such a medical health data 
  • Resetting credentials and recovering accounts

iProov: biometric security for verification and authentication 

iProov technology is being used by organizations around the world for verification and authentication. Some examples:

To summarise:

  • Both biometric verification and authentication enable organizations to confirm that an individual is who they say they are in non-face-to-face scenarios, establishing trust and security online
  • Biometric verification checks an individual’s face or other biometric against a trusted government identity document and is used for onboarding and enrollment 
  • Biometric authentication checks that a returning user’s face or other biometric matches the biometric that was created during the verification/onboarding process. 
  • iProov delivers both biometric verification and biometric authentication, offering the highest levels of security and customer experience. 

To see how iProov can help your business deliver verification and authentication, book your demo here or contact us.

You may also enjoy…

Back to Resources

National Selfie Day cover image: looking at Selfie Anxiety, Selfie verification, Selfie identity

Can You Use Selfies for Online Identity Verification?

21 June 2021

The word ‘selfie’ was first added to the Oxford English Dictionary in 2013.

Torn out page with the definition of a selfie: a photograph that one has taken of oneself

It’s since become a globally recognized term—you’ll rarely go a day without seeing one or hearing them mentioned.

We often hear about selfies being used to verify identity online. But there are three important considerations when talking about verification by selfie:

  1. Selfies for ‘single frame liveness’ are not secure: a single image should not be relied upon to securely authenticate a user online. Selfies can be stolen, edited or fabricated entirely.
  2. Selfie anxiety can harm your completion rates: consumers like the convenience and speed of face authentication if they’re accessing services on their mobile devices or computers. However, suddenly seeing an image of yourself during an onboarding or authentication process can be jarring. And if the experience is jarring, then users could drop-off and harm your completion rates. 39% of Americans say they have selfie anxiety according to recent iProov data, while 51% don’t like the way they look on mobile video calls (which is selfie anxiety in all but name). iProov’s user experience has been designed to avoid the ‘jarring’ experience and maximize completion rates.
  3. Selfie perfectionism is also a danger to your completion rates: what about those people that do like seeing themselves? Another danger lurks: across the surveyed countries, we discovered that 30% of consumers retake selfies at least 3 times before they are happy with them. Like selfie anxiety, selfie perfectionism can slow down the face authentication process and prevent users from completing the task at hand.

Why is selfie verification (known as single-frame liveness) not secure?

Picture the scene: you want to open a new bank account or make a large payment online. The bank needs to verify your identity. Would you be comfortable if the bank only required you to send in a selfie as proof of your identity? Of course not—because we understand that a single, simple selfie is not secure. Images of our faces are often widely available online, and anybody could go to our social media profile and get hold of one. 

The same goes for single-frame liveness. Single-frame liveness is the term used for technologies that use a single image, or selfie, to determine the authenticity of an individual.

Single-frame liveness can carry out basic face matching—for example, to determine that the person in a selfie matches an image on their ID document. But single-frame selfies do not guarantee that an image is a real person presenting their face right now—it could be an individual using somebody else’s photo. 

So, how can you make selfies secure? 

In short: you can’t. 

You need multiple frames to guarantee authenticity. This is why iProov uses Genuine Presence Assurance (GPA) and Liveness Assurance. These solutions analyze multiple frames from a user-facing camera to determine that a human is the right person, a real person, and — in the case of GPA — that they’re authenticating right now.  Only once you have the assurance of all three conditions, can you use face verification as a secure method of verifying identity. 

But security isn’t the only concern here… 

Selfie anxiety is harming your completion rates

Selfie anxiety is when people experience a negative emotion upon seeing their own unedited, mirrored image—such as discomfort, shock, and unease.

So while consumers love the convenience and speed of face authentication, suddenly seeing an image of yourself can be unpleasant to many people. A user could shut down the app or website and abandon the process. Alternatively, they could start to fix themselves up—the problem here is that biometric face authentication doesn’t need tidy hair or perfect mascara, so the delay is unnecessary.

This is why iProov’s user experience has been designed to avoid the ‘jarring’ experience and maximize completion rates. See below for more on this.

We asked users in six countries if they ever suffered from selfie anxiety. While 39% of Americans said yes along with 30% of Brits and 31% of Australians, only 15% of Italians agreed:

Selfie anxiety UK | Selfie anxiety US | Selfie anxiety Australia | Selfie anxiety Canada | Selfie anxiety Spain | Selfie anxiety Italy |

Selfie perfectionism is also a danger to your completion rates

We also asked: ‘If you were taking a selfie of yourself to post on social media, how many times would you likely retake it before you were happy with it?’ 

Of the users who took selfies, we discovered that:

  • 33% of Australians retake selfies 4 times or more
  • 28% of Spaniards retake 4 or more times
  • 27% of Italians and Canadians do likewise
  • 21% of Brits do the same

How you look during a biometric face authentication is entirely inconsequential. So, how can enterprises and governments encourage users to complete face verification without delay or postponement? 

iProov’s abstracted image solves the selfie anxiety problem

iProov face verification uses face abstraction technology to ensure that the user experience is optimized for all. A line drawing greets the user, rather than a standard selfie, delivering a more respectful experience – no front-facing-camera-look-at-the-state-of-my-hair shocks. You can find out more about our abstracted image here.

Whether users dislike seeing themselves, like seeing themselves, or sit somewhere in the middle, iProov delivers a respectful user experience that maximizes completion rates. 

Image of iProov's Genuine Presence Assurance Abstracted Image line drawing

Benefits of abstracted imagery:

  • The user engages with the screen for the necessary amount of time so that the biometric image is accurately captured, rather than posing, retaking, or feeling uncomfortable or shocked. 
  • The process does not cause selfie anxiety or require unnecessary movements or gestures. 
  • The positioning of the face as directed by our technology is engineered to ensure that maximum light is reflected off the face to optimize authentication results. 

Selfie verification: a summary

  • Our face has become the go-to authentication method for proving who we are online.
  • However, selfies alone are not a secure way of authenticating people online.
  • iProov’s Liveness Assurance and Genuine Presence Assurance technologies use multiple frames of a face to enable secure online onboarding and authentication. biom
  • Whether you love them or hate them, selfie anxiety is very real for some, while selfie perfectionism can be equally as disruptive to the authentication experience. 
  • Abstracted image delivers a respectful, user-friendly experience that mitigates selfie anxiety and perfectionism to maximize completion rates.

To see how iProov can help your business to deliver biometric verification and authentication with outstanding usability, high customer completion rates and top-level security book your demo here or contact us.

Back to Resources

Kendel Ruppert Demand Generation

Meet the team: from graduate to representing iProov around the world

27 May 2021

This month we introduce you to Kendel Ruppert, Demand Generation Manager at iProov. We’re big believers in developing talent and promoting internally here at iProov and Kendel’s journey is a perfect example of that in practice. Here she tells us about her career so far and what it’s like to work here. 

So Kendel, what were your first impressions of iProov? 

I joined iProov as an intern when we were a very small team based in our old office, so my first impression was “wow, there’s a lot of people crammed into this very small space!”. I was one of the first commercial hires so I was surrounded by a sea of technology geniuses talking about things I didn’t understand. It could have been quite an intimidating situation, but it wasn’t at all – the iProov culture has always been very accepting. One of my main memories of that first day was that Andrew, our CEO, knew my name. That continues to this day: the CEO takes an interest in who you are and what you’re working on.

How has iProov changed since you’ve been here? 

First, we have a lot more people, which is really cool. We are very diverse – there are more women in the business and we have people from different ethnicities, countries and backgrounds. It’s refreshing to have such a diverse culture at iProov – everyone is unique and that uniqueness is seen as a good thing. It’s understood that different perspectives bring a lot of value. I really love that. 

The second big change has been the office. It’s almost folklore at iProov: The phrase “you should have seen the old office…” is heard by every new starter. It wasn’t a very inspiring building. I used to wonder how the team managed to remain so positive, so inspired and so motivated in a not-so-inspiring place but we still managed to have customer meetings in that office and win customer contracts. That’s a true testament to the team and the spirit of iProov that a ramshackle building couldn’t hold us back.

Ah yes, the old office. What was wrong with it? 

Our Head of Biometric Platform, Gemma, used to have a bucket next to her desk to catch rainwater that would leak through the ceiling. The number of times I’d arrive at work out of breath because I’d had to run up eight flights of stairs when the lifts were broken again. One of the funniest stories is our Sales Director, Alex; in his first interview, a piece of ceiling crumbled and fell on his head – and he still joined iProov! That’s a testament to how cool the technology is and the strength of the company culture. I look back nostalgically now but I’m definitely glad we have working lifts and water-proof ceilings. 

What’s it like working in iProov HQ now?  

It’s a lovely place to work. I remember our first day – we were walking around in absolute awe. I love seeing people come into the London office for the first time. We have great views of the South Bank, the Shard and Canary Wharf on one side and then the London Eye and Houses of Parliament on the other. There’s yoga and free coffee and beer and all sorts of other perks but it’s the atmosphere that I love the most. The background noise of people solving complex problems, the hustle and bustle of the working day, seeing equations on the meeting room whiteboards – I’ve missed all of that during the pandemic.   

How has your role changed since you started at iProov?

I joined straight out of university as a graduate. I joined the marketing function and was exposed to a wide range of activities. It was slightly overwhelming because at the time I was the only hire dedicated solely to marketing. However, it meant I got exposed to everything very quickly and I learned a lot faster than other graduates in the early stages of their careers. As the company grew, I joined the Demand Generation function  – again, it was new and a bit daunting but also very exciting. iProov has continually given me the opportunity to learn and develop myself while making a real contribution to the company’s progress. 

What is your favourite thing about your role now? 

I loved the events and the travel that I got to do before the pandemic.  Right before COVID hit, I was in Berlin and then San Francisco before the rest of the year’s events were cancelled. Traveling to different countries and talking to people about iProov has put our potential into perspective for me – there’s a huge interest in our mission and what we’re doing. It also shows how quickly your career can grow at iProov – I was able to prove myself and be managing events around the world at the age of 22. I’m not sure I would have had that opportunity in other companies. 

What are you most looking forward to when we can return back to the office?

Being in the office together makes it much easier to appreciate that you’re part of something big; way bigger than either you or your team. There’s a sense of togetherness at iProov and it’s really cool to see that happening in real-time, with iProovers gathering together to solve a problem that’s affecting millions of people somewhere on the other side of the world. Everyone doing that from their homes is still cool, but it’s not the same. I’m looking forward to getting back to the office and seeing things happen.

Finally, how would you summarize your time at iProov? 

I feel like I’ve already had so many career-defining moments in a very short space of time! For me, it’s been an amazing experience and a privilege watching incredibly intelligent people build something from the ground up. It’s like a well-oiled iProov machine and you get to see ideas moving from inception to fully-fledged solutions and business opportunities. I imagine that this is how the first 20 people at Microsoft or Google felt and I am just really proud to be part of the iProov story.

If you feel inspired by Kendel’s iProov journey and interested in joining the iProov team – check out our current vacancies. Follow us on LinkedIn and Twitter to keep updated with new openings – we are always looking for new talent. 

And meet more of the iProov team below!

Back to Resources

Fake COVID Vaccine Certificates - the iProov solution

Fake COVID Vaccine Certificates and How to Protect Against Them

25 May 2021

Fake COVID status credentials are a global problem—and a problem we saw coming here at iProov. That’s why iProov and Mvine’s COVID Status Credential solution has been designed to combat the risk of people using fake COVID test and vaccine credentials.

Our solution uses cloud-based face verification. It’s secure, convenient, accessible to all and is respectful of user privacy.

How can face verification protect against fake COVID vaccine certificates?

How can airports, travel hubs, stadiums, venues and other organizations be certain that someone presenting a vaccine status or COVID test result is the genuine holder of that status? How can they be sure that they’re not looking at a borrowed or faked certificate?

Face verification associates a person’s face with their vaccine status or test result status. This means that the right people can be given access to venues or to travel so that safety is protected.

How does the iProov-Mvine solution work?

Most paper and electronic vaccine certificate solutions require unnecessary identity checks. An example scenario:

  • A doorperson is checking vaccine status to allow people into a stadium or event
  • They would ask to see a paper vaccine certificate or a QR code on a device
  • They would then need to see a piece of photo ID (for example, a driver’s license)
  • They look at the person’s face and make sure it matches the photo ID
  • They then match the name on the photo ID with the name on the vaccine certificate

This takes time. It also leaks data, as the checker doesn’t need to see an address or date of birth or other info shown on the driver’s license. This approach also requires the checker to make judgments based on what they believe to be correct. They could easily fail to spot a fake, or not want to challenge an individual presenting something they believe could be a fake.

The Mvine-iProov solution uses face verification to make the process more secure and convenient:

  • The doorperson would scan someone’s QR code on paper or a device
  • They would then scan the person’s face
  • The checker would see a tick to confirm that the person in front of them is verified as the holder of the certificate attached to the QR code

No unnecessary data is shared, it is fast and simple, and the checker has to make no judgments. No one else can use your certificate. No one can steal it, spoof it, or fake it. And because it uses cloud technology, the certificate can be accessed anywhere on any device. The person showing their certificate doesn’t need a smartphone – they can show the QR code on paper.

Where are fake COVID vaccine certificates being used?

Fake and forged vaccine certificates and test result documentation are being sighted all over the world. UK border staff are catching more than 100 fake certificates every day, while researchers have found over 1200 vendors offering false documents operating worldwide. And these are just the cases that have been caught and reported.

Fake certificates allow people to gain access to services and venues without actually meeting the safety requirements. Affected sectors include:

As the world continues to re-open after the pandemic, how long before fake test and vaccine certificates are reported at public events, schools and universities?

Fake vaccine certificates vs fake vaccine test results: what’s the difference?

In many countries, the discussion about vaccine certificates and how they will be used is ongoing. COVID test results, on the other hand, are already being used extensively for travel and other purposes. Both can be faked.

Fake COVID test documentation

PCR and other tests are being used by many governments to manage people coming in and out of the country. Someone wanting to travel has to take a test a few days in advance and be able to show a negative result, usually on paper, for them to be permitted to travel. If someone has received a positive test result, or has failed to do a test at all, they may be tempted to make or buy a fake document. As with any paper documentation, this is relatively easy to fake.

Fake vaccine certificates

Governments and organizations are looking at various ways of enabling people to share their vaccine status so they can travel or access other services. Someone who has been fully vaccinated would potentially be able to travel without self-isolating or paying to stay in a hotel if they could prove their vaccine status.

In most countries, vaccine certificates have been issued on paper cards containing a name and some other written details. These cards are easy to copy. Many countries have either introduced a digital alternative or are looking at doing so but the risk of fakery remains a problem: a QR code on an app can be copied and shared even more easily than a paper document.

How are COVID-19 certificates being faked?

Paper COVID certification

Paper-based documents have been used extensively for issuing and presenting COVID test results and vaccine status. Paper will always be needed, as not everyone has a smartphone or other device on which to store their credentials. Unfortunately, paper-based certificates have limitations. They can easily be lost, shared, doctored, or faked.

A factor in this has been people sharing their vaccine certificates on social media. A bad actor could easily lift the certification number and personal information from these images and create high-quality replicas. There are even forums online with specific instructions and templates on how to fake paper COVID-19 vaccination cards.

Digital COVID credentials

Governments and organizations are looking to digital solutions to facilitate the sharing of an individual’s vaccine status. A QR code on an app is harder to lose or damage than a paper version, but can still be shared, stolen, or faked using screenshots.

By removing the risk of people being able to use fake COVID status certification, governments and organizations can ensure public confidence and safety and facilitate a return to normal life.

Read more about iProov and Mvine’s COVID Status solution. To learn more, please book a demo with iProov here.

Back to Resources

Image for website card abandoment rate, Passwordless authentication

Forgotten Passwords are Increasing Your Website’s Abandonment Rate

6 May 2021

We’ve all been there. After hours of searching online, you find that perfect pair of shoes. You’ve made your decision and it’s time to head to checkout. Trouble is, you can’t remember your password. The site recognizes your email address, so you must have a password. You request a reminder, but it goes into spam and you can’t find it. You give up on the purchase.

If this sounds familiar, you’re not alone. Our latest consumer survey data shows that password frustration and abandoned transactions are global problems. In Spain and the US, over half of consumers have abandoned a purchase because of password frustration and Australia, the UK, Canada and Italy are not far behind.

forgotten passwords abandoned baskets 1 |

Note that this graph only represents the people who completely abandon their purchase—there are likely countless others that get frustrated yet persevere.

The bottom line? Businesses are losing money because of passwords, owing to increased abandonment rates.

So, on World Password Day, let’s consider why passwords are no longer fit for purpose. Because this is just the tip of the iceberg…

The disadvantages of passwords

In our report, The End of the Password, we found that the average American abandons 16 online purchases every year! Why?

Passwords aren’t user friendly

To try and make passwords more secure, consumers are asked to make them more complex, by using numbers, uppercase letters, lowercase letters and special characters. This makes them hard to remember. And if people can’t remember them, they write them down or use the same password on multiple websites…which makes them less secure.

Passwords aren’t secure

Passwords can be shared, guessed or stolen, which means they aren’t secure. Over 50% of young people admit that they share their log-in details with friends, and 59% of respondents admitted to reusing the same passwords across multiple sites.

Balancing security and usability is difficult: a memorable password is insecure, but a secure password is hard to remember. So, what’s the alternative?

Passwords vs face authentication

Face biometrics enable organizations to balance security with an effortless user experience. iProov’s face biometric technology is extremely simple for the individual to use while offering the highest levels of security to protect governments, enterprises and individuals against fraud.

  • Passwords can be stolen: in the US, 60% of consumers have had to change a password after a data breach. You cannot steal someone’s real face. You can try and use a copy of someone’s face using a photograph or mask or deepfake, but iProov’s Genuine Presence Assurance has been built to detect imposters and spoof attacks.
  • Passwords can be shared: sharing passwords is very easy to do, whereas you can’t share someone’s real face.
  • Passwords can be guessed: while passwords are at risk from brute force attacks and social engineering, simply guessing is often effective too—no wonder, when “123456” was the most popular password of 2020!
  • Passwords are hard to remember: the common wisdom is to have a different, unique password for each account. But this quickly becomes a problem when you have multiple accounts and too many combinations to remember. Secure online face verification means one password—your face—that’ll you’ll never forget.
  • Passwords cause frustration: password frustration leads to lost sales and exclusion from online services. iProov’s face verification is effortless, providing inclusivity, customer satisfaction and maximum completion rates.

The forgotten password solution: Face biometrics from iProov

iProov provides two technologies to enable organizations to onboard and authenticate customers.

  • Genuine Presence Assurance ensures that a customer or citizen is the right person, a real person and that they are authenticating right now. It protects against sophisticated criminal attacks and allows our customers—such as the NHS, Rabobank and the US Department of Homeland Security—to onboard and authenticate users remotely.
  • Liveness Assurance provides organizations with the ability to authenticate customers in lower-risk scenarios, making it ideal for frequent online authentications when the threat of attack is low.

For more information on how iProov can provide your organization with secure online facial verification for remote authentication and onboarding, please email us at contact@iproov.com or fill in our demo form here.

Alternatively, if you’d like more stats and information on the limitations of passwords, download our report The End of the Password here.

Back to Resources

Iproover 3 |

Meet the team: the iProover with a seat at the FIDO table

29 April 2021

From implementing tech policy at one of the largest American tech companies, to fighting identity fraud at iProov; the young Canadian who read TechCrunch every night is now sitting at the FIDO Alliance table. Anthony Lam, Senior Product Manager at iProov, has always been passionate about tech policy and he’s bringing that passion to iProov. Anthony is now representing cloud-based face verification and working with the leaders in the identity space: FIDO Alliance

How would you describe your journey to iProov?

I’ve always been a geek about technology. I used to read up on the latest technology blogs and TechCrunch was my most visited website in one year. During university, an incredible role opened up in the policy team at a big American tech company. So I applied, I got accepted, and I just absolutely fell in love with the world of tech policy. I realized tech policy was always behind technology. Technology always comes first, but tech policy cares about the people. Tech policy is the one that regulates and says, no, you can’t do this to citizens, you can’t take all their data and sell it. Tech policy brings ethics to innovation. A few months into the job I realized I knew nothing about technology but wanted to be in a tech role. When I looked at the roles that were available to somebody who didn’t have a tech background, Product seemed to be a great fit. It was sort of a sweet spot between the commercial, the technical and also the policy.

I moved from Canada to London during Brexit, so I was used to working in EU policy and I was quite familiar with the EU world. When Brexit happened, there was an opportunity for the UK to redefine a lot of their terms, renegotiate some of their contracts and their digital portfolio. I noticed cybersecurity, and biometrics specifically, was a space that was very lowly regulated. This was exciting for me and I wanted to get in on it. So I started writing about cybersecurity and that’s when I came across iProov.

What attracted you to iProov?

During Brexit there was a lot happening in tech legislation and internet safety. Then when the coronavirus pandemic hit in March 2020 a lot of companies were also moving remote and the concept of identity fraud was picking up. As mentioned, I love to read up on cybersecurity and I came across a video interview in Startup London, where the CEO of iProov was being interviewed and I fell in love with his passion for making the internet a safer place. And so I Googled roles at iProov and saw a Product Manager role had opened up and I was like, oh, hell yeah!

Nearly a year has passed since I joined the Product team at iProov and I’m in a company where it’s all happening. We’re leaders in a space that people don’t know a lot about. There’s a chance to educate and inform people. From the policy side, we get to establish what that protection looks like. We’re protecting people from being defrauded and hacked. The work we do at iProov is to make the Internet a safer place – that’s our company mission. We’re very driven by that mission and our work with FIDO stems from that.

Tell us a bit about your work with FIDO Alliance!

FIDO Alliance is an industry association focused on authentication standards and helping to reduce the world’s over-reliance on passwords. They’re leaders in the identity space. We joined the FIDO Alliance to help drive some of the standards they were trying to modernize around biometrics – specifically in face verification, where we’re leading the field. 

We have nearly a decade of experience under our belt in fighting identity fraud, by using image verification for the face. We’re working with some of the most demanding organizations in the world – the Australian government, the UK Home Office, the NHS, the US Department of Homeland Security and the Singapore and Estonian governments. That experience is proving useful in our work with FIDO. 

How is iProov working with FIDO Alliance on establishing standards in the industry, specifically face verification?

Upon joining, we took a leadership position in their working group dedicated to face verification – which is a subgroup of the overarching identity and verification working group. One of the benefits of being a company that produces face verification products is that we work with the latest technologies. So not only are we using the latest models and latest machine learning capabilities, we are also identifying the latest attack vectors that hackers across the world are using to break verification systems. So we’re bringing this expertise to the table when we’re helping to build standards. We’re focused on making sure these standards are modern and they take into account the things that would become fundamental tomorrow or in the future.

Speaking of the future of face biometric policy, what excites you about the future of iProov?

I mentioned at the start that I am in the sweet spot in the company – that also comes with a really big NDA!

Thanks, Anthony! To keep up to date on the iProov news Anthony can’t share yet, stay tuned to our blog and follow us on social LinkedIn and Twitter.

And meet more of the iProov team below!

Back to Resources

G-Cloud provider iProov, supplier of biometric authentication, face verification, digital onboarding, and digital identity for g cloud

iProov Brings Biometric Technology to Government with G-Cloud Supplier Status

28 April 2021

iProov, the world-leader in cloud-based biometric face authentication, is one of the companies that has been awarded G-Cloud Supplier Status by the UK’s Crown Commercial Service (CCS).

The G-Cloud framework enables public sector departments and organizations to source cloud technology services easily and securely.

iProov’s inclusion in the marketplace further solidifies our position as the leading supplier of online biometric authentication, facial verification, and digital onboarding services to the government and public sector.

What is the G-Cloud framework?

The UK government’s G-Cloud initiative has been active since 2012 as part of the wider “Cloud First” policy. It was created so that public sector bodies could access cloud computing technology while shortening the procurement process.

The G-Cloud framework governs the relationship between cloud suppliers and the Crown Commercial Service. The Digital Marketplace acts as an online catalog of the suppliers that have been approved. Government employees can search through the marketplace for trusted providers, and teams can be sure that suppliers listed on the G-Cloud meet UK Government standards.

Being approved on G-Cloud requires a stringent submission process and only certain companies are allowed to appear on the marketplace. Just 5000 suppliers made it into this year’s G-Cloud framework.

The government releases a new version of the G-Cloud framework around every 9 months. More than £7 billion worth of cloud services have been purchased using the G-Cloud framework since its inception.

What does iProov bring to G-Cloud? Biometric authentication, face verification, and support for digital identity

iProov can be found on G-Cloud for a number of services. These include:

  • Digital identity on G-Cloud: Government departments need to be able to verify the identity of citizens online, so that secure, effortless access can be provided to digital government services. iProov’s face biometric verification enables public sector agencies to deliver access to online services securely and inclusively.
  • Biometric authentication on G-Cloud: iProov’s remote biometric authentication provides a highly secure yet effortless way for governments to verify a citizen’s identity online. The governments of Singapore and Australia are using iProov to verify user identity online, helping to minimize the frustrations of passwords and one-time passcodes (OTPs).
  • Face verification on G-Cloud: Face verification is often confused with face recognition, when the two are actually very different. With face verification, a user knows the process is happening, they collaborate with it, and there is a direct benefit to them – read more about the differences between face verification and face recognition. iProov’s face verification enables citizens to onboard and authenticate themselves in a way that protects user privacy, thanks to iProov’s privacy firewall and compliance with GDPR laws.
  • Digital onboarding on G-Cloud: Processes such as creating accounts for access to health services or applying for visas online require users to prove their identity at the point of onboarding. Thanks to iProov’s Genuine Presence Assurance, governments can onboard citizens with the highest level of security.

iProov’s inclusion in the framework further builds on our position as a trusted service provider to public sectors and governments. We work closely with governments and public sectors across the world, including the Australian government, the US Department of Homeland Security, and GovTech Singapore. Genuine Presence Assurance is trusted by government and public sector organizations because it provides the utmost security, without compromising user experience or inclusivity.

G-Cloud also reflects continued support from the UK government; we have been working with the UK Home Office since November 2019, working with Worldreach Software to support the EU Settlement Scheme.

iProov products you can find on G-Cloud

This is the third year iProov has been included on the G-Cloud Digital Marketplace – we have been a verified supplier on both G-Cloud 10 and 11, offering cloud technology services to the UK public sector for several years. We have four products currently listed on G-Cloud:

  • Face Verifier
  • Enroller
  • Palm Verifier
  • Basic Face Verifier

Find an in-depth focus on iProov products here. iProov can be found on the G-Cloud digital marketplace under the following categories: Application Security, Information and Communications Technology, Operations Management, and Software Development Tools.

We look forward to working with customers in the UK government and public sector, both old and new!

Back to Resources

iProov Roberto Torres

Meet the team: from web marketing in Peru’s rainforest to engineering at iProov

31 March 2021

This month we introduce you to Roberto Torres, Senior Front End Software Engineer at iProov. As the title suggests, Roberto has a very interesting resume. He has a rich history of traveling, a Master’s Degree in Web Marketing, and now plays a key role in iProov’s software engineering team. 

Tell us about your journey to iProov, Roberto!

I’m originally from Peru and had intended to follow a career in software engineering. However, it was working with graphics that initially appealed more to me.  At university, during the early 2000s, I formed a group with some friends to work on sound and computer graphics. We did well and managed to present our work in a few festivals. I realized, however, that there wasn’t a market to make a living from it. So I found a job in the tourism industry, and I liked that a lot. I worked for a company based in Peru’s Tambopata National Reserve. There I worked on system development and web marketing—basically trying to increase online sales and managing bookings.

I love to travel and after some time in the rainforest, in 2008, I decided to go for an internship at a large consultancy firm in India. Whilst I was in India I quickly learned that everyone at my firm loved the UK and it was seen as a big leap in your career to work there. Unfortunately for me, my internship was during the financial crash of 2008so when it ended I had no choice but to head back home to South America, where I continued as a freelancer in web development and web marketing. 

After saving some money, I came to London in 2011 to study a Masters in Web Marketing. I was then offered a job as a software developer in a large consulting firm which I did for 5 years, before then moving to a smaller consulting firm because I wanted to work in a more dynamic and agile team. I was there for 1.5 years… and then I discovered iProov!

What attracted you to iProov?

iProov is big on data science and machine learning, and this was appealing to me. After having worked in a consultancy firm for a long time, I definitely wanted to be in a company that owns a product. I didn’t want to work with a client in a different part of the country for a couple of months, and then move onto a different client and their technology the next month. I had a hunger to learn and be in a focused, driven environment. I love to be able to finish a project and see it deployed out to the market, working and generating revenue. It is definitely more intense, but it is interesting and that’s more rewarding. 

How would you describe the culture at iProov?

We’re growing very quickly and organically. Everyone is driven and focused on the end goal. People are very receptive to new ideas and we all trust each other. I like to work with the research team and also with customersI shared this with my manager who made it possible for me. It’s nice having that flexibility and freedom to ask and to be heard.

You are currently expanding your team. What 3 qualities does someone need to work at iProov?

Adaptive, proactive and collaborative. We are growing very quickly so it’s important to be adaptive. Working at iProov requires flexibility so we can respond. That is how we work best. It is important to be proactive in your learning. You need to know the best practices in coding and architecture and keep an eye on new technologies. Collaboration is also important at iProov, because we work closely with different teams on projects and we help each other to make our application more robust.

Find out more about our vacancies here. Stay tuned to LinkedIn and Twitter to hear about new job opportunities.

And meet more of the iProov team below!

Back to Resources

iProov wins the Cyber Security Excellence Biometric Solution awards 2021 image

iProov Takes Home Gold in Three Cybersecurity Excellence Awards: Government, Financial Services, and Identity Proofing & Corroboration

23 March 2021

iProov won three gold awards at the Cybersecurity Excellence Awards, picking up accolades for the best industry solution in the Financial Services, Government, and Identity Proofing & Corroboration sectors.

These wins provide further validation both of iProov’s growth and the value of its mission: to bring trust to the internet. As recognized by the Cybersecurity Excellence Awards, iProov had a stellar 2020—we announced a number of new customers, delivering security and trust particularly to government and financial services organizations. For example:

With iProov, Singapore residents can now securely access government services using biometric face verification. Residents can complete a range of tasks, such as filing tax returns, accessing over 500 different services.

In 2020 the US Department of Homeland Security announced it was moving into pilot phase on a project to enable border crossings to be streamlined while also maintaining a high degree of security and identity status.

iProov announced in June 2020 that we would be providing biometric face verification technology to Knab, the Dutch challenger bank. This means that customers who want to authenticate sensitive transactions online can now do so safely and securely.

You can read more about how we serve financial services here, how we work with governments here, and find a full list of iProov case studies here.

 

What are the Cybersecurity Excellence Awards?

The Cybersecurity Excellence Awards seek to recognize companies that display excellence, innovation, and leadership in digital security. 

The awards are run by Cybersecurity Insiders, an organization followed by over 400,000 infosec members and cybersecurity professionals online. The awards have a global scope, honoring the top companies and solutions in cybersecurity across the world. These awards are selected through the strength of each nomination and by public popular vote.

This was the 6th annual installment of the Cybersecurity Excellence Awards.

If your organization requires world-leading biometric technology for onboarding and authenticating remote customers, iProov can help. Book a demo today. Alternatively, here are two pieces of content we think you’ll enjoy:

Back to Resources

Deepfakes of the dead: image representing AI-generated woman security fraud attempt, being scanned, deepfake technology

Deepfakes of the Dead: Could They Be a Threat to the Financial Services Sector?

18 March 2021

The BBC recently reported on a new technology that is raising the dead.

OK, maybe not literally. But, using deepfake technology, a company called MyHeritage allows visitors to upload a photograph of deceased family members, which can then be animated into video. 

The company says that it’s intended “for nostalgic use…to bring beloved ancestors back to life”. But once again, it reminds us that deepfakes can pose a threat to society, governments, and enterprises.

How could deepfakes of the dead be used for fraud in financial services?

Deepfakes are videos or images created using AI-powered software to show people saying and doing things that they didn’t say or do. They have been used for pranks and entertainment, but also for more malicious purposes. The number of deepfake videos posted online is more than doubling year-on-year. 

This is why iProov Genuine Presence Assurance is so important. iProov verifies that a user is the right person, a real person, and that they are authenticating right now. This unique capability enables organizations to authenticate customers using face verification while protecting against the use of deepfakes and other synthetic media.

Let’s take a quick look at the ways that deepfake technology could be used by fraudsters to commit financial crime: 

Ghost Fraud

Ghost fraud refers to the process of using the data of a deceased person to impersonate them for financial gain. Ghost fraudsters can use a stolen identity of an individual to access online services, savings, and credit scores, along with applying for cards, loans, or benefits. Using deepfakes of the dead, criminals could make ghost fraud far more convincing. 

New Account Fraud

New account fraud, also known as application fraud, is when fraudsters use fake or stolen identities specifically to open bank accounts. Fraudsters can max out credit limits under the account name or take out loans that are never paid back. New account fraud is growing, accounting for $3.4 billion losses, and deepfakes of the dead could be used by fraudsters in their crimes.

Synthetic Identity Fraud

Synthetic identity fraud is a sophisticated and hard-to-spot form of online fraud. Fraudsters create identities using information from multiple people. Instead of stealing one identity—such as a recently deceased person’s name, address, and social security number—synthetic fraudsters use a blend of fake, real, and stolen information to create a “person” who doesn’t exist.

Fraudsters use synthetic identities to apply for credit/debit cards or complete other transactions that help build a credit score for non-existent customers. A deepfake of a deceased person could be used to bolster a synthetic identity.

Annuity/Pension/Life Insurance/Benefit Fraud

Another potential use of deepfakes of the dead is in annuity/pension, insurance, or benefit fraud. A deceased person could continue to claim a pension for years, whether by a professional fraudster or a family member. Genuine Presence Assurance from iProov can provide insurers and governments with the proof-of-life assurance that is needed to avoid such fraud. 

Financial crime is estimated to cost around $1.4 to $3.5 trillion in the US annually. Crucially, Mckinsey found that forms of synthetic identity fraud are the fastest-growing types of financial crime. And this was before Covid-19, when the use of digital channels to complete everyday tasks increased. 

What is deepfake technology? How does it work, exactly?

Deepfake technology is, ultimately, a form of synthetic media. It’s powered by artificial intelligence and deep learning. AI neural networks are trained on a dataset of images and video, learning to generate a person’s likeness onto another. The more data it has, the more accurately it can generate a likeness, match mannerisms and expressions, and the more realistic the fake videos can be.

Deepfakes have been garnering increased attention in the public eye. You may have seen fake videos of celebrities circulating social media without even realizing it. Think back to the Zuckerberg video of 2019, which was followed closely by Facebook’s sitewide ban of synthetic video in January 2020. More recently, a computer-generated video of Tom Cruise on TikTok went viral across the web. There was also Channel 4’s infamous deepfake of the Queen, who delivered an alternative Christmas message in the UK. 

Deepfake regulation

But what about regulation and legislation? There must be some restrictions, right?

Well, not quite. Regulations are coming. The US government approved a bill in November last year, ordering further research into deepfakes. The UK government is currently evaluating legislation to ban non-consensual deepfake videos. 

Why should you be worried about deepfakes?

Enterprises and governments need to protect their citizens and customers. Consumers are already concerned about deepfakes. We found in our report, The Threat of Deepfakes, that:

  • 75% of consumers are more likely to use online services that protect them from deepfakes 
  • 85% believe that deepfakes will make it harder to trust online services 

The use of deepfakes is growing, as is synthetic identity fraud. Retail banking, regulated insurance, and payment gateway providers are key targets for deepfake crime. 

How to detect deepfakes

Many deepfake videos are low quality. At the same time, there are ways of spotting if a video is likely to be a deepfake—changes in eye color, inconsistencies around the hairline, and other visual strangeness. However, don’t be misled: deepfake technology is becoming more and more sophisticated. Deepfakes that can’t be detected with the human eye are already out there. 

So, what’s the answer? Where does biometrics come in?

iProov’s Genuine Presence Assurance technology protects organizations and users against the threat of deepfake fraud. Our patented solution uses a series of colors in light to verify that a person is the right person, a real person, authenticating right now. This means that banks, governments and other organizations can use face biometric authentication to securely verify the identity of users.

Find out more: The Deepfake Threat

Book your iProov demo or contact us.

Back to Resources

iProov wins the Globee Best Biometric Solution Award 2021 image

iProov wins Best Biometric Solution at 2021 Cyber Security Global Excellence Awards

11 March 2021

iProov has been crowned the Gold Winner of Best Biometric Solution at the 2021 Cyber Security Global Excellence Awards. We won the award for our patented Genuine Presence Assurance technology, which enables organizations to onboard and authenticate customers securely and effortlessly. 

2020 proved that online identity verification is a necessity in our digital-first world. And so, iProov rose to the challenge: last year, the number of people authenticating with iProov grew by over 549%

We were recognized for our role in providing services for organizations such as the U.S. Department of Homeland Security, the UK Home Office, GovTech Singapore, and the UK National Health Service (NHS).

iProov replaces the need for an in-person identity check, enhancing security and convenience. Our technology defends against a wide range of biometric attack vectors, from presentation attacks (the use of photographs, masks, or replayed video presented to the device to spoof the system) to more sophisticated and highly scalable threats (like digital injection attacks using replayed or synthetic video, including deepfakes).

What are the Cyber Security Global Excellence Awards?

The Cyber Security Global Excellence Awards are run by the Globee Business Awards to promote outstanding achievement in digital security and information technology across the world. In the Biometric Solution category, the judges search particularly for advanced and ground-breaking products that are setting new standards in biometric technology. 

This was the 17th annual installment of the Cyber Security Global Excellence Awards, and iProov’s first time winning (but surely not the last!)

Want to know more about how your organization could benefit from iProov’s face verification technology? Book a demo today. Alternatively, here are two pieces of content we think you’ll enjoy:

  • Hear our Chief Technology Officer, Dominic Forrest, talk about how our global active threat management system, iSOC, works.
  • Our predictions for the future of biometrics…what can we expect in 2021?

Back to Resources

iProov International Women's Day

International Women’s Day – The Women Powering iProov

8 March 2021

It’s International Women’s Day and we decided to celebrate by hearing from some of the  talented women that work here at iProov. We asked them two questions:

  1. What’s your favourite thing about working in the technology industry?
  2. What advice would you give to young women starting out in their career? 

 

1: What’s your favourite thing about working in the technology industry?

Sital: The technology industry is incredibly fast-paced. At iProov we’re on the bleeding edge of technology innovation – what we’re doing has a material impact on keeping my friends and family safe online. We make something incredibly powerful and sophisticated easy to use for those that aren’t so tech-savvy. It also means that I get to work with incredibly talented people in domains I never knew existed.

Susannah: I’m exposed to job functions that I wouldn’t usually come across in my day to day life. I love being surrounded by innovation and intelligence which fuels my creativity as a marketer.

Freya: There is an amazing community of technology professionals. Though women aren’t equally represented (yet) in all areas of tech, the strength of them is mighty. They’re always willing to share their stories, experiences, and insights to help others. 

Bilyana: The technology industry is focused on breaking new ground and it’s the place where new inventive ideas and things are created. It’s exciting working in an environment full of variety, challenge, growth and advancement. 

Lynne: Technology underpins so much of what we do in the world. Being part of something meaningful and that can have a material impact on everyone’s daily lives is hugely exciting.

Martina: Every day is a new challenge and a good opportunity to learn something new. It’s great to work in such an innovative and fast-paced environment where everyone supports each other to solve problems and achieve goals.

Reena: It’s the way forwards. To know that I am a part of this fast paced and innovative industry excites me and makes me even more passionate about my contributions and the value my role adds.

Mirielle: No two days are the same. There’s always new technology and innovations around the corner that fuel my ideas. It’s great being on a journey where you are contributing to making a difference on how people interact with technology in their everyday lives.

Sarah: The technology industry is full of very bright people, which means that you’re challenged (in a positive way) every single day. 

Trupti: I’m the only person in tech and science from my banking family. I enjoy working in tech as well as teaching. My interest began in tech and teaching more when I trained visually impaired students with customised ORCA in 2009. Working in tech is making someone’s life better with innovation. I like attending meetups and I was an active volunteer for PyLadies Mumbai and Drupal meetups. Lockdown did not stop me – I organised and conducted the first online PyLadies meetup in March 2020. I always keep myself updated in tech by reading, listening to healthy debates and keeping myself open to learning from everyone around me.

Aarti: Technology is one of the very few industries that shifts the way the world lives and people behave. Technology work environments are often cradles for new concepts to take shape. It touches many other sectors. You can work in technology and play a part in healthcare or agriculture or entertainment! The variety, constant evolution and an opportunity to leave a good legacy behind are some of the reasons why I love working in tech!

 

2: What advice would you give to a young woman starting out their career today?

Sital: Do something that you enjoy and plays to your skills, as career choices today are much wider and varied. Don’t be afraid to ask questions and don’t doubt your capabilities.

Susannah: Believe in yourself and your capabilities. Trust your instincts and use your voice. There’s a place for you at the table – take a seat and join us! 

Freya: Take your time and trust yourself. You absolutely don’t have to know what you want to do or feel like you’re behind because you’re not an expert by age 25. And don’t be afraid to ask questions (yes, even the ones that you feel stupid asking); you’re learning, it’s allowed.

Bilyana: Try to learn as much as you can, don’t be shy to ask questions and show confidence in your work. Life is full of obstacles that you will overcome but also with opportunities to be taken. 

Lynne: Learn as much as you can about whatever type of work you choose to do. Look for inspiring people and learn from them. Be curious, interested and passionate and be prepared to get things wrong and learn from your mistakes. 

Martina: Don’t be shy! Express yourself. A positive and passionate mindset is the key to success.

Reena: Don’t let anyone hold you back. You can do and be whatever you want. Believe in yourself, set realistic goals, network with others, ask questions, learn from your mistakes and those of others. Write down your strengths and achievements in a book and keep adding to this over the years. If you ever find yourself doubting yourself or just feel like it’s becoming too much to handle, go back to that book and remind yourself of what you have achieved and your success so far. Keep going.

Mirielle: Determination to succeed. Don’t be afraid to share your ideas no matter how insignificant you think they are. Work with your colleagues to build on those ideas and create something amazing!

Sarah: There’s a famous quotation – “Whether you think you can or can’t, you’re right” – so be courageous and believe in yourself. And always work for a good boss. 

Trupti: Just be yourself, enjoy your work and never compare.

Aarti:  Adapt, pivot, learn, grow!  There is no such thing as “career for life”.  Don’t be afraid to change career tracks. Never second guess yourself!  Trust your instincts and follow your vision 🙂

Hear more from the women powering iProov: 

Back to Resources

Data Privacy Day

Data Privacy Day: How does iProov assure data privacy?

28 January 2021

Vaccine passports: are you for or against?

Some people love the idea of a vaccine certificate enabling them to travel, go to sports or music events or resume other activities post-COVID.

For others, it brings too many political, legal, social and cultural concerns. Can my employer insist that I have the vaccine? Can airlines refuse me a ticket if I don’t have one? Why should I be turned away from events when I have no control over when I get the vaccine?

Vaccine passports and data privacy

Data privacy, however, is one concern that iProov can address. We’ve been working with our partner, Mvine, on a digital vaccine certificate that puts the user’s data privacy front and center. Data privacy is a growing concern among consumers; in a survey we ran last week, 96% of respondents said that they care about their data privacy. 73% said “I care a lot”, with 25% saying that they cared but feared that they don’t have much control over it. Only 2% said they didn’t care at all.

How does the Mvine-iProov vaccine certificate work?

The trial project of the Mvine-iProov passport is intended to enable the creation of an anonymous vaccination certificate. This would take place when an individual is vaccinated by a medical professional. The certificate would then be authenticated whenever that person needed to prove that they had been vaccinated.

Imagine you’re going for your vaccine. The medical professional administering your vaccination would create the online certificate using a mobile phone or tablet. They would take a picture of your face and add it to the electronic certificate, along with the date of the vaccination. That’s all that’s needed; your face and date. The certificate does not need to include your name, address, SSN or any other identifying information. The medical professional issues you with the digital certificate, using a QR code.

When you then need to present your certificate, you actively choose to show the QR code to the person or system that is asking for it. You then complete a simple face scan using a mobile device or tablet to verify that you are the holder of the certificate. An individual therefore cannot be verified without their knowledge and consent. Only the individual that was vaccinated can use the certificate – it can’t be shared, borrowed or stolen.

The key feature of the design is that apart from the certificate number and a face biometric, no other identity information is required or stored online. It also doesn’t discriminate against people based on the kind of smartphone they own, and there is also a route for people who do not possess smartphones – i.e., a card-based method. It puts privacy and inclusion at its heart.

How does iProov enable data privacy?

So how does iProov protect the user’s face? Surely providing a picture of a face is giving up private data?

iProov’s technology uses a privacy firewall. Even in other situations – for example, where a bank needs to know a customer’s name and address as well as their face – the face is separated from the other data. iProov has no access to the other information apart from the face. The bank has no access to the biometric. There is a structural separation between the user identity and the user biometric, which is highly effective in safeguarding the privacy of the user.

Why use face biometrics at all? Why not use passwords?

Passwords are not secure. 74% of consumers have had to reset a password because of a data breach, which means that three quarters of the population could have had their data compromised. ‘Knowledge-based’ security, like passwords, can be shared, borrowed and stolen and that puts data privacy at risk.

Passwords are also not usable. Adding more complexity to passwords makes them harder to remember, which means people find workarounds – writing them down, or using the same password for everything. This makes them less secure.

iProov face verification solves both of these problems:

  • iProov is secure – a brief face verification confirms that a user is the right person, a real person (and not a photograph or mask) and that they are authenticating right now. We offer both Genuine Presence Assurance and Liveness Assurance, allowing users to authenticate in a way that is fitting to the situation.
  • iProov is effortless to use – the user simply holds the device to their face for a few seconds for authentication to take place. This makes it inclusive to all, from ages 16 to 106, on any smartphone, tablet or computer.

Face + Fact: the future of digital identity?

The vaccine certificate concept described above can be extended to numerous other use cases. The idea of a digital identity as a virtual dossier containing every single personal or private fact about you is outdated. The future lies in digital identity programs that give consumers more control over their data.

How do US citizens feel about data privacy?

Data from our latest consumer survey, completed in January 2021:

Data privacy graph

Consumer graph on data privacy

Graph on data breaches

Graph on frequency of data breaches

Attitudes to data breaches

Back to Resources

2021: what does the future of biometrics and digital identity hold? Cover image

The Future of Biometrics: Our 2021 Predictions for Digital Identity

15 December 2020

In December 2019, everyone at iProov met in our office and discussed predictions for 2020. We talked about digital transformation, particularly in financial services, government, and health. But nobody predicted a pandemic.

By December 2020—after a year of living, learning, and working online—digital transformation had accelerated beyond all expectations. On what was surely the 10,000th iProov Zoom call of the year, we debated our predictions for 2021 and agreed that it is going to be another big year for digital identity and biometrics.

So, without further ado, here are the topline predictions we think 2021 will bring for the future of biometrics and digital identity…

1: The deepfakes arms race will intensify in 2021

We can expect to see an explosion in the quality and quantity of deepfake usage in 2021. Some of it will be for light-hearted pranking, like Joe Biden turning up to family Zoom calls. Some will be for entertainment—like the makers of South Park are using deepfakes for their weekly online satire show, or creating AI-generated deepfakes from photographs of the dead.

But we’ll also see deepfakes being used for disinformation and fraud. Celebrities, politicians, and experts will be shown saying things that they’ve never said. Armies of ‘fake people’ who look and sound real will share disinformation on an enormous scale online, making people believe that thousands of people hold a contentious opinion, when in fact none of those people even exist.

It has become increasingly simple to create a very high-quality, sophisticated deepfake. What was once a very complicated process, only really possible in Hollywood movie studios is now something that any teenager sitting in their bedroom can execute proficiently. The arms race between misuse of convincing deepfake technology and the technology companies, governments, and businesses that are protecting society and democracy will intensify as a result.

2: Digital onboarding with online biometrics and cloud biometrics will expand to new countries

Within the next 12 months, banking regulators in global territories—including Europe and the far East—will authorize the use of automated biometrics instead of video calling for remote Know Your Customer (KYC) processes. Just as in 2019, when a well-publicized voice fraud scam duped a high-profile CEO, by the end of the year there will have been several criminal money-laundering scandals arising from the use of deepfakes in video calls. Countering this could very well mean that several countries, including the United States, also take concrete steps towards instituting government-backed digital identities. This will be an important step towards enabling financial institutions and government departments to verify identity and mitigate fraud in bank onboarding and government support programs.

3: Social networks will turn their attention to user authenticity

Goodbye, anonymous trolls. To curb abuse and rebuild trust, social media platforms will offer additional capabilities to verify their users. Like the blue checkmark on Twitter, online identities will become easily recognizable as genuine. Currently, this type of confirmation is a manual process reserved for high-profile accounts in the public interest. To automate verification and extend a badge of trust to more users, social media platforms will need to deploy strong, irrefutable authentication that a user is a real human being.

Biometrics offers the effortless usability and accuracy of authentication that will be needed to do this at scale. Informed choice and consent will help to ease privacy concerns and objections.

4: Temporary changes to healthcare will become permanent

Video doctor visits, same-day prescription home deliveries, and online symptom checks are just some of the emergency measures put in place in several countries to provide safe patient access to medical services during the pandemic. Laws were temporarily relaxed to allow for quick innovations that will most likely become a permanent fixture of modern healthcare. But these conveniences cannot become commonplace without putting some additional safety and privacy measures in place. One example is using remote biometric identification to protect patient privacy, verify identity, and prevent abuse of services, such as prescription management.

5: The US will take steps towards instituting government-backed digital identities (both private and public)

One of the reasons that the US is lagging in digitization is that there is no centralized, trustworthy source of online identification. The COVID-19 pandemic has highlighted two significant issues with this: first, the dependence on physical document checks to open bank accounts or access government services, when technology can now verify identity better than humans. Second, the inability to prevent fraud when government support programs are ramped up to cope with crises. Government-backed digital identities will allow banks and other institutions to securely verify the identity of customers and citizens online, giving those individuals access to a broader range of services, while cutting back on the risk of fraud.

6: There will be contactless border crossings on both sides of the Atlantic by 2022

Contactless travel and curb-to-gate self-service will make border crossings safer and faster. The Department of Homeland Security plans to pilot an integrated solution from iProov to enable travelers to quickly transit remote border ports using their personal devices to report their entry and exit to CBP―without requiring the direct engagement of a CBP Officer in person or online―with a secure, privacy-focused mobile application.

In Europe, as part of its railway innovation initiative, Eurostar is planning deployment of iProov biometric technology to authenticate tickets via an optional walk-through biometric facial verification corridor. Transportation experiences that offer contactless checks allow travelers to more easily practice health guidelines to maintain physical distance from others and minimize contact with high-touch surfaces.

7: Biometrics will enable digital novices to connect and authenticate online

The pandemic is pushing everyone online, whether they like it or not. This should be treated as a real opportunity to provide older generations and technology newcomers with access to services that they wouldn’t otherwise have had.

In 2021, this will result in three things:

  • Firstly, the password, which has long been the bane of many people’s online interactions, will be replaced by simpler authentication methods, such as biometrics.
  • Secondly, if progress in this area continues to be made in 2021, it’s possible that worldwide as many as 100 million people over the age of 70 will possess digital IDs, with the concept of the ‘digital power of attorney’ very soon becoming a reality.
  • Thirdly, many of the people using technology for the first time are also often the ones who are most susceptible to online manipulation. Seniors are about five times more likely to report a financial loss due to tech support scams. Creating ways of safeguarding individuals online will move further up the agenda.

8: Online dating will be less risky with biometrics

Matchmaking sites will adopt biometric authentication to make it easier to distinguish deceptive dating practices such as catfishing. More than a quarter of dating website users were duped by fake personas over the past year. With face-to-face interaction greatly diminished in the pandemic, people of all ages are going online, not just to find love but also to socialize and connect with other humans at a safe distance.

Find out more about how iProov is helping customers such as the Singapore Government, the National Health Service, the UK Home Office, Rabobank, Knab Bank, and Eurostar by viewing our case studies.

Back to Resources

Genuine Presence Assurance examples

5 Times the World Needed Genuine Presence Assurance in 2020

2 December 2020

2020 has been an online year: we’ve had to socialize online, work online, learn online, and do our admin, shopping, banking, healthcare and everything else online. It’s not surprising that online crime has also increased.

More than ever before, we need to be able to check that an individual online is who they claim to be. Governments need to check the identity of people applying for support programs, banks need to check the identity of customers who can no longer come into branches, organizations running secure conference calls need to make sure that they’re not being infiltrated by the wrong people.

The answer to all of the above is biometric Genuine Presence Assurance.

We thought we’d share some of the year’s most newsworthy examples of when Genuine Presence Assurance would have been helpful:

1. A 6 year old boy buys £19,000 monster truck on eBay

It’s a big price to pay for leaving your laptop open: Mohammad Faraji ended up with a bill for £19,000 after his six-year-old son bought a monster truck on eBay. Mr Faraji had been using PayPal for years for small payments and was shocked that the huge amount was processed without any security check. Genuine Presence Assurance would have enabled a quick ‘step-up authentication‘ to check that Mr Faraji was indeed the person agreeing to pay £19,000.

Monster Truck eBay

2. Fraudsters steal $58m using video calls and mask, pretending to be French foreign minister

It was audacious but they nearly got away with $58m. A group of fraudsters pretended to be Jean-Yves Le Drian, now French foreign minister but at the time the minister for defense. The criminals targeted 150 people and organizations, requesting funds by phone and video call for secret missions. In the Skype calls, one of the gang wears a custom-made mask of Mr Le Drian in a fake office, complete with flags and a portrait of the French President. Genuine Presence Assurance can verify identity on conference calls, ensuring that sensitive conversations are held in total confidence that the individuals are who they say they are. Secondly, as the name suggests, Genuine Presence Assurance detects that a user is a real human being – it recognizes masks and other presentation attacks, such as photographs.

3. Premiership football club nearly loses £1m on a hacked player transfer

Another example of audacity: the National Cyber Security Centre (NCSC) reported this year that the email address of a Premier League football club’s managing director was hacked during a transfer negotiation. It was only the intervention of the club’s bank that stopped £1m being paid to the criminals. Transfers are often done under intense time pressure – even if you’re not a Premiership football club, time pressure creates a perfect opportunity for criminals to dupe your employees. Genuine Presence Assurance can ensure that only certain individuals can set up new payees or authorize large payments on bank accounts.

Money and Football

4. Elon Musk joins the conference call

Imagine wrapping up a work call and suddenly Elon Musk appears, apologizing for accessing the wrong meeting and complimenting you on your hair. This scenario, demonstrated by the team at Avatarify, went viral earlier this year showing the power of deepfake technology. It might not have been seamless but it demonstrated the potential of being able to take any face and make it say anything. Genuine Presence Assurance has been designed to detect deepfakes and other synthetic media – as deepfakes become more sophisticated, it is becoming impossible for people to tell the difference between real and fake. Only technology will be able to protect against their malicious use on conference calls, or for accessing devices or secure services.

5. Dutch journalist joins security council call

This final example shows what’s at stake with insecure conference calls: a journalist managed to guess his way onto a confidential video conference of EU defense ministers when the Dutch defense minister accidentally posted some of the login details on Twitter. “You know that you have been jumping into a secret conference?” EU foreign policy chief Josep Borrell says. “You know it’s a criminal offence, huh? You’d better sign off quickly before the police arrives.” It’s easy to blame over-enthusiastic tweeting, but the responsibility lies with the people running the conference: if it needs to be secure, Genuine Presence Assurance is the only way to ensure that only the right identifiable and verifiable human beings are joining the call.

How can Genuine Presence Assurance help your organization?

Genuine Presence Assurance verifies that an individual is:

  • The right person
  • A real person
  • Right now

Read our Genuine Presence Assurance case studies, showing how banks, governments, social networks, healthcare providers, travel organizations and more are protecting their customers and organizations from online fraud and other cybercrime.

Back to Resources

iProov quote Ideas Tw v1 Quote 11 |

How many online purchases will be abandoned this Black Friday because of password frustration?

24 November 2020

Earlier this year, iProov published data showing that the average American abandons an online purchase 16 times a year because they can’t remember their password. It’s not much better in the UK; the average Brit abandons 15 purchases a year.

Black Friday graph Chart 1 1 |

Think of all the frustrated customers trying to remember their passwords. Think of the millions of dollars of lost sales. Think of all the marketing budget invested in getting a customer to the point where they’re ready to pay…and then an unnecessarily clunky log-in process that hasn’t changed much in 20 years sends them away. 

How does biometric authentication reduce abandoned purchases?

Biometric authentication provides two things that passwords cannot offer: security and usability. Passwords can be stolen or guessed. Your real face cannot be stolen. Liveness detection enables customers to complete a face scan lasting a few seconds, which confirms that they are the right person (replacing the need for a password) and that they are a real person. 

This means that customers get a simple, convenient, hassle-free way to log into a website within seconds, which prevents abandoned purchases. Retailers, on the other hand, can increase their security against fraud.

Consider the difference between passwords and Liveness Assurance from iProov:

Using passwords:

  • Imagine you are using a password to log in and buy a jumper as a gift for a loved one
  • The website says ‘Sign In! Or choose ‘New Customer!’
  • You immediately start a conversation in your head: Have I used this website before? If I click New Customer and put my email address in it could throw an error that it’s already in use? What to do? I’ll risk it and choose ‘Sign In’.
  • Type in my email address.
  • What’s my password? The password that I was using a lot this time last year was…it could be one of three. I’ll try one of them and see how I get on.
  • ‘Email address or password not recognized.’ Now what? Have I used the wrong email address? Or the wrong password? Do I try the same email with the other two password options? Or do I try another email with the same password? I’ll just click Forgot Password.
  • ‘Please provide your email address and if we recognize it we’ll email you.’ OK. Type in email address. Then go to my email account. Nothing there. Is that because it’s slow? How long should I wait? Or has it gone into spam? Or was the email address wrong?
  • Amazon does jumpers. It’s not the type of jumper my mother asked for or even wears but it’s the thought that counts.

Purchase abandoned.

Using iProov Liveness Assurance:

  • ‘Sign In! Or choose ‘New Customer’!’ I’m fairly sure I have an account with this website. Here’s my email address. Now a quick face scan lasting 3 seconds. It let me in! Great!

Purchase complete.

It’s time to bring authentication into the 21st century. Let’s aim for a Black Friday without the password frustration and abandoned purchases in 2021. Read more about passwordless authentication from iProov.

 

Back to Resources

Andrew Bud

“Scratch me, I’m an engineer” – an interview with Andrew Bud

19 November 2020

iProov CEO, Andrew Bud, talks to the Mobile Ecosystem Forum about his career – from engineering a faster chocolate Flake machine to creating iProov and Genuine Presence Assurance.

Watch the interview with Andrew Bud

Back to Resources

iProov GovTech

Singapore GovTech shares face verification insights on iProov webinar

10 November 2020

A big thank you to everyone who joined our webinar on Face the Challenge: Singapore’s Solution to Digital ID Verification.

We were honored to have Quek Sin Kwok, Senior Director of National Digital Identity at the Government Technology Agency of Singapore (GovTech), as our guest on the panel.

He was joined by iProov’s founder and CEO, Andrew Bud, and by Dr Foong Wai Keong from systems integrator, Toppan Ecquaria.

The webinar kicked off with a presentation from Dominic Foon at GovTech. He talked about Singapore’s Smart Nation initiative and the role that national digital identity plays in growing the economy. He also provided an overview of the SingPass platform, which is used by 4 million Singapore residents to transact with over 400 digital services.

Dominic also explained the importance of GovTech’s biometrics-as-a-service platform. This enables private enterprises to take advantage of the government’s National Digital Identity (NDI) infrastructure, offering simplified face authentication to customers without the business needing to invest in biometric systems. A local bank using the NDI platform has already seen thousands of authentications with a high success rate.

A panel discussion followed the presentation. Some of the points covered on the webinar include:

  • Why facial verification: what are the advantages of face authentication over fingerprints and other biometric identification?
  • How GovTech completed the supplier selection for this pioneering face verification project, testing many global solutions for security before choosing iProov
  • The importance of Genuine Presence Assurance – why GovTech needed the most secure technology available
  • The importance of privacy: how is the biometric data stored?
  • Biometrics-as-a-service: what has been the response from the private sector?
  • Learnings from the project
  • What’s next for SingPass?

You can watch the on-demand webinar here.

Find out more about how iProov supports government national identity programs.
To hear about future iProov webinars, please follow us on Twitter or LinkedIn.

Back to Resources

US consumers reset password

How does Genuine Presence Assurance help with data breaches?

23 October 2020

Barnes & Noble, the US bookseller, has become the latest brand to notify its customers about a data breach.

Customer email addresses, billing and shipping addresses, telephone numbers, and order histories may have been exposed during the breach. 

But does anybody care? Does ‘data breach fatigue’ mean that most people take little to no notice of such occurrences? When iProov completed a consumer survey earlier this year, it showed that 39% of UK consumers and 36% of Americans who had experienced a data breach have now taken the attitude to “just put up with it” when it happens. 10% and 12% respectively went even further and said the breaches “don’t bother me”. 

Why is this? Is our assumption that nothing really bad can happen – the database was stolen, criminals might now know our names, addresses, email addresses and what books we bought. It’s a retailer. As long as my bank account is secure, I’m OK – right?

Wrong. It doesn’t matter if a criminal steals your email address from your bank or from the tiny website that you used once to buy a Hallowe’en outfit for a pet dog – an email address is an email address and chances are that you’ve used it elsewhere. If criminals can break into enough weak databases, they can acquire pots of data that can be pooled. That pooled data can then provide enough information on you to give your own mother a run for her money.

iProov does two things to limit the impact of data breaches.

1) We ensure that stolen data cannot be used to create bank accounts or apply for credit cards.

Stolen data is always a means to an end, whether that’s money laundering, theft, or malicious intent. Money laundering relies on being able to open bank accounts using stolen identities or fake names.

>But criminals cannot steal your physical face. Genuine Presence Assurance from iProov is used by banks and other enterprises to make sure that online accounts can only be opened by a live human being, whose face matches the image held in a trusted identity document and who is genuinely present at that very moment to complete the authentication. If banks are using Genuine Presence Assurance, stolen identity data cannot be used.

2) We ensure that ongoing authentication is secure.

If a criminal attempts to take over a consumer’s existing account using stolen data – a bank account, an Ebay or other retail account, or any kind of account – they can’t do it if the business or service in question insists on an iProov verification for sensitive or flagged transactions. Again – the criminal can’t steal a physical face, so iProov stops them from taking over the account and doing any damage.

“Data breach fatigue is a worrying trend, because as consumers are losing interest in data theft, criminals are getting better and better at it,” says Andrew Bud, CEO of iProov. “The implications of breaches are severe: global crime is being facilitated through money laundering, while consumers, businesses and governments are losing millions of dollars through fraud due to identity theft every year. We need to stop seeing it as an occupational hazard of living and working online.”

“With Genuine Presence Assurance, banks, governments, healthcare providers and other organizations can protect themselves and their customers against fraud, while also playing their part in preventing money laundering and other organized crime.”

Statistics from our survey on data breach fatigue

60% of consumers have had to change a password after a breach

US consumers reset password UK consumers reset password

37% of those have had it happen 3 times or more

US Consumer reset password more than 3 times  UK Consumer reset password more than 3 times

51% get annoyed about it but 37% say they ‘just put up with it’ and 11% say it doesn’t bother them

US consumer annoyed password change  UK consumers annoyed password reset

36% have had to cancel a debit/credit card because of a breach.

US consumer cancel credit card due to security data breach  UK consumer cancel credit card due to security data breach

Back to Resources

safeguarding social network

How can social networks safeguard users with biometric authentication?

8 October 2020

Trolling is a growing issue for social networks, forums, news sites, and any online site where someone can anonymously comment without any real repercussions. 71% of people don’t feel like social platforms are doing enough to fight the problem of virtual harassment.

Social networking sites like Facebook and Twitter are working to reduce trolling. When fake or abusive accounts get reported, what efforts do they actually make to ensure the troll doesn’t just set up another account under an anonymous or fake alias? Twitter recently banned high profile celebrities for their abusive tweets, such as Katie Hopkins and Wiley for breaking the conduct rules. But how can they prevent future abuse?

In a recent interview with the i, iProov CEO Andrew Bud, CBE said: “The scope for minor key forms of terror that can be injected into social networks if you don’t have good accountability of people’s behaviour is huge, and face verification is the way in which you can identify and stop trolls. iProov has the capability to do that on a very large scale, very reliably.”

At iProov, our mission is to make the internet a safer place, by building trust online with our biometric authentication technology. There is great potential for the introduction of biometrics to verify users on social platforms and safeguard communities from abusive behaviour. In early July we helped launch the first use of biometric safeguarding with an intergenerational mentoring platform, bloomd. The launch of the platform, originally planned for later this year, was brought forward to help support those impacted by loneliness or isolation during the pandemic.

bloomd uses biometric authentication as a ‘virtual doorperson’ so that anyone who violates the code of conduct will be banned, even if they attempt to sign up with a different name or email address. Not only does this safeguard the users within the community, but it will hold people accountable to misuse or trolling.

By integrating iProov’s Genuine Presence Assurance into the registration process, social platforms will ensure that users are real humans and not bots. Our biometric authentication confirms in a short ceremony that the user is the right person, a real person, and authenticating right now. The one-time biometric prevents account takeover from cyber criminals. iProov provides a secure way of preventing trolls from signing up under a different name to continue their abusive behaviour, as their iProov authentication will confirm if they have been banned previously.

So how long will it take for more social networks to protect their users from trolls and fake news? We hope platforms like bloomd will set a precedent for change. To find out more about how bloomd works, watch the webcast here.

Read more on how iProov can be used for safeguarding here.

Back to Resources

Mvine digital passport

iProov and Mvine: delivering the first Covid-19 antibody test status digital passport

5 October 2020

After winning an Innovate UK competition to build a technology solution to help manage the COVID crisis, Mvine and iProov worked tirelessly to be the first to deliver a working prototype.

iProov’s SVP Revenue, Luke Moore, spoke with Mvine’s Director of Communications, Joseph Spear to find out more. First, we asked Joseph about Mvine’s unique background and how they got to where they are today. We delve into exactly what is included in the antibody test status digital passport and how it will work for users. And finally, how Mvine and iProov collaborated to ensure the project was delivered on time, in just two months, and to budget, with the help of the customer success team at iProov.

Watch the webcast below, and to learn more, contact contact@iproov.com.

Back to Resources

National Techie Day at iProov

National Techie Day: iProov celebrates the brains behind the biometrics

3 October 2020

At iProov, we love to celebrate our iProovers and recognise their career achievements. You may have seen our previous blog posts about our Women in STEM and also empowering our iProovers on International Women’s Day. We celebrate talent and diversity at iProov, so National Techie Day is another opportunity to showcase our technology brilliance! National Techies Day is a day recognised to encourage students to pursue a career in technology. We chatted with Senior Software Developer, Evgeny Kazanov, to hear his journey into technology from Visaginas, Lithuania to London, UK and what advice he would give the younger generation looking to pursue a career in tech. 

Can you tell us about your early career and what you wanted to be when you grew up?

When I was a young child, my dream was to be a pilot, however my eyes aren’t so great!

Growing up, we didn’t have computers, so technical roles were very different to what they are today. I always enjoyed fixing things, and I think that’s where my interest in engineering came from. Finding broken or old items and fixing the electronics was a hobby of mine.

My first role after university was at a Nuclear Power Plant as a control and instrumentation technician. Over time I worked my way up to be a team supervisor, then as a C&I engineer, which is a control instrumentation engineer. Through my 20 years working there I also worked in the International Projects Department which was exciting. Throughout my life I have always enjoyed DIY projects and so engineering was a natural path for me.

When did you join iProov and what has your journey been like?

I joined in 2015 at a really exciting time. There were just a few developers and we were in a small office in London Waterloo. We are always working on big challenges that are interesting to solve. Although the tech teams have grown in those 5 years, the passion for solving big challenges hasn’t changed. We are still as hungry for innovation as we were at the start of iProov. I am very excited for the future of iProov.

What advice would you give to anyone considering a career in tech?

If you’re interested in innovation, with a curious mind for new inventions, a career in tech is for you.The technology industry is a forward thinking industry and it is growing rapidly. When joining a tech business, be prepared to adapt to a fast-paced company. At iProov we are always innovating. 

Critical thinking and problem solving are also key skills to have as an engineer. These can be achieved by studying subjects like maths and physics. A strong knowledge in these areas will build a good foundation for anyone looking at software development as a career choice.

If you are interested in joining the tech teams at iProov, take a look at our open roles here or if you want to know more about being an iProover, click here.

Back to Resources

Reducing online fraud in regulated industries

Reducing Online Fraud for Regulated Industries: iProov Talks to Northrow’s CEO Adrian Black

30 September 2020

iProov’s partner, NorthRow recently reached its 10 year anniversary, which is a significant milestone. Congratulations! 

We took the opportunity to speak to NorthRow’s CEO, Adrian Black, to find out more about the history of one of the UK’s leading RegTech firms, understand the services they provide, and more importantly, why the NorthRow-iProov partnership is a powerful combination for remote onboarding.

So Adrian, how did you get into the fraud and compliance industry?

My last corporate job was at the Daily Mail Group. They run a lot of online businesses which means that online fraud has been a continuing problem. At the time of working there, the Metropolitan Police had set up Operation Sterling, which was an anti-fraud initiative. They created industry-specific forums to share intelligence and fight online fraud. For three years I helped establish, and then chaired one of those fraud forums, working with the Police, the Information Commissioner’s Office, and other leading players in online automotive classified advertising. I was keen to get involved and influence the fight against online fraud. 

We developed an active and effective means of intelligence sharing which resulted in blocking fraudulent advertisements with a face value of around £250m in the first few years of operation. This success, in helping tackle automotive classified advertising fraud, led to meetings with other industry sectors and helped me identify an opportunity to tackle the fraud challenges that they also faced.

It was clear that technology could provide an improved solution by automating intelligence sharing. So in 2010, I decided to start a new venture to use data to tackle this area of financial crime. I wrote the business plan, financial model, and prototype software aimed at a range of classified advertising sectors, which then grew into the broad service we offer today to regulated businesses.

NorthRow provides remote client onboarding services to regulated businesses, including financial services, payments, lenders, retail, hospitality and property. Can you explain how it works?

NorthRow provides technology to digitally transform complex client onboarding, monitoring and KYC remediation processes to improve the customers’ experience, reduce compliance spend and help to ensure regulatory obligations are met.

By automating much of the onboarding process NorthRow simplifies the complexity of compliance, enabling clients to perform Know Your Business (KYB) and Know Your Customer (KYC) verification efficiently.

A key differentiator for NorthRow is that we deliver our highly configurable solution via a single API that can be plugged into clients’ onboarding and monitoring systems, to support different stages and processes. One size doesn’t always fit all for this type of process so our single API is easily customized to help drive operational efficiencies and compliance obligations.

We offer a fully remote verification service called RemoteVerify that captures and verifies the biometrics and ID documents of the end-user for our clients. To ensure we offer our clients the best remote onboarding experience, we integrated iProov’s market-leading Flashmark facial verification technology. By adding Genuine Presence Assurance to RemoteVerify we have further enhanced the user experience and enable regulated businesses to know that each individual checked is not only a real person but also the right person and that they are genuinely present.

Why do regulated companies need to be diligent during onboarding?

I think there are three main reasons:

  • Firstly, they should be looking to reduce their own risk of losses from fraud. Fraud not only costs money in real terms but also in reputational damage that may have a far-reaching impact which can be more severe than the fraud losses themselves.
  • Secondly, they should be diligent in reducing the risk of regulatory failures. The regulations exist to protect consumers and help tackle the corrosive effect of financial crime, especially from organized criminal gangs. 
  • Finally, they should care. They should want to try and reduce the overall harm and the impacts of fraud from an economic and societal sense.

Companies that view client due diligence as a simple tick-box exercise are not just at risk of failing to fulfill their compliance obligations to the regulators, but also the broader moral, economic, and societal efforts.

Society should care about the reasons why we have regulations in place, and business leaders should build a culture within their teams that promotes a better understanding of the importance of compliance. 

Have you ever seen onboarding go wrong? What were the implications and what can other regulated companies learn from it?

Yes, I have seen a number of examples where businesses have tried to tick a box or undertake the bare minimum requirements. Thankfully there have been improvements in awareness and enforcement so there are fewer cases. But just collecting identity documents is nothing like sufficient. 

In the past, I have seen businesses that have adopted the ‘I’ve been sent a document, taken a copy and stuck it in a digital filing cabinet, so I’m fine’ mentality. Unfortunately, these businesses have been exposed to fraud which has not only cost them financially in fines but also loss of revenue through reputational damage.

Once a criminal gang finds an organization that has left itself exposed, they sweep in and systematically attack over a longer period of time. And before they know it, the business has been exposed to fraud or has facilitated massive money laundering without even realizing it. 

Fortunately, the clients we work with have taken a proactive approach to protecting their business and want to benefit from the digital transformation of their compliance processes.

At NorthRow we prevent that exposure to fraud by collecting and verifying all required documents, electronically and automatically in order to make the process more efficient. It’s not just about onboarding, but the entire process of periodic reviews, remediation, and monitoring.

Regulated businesses should learn from past mistakes and place the entire lifecycle at the heart of their compliance strategy

An important part of the process is to have the capacity to complete an expert review only when you need to. Not all clients require review – just those that are high risk. By using a digital solution that can be tailored to the requirements of the organization costs can be kept to a minimum and resources allocated to the right areas with an amber management approach that flags high-risk clients. 

What were the key drivers when you were looking for a partner?

It’s not enough to collect documents. It’s also about asking: where has this document come from? Is it definitely associated with this individual? And therefore you need to see the individual. And to ‘see’ an individual who isn’t physically in front of you, you need to carry out a ‘Genuine Presence Assurance’ check. That’s why we partnered with iProov.

At NorthRow, we have to be experts in what we do. That means we want every one of our suppliers and partners to be class-leading in their own specialty. So we need high-performing, robust technology from our partners. But just as importantly, we want partners that care. We want partners who share values and enjoy working with us, where we can genuinely grow together. That was an early appeal of iProov, even before the technology. We like the company. We like the approach. We like the people and the tech’s great as well.

How does iProov enhance your service?

We can collect documents and images of people through our app. But we also need the Genuine Presence Assurance checks to enable us to deliver the additional level of verification to protect against sophisticated cybercriminals. iProov has really clever, patented tech that identifies impersonation attacks. The technology arms race is developing as cybercriminals continue to invest in clever tech. so we need to ensure we stay one step ahead. 

In the future, I think there’s going to be an increasing need for protection against those more sophisticated replay or injection attacks, which iProov helps protect against. Really risk-averse clients, of which there are many, really care about that. 

What do you think the future holds for remote onboarding and the iProov-NorthRow partnership?

Remote onboarding is just going to accelerate in my view. Demand has been steadily increasing and now it’s seeing exponential growth as a result of Covid-19. Initially, larger companies were reluctant to adopt, but now they have little choice as consumer demand is driving the market to deploy even more services online. 

I can hear the organized criminal gangs cheering as that makes their life so much easier – online activity facilitates increased crime. In our partnership with iProov, we can jointly meet the growing and accelerating demand for remote onboarding with a safe and robust solution that reduces the options for cybercriminals. And together, we can support our clients adapt to the current challenges and allow them to digitally grow their business and operate safely and remotely. That’s really important. 

Thank you to Adrian for speaking with us. If you want to learn more about remote onboarding with NorthRow and iProov, get in touch with us at enquiries@iproov.com.

Back to Resources

Andrew Bud FREng

iProov CEO Andrew Bud is made Fellow of the Royal Academy of Engineering

22 September 2020

iProov is proud to announce today that Andrew Bud, our founder and CEO, has been made a Fellow of the Royal Academy of Engineering.

His election comes in recognition of his outstanding and continuing contribution to the engineering profession.

“I always wanted to be an engineer. It was such a miraculous idea that by the power of thought and action you could conjure into being objects that worked and did clever and useful things.

“And then it was my parents’ dream – they could conceive of no higher calling. That was also my rare good fortune: to be supported by values that valued engineering.

“It wasn’t that common. As a student, I would go to parties and admit I was an engineer. If I was lucky, girls would ask me what kind of lawyer that was. Fortunately, the mood changed suddenly in the early 1980s, and for a period it became glamorous – a little like “building a start-up” nowadays.”

After completing his Masters degree in Engineering at the University of Cambridge, Andrew started his career at the UK Atomic Energy Authority Culham Laboratory for Fusion Research. He then moved to PA Technology where, in his words, he “designed a new catflap, spent time on an oil rig and wrote the software for the fastest chocolate Flake machine in the world.”

It was there that he got involved in the project to build the world’s first digital mobile phone and fell in love with telecommunications. During his time at Olivetti in Italy he led the project to design the Omnitel network, followed by a series of other pioneering and ground-breaking mobile technology projects.

Having spotted the opportunity of SMS, he set up mBlox, which became the world’s largest provider of SMS transmission for enterprise applications. He also helped found a new trade association, which became the Mobile Ecosystem Forum and continues to support vendors from every part of the mobile value chain

At mBlox he recognized the need for remote identity verification and the threat of replay attacks. This led to iProov.

Andrew sums it up:

“I believe that the career of an engineer is defined by the nature of the challenges they choose to face, rather than by a specific sector of technology.

“In the 1980s I took part in the microprocessor revolution, during which products of every kind were completely reengineered to respond to the disruption of microelectronics.

“In the 1990s I was privileged to be a pioneer in the dawn and flowering of the mobile communications revolution, which then evolved in the 2000s into the mobile applications revolution.

“The new challenge – the search for trust in digital identity – is perhaps even bigger and more vital than its predecessor.”

“I hope that many bright young engineers forge their careers in the excitement and challenge of the journey, and just as many can treasure their time in start-ups, scale-ups and, ultimately, the great corporations they build, and say ‘We conjured into being things that worked and did clever and useful things, for the benefit of our fellows and of all mankind’. As my parents believed, there is no higher calling.”

Andrew was also made a CBE in the 2020 New Year Honours.

Back to Resources

iproov security operations centre webcast

The iProov Security Operations Centre: Global Active Threat Management for Biometric Assurance

9 September 2020

iProov recently announced its launch of the world’s first global threat intelligence system for biometric assurance. The iProov Security Operations Centre (iSOC) is fundamental in detecting, blocking, and learning from sophisticated cyber attacks that are attempted every single day against our customers worldwide.

So to explain exactly why the iSOC is needed, and what it does for our customers using iProov Genuine Presence Assurance technology, we spoke to iProov CTO, Dominic Forrest.

In the ten minute webcast, Dominic takes us through three key points:

  1. Biometric authentication – why it’s becoming the go-to technology for online security
  2. What iSOC is, and why it is critical to enterprises and governments
  3. What iSOC does to protect our customers all over the world

If you have more questions about iSOC or iProov’s Genuine Presence Assurance technology, get in touch with us today at contact@iproov.com.

To learn more about the growing threat of Deepfakes, download our latest free report here.

Back to Resources

iproov canny interface

Why iProov Genuine Presence Assurance Doesn’t Use Selfies

26 August 2020

Do you suffer from selfie anxiety? If so, you’re not alone. According to our survey, 34% of people in the UK and US class themselves as having selfie anxiety – either they don’t know how to take a selfie, or they don’t like how they look in them, or they just don’t like taking pictures of themselves.

In fact, 63% of the people we surveyed said that they don’t like how they look on mobile video calls, which is selfie anxiety in all but name.

Why does selfie anxiety matter to iProov?

Let’s be clear: iProov’s face verification doesn’t use selfies. An individual sending a selfie (sometimes known as single frame liveness) to prove their identity online is not secure. iProov uses a brief facial scan that allows you to confirm that you are the right person, a real person, authenticating right now when you use your mobile device or computer to access a service online. The short ‘ceremony’ as we call it lasts a few seconds and gives you the reassurance that your identity and privacy are being protected online.

So we don’t use selfies. But selfie anxiety still matters to us, because we care very much about user experience. If 63% of people don’t like seeing themselves on a mobile device, then that would make the face biometric authentication experience unpleasant for a very large number of people.

This is the interface that a user sees when they authenticate themselves with iProov Genuine Presence Assurance:

Image of iProov's Genuine Presence Assurance Abstracted Image line drawing

Why did we use a line drawing instead of a mirror view of the user’s face? How did this user interface come about?

Stage 1: It Started With Real Images

It happens to us all: your phone switches to camera mode and you realise with horror that your hair is sticking up. You immediately start fixing it. The problem here is that users don’t need to look their best for biometric authentication, as sticky-up hair or smudged mascara don’t affect the accuracy of the result at all. But our natural instinct when faced with a full image of ourselves is to delay the authentication process while we make adjustments, when those things are actually completely inconsequential.

The other risk is that the user might not complete the process at all if they don’t like what they’re seeing. If their hair won’t play ball or they’re in the 63% who flinch on seeing themselves, they could just shut the whole thing down. This is why we decided that the process of iProoving should not involve a mirror image of the user’s face – it’s potentially not an enjoyable experience for a lot of people and could impact the chances of success.

Stage 2: What Happens If You Show Nothing

We briefly experimented with showing nothing at all on the screen during the authentication. It didn’t work: users weren’t able to line their faces up and it became very hard to complete the process. We also felt that it wasn’t fair to scan people’s faces without sharing that fact with them, visually through the use of their face image, as well as in written form.

Stage 3: Meet Mr Canny

It was then that we found our answer, which is now part of several global patents and unique to iProov. The Canny edge detector, developed by a man called John Canny, uses an algorithm to detect a wide range of edges in images. Using this edge detector, we provide a simple outline of the user’s face that gives enough guidance on how to line the face up and complete the process without scaring the user off. We then did a lot of work to develop exactly the right shading to add depth, and fading to soften the edges, resulting in an authentically pleasing filter akin to those found on social media platforms:

iproov interface

The moral of this story is that user experience and security go hand in hand at iProov. Each and every moment of the authentication journey presents an opportunity for the experience to jar with the user and those snags have to be removed to ensure maximum completion rates. iProov has 19 patents and a number of them relate to this line drawing and ensuring a happy user experience.

Statistics from the iProov selfie anxiety survey:

What does selfie anxiety mean?

What does selfie anxiety mean?

Do you ever have selfie anxiety?

Do you ever have selfie anxiety?

Do you like how you look like on mobile video calls?

selfie anxiety on mobile video calls

If someone says to you “let’s take a selfie”, what is the first thing you do?

reaction to taking a selfie

iProov Genuine Presence Assurance is used by governments, financial institutions and other enterprises all over the globe. To find out more, contact us at enquiries@iproov.com today.

Back to Resources

iProov and Evernym webcast

iProov and Evernym: Enabling Trust Online with Self-Sovereign Identity

19 August 2020

iProov recently announced its partnership with Self-Sovereign Identity (SSI) specialists, Evernym. We caught up with Andy Tobin, Managing Director of Evernym’s European business, to find out more.

In the 10 minute webcast, Andy speaks to Tom Whitney, our Global Head of Solutions Consultancy, about Evernym’s story and the problem they are trying to solve. Andy also explains the concept of SSI, why it’s important for enterprises and users wanting to manage their digital identity, and what the future holds for Evernym.

There are also plenty of insights into the partnership between Evernym and iProov and what iProov’s Genuine Presence Assurance technology will bring to Evernym customers.

Watch the webcast below and contact contact@iproov.com if you would like to know more about iProov, Evernym, or digital identity.

Back to Resources

Gartner Guide User Authentication

iProov named in the 2020 Gartner Market Guide for User Authentication

13 August 2020

iProov has been identified as a Representative Vendor in Gartner’s 2020 Market Guide for User Authentication. iProov was named in the Biometric Authentication category.

The 2020 Market Guide for User Authentication takes a close look at the current user authentication landscape as the market continues to grow.

Used for customer onboarding as well as ongoing authentication, iProov technology is being used by the US Department of Homeland Security, UK Home Office, NHS, Rabobank, ING, Knab Bank, and more. iProov’s biometric authentication technology won Best Authentication Software at the 2020 SC Awards.

The biometric authentication technology provided by iProov is unique in that it delivers Genuine Presence Assurance to individuals and enterprises online. This checks for three key attributes when authenticating a user:

  1. Are they the right person?
  2. Are they a real person?
  3. Are they authenticating right now?

iProov CEO and Founder, Andrew Bud, CBE said “Digital transformation has been high on the agenda for many regulated sectors, and now is the time for online biometric authentication to help drive innovation forwards. A successful user authentication system must offer security, usability, and privacy to its users. iProov provides all three in a very unique way, and this is why governments and enterprises around the world are using our patented technology to onboard and authenticate customers.”

Access the full report here (Gartner subscription required).

Gartner, “Market Guide for User Authentication” Ant Allan, Tricia Phillips, David Mahdi, Kaoru Yano, 26 June 2020.

Gartner disclaimer: Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Back to Resources

Face Recognition vs Face Verification

Face Verification vs Face Recognition: What’s the Difference?

3 August 2020

Scenario 1, face recognition: You’re walking across Times Square, or sitting in your seat at Wembley Stadium. Facial recognition technology, combined with CCTV, is scanning the crowds and matching faces against a database of known or suspected criminals. You do not know if or when face recognition is being carried out on you. You are not able to opt-out of it. There is no direct personal benefit to you from it. You do not know how the images are being used, shared, or stored.

Scenario 2, face verification: You’re sitting at home. You want to apply for a visa for an upcoming vacation. You open your laptop, or pick up your mobile phone, and log on to the government visa service. You use the device camera to scan your driver’s license or passport to prove your identity. You then scan your face. Facial verification technology confirms that your physical face matches the one in the ID document, and that you are real and completing this application right now. You know facial verification is happening. You choose to do it. There is a direct personal benefit to you (you get to go on your vacation). And with iProov’s face verification technology, you know that the images are kept behind a privacy firewall and are subject to strict GDPR rules.

There is also face detection, which is the process of identifying when a human face is present in a video or image, without identifying that person in any way. iProov specifically uses face verification.

Face recognition and face verification are often lumped together and used interchangeably to mean the same thing. But the truth is that the two technologies and the purpose of their use are completely different and need to be considered separately. Questions about the ethics of facial recognition for surveillance, and the call for clarity and limitations on its use, are matters for serious public discussion. However, face verification is not the same thing.

Why do we need face verification?

Put simply, face verification is needed for your online security.

Traditionally, we have verified our identity by walking into a bank or a government office and handing someone our documentation, which they then confirm matches the physical face that they see in front of them. But how do we transfer that process onto the internet? How do I prove to you that I am who I say I am if I’m sitting on my sofa using a mobile device?

Your face is the most secure way of verifying your identity online, and it’s the only way that businesses and government services can be assured that you and only you have access to your data:

  • Knowledge-based security (like passwords) can be shared or stolen and are hard to remember when you need countless secure ones for different accounts.
  • Device-based security (like mobile phones or tokens) have to be carried around and can be stolen or lost.
  • Other biometric identifiers, such as irises or fingerprints, are not included in driver’s licenses or passports (unlike photographs).
  • Only face verification enables you to prove online that you are the bona fide holder of your ID document. iProov face verification also allows you to assert that you are genuinely present during your facial scan and that your image has not been stolen.

Online crime is growing, both in the number of attacks and in the sophistication of the tactics used by international criminal gangs. We all need a way to secure ourselves against identity and financial theft. Face verification enables us to do this, and iProov face verification allows us to do so with maximum security and simplicity.

Examples of when online face verification is beneficial:

There are many occasions when we as individuals need to confirm with enterprises, banks, and government services that we exist and that the physical being asserting the identity is the rightful owner of that identity. Here are a few examples of when online face verification makes processes easier, faster and more secure:

Digital Onboarding:

  • Banking: opening a bank account
  • Other financial services: applying for a credit card or an insurance policy
  • Government services: applying for visas, driver’s licenses or passports
  • Healthcare: applying to access your health record
  • Education: applying to college or to sit an exam
  • Work permits: applying to be an Uber driver
  • Social networks: setting up an account

Face Authentication:

  • Banking: adding new payees or transferring large amounts of money
  • Other financial services: making an insurance claim
  • Government services: checking visa status, renewing ID documents
  • Healthcare: booking appointments
  • Education: sitting exams
  • Work permits: confirming I am doing the job
  • Social networks: commenting or other activities

iProov: facial verification, not facial recognition

iProov provides facial verification. Our Genuine Presence Assurance technology enables users to complete a facial biometric verification and confirm that they are:

  • The right person
  • A real person
  • Verifying right now

A user simply looks at their mobile device or laptop screen. Their face is illuminated by a series of colors. This brief ceremony detects that the user is a real human being and not a photograph or mask. It also assures that they are genuinely present in real-time, and not a deepfake or replay attack. And finally, as a “one-time biometric” it cannot be reused and is therefore secure against being used in a replay or other criminal attacks.

With iProov facial verification the user has:

  • Knowledge that the verification is taking place
  • Willingly collaborated with the verification
  • A direct personal benefit from the verification
  • Assurance of privacy

As well as being the most secure way to verify your identity online, iProov is also the easiest to use. We firmly believe that security without usability is worthless. As passwords become more complicated, users simply find workarounds to remember them. Those workarounds, such as writing passwords down or using the same one for multiple accounts, are often not secure. iProov technology requires no effort from the user.

Face verification offers us security, safety, simplicity and privacy in a digital world. It is quite different to face recognition and the two should be treated differently.

For more information on iProov technology, please contact enquiries@iproov.com or visit www.iproov.com

Back to Resources

Work at iProov blog |

What’s it like to work at iProov?

30 July 2020

iProov is growing – from Product Management to Science and Engineering, we’re currently looking for talented people to come and join the team.

So what does it take to be an iProover? We talked to Nikhil Kamdar, one of our Solution Consultants, who shared his insights on the company and what he’d say to anyone looking to come onboard.

What attracted you to iProov and to your role as Solution Consultant?

My background is technical presales. I’ve always been interested in technology – I did my degree in computer science and artificial intelligence, so iProov was a very good fit for my next career step.

iProov’s technology was also a big draw for me, plus the fact that everybody here is super clever and has been hired for a reason. Everyone at iProov understands what the company objectives are and has a clear vision of how we’re going to get there.

How would you describe the culture at iProov?

It’s got a very homely feel. Everyone is here for a reason. You feel a sense of safety that iProovers know what they’re talking about. I saw that straight away, as soon as I joined – everybody is a true expert in their domain. If you need help with something, you can happily go to another team and they’re more than willing to answer your questions.

What are your top three favorite things about iProov?

Firstly it has to be teamwork. Everybody works very collaboratively within iProov. Whether it’s engineering, product, marketing or sales generation, we all work very closely together. And in terms of information sharing, iProov is one of the only companies I’ve ever worked at where information is shared so openly between teams. There’s a lot of transparency. It makes it very easy to keep up to date with the direction of the business.

Next I would say training and personal development. iProov is very open to allowing you to learn new subjects or technologies that will help you with your role. So if I wanted to learn more about web technologies, because I need to specifically speak to customers about integrations with our iProov Web product for example, my manager is very open to allowing me to spend time doing that.

Finally, one of my favorite things is the monthly mindshare run by our Head of Science, Andrew Newell. These are brilliant because we hear from different teams across the business, including the Research team, Marketing etc. They’re really insightful because you’re gaining iProov-related insights from experts in their field. You always learn something new but it also gives you insight into a day in the life of that team, which is really interesting.

What are the three main characteristics needed to work at iProov?

You need to be trustworthy, because if you commit to something, whether it’s to one of your colleagues or to a customer, you need to be able to follow through on it.

You also need to be efficient in what you do. Whether it’s preparing a presentation or sorting some admin, there are going to be some busy days and then there will be some really busy days! You need to move fast. It’s a fast paced environment but it’s really rewarding.

And then finally, I would say you need to have an open mind. iProov isn’t huge at the moment but it’s growing fast and it has a strong vision of where it wants to be. So if you’d like to be part of that journey and the vision, this is the perfect time to join iProov.

We will be talking to more iProovers across the next few weeks. If you are interested in joining the team, take a look at our open roles here: www.iproov.com/about-us/careers

Back to Resources

Top Considerations for Online Customer Onboarding in Financial Services

Online Onboarding in Financial Services: Top Considerations for Getting It Right

20 July 2020

Online banking continues to grow. According to the latest EY Global FinTech Adoption Index, 71% of UK consumers and 46% of US consumers had used at least two digital financial services in 2019, up from 14% and 17% respectively in 2015. Savings, payments, borrowing and budgeting are all moving online.

The challenge for financial institutions is how to make the online onboarding process as simple as possible for customers, while complying with Know Your Customer guidelines and protecting against fraud. Our latest report Top Considerations for Online Onboarding in Financial Services sets out ideas for how this can be achieved.

One example of financial digital onboarding success is Rabobank. They had realized that asking 18-year-old digital natives to come into a branch with their documentation to open a bank account was not very appealing.

So the innovation team at Rabobank looked at how they could improve the onboarding journey for their customers. The solution included:

  • The creation of a mobile app for onboarding
  • Remote identity documentation checking using InnoValor. Passports, driver’s licenses, or other ID credentials can be scanned with a mobile device using either near field communication (NFC) to read the chip in the document, or optical character recognition (OCR) which reads information from a photo of the document.
  • Biometric identity authentication using iProov’s Genuine Presence Assurance technology to ensure that the person is the right person, a real person, and authenticating right now.

Top Considerations for Online Onboarding in Financial Services: read the report

Read Report

If you want to know more about how iProov can streamline your customer onboarding contact us at contact@iproov.com

Back to Resources

iProov half year report

The iProov Half Year Report: the story so far in 2020

20 July 2020

It’s been a very busy six months here at iProov.

The growth of Genuine Presence Assurance – the ability to confirm that an individual is the right person, a real person, and engaging right now when you’re dealing with them online rather than in the physical world – was already underway when the pandemic struck.

The COVID-19 crisis accelerated the need for remote authentication. Firstly, more people needed to complete more processes online, which meant that verifying identity digitally became essential. Secondly, online fraud increased considerably, with criminals taking advantage of the crisis. The ability to combat machine-driven online crime, which iProov provides, is needed more than ever before.

 

So what’s been achieved at iProov over the past few months?

  • 2020 started with our continued expansion in the US and the opening of our Maryland office.
  • In February we launched iProov for Kiosk, enabling our customers to bring biometric authentication to physical locations. It was a big hit at Finovate Europe, where we won Best of Show for the third year running.
  • In March, we announced our involvement in Estonia’s digital identity program, the first solution using cloud, machine learning and biometric authentication to achieve a “high” level of eIDAS conformance.
  • April brought another significant product launch, this time with iProov Web. This enables iProov customers to authenticate their users on web browsers as well as mobile apps, bringing greater inclusivity and accessibility and opening up services to a wider audience.
  • As the pandemic hit, iProov’s work with the NHS login service proved the value of online onboarding and authentication; over 60,000 UK citizens verified themselves in the first week of April. This took the total to 1 million users registered.
  • To help support the crisis, iProov also offered its services to startups that were building solutions. These included bkynd and bloomd, who launched social networks connecting individuals looking for assistance or companionship.
  • June began with us winning Best Authentication Technology 2020 at the SC Awards. The judges recognised Genuine Presence Assurance as “Game changing for customers and companies looking for speed with security”.
  • Our work with Eurostar also hit the headlines. An opt-in fast-track biometric corridor is being developed at St Pancras International to allow Eurostar passengers to board their trains without needing to show tickets and passports at the ticket gates.
  • The headlines also said it all in June: “Has the UK Just Quietly Seen One of the Most Successful Government IT Projects Ever?”. Our work with the UK Home Office on the application process for the EU Settlement Scheme reached a milestone with 3.1 million applications submitted. Peaks of 25,000-30,000 a day were handled successfully, with a high percentage of applicants completing the entire process in under 10 minutes.
  • We continued to grow our partner network, teaming up with NorthRow to provide simplified onboarding solutions to property companies, financial institutions, law firms, accountants and other professional services organizations.
  • We also announced our partnership with Mvine, working on a digital passport to assist with the management of COVID-19.

Stay tuned for more innovation, exciting new developments, and customer and partner news from iProov over the next six months. We’re just getting started.

Follow us on LinkedIn or Twitter and keep up to date.

Back to Resources

UK Home Office EU Settlement Scheme cover image (remote identity verification software)

How iProov Helped Deliver the World’s Most Successful Remote Identity Verification Immigration Program

8 June 2020

The headline says it all: Has the UK Just Quietly Seen One of the Most Successful Government IT Projects Ever?

Following the UK’s decision to leave the European Union, the Home Office set out to create a simple application process allowing 3.5 million EEA nationals to apply to the EU Settlement Scheme.

Applicants need to complete just three key steps – prove their identity, show that they live in the UK, and declare any criminal convictions. To make this as simple as possible, the Home Office sought out new innovative capabilities to create an optional end-to-end digital application channel.

iProov worked with WorldReach Software and InnoValor to deliver a scalable, secure, and usable solution. The details of the project can be seen in this excellent case study from WorldReach.

The highlights of the project:

  • More than 3.1 million applications have been successfully concluded.
  • A high percentage completed their application in under 10 minutes, with a high level of identity assurance.
  • Over 2,300 different makes and models of Android and iOS devices have been used to complete the identity verification process.
  • Peaks of 25,000-30,000 applications per day have been supported.
  • In a 2019 EUSS  survey, 79% of applicants indicated that proving their identity through the app was either “very easy” or “fairly easy”. A further 7% found it neither difficult nor easy.
  • The app receives an average 4.1 star satisfaction rating on Google Play Store.

How does the EU Settlement Scheme app work?

The app enables EEA nationals living in the UK to complete an application in under 10 minutes, using the following innovations to ensure high levels of identity assurance:

  • Remote identity documentation checking using the InnoValor solution. Passports, driver’s licenses, or other ID credentials can be scanned using a phone using either near field communication (NFC) to read the chip in the document, or optical character recognition (OCR) which reads information from a photo of the document.
  • Biometric identity authentication using iProov’s Genuine Presence Assurance technology to ensure that the person is the right person, a real person, and authenticating right now.

“There has never been a more crucial time for highly trusted, proven-in-use remote identity verification services given the Covid-19 situation, especially for government digital on-boarding and essential services delivery,” said Gordon Wilson, WorldReach CEO. “The EUSS is a very successful, scalable proof-point of what’s possible and achievable with the right end-to-end processes, technology and collaborative team.”

Find out more about iProov’s biometric authentication services in government and public sector here.

Back to Resources

winner |

iProov Wins Best Authentication Technology at SC Awards

3 June 2020

iProov was named Best Authentication Technology at the SC Europe Awards yesterday.

The judges said: “Great to see technology which is able to prove the actual identity of a person behind the device. Game changing for customers and companies looking for speed with security,” adding, “Really well presented and very relevant for today’s customer. Innovative good product.”

The judges concluded; “iProov presented some solid business benefits for its solution.”

The SC Awards are recognized as the gold standard of achievement for cybersecurity providers, products and professionals.

Biometric Authentication for the UK Home Office

The award recognized iProov’s Genuine Presence Assurance work for the UK Home Office and the EU Settlement Status application process (described here recently in Has the UK Just Quietly Seen One of the Most Successful Government IT Projects Ever?)

Recent data on the project shows that:

  • More than 3.1 million applications have been successfully concluded
  • A high percentage of applicants completed their application in under 10 minutes, with a high level of identity assurance
  • Over 2,300 different makes and models of Android and iOS devices have been used to complete the identity verification process
  • Peaks of 25,000-30,000 applications per day have been successfully managed
  • 79% of applicants indicated that proving their identity through the app was either “very easy” or “fairly easy”

Read the full EU Settlement Status case study.

In addition to the Home Office, iProov technology is being used by a growing number of governments, financial institutions, identity service providers and other businesses looking for the most secure, usable remote authentication technology:

2020 has also seen a number of other milestone achievements at iProov:

We’d like to thank the organizers of the SC Awards for staging such a great online show – we might not have got the champagne in a big hotel ballroom but we can confirm that the excitement of winning is just as good online!

Read more about iProov biometric authentication services or keep in touch with iProov on Twitter or LinkedIn.

Back to Resources

Onboarding for Financial Services

Rabobank: customer onboarding with iProov and InnoValor

2 June 2020

Last week’s webinar with InnoValor and Rabobank was a fascinating look at an innovative customer onboarding project that started in 2018.

Rabobank is one of the 50 largest banks in the world, with over 40,000 employees. As part of their ongoing commitment to customer service and innovation, in 2018 the onboarding team at Rabobank decided to find a solution to a challenge: how to successfully onboard 18-year-old customers that needed an adult account.

According to Evelien Mooij at Rabobank, the team had realised that the usual process for setting up a bank account – a customer bringing documentation into a branch – was not very appealing to digital natives that prefer to look at their phones.

So Rabobank began a project with their innovation department, looking for a digital onboarding solution that would bring the process onto a customer’s mobile phone. This led them to InnoValor, who worked with Rabobank and iProov to create an innovative technology solution that included:

  • The creation of an app for onboarding.
  • Remote identity documentation checking using the InnoValor solution. Passports, driver’s licenses, or other ID credentials can be scanned using a phone using either near field communication (NFC) to read the chip in the document, or optical character recognition (OCR) which reads information from a photo of the document.
  • Biometric identity authentication using iProov’s Genuine Presence Assurance technology to ensure that the person is the right person, a real person, and authenticating right now.

For Rabobank, this was a very exciting initiative. The compliance component was huge, but the targeted scope of the project allowed them to initially focus on a small group of customers. By working specifically with a target segment of 18-year-olds, the team could gain a lot of experience on how to create an online onboarding journey before scaling out to others.

It worked. 300 customers are now using the mobile onboarding process every day. Channel share has gone from 35% last year to 60% in 2020.

The team met some challenges along the way. Initially, the solution included NFC only on Android devices, with OCR for everyone else. 50% of customers were dropping out of the journey as the photo imaging quality wasn’t always good enough – too much glare on the photos or other issues.

Apple’s decision to support NFC from September 2019 changed everything. 80% of customers now use NFC, although Rabobank still uses OCR as a back-up for users – if your chip is broken, you need OCR for an online journey and that’s still provided.

Another challenge was getting the compliance team on board. Like most banks, Rabobank is a very big organization with a lot of legacy systems and a complex architecture. Eight Rabobank teams and three suppliers were involved in the project, which meant complexity. Evelien and her team involved their colleagues early on, so that everyone could see the decisions and choices that were being made.

And in fact, NFC has helped with compliance; the quality of identity verification is better on the app than it is face to face. It might be possible to trick an employee, but it’s much more difficult with technology.

Evelien and her team had also been concerned about the use of a standalone app for onboarding. Would customers use it? Would it be an issue? A lot of research was done, with initial customer feedback suggesting that it wasn’t going to be a problem. The results since launch have supported this – to the surprise of the team, customers are really not worried about the separate app. In fact, they were glad to use it to onboard and then delete it – app space on an 18-year-old’s phone is at a premium and they like the space!

The next steps for Rabobank include; using the app for onboarding new business users that don’t already have an account and processing change of director notifications; adding remote identification to the main Rabobank app; and bringing in step-up authentication for complex or high value transactions.

Our thanks to Evelien, Wil, Maarten and the rest of the team at InnoValor for sharing such useful insights during a great webinar.

How does iProov make your onboarding effortless? Find out more here.

Back to Resources

End of the Password Report

The End of the Password: 50% Of Young Consumers Share Their Log-in Details

2 June 2020

We’ve released new research today, The End of the Password, which looks at how consumers are struggling to follow online security guidelines.

Everyone knows that passwords are not secure. And yet efforts to make them more secure are only making them more complicated. “People misuse things that aren’t usable,” says iProov CEO, Andrew Bud. “It’s a gift to hackers and it disrupts commerce. We need to make it easier for people to access services and keep their data secure.”

The key findings of the research include:

Consumers are using other people’s passwords

78% of 18-24-year-olds in the UK and 75% in the US have used someone else’s password to gain access to a service or device. 15% and 10%, respectively, have done so without permission. Overall, 49% of Brits and 50% of Americans have used others’ passwords.

People are sharing their own passwords

It seems that we’re less willing to share our own passwords than we are to borrow other people’s, but the numbers remain high; 50% of UK 18-24s and 49% of their US equivalents have given their passwords to other people, compared with 30% and 34% of consumers overall. We’re more willing to share the PIN to our phones; 41% of Brits and 44% of Americans admit to sharing phone passwords with partners or family members.

People are reusing the same passwords (and writing them down)

59% of respondents in both countries admit to reusing the same passwords across sites, while 10% of Brits and 13% of Americans use the same password for everything. Only 9% of people in both countries use a strong suggested password if it is offered. 33% in the UK remember passwords by writing them down – this rises to 46% in the US.

People are abandoning purchases because of forgotten passwords

The average Brit abandons an online purchase 15 times a year because of password frustration, while Americans are doing likewise 16 times a year. 34% of 18-24s in the UK are having to request forgotten passwords at least once a week, along with 25% of young Americans.

Read The End of the Password UK edition and The End of the Password US edition to see all of the stats and survey results.

Andrew Bud added: “Our research shows that passwords have simply outlived their utility. Enforcing ever more complex passwords tortures people into workarounds. People misuse things that aren’t usable. It’s a gift to hackers and it disrupts commerce. We need to make it easier for people to access services and keep their data secure.

“People are recycling and sharing passwords but this leaves them exposed and vulnerable.The time has come to adopt alternatives. Good biometric authentication combines effortless usability with the security to safeguard society’s most sensitive personal data.”

“iProov technology is a safe and secure way to identify yourself without using a password. Copies of your face, like photos, videos or deepfakes, won’t work. This is what iProov Genuine Presence Assurance provides that other biometric technology does not – not only does it check that you’re the right person, but it also checks that you’re a real human being and authenticating yourself right now.”

How does Genuine Presence Assurance replace passwords?

Everyone knows that passwords are no longer fit for purpose in an online world. They are not secure. Yet, efforts to make them more secure have only made them more complicated. Genuine Presence Assurance from iProov is completely unique. It uses face biometrics to enable businesses and governments to verify online that a customer or citizen is the right person, a real person, and authenticating right now, protecting against the most sophisticated criminal attacks. Read more about passwordless authentication with iProov face verification.

To keep up to date on future report releases from iProov, follow us on Twitter and LinkedIn, or visit www.iproov.com for more information.

Back to Resources

increase use online services due to pandemic

Coronavirus: Consumers Look For Identity Verification As Hacking Increases

27 May 2020

In a recent webinar with Mobile Ecosystem Forum, Andrew Bud, CEO of iProov, talked about the impact of COVID-19 and the increased adoption of technology as the pandemic continues. This crisis “is going to accelerate a lot of trends. In areas like identity, health data, financial data, authentication, security, video conferencing. We will see many many years of progress in a short time”.

The use of online services has undoubtedly increased during the pandemic. This is clear from a consumer survey that iProov conducted recently, which also shows increased demand for security and identity verification.

Are consumers using technology more during coronavirus?

We asked 1000 consumers in the UK and 1000 in the US about their use of technology during coronavirus. 69% overall (69% in the US and 70% in the UK) told us that they expected to use more online banking/health/shopping services as the pandemic continued. The importance of digital service provision is now beyond doubt – online retail sales in the US grew by 49% in April, and 16% in the UK, making online 30% of UK retail shopping. Banks, governments, healthcare providers, and all other sectors will move more of their services online in response.

Is the need to authenticate identity more important than ever before?

Overall, 72% of consumers (72% in the US and 71% in the UK) said that authenticating their identity online was more important than ever before. Governments and businesses need to garner citizen and customer trust – iProov enables this with secure, usable biometric face technology that reassures the user.

more need to authenticate online services

Is the coronavirus crisis being exploited by hackers? 

82% of consumers overall (80% in the US and 83% in the UK) felt that hackers were taking advantage of the coronavirus crisis. However, this sits uneasily alongside other data from iProov’s The End of the Password report, which suggests that consumers are still sharing and reusing passwords and putting themselves at risk.

exploited by hackers during coronavirus

Which types of fraud and scams are increasing in volume during the coronavirus crisis? 

63% of consumers overall expected to receive scam offers, followed by fake news and health misinformation. The US and UK were generally aligned in which attacks they expected to see, although US consumers expected to see more of each of them.

more types of hacks during coronavirus pandemic

Online identity verification is more important than ever, as consumers turn to digital channels to complete everyday tasks. With Genuine Presence Assurance from iProov, businesses and government departments can deliver effortless authentication for online services while protecting against the most sophisticated criminal attacks. Find out more about iProov at www.iproov.com

How is iProov supporting technology innovation during coronavirus?

iProov is proud to be offering our technology free of charge to start-ups that are creating solutions to support the pandemic crisis. Read more here on  How Technology Is Enabling Kindness During Coronavirus.

Stay tuned on Twitter and LinkedIn to keep up to date on how iProov biometric authentication is supporting business and government during the coronavirus crisis.

Back to Resources

online purchases abandonded due to password fustration

16 Online Purchases Abandoned Every Year by the Average Consumer Due to Password Frustration

7 May 2020

It’s World Password Day and we decided to mark the occasion by sharing some password stats from a recent consumer survey that we carried out in the US and UK. We released a full “The End of the Password” report, but here are a few stand-out findings:

The average US consumer abandons 16 online purchases a year due to password frustration.

This is a staggering number. It means that almost every three weeks, every American citizen is abandoning a purchase online because they forget their password and the process for retrieving it takes too long. And it’s a similar story in the UK, with 15 online purchases a year being left at the checkout by the average consumer.

The problem with passwords

This results in two key problems. Firstly, it means enormous frustration for the customer. Imagine the steps involved: a customer spends valuable time deciding what to buy. They make the decision to purchase and are faced with a request to Register or Login. Have I bought something on this website before? I’m sure I have. Several attempts at remembering their login details later, the customer becomes extremely frustrated and requests a password reminder. This either doesn’t arrive quickly enough or goes into spam. Purchase abandoned.

This leads to the second point: businesses are losing millions in revenue because of password frustration. Each missed sale represents lost dollars but there’s also the loss of the customer’s longer term business, along with the wasted marketing investment in getting a customer to checkout, only for the login to cause confusion and frustration.

online purchases abandonded due to password fustration
Password Statistics (UK and US Consumers)

Passwords are frustrating and they lead to lost business. But what is also clear from the survey results is that consumers are struggling to follow the recommendations on password management. The guidelines – for example, creating a unique password for every account – are too onerous for the average individual:

Only a quarter of people regularly change their passwords
The majority of people are not following guidelines to change their passwords frequently:

  • 44% of Americans and 40% of Brits only change passwords when they forget them or are prompted to change them
  • 5% of people in both regions only change passwords when they get hacked
  • 8% of Americans and 9% of UK consumers never change their passwords at all
  • However, 3% of Americans and 5% of UK consumers change their passwords every month

13% use the same password for everything
37% of Americans and 39% of Brits are managing to follow the guidelines by having a different password for every site. However, most people rotate a few passwords (46% in the US and 49% in the UK), while 13% of Americans and 10% of Brits use the same password for everything.

Most people avoid the ‘suggested password’ when creating an account
89% of Americans and 90% of Brits choose to create their own passwords when registering for a new account, instead of using the auto-generated secure suggestion (9% in both regions). Only a few choose to sign in with Google or Facebook credentials (3% in US and 1% in UK).

Nearly half of consumers have shared the PIN for their phones with their partners
The evidence suggests that we’re willing to share our passwords; 44% of Americans and 41% of Brits have given their partner the PIN to access their phones.

Men are less worried about data privacy than women
76% of Americans and 70% of UK citizens believe that individuals should be worried about data privacy, but men are less likely to be concerned than women (US: 69% men vs 82% women, UK: 63% vs 78%).

“Everyone knows that passwords are not secure,” says Andrew Bud, iProov Founder and CEO. “But the solution that is being applied to weak password security is to make passwords more complicated.

“Perhaps that’s why half of the population of both the US and the UK have abandoned online purchases in the past year, and businesses have lost millions of dollars – we just can’t remember our passwords.

“Imagine a world in which you never forget a password because there aren’t any. You simply authenticate yourself with biometrics – it remembers you even when you haven’t visited a site for months, providing exceptional usability and outstanding security to remove the frustration and make everyone’s lives better.”

Find out how iProov can reduce password reliance with Genuine Presence Assurance technology today. For even more recent data on forgotten passwords and the effect on website abandonment rate, click here.

Back to Resources

rsz shutterstock 1717413775 scaled |

Strong Customer Authentication for Banks (Using Facial Biometrics)

1 May 2020

The Financial Conduct Authority (FCA) in the UK has extended the deadline for implementation of Strong Customer Authentication (SCA) rules by six months. The deadline is now 14 September 2021.

Other regulators across Europe are expected to make similar moves.

From 14 September 2021, financial institutions must ensure that customers are completing SCA before they carry out online processes, as set out in the EU Revised Directive on Payment Services (PSD2).

These processes include:

  • Accessing a bank account online
  • Making an electronic transaction
  • Carrying out any activity online that might come with a fraud risk

What is Strong Customer Authentication?

Strong Customer Authentication is the process required by banks and electronic payment providers to verify the identity of their customers online. These rules were introduced in 2019 and aim to enhance security and prevent fraud. SCA does not just apply to banks: the entire e-commerce industry must comply by the 14th September 2021, too.

But how does it actually work?

Strong Customer Authentication means that payment service providers must require customers to use a multi-factor authentication process for payments and verifying their identity online.

Multi-factor authentication requires two or more of the following elements:

  • Knowledge: something only the user knows – eg, a password or PIN
  • Possession: something only the user possesses – eg, a mobile handset or token
  • Inherence: something the user is – eg, a biometric

The two factors also need to be independent of each other. For example, if a customer authenticates via voice on their mobile phone as the first factor, and then the bank sends a one-time password (OTP) to that same device for the second factor, this could potentially present a risk. The two factors use the same channel or band, so if that channel—in this case the mobile phone—had been compromised, both the instruction and the security verification are being sent to an individual who now controls the compromised device. This must be avoided according to the recommendations.

Strong Customer Authentication: Usability vs Security

Did you know, half of consumers have abandoned online transactions?

The challenge for banks is selecting the right balance of security with ease of use. Security is critical, but if systems are hard to access then banks face higher drop-off rates, increased loss of customers to competitors, and the brand impact of being seen as difficult to use.

Drop-off rates and loss of customers are very real concerns. A recent iProov study found that almost half of consumers in the US and UK have abandoned an online purchase because the security process took too long—and those aged 18-44 are more likely to have done so.

With iProov, Strong Customer Authentication is automated, fast, simple, and secure. We work with organizations such as online-only challenger bank Knab to provide SCA to its 500,000+ customers. All customers that open an account with Knab are authenticated by iProov’s cloud-based, device-independent face biometric technology.

Knab bank uses iProov authentication (Something a person is) along with a PIN (something the person knows) as part of their process to comply with SCA requirements and other regulations such as Know Your Customer (KYC). You can read more about iProov’s work with Knab here.

The iProov facial biometric authentication can replace passwords, or it can be used as the second factor as detailed in the two examples below.

How to enable Strong Customer Authentication (SCA) on mobile devices

  • A customer would begin the sign-in process to their bank account.
  • They provide a password for the first-factor authentication (something they know).
  • They then effortlessly iProov themselves for a strong second factor (something they are). The customer simply holds their device in front of their face and a colored illumination provides Genuine Presence Assurance – that is, confirming they are the right person, a real person, and authenticating right now. The illumination ceremony also acts as a reassurance to the customer that their security is being protected.

Mobile Strong Customer Authentication Infographic

How to simplify Strong Customer Authentication (SCA) on web browsers

iProov Web offers the significant advantage of allowing strong customer authentication to be completed on a desktop or laptop without the need for a mobile device.

  • A customer would begin the sign-in process to their bank account on a desktop, laptop, or other device using a web browser
  • They provide a password for the first-factor authentication (something they know)
  • They then effortlessly iProov themselves for the second factor (something they are) using the camera on their laptop. A colored illumination provides Genuine Presence Assurance—that is, they are the right person, a real person, and authenticating right now.

iProov web strong customer authentication / multi-factor authentication infographic

For more information on how banks are using iProov for Strong Customer Authentication, please visit iProov.com or contact us at enquiries@iproov.com

Back to Resources

rsz shutterstock 797275474 scaled |

Biometrics for Safeguarding: How Technology Is Enabling Kindness During Coronavirus

29 April 2020

By Andrew Bud, Founder and CEO of iProov

iProov is currently providing biometric authentication services free of charge to start-ups that are working on solutions to assist the COVID-19 crisis.

A number of projects are already underway, using our Genuine Presence Assurance technology to great effect.

One area where we’re seeing a lot of focus is safeguarding.

There has been a tremendous surge of kindness, generosity, and community spirit around the world, as people offer their time and resources to help others in need.

But criminal behaviour is never far behind. You only need to take a quick glance at the news to find examples, such as this 92 year-old woman robbed by thieves who persuaded her that her neighbour had the virus.

Safeguarding allows genuine offers of help to be encouraged and utilised, by putting processes and systems in place to protect the vulnerable.

How can biometrics help safeguarding?

Identity and verification provide two critical factors when it comes to safeguarding:

  1. They hold people accountable for their actions
  2. They build confidence among the helpers and the help seekers

Before COVID-19 arrived, we were already seeing evidence of this in the peer-to-peer economy. Sharing economy service providers rely on the exchange of knowledge, services, and confidence between two strangers who have a reason to trust each other.

The reason to trust each other is shared information. If I know your car registration number and you know my name, then it’s very likely that we are two matching halves of a bona fide Uber arrangement.

That trust can be greatly corroborated by a picture. Uber, AirBnB, and the other sharing economy service providers use pictures of drivers, property owners, and renters to instill confidence.

Pictures instill confidence. In a study, researchers at Princeton asked a group of university students to rate the trustworthiness, attractiveness, likeability, competence, and aggressiveness of actors’ faces. One group was given a tenth of a second to make their judgement. The other group was given as long as they wanted. The greatest correlation between the two groups was for trustworthiness – the two groups were most aligned on who could be trusted and who could not. Pictures are very powerful in allowing us to make decisions on trust and it takes just 100 milliseconds for us to make that decision.

But what if those pictures are fake? What if we’re taking 100 milliseconds to decide to trust the woman we’re seeing in the photo, when we’re not actually dealing with her at all?  With a few clicks of a mouse, it’s possible to fabricate a profile picture on social media and pretend to be anyone at all. There are many reasons why attackers would go to considerable lengths to masquerade as someone of a different age or gender, and thousands of criminal offences have been committed against victims of all ages.

So how do we ensure that older, dependent and vulnerable people can receive tremendously valuable support from others without fear of fraud, theft or cruelty perpetrated by people who are not what they seem?

iProov technology can achieve this in a number of ways. Two examples of use cases that we’re working on right now show how Genuine Presence Assurance can be used during online transactions to build trust, by confirming that an individual is the right person, a real person, and authenticating right now.

  1. Registration of volunteers: Providers of voluntary assistance can register themselves for a service using Genuine Presence Assurance. During the online onboarding process, a volunteer would provide their personal details, scan their passport or driver’s license, and then use facial biometric authentication on their mobile phone or web browser to prove that they are indeed the holder of that ID document. This would guarantee that their photograph was genuine and they are indeed a genuine person.
  2. Verification: On any social network, there is always a risk that a person is not who they claim to be. We rely on pictures and other information to help us decide whether to trust an individual, but if those pictures are fake then our trust is misplaced. Verification eliminates that risk. Users can be required to authenticate themselves at the beginning of each session to prove that the person currently online purporting to be them does indeed match their photo. Messages could be marked as ‘verified’ to give additional confidence that a user has authenticated themselves before this conversation. Or authentication could be requested if they want to exchange details or engage in a conversation with someone. In either scenario, trust is increased through a simple, secure facial biometric process via phone or web browser.

The opportunities that stem from these processes are endless. Shopping, gardening, household chores, dog-walking, and even companionable conversation can all be made much safer with easy-to-use authentication technology.

Are older people using technology more during coronavirus?

We all stand to benefit from the safeguarding technology outlined above. Coronavirus has shown that you don’t need to be old or dependent to be vulnerable. You’re vulnerable if you can’t leave your home for 14 days because you live with someone with COVID symptoms. You’re vulnerable if you have asthma or diabetes. The ability to access help quickly and safely is essential to us all.

However, the uptake of technology by the older generation during the pandemic suggests that safeguarding technology could be effective for this particular age-group.

We recently commissioned a study of consumers. One stat that stood out to me was that almost 40% of people aged 65+ in the UK are using online communications more during the pandemic. It’s not hugely surprising but that’s a significant shift in numbers – there are 12 million people in the UK in this age group, so 5 million people are using technology more today than they did 3 months ago.

increased use of online communications during coronavirus

Crises accelerate change and we’re going to see huge changes in how society uses technology going forwards. Safeguarding could, and should, be part of that.

See our website for more information on how Genuine Presence Assurance from iProov can help your organization.

Back to Resources

wrlogo high res |

iProov and WorldReach Software: identity verification for government and citizen services

7 April 2020

iProov works in partnership with a number of technology companies around the world. WorldReach Software, based in Canada, is a world leader in government travel and citizen services. We asked Jon Payne, Executive Director, Global Partnerships at WorldReach, to tell us about their work and why they chose iProov for Genuine Presence Assurance.

WorldReach is expert in government travel and citizen services. How has your business evolved since it was originally set up?

WorldReach was founded in 1998 after a five-year software development partnership with Canada’s foreign ministry. As our international government client list grew, we quickly gained a reputation as a highly trusted government partner and advisor specialising in consular assistance including crises, and passport issuance solutions. This was our primary focus, until about five years ago.

In recent years, we chose to apply our expertise to create a new process for remote Identity and Document Verification (IDV), recognising the combination of the growth of smartphones as a mobile platform and the steadily increasing proportion of ePassports. In effect, turning the smartphone into an ePassport reader and allowing the owner to verify their identity in much the same way as an e-Gate or e-Kiosk in an airport does it, using facial biometrics.

What have been the biggest changes in government travel/citizen services since WorldReach started?

When we started, digitisation was really just a concept. Governments still largely depended upon a combination of paper documents and face-to-face processes to determine eligibility and to deliver services. This, in general, was a long, labour intensive and expensive process for governments.

We recognised the potential of technology to improve process. We worked on unlocking the power of the chip embedded in ePassports that are now issued by the majority of governments. Given all the efforts made by passport agencies to embed a small computer full of rich data into the passport, we wanted to make it more easily available in practice for immigration programmes.

Which government was the first to take advantage of this new process innovation? 

With help from the Canadian Safety and Security Program and the sponsorship of Canada’s two immigration agencies, IRCC (Immigration, Refugees and Citizenship Canada) and CBSA (Canada Border Services Agency), we were able to refine and test our technology with the real world input of immigration officials through several demonstration projects aiming at seamless borders for lower risk travellers. This work is still ongoing today in a prototype, soon to be pilot, called the Chain of Trust. The aim of the project is to achieve zero wait time at the future border for admissible passengers, by making the enforcement and compliance processes more dynamic and responsive. Our eIDV service allows applicants to register and authenticate their passport information – using their smartphone to read the chip – and uses the latest facial recognition technology to check that the applicant is a real, live person and the owner of the document.

Can you tell us more about the Home Office’s EU Settlement Scheme and how that came about for WorldReach? 

In the UK, the EU Settlement Scheme (EUSS) run by the Home Office is using the eIDV concept in an immigration context in perhaps its single largest live deployment. Because of Brexit, the freedom of movement previously enjoyed by other EU nationals living in the UK will soon come to an end. The UK government estimates that there are between 3 and 4 million people in this category, who are eligible to apply for a new “settled status” before January 2021, in order to continue living and working in the UK.

The policy presented the Home Office with a new operational challenge, since applying for settlement in the UK usually involves filling out a lengthy form and sending personal documents – including passports – to the department in the mail, or attending a Home Office facility for an interview. The Home Office chose to offer an entirely digital application process, and we are pleased to be a significant part of the solution. Although EUSS began in full release only in March 2019, the Home Office recently announced that more than 3.3 million applicants had already applied for settled status.

So, a convenient, secure identity verification service, using the latest in facial recognition and iProov’s genuine presence technology, is the world’s largest and most successful digital immigration on-boarding programme.

What do you see on the horizon in this sector? What will be the biggest changes/trends over the next 2-5 years?

One of the biggest changes on the horizon concerns the passport itself. The International Civil Aviation Organization (ICAO) is working towards an internationally recognised Digital Travel Credential (DTC) standard. A DTC has the potential to provide functionality and security features that are comparable to those of a current ePassport, with increased convenience. This generated DTC could substitute a conventional passport in some circumstances by providing a digital representation of the traveller’s identity, including in emerging seamless traveller initiatives.

It’s not hard to see how this internationally accepted credential might then be used in other identity verification schemes, beyond travel.

Why did you choose to work with iProov?

We knew genuine presence would be a key component in any successful remote identity verification platform. After all, a selfie alone doesn’t prove a real person is present, nor can it detect a mask or other spoofing techniques. So, we went to work, testing and spoofing between 25 and 30 solutions that were in the market. At the time of the EUSS opportunity, iProov was the only solution that our technical team couldn’t spoof.

Having worked with iProov for more than a year, we continue to be impressed with the technology and the company’s responsiveness as a strategic partner.

What is life like at WorldReach? How would you describe your company culture? 

We pride ourselves on fostering an inclusive, diverse, welcoming and transparent company culture.

As far as diversity goes, WorldReach staff speak 19 different languages. This has proven valuable in a global market, supporting clients from all over the world. Women make up 50% of our Senior Management, 67% of Technical Team Leads, and 40% of the entire staff. We’re very proud of these stats and we work hard to achieve gender parity.

As for daily life at WorldReach, there is a real camaraderie here, which is invaluable in times of crisis, such as we’re now seeing with COVID-19. We can count on one another. We have a very low attrition rate; a large percentage of our staff have been with the company for more than a decade. People like each other, laugh a lot, and work very hard. Our clients and partners recognize this; they know that they can depend on WorldReach, because we’ve shown that we depend on each other.

Finally, a bonus question! Can you tell us something surprising/something most people wouldn’t know about government travel/citizen services?

Well, there are some things hidden in the passport statistics that you might not know. For example, of the 195 or so countries in the world, almost 150 of them now issue ePassports with an embedded chip. The largest issuer of passports in the world was the US for many years, most recently at roughly 20 million per year; however, a few years ago they were overtaken by China, which issued 30 million passports last year. Probably the smallest state issuer is Vatican City, which issues its own passport despite having only about 600 citizens in total.

Find out more about WorldReach at www.worldreach.com

Back to Resources

The FCA letter explained

The FCA coronavirus letter explained: how to remotely onboard customers without encouraging criminals

1 April 2020

On 31st March, the UK Financial Conduct Authority (FCA) issued a letter to the CEOs of UK regulated financial institutions providing guidance on how to navigate the challenges of coronavirus.

This has been interpreted by some national newspapers to mean that identity checks can be done with selfies (“Send your bank a selfie to check your identity, watchdog says”, The Daily Telegraph).

This is not true. Identity checks completed via selfie are an open invitation to money-launderers and other criminals.

The only way to remotely check the identity of an individual is through Genuine Presence Assurance:

  • Are they the right person? Are they able to prove, online, that they are the rightful holder of a passport, driver’s license or other identity document?
  • Are they a real person? Is the individual that is presenting themselves for identification a real person and not a photograph or video?
  • And are they authenticating themselves right now? Criminals can use replay attacks, where videos of previous identifications are used to dupe the system. Genuine Presence Assurance protects against spoof attacks by confirming that the individual is a live human being and is completing the identification at this very moment.

Without Genuine Presence Assurance, criminals and terrorists can, and will, fully exploit identity check processes for the purposes of money-laundering and other fraudulent activity.

What is the FCA coronavirus letter actually saying?

The letter has been misinterpreted in some quarters. It is actually reminding organizations that flexibility already exists within the current guidelines. Financial institutions already have the right to remotely identify and authenticate individuals, thus eliminating the need for customers to come into branches for identity checks.

Financial institutions that have not yet taken advantage of remote identification technology must do so immediately, in order to:

  • Continue with identity verification for remote onboarding of customers, who can no longer come into branches
  • Provide remote step-up authentication on high value or high-risk transactions that previously needed to be completed in-branch
  • Authenticate customers accessing secure online services
  • Protect against increased criminal activity during the coronavirus pandemic

Banks such as ING, Standard Bank, and Rabobank are already using Genuine Presence Assurance technology to effortlessly and safely verify client identity and onboard remotely, protecting themselves against criminals and ensuring compliance with regulations.

The letter makes reference to Joint Money Laundering Steering Group (JMLSG) guidance, which clearly states that any risk must be mitigated when completing identity checks on customers.

The Money Laundering and Terrorist Financing (Amendment) Regulations state:

(19) For the purposes of this regulation, information may be regarded as obtained from a reliable source which is independent of the person whose identity is being verified where— (a) it is obtained by means of an electronic identification process, including by using electronic identification means or by using a trust service (within the meanings of those terms in Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23rd July 2014 on electronic identification and trust services for electronic transactions in the internal market(2)); and (b) that process is secure from fraud and misuse and capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity.”

A selfie submitted by email or text is clearly neither secure from fraud and misuse, nor capable of proving an appropriate level of assurance that the person is who they claim to be.

Andrew Bud, Founder and CEO of iProov, said; “The FCA is not relaxing its rules on identity verification. The financial services industry was already permitted a level of flexibility that is now desperately needed in the current situation.

“Thanks to online identity verification, customers can still set up bank accounts and transactions can still be authorized and completed even when branches are closed and people cannot leave their homes.

“We welcome Chris Woolard’s reminder to the industry that remote identity verification is possible and encourage organizations that have not yet made the transition to do so.”

Any organization that would like advice about implementing the ID verification measures referred to in the recent guidance from the FCA, or about offering online identity verification, should contact enquiries@iproov.com, or book an iProov demo directly.

Back to Resources

rsz 3013 0112 |

Meet Joe Palmer, President of iProov Inc

31 March 2020

Earlier this year, we announced the opening of our iProov US office, in Catonsville, Maryland, at the bwtech@UMBC Research and Technology Park. Read more here.

Joe Palmer, President of iProov Inc, has been leading the expansion, both strategically and tactically. A founder member of the iProov team, Joe and his family relocated to the US this year to continue building the North American team with iProov culture and values.

How long have you been working at iProov?

I met Andrew Bud, CEO and Founder of iProov, nearly eight years ago. We were introduced through my former supervisor at University College London (UCL), Professor Phillip Treleaven. Andrew had asked Professor Treleaven to recommend someone with development skills who could help him change the world with a new idea.

 

Andrew explained his idea very well – I was really excited by what I heard and knew he was onto something special – so I came on board. For the first 18 months at iProov, I was focused on developing code. This included a basic Android app, an API and a core analysis system that used GPUs to accelerate the image processing. Dominic Forrest, our now-CTO, joined in 2013 and between the two of us, we redesigned the system and built a new version that was architectured to allow us to scale. It’s been improved hugely since then, but the basic micro-services architecture we developed back then is still the foundation of what we have at iProov today.

It was at this point iProov needed to scale up and start supporting large systems. We started to expand the workforce and built a structured tech team. I took on responsibility for the external facing software including web services, SDKs, APIs and integration documentation.

It wasn’t long before we were getting a lot of serious interest from customers. I moved into a more strategic commercial role helping to demonstrate what iProov could do for each bank or government department. We had one sales executive at the time and we became a dream team talking to customers. We closed our first deal with a large European bank and everything took off.

How did your move to the US come about?

We were growing rapidly in Europe, and commercial traction was starting to build in North America. We had a discussion internally and agreed that a US office was needed. I went home to discuss it with my pregnant wife and she agreed that it was a good time for us to make that move. After our daughter, Sophie, was born, we flew out as a family to the RSA conference to look at the US with a new perspective – our future home.

There were a lot of preparations – obviously for my wife and I from a personal point of view, but also for iProov in making changes to the team ready for my relocation. And then earlier this year we made the move and are now settled in a house in Maryland.

What do you miss most about the UK?

I do miss the actual UK office on the South Bank in London. There’s a real buzz about commuting into the city and being part of this incredible global hub. My journey – 30 minutes commute on public transport – allowed me prep time and thinking time ahead of my day.

The UK office is also an incredibly collaborative place. We have a very flexible policy on working from home but most iProovers choose to come in as often as possible, as there’s an energy and a lot of inspiration flying around. We’ve scaled up very quickly but we’ve put good structure in place to ensure that people know what’s going on and who does what, even as we expand.

I’m looking forward to building out the US team – we already have several people onboard – and I’ll be working with my colleague Simon Williamson to extend iProov’s unique, infectious, passionate company culture across the pond.

What does the future hold for iProov Inc and your North American team? 

North America is at a different stage to Europe and Asia-Pacific in terms of its understanding of biometric authentication. We’re bringing tried and tested use cases that have delivered huge benefits both to the business and the consumer, and that’s been incredibly important. The US in particular is a different market with its own unique challenges and opportunities so whilst it feels familiar, it is actually a fundamentally different landscape. It’s an exciting time for iProov and for the Palmers!

Contact us at contact@iproov.com to be put in contact with your US regional representative or follow us on LinkedIn and Twitter for more iProover profiles.

Back to Resources

face verification on android mobile

iProov releases next-generation Android SDK

30 March 2020

iProov is pleased to announce the release of its next-gen Android SDK, which delivers user experience improvements, easier integration, and performance enhancements.

New features in the release include:

  • Increased user experience control with asynchronous streaming
    Previously, an iProov authentication took a user through five steps before returning them to the customer app. This has now been improved; the user is now returned to the customer app immediately after the illumination stage, while the pass/fail result is pending. This allows customers to decide what their users see during those seconds.
  • New adaptive lighting model
    A new adaptive, evolutionary lighting model now controls how iProov responds to varying lighting conditions, replacing hard-coded algorithms. It will now be possible to dynamically update the lighting model. Customers will see immediate benefits, including increased first-time pass rates.
  • New filter options
    Customers can now change the colour scheme on the visualization of the user, allowing further customization. The ‘shaded’ option adds a light tint of colour, while ‘vibrant’ adds a full colour effect.
  • Pose control
    iProov is specifically designed to work from a wide variety of angles. Under normal circumstances, we actively encourage users to adopt a natural ‘from below the eye’ angle as this is how the phone is most naturally held. The latest release now enables customers to request a ‘face-on’ pose, which is appropriate for document compliance in some instances.

Visit our website for more information on iProov’s identity verification services. To keep up to date on further releases and other news from iProov, follow us on Twitter and LinkedIn.

Back to Resources

SC Awards 2020

iProov Shortlisted for SC 2020 Awards – Best Authentication Technology

27 March 2020

If you’re looking for a who’s who of the top cybersecurity technology vendors, the shortlist for the SC Awards is an excellent place to start.

The SC Awards are recognized as the gold standard of achievement for cybersecurity providers, products and professionals.

The 2020 shortlist was announced yesterday and iProov is extremely proud to announce that we are featured for Best Authentication Technology.

The shortlist was decided by a prestigious panel of expert judges, who use a set of criteria to recognize the industry players that are at the top of their game. iProov’s biometric Genuine Presence Assurance technology is being used by organisations around the world, including the U.S. Department of Homeland Security, the U.K. Home Office, the NHS, Rabobank, and ING, to provide consumers with secure, effortless access to online services.

 

What is Genuine Presence Assurance?

Genuine Presence Assurance allows governments, financial service institutions, travel providers, and other enterprises to confirm that an online user of a service is:

  • The right person – the individual trying to access an account or service is the holder of that account and not an impersonator
  • A real person – photos or masks are not being used to gain unauthorized access
  • Present right now – the authentication is happening in real-time and is not a replay attack, where a video of a previous authentication is rerun to gain unauthorized access

What are the SC Awards?

The SC Awards are recognized as the pinnacle of accomplishment for cybersecurity professionals, products and services. For over 20 years, the awards have recognized the vendors and leaders that are protecting consumers and businesses from cyber-attacks.

SC Awards Europe 2020 will be announcing the winners online on 2nd June 2020. In the meantime, keep in touch with iProov on Twitter or LinkedIn.

Back to Resources

FIDO Alliance passwords

iProov Joins FIDO Alliance

24 March 2020

iProov is pleased to announce that we have joined the FIDO Alliance, the industry association focused on reducing the world’s over-reliance on passwords.

Passwords have become increasingly unfit for purpose in a world where so much interaction is completed online and consumers are accessing large numbers of websites and apps.

Why are passwords unfit for purpose?

  • Expecting consumers to follow the guidelines for creating passwords (make passwords unique for every important account, make passwords longer and memorable, avoid personal or common words) is no longer reasonable. In a Google survey, 51% of people admitted to reusing the same password for multiple accounts.
  • As consumers increasingly rely on their browsers to remember passwords, the security risk increases – a laptop left unlocked, or that is compromised, potentially provides access to financial and reputation damage.
  • Stolen and reused credentials are responsible for 80% of hacking breaches.

How is iProov enabling the move to a passwordless world?

iProov’s facial biometric technology replaces the need for passwords. With iProov, a user authenticates themselves simply and securely with patented technology. By illuminating the face with a sequence of coloured lights, we provide Genuine Presence Assurance.

What is Genuine Presence Assurance?

Genuine Presence Assurance allows governments, financial service institutions, travel providers, and other enterprises to confirm that an online user of a service is:

  • The right person – the individual trying to access an account or service is the holder of that account and not an impersonator
  • A real person – photos or masks are not being used to gain unauthorized access
  • Present right now – the authentication is happening in real-time and is not a replay attack, where a video of a previous authentication is rerun to gain unauthorized access

Enterprises and public sector agencies around the world are using Genuine Presence Assurance from iProov to enable access to the most secure online services, from bank transfers to tax returns, without depending on passwords.

Which companies are FIDO members?

Other FIDO members include Apple, Amazon, American Express, Bank of America, Facebook, Google, ING, Intel, Mastercard, Microsoft, PayPal, Samsung, and VISA.

Keep up to date on our work in reducing the world’s over-reliance on passwords – follow us on Twitter or LinkedIn.

Back to Resources

Washington DC |

iProov at connectID: The New Frontier of Digital Identity Fraud

11 March 2020

How will we vote, pay, travel, work, interact and transact in a digital world, if identity fraud continues to threaten trust and security?

That’s the question that iProov will be helping to answer at the connect:ID conference this week in Washington DC. It’s a great event, attended by representatives from government and the private sector, that focuses on the need for new thinking to combat identity fraud in a digital, data-driven world.

Come and meet the iProov team on our booth #115, or join us in one of our presentations:

The Last Mile – Securely Binding Real People To Secure Digital Identities4.35pm, 11 March, Stage 3 | Andrew Bud, CEO, iProov

Come and hear Andrew talk about the work that iProov has been doing with governments and banks around the world, including the Department of Homeland Security, Home Office, NHS, Rabobank and ING. What are the threats that governments and banks face, what is driving those threats, and how can they be combatted?

What is Truly Secure and Passive Authentication? | 2.45pm, 11 March, Table 13 | Simon Williamson, Vice President Sales, iProov North America

Join our roundtable for a discussion on passive authentication; what is it and what are the security, usability, and commercial implications of different types of passive authentication.

Deepfakes: The New Frontier of Digital Identity Fraud | 3.20pm, 12 March, Stage 4 | Joe Palmer, President iProov Inc

Joe will be talking about how evolving deepfake technology is forcing a rethink on the way that governments and enterprises are protecting themselves and their citizens/customers against presentation and replay attacks.

If you’re not attending connect:ID and would like more information on these presentations or on our services, please contact us enquiries@iproov.com

What is connect:ID?

connect:ID is an identity conference and exhibition that focuses on how disruptive technology and policy decisions are driving much needed change in the world of identity, particularly in government and finance.

What’s on the agenda at connect:ID?

Also on the agenda this week: Trusted Authentication, Identity Proofing, Online Authentication, Remote Onboarding, Digital Identity Standards, Federated Identity, Know your Customer (KYC) compliance, anti-money Laundering (AML) compliance, Combatting Document Fraud, Border Control, Privacy and Consent, Compliance & Regulation, Meaningful Consent, Payments and Open Banking, Smart Cities, Protecting Citizens Online, Mobile Citizen ID, Next-Generation Biometrics, Traveler Identity, Seamless Traveler Journey, Biometric Exit/Entry, Advanced Passenger Identification, Secure Ports of Entry, Digital Identity Fraud, Presentation Attack Detection, Account Takeover Fraud.

Back to Resources

women of iproov image |

International Women’s Day at iProov

6 March 2020

International Women’s Day is a recognized day worldwide, celebrating the social, economic, cultural and political achievements of all women globally. We are moving into a very exciting time in gender balance history where the world notices its absence and celebrates its presence. We’ve seen movements like #PledgeForParity in 2016, #BeBoldForChange in 2017, #PressForProgress in 2018 and #BalanceForBetter in 2019. And so here we are in 2020, and iProov is celebrating #EachForEqual.

Susannah, our Digital Marketing Executive, had a fireside chat with Sital, Product Marketing Manager, Lynne, Global Head of Product Marketing, Sarah, Global Head of Marketing and Ju Lee, Financial Controller, to hear what International Women’s Day means to them, and what advice they would share with other women.

 

Susannah: What does International Women’s Day mean to you? 

Sital: It’s an opportunity to recognise the achievements of women and the contribution they make on a daily basis whilst juggling home and work. It gives us, as women, an opportunity to stop and take stock of our achievements and support each other. I am lucky that our community has hosted International Women’s Day events, an evening to dress up, spend time with like minded women. I look forward to hearing inspirational stories from women of non British background, and how they have overcome obstacles and flourished in Britain. This year I am organising my own little event too.

Lynne: An opportunity for women around the world to share and highlight their stories.

Sarah: Women’s rights are always under siege and we ignore that at our peril. International Women’s Day is a good opportunity to assess how far we’ve come and what remains to be done.

Ju Lee: It’s a day of celebration, to share achievements and to give each other a pat on the back. It’s also an opportunity to highlight how much still needs to be done and to remind us that to do nothing unwinds all the good work that has been done so far.

 

Susannah: Typically women are the primary carers for elderly parents and children, whilst balancing a career. What advice would you give to those juggling many roles across personal and professional life?

Sital: Firstly, remember to look after yourself. It’s easy to get wrapped up in the needs of those being cared for, but unless you are healthy and fit enough to look after others, it will fail. You have an identity that isn’t just being a carer, so make time for yourself. Secondly, ask for help!

Lynne: Remember how much you love them and how much they love you, but also sometimes accept that you can’t do everything yourself, you don’t need to be superwomen!  Ask for help.

Sarah: Set out what is important and how much can realistically be achieved in 168 hours a week and then try and keep the right balance between your priorities.

Ju Lee: There is no doubt that the challenge is tough but women are amazingly strong, resilient and resourceful. Keep reminding yourself of the positives of what you are trying to achieve, find support from others in a similar position and make sure you allocate time for yourself.

 

Susannah: Who do you hope to be a role model for?

Sital: Mostly my niece, but also younger family and community members.

Lynne: I’ve never thought about myself as a role model. I just try to do the best I can in every situation.

Sarah: Women should support each other but I do feel a special affinity with working class girls who don’t get to see the full scale of opportunities that are open to them.

Ju Lee: I hope that anyone who joins iProov will be able to see how women are valued in the company and opportunities given are based on merit not gender.

 

A note from Aarti, SVP of Product and Marketing:

Many of us are lucky to be part of organisations where equality is both a guiding principle and practise. Here at iProov, we are invested in our people. Our company values are initiated by our CEO Andrew Bud, to support and encourage a culture of diversity.

The range of demographics across the organisation, enables iProov to propel as a startup and remain current in its values. Our flexible working policies enable inclusivity, and women centric comms channels offer an ongoing hub of support. iProov encourages everyone to have a voice, and ensures that your voice is just as important as the next. Every Friday, we have a company stand up where everyone has time to speak about their achievements of  the week and offer a shout out to a colleague.

iProov enjoys celebrating the uniqueness of our people. Recently, we published a blog post celebrating International Day of Women and Girls in Science. The blog showcased the career trajectories and accomplishments of iProov women in STEM, and demonstrated some of the exciting work that STEM skills can lead to, to inspire young women to pursue STEM.

Back to Resources

iProov wins Finovate Best of Show 2020

iProov Wins Finovate Best of Show For Third Successive Year

21 February 2020

It is known as fintech’s ‘X-Factor’: at Finovate every year, the world’s most cutting edge technology companies showcase their latest products to hundreds of banks and other financial institutions.

Each technology leader gets 7 minutes to conduct a live demo of their latest product in front of banking technology experts from around the world. The audience then votes for their favorites. It’s not for the faint-hearted.

Last week iProov completed a remarkable hat-trick; we won Finovate Best of Show for the third year running. In 2018, 2019, and now again in 2020, Finovate attendees voted for iProov as a stand-out innovator, providing solutions to meet compliance, fraud, and usability challenges in the financial sector.

 

This year’s win was for iProov for Kiosk watch our demo here. Our customers can now use our biometric authentication technology to support secure, high value transactions in low security branches and other physical locations, such as kiosks or unmanned offices. Enterprises that will benefit from both mobile and fixed terminal authentication include banks (for Know Your Customer process and service access), governments (for citizen services and immigration) and travel providers (e.g. airlines, international train services and car hire). Read more about iProov For Kiosk here.

This was the latest in a series of wins for iProov:

  • iProov’s remote authentication technology has been extended to iOS users, who can now authenticate themselves using their passports and contactless NFC document reading from our partners Innovalor ReadID
  • Over 2.5million consumers have ‘iProoved’ themselves over the past 12 months as they accessed financial and government services, such as the Home Office’s EU Settled Status app
  • iProov became the first Genuine Presence Assurance solution in the world whose resilience to all types of attack, including video, has been conformance approved to ISO 30107-3 by a national standards laboratory
  • The iProov team has doubled in size, with new offices opening in London and the US.

For more information about iProov’s technology, click here.

Back to Resources

iProov office remarkable things

iProov Celebrates International Day of Women and Girls in Science

11 February 2020

Did you know that one of iProov’s talented team was known as ‘Particle Girl’ at school because of her love for science? To be honest, it was news to us too. But it’s International Day of Women and Girls in Science, and we decided to celebrate by finding out more about some of the extremely talented women that work here at iProov.

Susannah, our Digital Marketing Executive, sat down with Aarti, SVP of Product and Marketing; Gemma, from our Research Science team; and Trupti and Anindita, from our Software Engineering team, to hear about how they got into technology and what advice they would give to girls that are looking to STEM for a future career.

Susannah: What inspired you to start a career in Science, Technology, Engineering and Mathematics (STEM)?

Aarti: I was schooled in India, where the education system is focused on STEM subjects. As a child I was fascinated by the history of mathematics and inspired by the lives of the great mathematicians. It was a perfect amalgamation of art, science and philosophy. University was perfect for me to really delve into this subject and explore its various facets. At the time I was advised to pursue a more vocational subject, but I followed my passion, and have never looked back!

Gemma: I was an inquisitive child and wanted to understand ‘why’ to everything. At the age of five, my interest in science stemmed from my father studying Astrophysics. By the age of 11, I had won my schools science trophy and was nicknamed ‘Particle Girl’ because of my love of science. Academically, my whole world was science, which led me to studying physics at the University of Sussex. I learnt to code during my first year of university and loved that it enabled me to automate mathematical and data processing techniques. Whilst at university, I completed numerous internships in engineering and in data analyst roles. During my Masters year, I was looking to be really challenged and I came across iProov. An interview with Andrew Newell (Research Director) confirmed that iProov could offer the challenge that I was looking to sink my teeth into. I joined as a Data Analyst in March 2017 and was soon promoted to Research Scientist.

Trupti: I am inspired by every individual around me. But if I had to choose a role model then it would always be Dr A.P.J. Abdul Kalam, also known as The Missile Man of India and a symbol of positivity for me. He’s a former President of India, and his career in physics and aerospace engineering inspired me to start my journey into STEM.

Anindita: From my childhood I was fascinated by my metallurgist father computing complex metal alloy properties on small paper notepads. Following his footsteps led me towards studying computers and now I can’t remember when I used pen and paper for even small calculations!

 

Susannah: What is your biggest achievement in STEM and technology so far?

Aarti: To be able to use technology to change how over a billion people interact with their smartphones. Over my career, I have seen mobile phones evolve dramatically. In 2012, I had the opportunity to be involved with a consumer tech startup who made the first predictive text keyboard on a smartphone. I was able to work on a product that enabled people in emerging markets, like India, China and Brazil where English was not their first language, to communicate with one another. It was a challenge to make a predictive keyboard for multiple languages in non Latin script. However, there was a real sense of pride when I was able to launch that product to market and say I helped a billion people to communicate in their own language using their devices, allowing them to maintain their identity. I am now able to create the same power at iProov through a product that allows people to remain safe online.

Gemma: Building iProov for Palms. It was my first opportunity to run a full project and design systems from scratch. I enjoyed working across teams – usability, app design and with the backend team – to produce something really innovative. The skills and relationships I built for this project now enable me to work on other iProov products. That project really prepared the foundation for the passion and drive I have here.

Trupti: I’ve always been fond of sharing knowledge to help others. In 2011, I visited several schools in remote areas of India, who could not afford expensive software tools, in particular JAWS which is a screen reader for visually impaired students. We trained these schools to use ORCA to support the visually impaired students and designed a customised version to be distributed to other schools and colleges. In 2012, I was part of a training program for remote areas in India. The aim of the program was to introduce each community to open source and online education. I cannot claim it as a big achievement, but it was a step in the right direction and making people’s lives better.

Anindita: In my career so far I have been lucky to have the chance to live and work in 4 countries across 3 continents. Though this has meant uprooting oneself from one place to another, this has added to my adaptability. Though every award is a big encouragement, the first Star award I won as part of a team in Citibank Singapore in 2007 is my fondest memory. We all really enjoyed working hard on that project, writing code for adding new equity linked complex financial products for the Hong Kong fixed income business market. I have also been recognized quite a number of times at DXC for leadership and delivery excellence which was very encouraging too.

 

Susannah: What advice would you share with women and girls looking to pursue a career in STEM and/or technology?

Aarti: I often see young women and girls put off by STEM subjects. There is a lot of ‘I can’t’. But I believe there is nothing you ‘can’t’, there is only “what you can, what I can and what we can”. So please don’t be put off by the supposed ‘norms’ you see in society, because there isn’t a norm. You define the norm. So if you have an interest in STEM and technology, make it your norm and go full steam ahead. You will find willing mentors along the way, who have travelled on this road already, to lift you and support you in your career. You will also very quickly realise that your perspective as a young female adds immense value to a business.

Gemma: My main advice is: you can do it! I encourage you to try new things and do not be afraid to fail. Being a women in STEM/tech is not about being better than everyone else. It is about being unafraid and unapologetic to share your knowledge and skills. Do not let anyone else tell you what you can’t do. There is a place for you in the world of STEM – you just need to find it.

Trupti: My advice to all looking to start a career in STEM and tech is to be yourself and enjoy your work.

Anindita: I received this advice from my mentor and enjoy passing it on to future friends in industry. The key is to keep broadening one’s horizons and keep learning new STEM skills as well as life skills. All future tech advancements are predicted to require more and more interdisciplinary skills, so knowledge in all areas will play an important role in fulfilling a STEM career.

 

Susannah: What does the next generation have to look forward to in the STEM/tech industry?

Aarti: We are living in the best of times for technology where everything is moving very fast and it’s all very exciting. I don’t believe we can predict what technology will look like in 10 years’ time. But we can predict that it will be nothing short of exciting! If you are looking for the unknown, technology is the industry to be a part of. It can take the shape you want it to take. Young people bring in new perspectives and new skills; they’re the ones who will shape the world of technology. You have the opportunity to make a real dent in the world, more so than ever. You can look forward to bringing a change, and making our world a better place with technology!

Gemma: Machine learning is an emerging field with data scientists and machine learning engineers massively in demand. It is still a young market, so anyone joining the industry and learning from those who are experienced will have equal opportunities to forge ahead. Machine learning has gone from a poorly understood mathematical technique to AI being recognised for the massive role it is going to play in all of our lives. With improvements in technology and infrastructure (GPUs etc.), machine learning has opened up the world of possibility, resulting in more jobs. If done properly, machine learning can change the world for the better and we need smart and driven people to join us.

Trupti: The next generation should know that ‘A swarm in May is worth a load of hay’.

Anindita: Diversity. As life expectancy is increasing, very soon, the age of the workforce may well range between 20 and 80. We need to be prepared and look forward to learning and growing in an even more diverse workforce.

Back to Resources

iProov at Finovate Europe 2020

Join the iProov Demo at FinovateEurope 2020

10 February 2020

FinovateEurope is taking place in Berlin this week and iProov will be there – come and join our demo session on Thursday 13 February at 11.30am. If you can’t attend in person, follow us on Twitter for live tweets on what we’re revealing at the event.

iProov has won Best of Show at Finovate for the past two years, so we have a lot to live up to as we take to the stage looking for a third successive win this week.

Since the last Finovate we have:

  • Seen over 2.5million consumers ‘iProov’ themselves to access travel, financial and government services, in applications like onboarding and applying for settled status using the Home Office’s EU Settled Status app
  • Won a number of exciting new projects with global banks, public sector agencies and partners
  • Doubled the size of our team and relocated to lovely new offices

What will we be announcing at FinovateEurope 2020? Our CEO, Andrew Bud, will be presenting our demo and our team will be on the booth to answer your questions and tell you more about our services.

  • Join us on 13th February in demo session #6 and be a part of our new product annoucement
  • Book a meeting to chat with the iProov team about our services

What is FinovateEurope 2020?
Back in 2007, the Finovate team set about to create the most memorable event in financial services technology. Since then, the financial and banking focused event has grown globally to include FinovateEurope, FinovateSpring, FinovateAsia, FinovateFall and FinovateAwards. FinovateEurope is home of fintech innovation through unique, short-form demos and expert speakers on banking, regtech, payments, customer experience, investech, open banking and AI.

Who is going to FinovateEurope 2020?
FinovateEurope 2020 will host iProov and 1200+ other attendees, with over half coming from financial institutions. You can hear from 150+ innovators driving change in the industry and discover the latest developments from 50+ demos in open banking, tech, payments and insurance.

Event details:
Event Date: 11-13th February
Demo Session: #6 on 13th February
Location: InterContinental Berlin, Berlin, Germany

Back to Resources

iProov face verification on tablet

3 Usability Tips for a Slick Authentication Experience

1 February 2020

Whether it’s face ID or airport e-gates – it’s clear that face authentication has really taken off.

While we hear a lot about the ‘security and usability trade-off’, we’d like to suggest you can have the best of both worlds.

Here are some usability tips we’ve learned in the field.

Make the technology do the work, not the user

Placing demands on your user is a sure-fire way to add friction to an authentication experience. Performative actions like ‘look left’…‘blink’…‘recite number 3,2,1’…. ‘do 3 star jumps’ ….creates user frustration and ultimately an increase in abandonment.

Taking an approach that places the security demand on the technology, rather than the user, is not only better for security but skyrockets a user experience.

Deal with selfie anxiety

I want to log into my online banking discreetly on the train and avoid looking like I’m taking a shameless selfie. But do I want to look at my face at a  45-degree angle? No.

To avoid this trauma, consider distorting or softening the imagery. Many people assume distorted imagery lessens the user experience, but data collected by iProov suggests the opposite. 91% of people preferred or were neutral to iProov’s softened imagery, while only 9% would have preferred a photographic selfie.

Your user isn’t a mind reader

A user can’t authenticate? Why? Tell them what the problem is!

Are they too close to the camera? Are they moving too much?

Giving user feedback is essential to prevent frustrated users and increased user abandonment rates!

It’s also important to note that a solution shouldn’t even start unless your user is in a suitable environment.

If the authentication process is able to start in an environment that’s too dark, or too close then the solution has failed to do its job before it’s even begun.

Make sure your feedback has positioned your user for success!

Back to Resources

Deepfake threat protection at iProov

Deepfakes: The Threat To Financial Services

29 January 2020

We’ve just released a new report, Deepfakes: The Threat To Financial Services, which shows that 77% of financial sector CSOs are concerned about the impact of deepfake video, audio, and images.

The use of deepfakes in fake news, pornography, hoaxes and fraud, has created a storm of controversy. Earlier this month, Facebook announced plans to ban deepfakes from its platform, with concerns mounting about their influence on the impending US election.

We surveyed 105 cyber security experts in the financial sector, who told us that:

  • Personal banking and payment transfers were most at risk of deepfake fraud, above social media, online dating, and online shopping
  • Only 28% said that they’ve already put plans in place to protect against deepfakes, with 41% planning to do so in the next two years
  • 29% said that deepfakes were a significant or severe threat to their organisation
  • 64% said that the deepfake threat is going to get worse

Read Deepfakes: The Threat To Financial Services.

Andrew Bud, Founder and CEO at iProov, said: “It’s likely that so few organisations have taken action because they’re unaware of how quickly this technology is evolving. The latest deepfakes are so good they will convince most people and systems, and they’re only going to become more realistic.”

“The era in which we can believe the evidence of our own eyes is ending. Without technology to help us identify fakery, every video and image will in future become suspect. That’s hard for all of us as consumers to learn, so we’re going to have to rely on really good technology to protect us.”

What are deepfakes?
Deepfakes are videos, images or audio recordings that have been distorted to present an individual saying or doing something that they didn’t say or do.

If you think of the thing that you are least likely to ever say, and then imagine your friends, family or employer being shown a (convincing) video of you saying it, it is easy to see the potential for malicious misuse.

How do deepfakes affect banks and other financial services institutions?
For banks and other financial services providers, deepfakes could impact:

  • Onboarding processes could be subverted and fraudulent accounts created to facilitate money-laundering
  • Payments or transfers could be authorised fraudulently
  • Synthetic identities could be created, whereby criminals take elements of a real or fake identity and attach them to a non-existent individual

Read the report for more examples.

iProov is working with leading banks, including ING and Rabobank, to protect against deepfakes. Our biometric authentication technology has been built with unique anti-spoofing capabilities that establish the ‘genuine presence’ of a customer. For more information, our The Threat of Deepfakes webpage.

Back to Resources

2020 predictions biometrics |

2020 Predictions for Biometrics and Digital Identity

15 January 2020

By Andrew Bud, Founder and CEO of iProov

I think there are few more exciting sectors than biometrics and digital identity in 2020, and it’s a privilege to be in the midst of it all. Many of the themes that we’ve talked about for years, from digital identity as a service to biometric onboarding, will finally make it onto the main stage this year.

My top four predictions for 2020:

1. Digital identity as a service: serious players will emerge

2020 will be the year of the single digital identity. Serious industry players will start to emerge with credible, scaled offerings that allow consumers to create one digital identity for use in many different contexts and situations, from healthcare to car hire. The result for the consumer will be infinitely enhanced convenience, coupled with greater control of their own identity security.

Suppliers in this new market will likely come from different sources. Some will be national governments, others will be major commercial organisations – Mastercard has already declared an ambitious strategy in this arena – while others will come from unfamiliar sectors.

They will have at least one thing in common: a compelling reason for consumers to sign up and create a single identity in the first place.

2. Strong customer authentication (SCA) in banking will take off

We’re definitely going to see real action and innovation in strong customer authentication this year. This will be driven by the implementation of PSD2, whose provisions on SCA went largely ignored prior to the original deadline of September 2019. The new deadline for 2021 has been set, so we can expect to see a lot of activity here.

3. Biometrics for onboarding will become the norm

There’s going to be rapid acceptance of biometrics for automated onboarding in financial services in 2020. The regulations surrounding anti-money laundering, including 5AMLD and 6AMLD, make provision for remote authentication for the first time. They change the game entirely for how consumers go through the onboarding experience and provide opportunities for an overhaul of the services that banks can offer. This will be turbo-charged by Apple’s release last September of the ability to read passports contactlessly from iPhones, joining Android and making it ubiquitous.

4. The public will recognise the threat of deepfakes

The potential impact of deepfake videos and images will be felt by the general public this year. Ultra-realistic material showing people saying and doing things that they did not say or do will force all of us to recognize the possible implications. If someone can create a convincing video of Barack Obama being incredibly rude about Donald Trump, what other havoc could be wreaked on our lives using this ever-evolving technology? Our identities, our finances, and our reputations could all be at risk.

What binds all of these things together is trust and control over personal attribute data. Identity is a subset of the personal data ecosystem and we will see privacy, security, the rights of state, centralized identity versus self-sovereignty and other societal issues move up the agenda.

Find more information on iProov’s work in biometric authentication, or get in touch if you’re interested in working in this fascinating industry – we’re always on the look-out for talent.

Back to Resources

Simon Headshot Jan 2017 |

iProov welcomes Simon Williamson, VP of Sales for North America

10 January 2020

Written by Luke Moore, SVP Revenue

I am delighted to welcome Simon Williamson to iProov. Simon joins iProov’s Global Sales Team as VP of Sales North America. He is actively hiring a team of Regional Enterprise Sales professionals across America, so get in touch if you’d like to join our mission of increasing trust online with world-class biometric authentication technology.

Welcome, Simon! What attracted you to iProov?
There are three things. Firstly, the technology. iProov has found a completely unique, completely brilliant way of solving a significant challenge in people’s lives, namely how do I get access to services with my bank or the government or for travel without having to physically go into a building with my ID documents. The opportunity is huge. It allows businesses to increase customer acquisition, and it makes public sector services more easily available to millions of citizens. It’s such a customer-centric idea.

What was your second reason?
Nearly all of us have a digital identity that we use to identify ourselves online, often many times a day. For some, this has come at a cost: identity theft can be inconvenient at best and potentially life-changing at worst. There’s a huge amount at stake if criminals get hold of your identity, so it’s really cool to work in an area focused on protecting people. It’s a space that’s going to see huge growth and focus.

And your third?
The people. I was really blown away by the passion that every single iProover has. We’re all on a mission to achieve something really important in making the internet a safer place and that has created a very special working environment.

What are you most looking forward to?
Working with great organisations to help them reap the benefits of strong customer authentication. iProov is already working with the Department of Homeland Security here in the USA and that’s a great story that other public sector agencies and organisations can learn from. I’ve worked in technology for my whole career – I’ve got a technical background and I love solving business problems.

You’re British but you’ve lived in the US for ten years. Are you still an Englishman in Philadelphia, or is America home?
I love America. I still go back to the UK regularly to see family and watch my beloved Liverpool FC but I’ve lived here for a long time and I love it. iProov was born in the UK but is already helping US organisations to do business online more easily, so I get the best of both worlds in this new role. I’m looking forward to it!

Back to Resources

iProov DIACC webcast

Identity Matters

1 January 2020

Identity Matters is the mini-series made for and by Identity Professionals.
iProov has rallied the best and brightest in the identity industry, to bring you quick and engaging thought-leadership.

I’d like to see more content like this

Think iProov can help you?

Start a conversation to discuss digital identity

This episode’s Highlights

  • The role of Digital Identity during COVID19
  • Scaling inclusivity and accessibility
  • Encouraging widespread adoption

A big thank you to our guest

Joni Brennan, President of the Digital Identification and Authentication Council of Canada (DIACC).

 

Beyond 2020: Scaling Digital Identity

Back to Resources

Genuine Presence |

Proving Genuine Presence: The Three Tiers of Security

12 December 2019

You’ve probably heard the term ‘Liveness’ used within the authentication market. But have you heard of ‘Genuine Presence’? At iProov we use the term genuine presence a lot (and not just because we coined it.) It’s printed on our leaflets, our swag… we’ve even had #genuinepresence printed on t-shirts.

Why does Genuine Presence matter?
Determining Genuine Presence is critical to safeguard digital identity. Without Genuine Presence Assurance, mass fraudulent authentication claims can and will be passed. Undetectable attacks will be scaled and digital identity compromised.

What does Genuine Presence mean?
Online Biometric Authentication boils down three tiers of security.
The success of secure biometric authentication is determined by a combination of:

  • Matching – is this the right person?
  • Liveness – is this a real person?
  • Real-Time – is this transaction happening right now?

‘Genuine Presence’ refers to solutions that combine all three tiers. While the majority of the market is still grappling with Liveness – cyber attackers are exploring new, scalable forms of attack that bypass Liveness detection.

So, let’s break down Genuine Presence… tier by tier.

Face Matching: the ‘Right Person’

‘Matching’ is self-explanatory. Matching technology simply matches one set of biometric data to another, to verify the sets of data come from the same person.

Face Matching was first approached in 1964 by a scientist named Bledsoe. His process involved manually entering the coordinates at an average rate of 40 images an hour. We’ve come a long way from there – now matching is a heavily saturated market, with even the most sophisticated face matchers costing as little as 1 cent per match.

Face Matching has been used for surveillance use cases since the late 90s, but more recently Face Matching has been leveraged for Authentication.

Think of setting up a new bank account at home. Instead of going to the branch with your ID in person, with Matching technology you can simply take a picture of your ID and then a selfie. The two images are matched against each other to prove you are in fact the right person.

However, with the increase in face matching for remote, online authentication comes an increase in the exploitation of face matching systems. By now, a lot of people have seen the infamous examples of unlocking the Face Authentication capabilities on smartphones with simply a photo of the device’s owner.

Cue the need for Liveness Detection.

Liveness Detection: the ‘Real Person’

Liveness Detection attempts to verify that we are looking at ‘live user’ by defending against Presentation Attacks. A Presentation Attack is an attempt to pass a fraudulent identity as legitimate, by physically presenting something to a sensor.

In other words, Liveness detection differentiates the real users from the photos, masks and on-screen videos. Liveness detection tells us a user is a Real Person.

There are many methods of doing this – although systems can generally be broken down into two categories:

  • Gesture driven (Active systems)
  • Technology driven (Passive systems)

Gesture-driven Liveness requires the user to perform a series of unnatural actions to prove that they are real, e.g. blinking or facial movements. Our research shows this approach takes a user on average 2.4 attempts to complete a transaction.

Technology-driven Liveness requires no action from the user, instead using internal algorithms to detect spoofs. This approach takes a user on average 1.1 attempts to complete a transaction.

There was a time when a system differentiating a real face from a highly engineered mask was an impressive feat. However, we have entered a new era of identity spoof attacks. Dangerous cyber attackers don’t spend their time holding photos up to a camera. Presentation Attacks are just a small subset of the attacks that can be launched against a system.

Real-Time Detection: the ‘Right Now’

Real-Time Detection is the next tier of security in online biometric authentication. It is the final step to ensure that you are dealing with a user that is genuinely present, by defending against not only Presentation Attacks, but Replay Attacks.

But what is a replay attack? 

Say you perform a successful authentication transaction on your mobile phone. There could easily be malware on your device that you are unaware of. Such malware could record your authentication claim without your knowledge.

A cyberattacker now owns a video of you successfully authenticating.  Now, they can bypass the sensor completely (in this case the phone camera) and inject your previous successful claim directly into the app whenever they want.

This form of attack will pass all Liveness defence.

But how?

Because the claim is not of a mask, a photo or a video. The claim is of a real person, really authenticating. However, they are NOT authenticating right now.

Equally as dangerous is the emergence of Deepfake technology. Realistic synthetic videos of your face can be generated from your social media photos – synthetic imagery that Liveness detection is not equipped to deal with. Such synthetic imagery can be generated in real-time and can also be used to bypass the system’s sensors. Deepfakes can be made easily on free-download apps.

These forms of attacks are low-cost and scalable – two qualities that are very appealing to cyber attackers. These attacks are among the most dangerous and the least defended against.

It’s only a matter of time until these attacks are widespread. Will your systems be equipped to identify them?

Genuine Presence Assurance is critical to safeguard digital identity. We won’t stop talking about Genuine Presence until it is the expected standard of security. We also won’t stop innovating. Existing at the cutting edge of authentication – always a step ahead of the latest dynamic threat.

Back to Resources

deepfake 2 |

The Replay Attack Challenge

21 November 2019

Written by Andrew Bud, CEO & Founder

When we founded iProov in 2013, it seemed obvious to us that “replay attacks” would be amongst the most dangerous threats to face verification.  These occur when an app, device, communications link or store is compromised and video imagery of a victim is stolen; the stolen imagery is subsequently used to impersonate a victim.  Right from the start, we designed our system to be strongly resilient to this hazard. However, only now is the market beginning to understand the danger of replay attacks.

What is a replay attack and how can it be resisted?

A dwindling number of people still believe that face recognition is the key to the security of face verification.  It isn’t. In practical terms, it would be foolish of a criminal to try to impersonate a victim by trying to look like them – it is incredibly difficult to do and so unlikely to succeed that it is almost pointless.  Since our faces are all public and easy to copy, it is far more effective to present imagery of the victim. Most industry protagonists still focus on artefact copies – photos, screen imagery (stills or videos) or masks.  Lots of energy is spent on masks. Real-f Co., based in Japan, creates some of the most realistic masks available – the skin pore texture is perfect and even the tear-ducts glisten. Although they are visually compelling, such artworks can cost $10,000. Masks are not a scalable way to economically attack large numbers of victims.  Of course, robust detection of masks is essential, but there are bigger dangers.

If an attacker can implant malware on a user device, for example by getting users to click on a rogue link, such malware can potentially gain access to the imagery captured by apps on the device.  This is true of all apps, no matter how strongly they have been armoured. App hardening measures don’t block attacks, they simply increase the effort the attacker must invest to succeed. And if the prize is access to millions of devices, the business drivers to do so are compelling.  This is why, at iProov, we never rely on the integrity of the device. Once stolen, the video will be replayed digitally into a malicious device, bypassing the camera and never appearing on a screen at all.

That’s why our core Flashmark technology makes every verification video unique. Flashmark illuminates the user’s face with a one-time sequence of colours from the device screen. The illuminated face is what we call a “one-time biometric”.  Like a one-time passcode, the number sent by text message to authenticate to many secure services, it is obsolete as soon as it is used and is worthless if stolen.

Any malware or attack that attempts to steal a Flashmarked face video finds that it is totally useless – with the wrong colour sequence on the face, it is immediately detected and rejected.  This same technology also provides the industry’s only strong defence against animated stills, synthetic videos and Deepfakes, a threat iProov has highlighted for several years.

The great advantage of this technology is that it is extremely usable.  Other methods of replay defence destroy usability by bombarding the user with increasingly baffling instructions to move their head one way, then their phone another way,  then recite numbers etc. Very often, they fail because users don’t do as they are told or because quite simply it is impossible to understand the instructions. iProov Flashmark is entirely passive – no action is required from the user, so transaction success rates are uniquely high.

The suggestion that user devices are impervious, or that mobile apps can be made incorruptible, is misleading and dangerous.  We believe that at the heart of good biometric security lies the ability to detect and deflect attacks based on replayed stolen recordings and other digital imagery, directly injected into the dataflow.  Anything less lets down enterprises and their users.

Back to Resources

html5 image |

HTML5 v2. Beta

19 September 2019

We are pleased to make our HTML5 V2 Beta client publicly available on GitHub here.

Many of our partners and customers have been building web journeys for desktop, tablet and mobile. These sit alongside native applications as a major channel for user interactions.

Yet securing user identity in HTML5 is incredibly difficult. The browser platform is inherently less secure than native applications. Not only can you not trust the presented object in front of the camera, but you cannot trust the camera pipeline itself. Virtual webcams are available for free.  Anyone can inject fake video directly into a browser, which has no way to detect the source of the imagery feed.

iProov addresses this problem by fundamentally distrusting the imagery pipeline. iProov operates under the assumption that every authentication claim could be a fake video that has been injected directly into the browser. Our Flashmark technology creates a   “one time biometric” for every transaction which cannot be replayed or generated in real-time. We’ve summarised our thoughts on dealing with both PAD (Presentation Attack Detection) and RAD (Replay Attack Detection).

However, in solving this critical security challenge, we must address a new set of technical challenges. iProov work at the innovative edge of browser capabilities, often making use of browser features which have only been released in the last 12 months. Since we launched our HTML5 v1  client we have been diligently and vigorously testing in varied environments to improve: user experience, operating boundary,, ease of integration and platform and device compatibility

New features available in iProov Web v2 (NextGen)

The new version of HTML5 has been completely rewritten with an improved architecture for greater extensibility. Key features include:

User experience

  • Utilisation of user’s GPU to render the abstracted face
  • Improved filter algorithms to add more depth to the abstracted face
  • Added scan line to enhance the scanning experience
  • Replaced starting countdown with progress indicator
  • Added fade effects to polish user experience

Operating boundary

  • Improved video encoding to enhance FlashMark detection
  • Better synchronisation of FlashMark encoded frames
  • Enhanced algorithms to extract the video FlashMark
  • Greater control over the camera settings

Ease of integration

  • Greater control over the content presented to the user
  • Improved camera permission management
  • More configuration options to increase customisation
  • New language management and override system

Platform compatibility

  • Added support for all browsers that provide access to the camera
  • Mobile-first approach with responsive design
  • Support for compatible iOS, Android and desktop browsers
  • Ability to launch iProov app or SDK when embedded within a WebView

Device compatibility

  • New highly performant face detector enables  better support on low end devices
  • Dynamic detection and utilisation of hardware accelerated functionality
  • Improved performance allowing a wider range of device support

HTML5 V1 is not currently being deprecated, and we will continue to support existing commercial implementations of V1 . While V2 remains in Beta while we deploy further features, we recommend partners to integrate V2 Beta for any current or upcoming implementations ahead of its stable release.

Back to Resources

small face |

The Deepfake Age: Who gatekeeps digital trust?

19 September 2019

Written by Jim Brenner, Research Scientist 

As deepfakes continue to alarm journalists, politicians and pretty much anyone who dares participate in 2019’s digital-media-ruled society, many are looking beyond the J-Law/Steve Buscemi mashups and Trump/Dr. Evil sketches. Fears of a dystopian future in which we have lost complete trust in our physical senses are becoming increasingly real. Currently, researchers, governments and tech companies are wrestling with the very real threat posed by this AI-generated imagery, investigating how we might protect ourselves from future attacks of visual misinformation.

So far, identifying deepfakes has been reliant upon finding visual cues in synthetic imagery that doesn’t match the real deal. For example, a recent study extracted distinctive facial expressions from world leaders to determine the real imagery from the fake. However such approaches are somewhat of a cat and mouse struggle. When a new way to identify deepfakes is developed, deepfakers simply train models to combat them. In fact, as I was drafting this post, a new technique of expression style-transfer was published which will potentially make it much harder to detect deepfakes in this manner.

The general discourse instead seems to have shifted towards establishing trusted sources that we can rely on to feedback truthful information. This trend perhaps comes as no surprise to anyone who has followed the constant evolution of forgery over the past couple of centuries.

Traditional media corporations and newspapers are easy to single out as candidates for these “gatekeepers of truth.” At least in the context of attacks of political misinformation, something that is generally viewed as one of the most daunting and immediate threats posed from deepfake technology. However, one of the less frequently discussed threats (but potentially much more dangerous) is in digital authentication – and the potential arbiters of truth here are less obvious.

Any form of remote biometric authentication system (not just facial) is potentially vulnerable to deepfake attacks. After all, if I can realistically transfer someone else’s face onto mine, it isn’t too much of a leap to do the same for their hands or their eyes or indeed other more subtle biometric cues. Given the right data and a sensible approach, these techniques are easy to transfer. As the trajectory of authentication heads inevitably towards digital and autonomous systems, this is a reality we must face.

Whilst purely visual-based classification of deepfakes is unlikely to be viable for much longer, by controlling the whole capture process, we can develop more sophisticated methods for detection. iProov’s patented Flashmark technology is a direct solution to this issue; by illuminating the user’s face with a unique randomly-generated sequence of colors, we can detect whether the person behind the camera is not just the correct person, but also actually present.

By being involved in the capture process in this way, iProov can act as a trusted source of identity (much like a media company can act as a trusted source of news). So whether it’s a deepfake or another form of identity spoofing, iProov ensures a fraudulent identity can’t be passed as legitimate.

 

Back to Resources

replay attack |

Why Biometric Security Needs Replay Attack Detection

30 August 2019

Presentation Attack Detection or “PAD” is a growing topic within the biometrics industry. While this is definitely a step in the right direction,  cyber-thieves are still diligently exploiting security gaps in identity proofing and strong customer authentication. Exclusive focus on presentation attacks alone fails to address vulnerabilities to other forms of identity spoofing.

This article will illustrate how PAD alone does not guarantee biometric security.  CSOs and Compliance leads must also consider Replay Attack Detection. or “RAD”.

What is Presentation Attack Detection?

Biometric factors like your face, fingerprint, palm, or iris are inherently different to passwords. This is because their security is not reliant on secrecy. You can find a copy of my face on LinkedIn or Facebook in 3 clicks. You could print out a picture of my face and present it to a face authentication system.

If spoofing identity was simply a case of matching my face with the image being presented, my digital identity would be incredibly unsafe. Rather, biometric security relies on accurately matching a biometric that is genuinely present: the real face. PAD addresses the need for biometric matching to check whether the object that is presented to the sensor is the real biometric as opposed to a physical replica.

Effective PAD will stop someone from printing a photo of my face and holding it in front of my phone’s camera most of the time. It might even stop a $10,000 mask that was made by artisans in Japan using a 3D scan of my face.

The problem is that there are few identity fraud scenarios where the benefit of spoofing someone’s identity is worth the cost of creating a sophisticated mask. The real objective for cyber thieves is to find scalable, low-cost attack vectors which can be rolled out globally across large volumes of victims.

What’s the problem with Presentation Attack Detection alone?

There is an additional but equally critical challenge for biometric security:  ensuring there has been no interference from the sensor to the decision processing unit.

What if there is malware affecting the user’s device software or even a full hardware hack? For remote and unsupervised users on their mobile phones, there is always this risk of device compromise.

Browser-based biometric security methods are particularly vulnerable to camera pipeline hijack. This is because the operating system has no control over access to the real camera. Virtual webcam freeware allows users to inject imagery into the application whose real source is totally indistinguishable to the application.

In these cases, the digital service provider cannot be sure exactly how or when the information that reaches its servers was recorded. This means that imagery could be recorded from a successful claim, then retained. At the right moment, that image or video is injected into the application or directly into the network server connection – bypassing the camera entirely. This is a replay attack and it would pass any PAD security. A replay attack is qualitatively indistinguishable from a video of a genuine biometric.

Similarly, device malware can record imagery from the device camera during a successful authentication claim and later be replayed programmatically. This method is incredibly attractive for cyber thieves as it is easily scalable. Once the exploit has been found to work, it can be scaled to thousands of users with minimal incremental cost.

To summarise, PAD fails to addresses the question: “Is this a real authentication, recorded right now?” Biometrics with PAD alone cannot determine that a user is genuinely present at the moment of completing the transaction.

What’s Replay Attack Detection?

Replay Attack Detection is an approach that ensures each authentication claim is unique. Therefore a claim is invalid after the first instance it is processed.

Presentation Attack Detection versus Replay Attack Detection infographic

RAD must ensure a claim is unique with a codespace of random variables.  These variables must have a large enough range, that they are not susceptible to brute force attacks (retrying several variations until the replay version is successful).

Simultaneously, making a claim unique must not put the onus on the user to do something unique and different each time. Reliance on user interaction to create a unique authentication claim vastly reduces completion rates. Users frequently misunderstand instructions, resulting in a high rate of rejection of correct users and therefore user-drop outs.

iProov takes a different approach by timestamping every claim with a passive “FlashMark“. Using the device screen we project a sequence of colors on the user’s face. We then analyze the video to test whether the claim is real or replayed. With a codespace of over 1,000,000 possible combinations, no user will ever receive the same FlashMark twice.

PAD has become topical in recent years. Standards for PAD testing like ISO 30107 and NIST have been introduced.  iProov has been found to conform to such standards by the National Physical Laboratory, who found iProov’s PAD technology “state of the art”. At iProov, we’re thrilled that the market is now demanding biometric security which goes beyond accurate matching. However, we will continue to push the boundary and address the holistic security challenges the market is yet to focus on… because those are the security challenges on which the cybercriminals are focused.

Back to Resources

Account access small |

Identity in the Digital World

8 August 2019

In a world where most transactions are digital, remote and involve fewer and fewer personal interactions, identity is really important.

We use digital accounts to access everything from groceries to border control, from phone apps to pension statements. At the same time, organisations such as retailers, banks and government departments try to learn as much about you as possible to provide the most personalised experience, whether it be for commercial loyalty-card data capture, citizen security or Know-Your-Customer regulatory obligations.

Commonly, data is combined into a ‘profile’ of the individual. A profile which then represents the customer in the systems, and balance-sheets of organisations.  You provide your data to an organisation you want to interact with, subsequently creating a ‘profile’ that is used to authorise, secure, track and enable your activity.

However, what if your data is compromised? How are organisations protecting the data you entrust them with?

Traditionally, organisations gatekeep data with the likes of passwords, pin codes or security questions. Asking you to prove your identity by supplying information only you could know. But this information can be compromised, stolen or forgotten. Passwords etc are ultimately not very secure and are annoying for the end-user. However, with the arrival of biometric solutions, this approach to gatekeeping data can be revamped.

When customer profiles are tied together by a robust, secure biometric, instead of something like a password, the emphasis switches from information that the user knows to being driven by what they actually are. The best biometric for this use case is the face, as it not only proves your identity but ties you to your legal identity. The Face is the only biometric that is found on government issues documents (passports, driver’s licences etc.)

With this in mind, and using technology such as iProov, I can now use my face to assert my identity, and my genuine presence, to request access to the products or services I’m looking for. I’m essentially saying “I’m a real person, I’m the right person, and I’m here right now, let me progress/enter/transact…”

By asserting my identity with biometrics, digital transactions and digital profiles can evolve from relying on passwords to true identities. These ‘Digital Identities’ can then be applied across multiple services, eliminating the need for remembering and using a separate set of credentials and shared secrets for each service.  Now, individuals need only one thing to assert who they are, their face, enabling them to engage more easily in the digital economy.

And how many of your customers would prefer to feel in control of their digital identity with an easy, and secure, customer experience?

Back to Resources

office side by side |

From leaky roof to a rooftop bar. The story behind our office move.

5 August 2019

iProov’s first permanent location was a cupboard-esque room at 39 York Road. Kindly described as ‘cosy’ by longstanding iProov team members. Unsurprisingly, very quickly we were bursting at the seams.

So we knocked down the wall and filled the new space with more desks. However, we had the luxurious problem of becoming a successful business. We found ourselves in a cycle of winning deals, expanding our team and running out of space. In total, we knocked down the wall four times.

39 York Road was a loving DIY project. We ripped up the stained blue carpets, replaced the orange filament lights with sparkling LEDs and built two new meeting rooms. ‘IKEA desk construction’ sessions became a Friday afternoon ritual when we had a fresh wave of recruits starting on Monday.

Although, the situation was still far from perfect. The iProov Amazon account was flooded with orders of electric heaters in the winter and desk fans in the summer. One corner of the office was renowned for leaking during particularly heavy rain. While this was ‘resolved’ with a succession of carefully placed buckets, there was nothing we could do about the steady and immensely annoying ‘drip….drip…….drip’ noise.

Actually getting to the office was also an ordeal. The building lifts were in a constant state of ‘Out of order. Sorry for any inconvenience.’ It was considered an in-house miracle if two lifts happened to be working simultaneously. Breathless climbs of 8 flights of stairs were more often than not, the quickest way up. Although far from dazzling, the office was sentimental. The place where we won our first customer, secured the first-ever overseas contract with the DHS, where we built iProov Palm Verifier and grew from fewer than eight employees to almost forty.

These achievements kept morale high and our team strong. Nothing knits people together like power drilling desks and mutual heatwave empathy in a building with no AC. Everyone at iProov believed in our mission, we were so focused on building and delivering the best product possible, we often forgot the ceiling leaked on us. There was a mutual understanding that this was a temporary ‘rough patch.’ The collective belief that iProov would ‘make it big’ was steadfast.

As if to reaffirm this faith, the construction of the shiny new WeWork headquarters began directly opposite 39 York Road. We secured a private space almost immediately, fully equipped with 5x the desk space, many meeting rooms and complimentary London skyline view. 2018 onwards was spent longingly gazing out of the window into the glamorous glass walls of our future office across the road. It was a gruelling 12-month countdown.

We left 39 York Road empty on the morning of the 22nd of July 2019. While the thought of never building another IKEA desk again is somewhat bittersweet, we are excited.

The iProov offices are now state of the art. We are a globally successful business, a reality that has been cemented by free barista coffee, beer on tap and lunchtime ‘puppy therapy’ sessions. Even the desks came pre-built and we are pleased to say the ceiling looks very robust!

There is now a renewed atmosphere of excitement (and not just because we’re feeling invigorated by our 8 am yoga class and cucumber water.) For us, this office move is a very real reminder of how far we have come.

This is a  new era for iProov. We will continue to research, innovate, build and preach the iProov philosophy with even more vigour. We are better equipped to tackle the market head-on.

Like the sound of it?

We’re recruiting.

(And now we won’t have to knock down any walls.)

A huge shoutout to Axel and Martin, the two team members who saw iProov through the move. 

Back to Resources

small opening a bank account 2 |

London: Global Fintech Capital…yet it’s impossible to set up a bank account.

18 July 2019

Written by Roel Baars.

I have recently moved to London for work from the Netherlands. In the highly innovative, fintech capital of the world, I expected opening a bank account to be an easy process. I was prepared for London life to be expensive but I didn’t anticipate how difficult it would be to open a bank account to actually pay for something.

First, I tried to sign up for an account online. I was prompted to complete the process over the phone. After several minutes on hold, an agent asked me to come to the local branch with my ID and a copy of my housing contract, a very laborious method of proving my address and identity.

At the branch, the clerk asked me for a utility bill for proof of address, which I could not provide as I had not received one for my new apartment.

…I decided to open an account at another bank.

This online application prompted me to submit a UK phone number, to link my account to my device and act as a critical ‘something you have’ factor for repeat authentication. However… to get a UK phone number, one needs a UK bank account.

So, I called my utility provider and asked for a bill. After a few weeks, I received my bill and took it to the local branch of the first bank. Finally, after hours on the phone, in the bank branch and after weeks of waiting, I was able to sign up for a UK bank account.

The whole process was gruelling. In the Netherlands, signing up for a new bank account is far simpler! Banks such as ING and Rabobank have completely digitised their customer onboarding journeys by leveraging iProov’s authentication technology. With iProov, customers can easily and securely sign up for a bank account from their sofas.

To conclude, I’m going to try and set a meeting for both of these British banks.

Connect with Roel: https://www.linkedin.com/in/roelbaars/

Back to Resources

Webp.net compress image 1 scaled |

iProov wins ‘Best of Show’ at Finovate Europe for the second year running

14 March 2019

Described as ‘the highest energy demo of the day’ by audience members, iProov’s 2019 Finovate Europe demo was voted ‘Best of Show’ for the second year running.

The 7-minute demo was delivered by CEO, Andrew Bud, and supported by our Product Manager, Gabriel Turner.

The demo kicked off with a recap of our award-winning technologies that are currently live and in production: Face Verifier and ID Matcher.

We showcased Face Verifier for strong customer authentication and ID Matcher for secure customer onboarding. During our demonstration of ID matcher, we were delighted to announce Microblink as our latest document capture partner. Together, we look forward to creating seamless customer onboarding journeys with staggering completion rates.

Last but not least… we unveiled our latest innovation.

iProov Palm Verifier.

Palm Verifier offers highly secure authentication using an alternative biometric. Like our face-based products, Palm Verifier is supremely simple to use and requires no specialist hardware.

The product leverages our distinct Flashmark technology to check for the genuine presence of a 3D palm and protect against identity spoof attacks.

We are delighted to add another ‘Best of Show’ trophy to our collection and excited to be shaping the market with our latest innovation!

Watch the full demo here.

Back to Resources

best of show |

iProov Wins Finovate Best of Show 2018

26 April 2018

iProov was selected for the second year running to present its novel technology at Finovate Europe 2018, and walked away with the Best of Show award. The meticulously choreographed 7 min live demo was delivered by iProov CEO Andrew Bud with support from Matthew Pearch, iProov’s Commercial Director.

iProov demonstrated the world’s first app-less network-based onboarding and authentication solution based on face verification and NFC-based contactless reading of documents. Exploiting recent advances in web and mobile OS technologies it enables financial institutions to deliver the full capabilities iProov via mobile web only to users without any prior app installation.

Also demoed was a new capability to use iProov on a personal device to authenticate any external event, including access attempts form a computer lacking a webcam or video permissions, authentication to an ATM without special hardware, or physical access without local hardware. This method, know as iProov Push and the subject of a recently granted UK patent, had not been demonstrated in public before.

Back to Resources

iProov SINET16 winner

iProov SINET16 Winner

26 September 2017

iProov has been named one of the 2017 SINET16 Innovators!

Each year, SINET evaluates the technologies and products of hundreds of emerging Cybersecurity companies from all over the world, and selects the 16 most innovative and compelling companies. These 16 companies, known as the SINET 16 Innovators, are invited to present their products and solutions on stage in Washington D.C. at the annual SINET Showcase.

Back to Resources

citi tweet 2017 event |

Citi Announces Winners of the Tech for Integrity Challenge Demo Day in Singapore

14 June 2017

“Singapore – Citi is pleased to announce the three award recipients from Citi’s Tech for Integrity Challenge (T4I) Demo Day held June 9 in Singapore.

T4I is a landmark effort of Citi to encourage technology innovators from around the world to create cutting-edge solutions to promote integrity, accountability and transparency in the public sector and beyond. Awards accorded to the winners include a total of US$5.5 million in kind and cash for the global Challenge

The award recipients from the Singapore Demo Day include:

  • T4I Award – iProov, London, United Kingdom The iProov Verifier solution secures online authentication using face matching, uniquely protected from replicas and replays with patented One Time Biometric technology.
  • Peer Choice Award – identitii, Sydney, Australia, and iProov, London, United Kingdom identitii helps banks share information over existing financial messaging systems like SWIFT to improve financial crime compliance.
    The iProov Verifier – please see above
  • Audience Choice Award – Sqreem Technologies & Synechron, Singapore
    Sqreem fuses structured and unstructured data to provide an early warning system for anomalous behavior that may indicate financial crime. “

Read the Full Article

Back to Resources

KNOW |

Acuity Brings Biometric Debate to K(NO)W Identity Conference

17 May 2017

iProov’s Founder & CEO Andrew Bud spoke at the  K(NO)W Identity Conference as part of the ‘Convenience, Security, And The Next Step For Biometrics’ panel hosted by Acuity Principal Maxine Most on day two of the event.

“The inaugural K(NO)W Identity Conference is underway in Washington, DC, and as one would expect from an event aimed at shaping the future of identity, biometrics are playing a major role. Biometric authentication is being taken for granted in many of the conversations occurring at K(NO)W, often with fingerprint authentication on a smartphone mentioned as a run-of-the-mill login option, but when it comes to the deep discussions on biometrics, research firm Acuity Market Intelligence is doing much of the heavy lifting.”

Read the Full Article

Back to Resources

Citi Tech for Integrity (T4I) Challenge 2017

Citi Unveils Finalists to Showcase Integrity Solutions to Citi & Ally Executives, Government Entities & Special Guests

12 May 2017

“Announced in February 2017, Citi Tech for Integrity (T4I) Challenge a global initiative to source solutions to promote integrity, accountability, and transparency in the public sector – brought together 80+ allies and contributors including governments, regulators, Fortune 500 Tech companies, international NGOs, and local allies.”

“The T4I Strategic Allies include PwC, IBM, Mastercard, Let’s Talk Payments, Microsoft, Facebook and Clifford Chance. The T4I Government Sector Allies include Abu Dhabi Global Market (ADGM), the Indian government’s Ministry of Electronics and Information Technology, Monetary Authority of Singapore (MAS), Mexico Digital, and the Government of Argentina.

Approaching the culmination of the challenge, Citi is proud to unveil 103 finalist solutions in EMEA, APAC and LATAM regions that will present at the Demo Days and showcase their integrity solutions to Citi executives, ally executives, government entities and special guests in six locations around the world.”

iProov will be presenting at the Citi T4I Demo Day in Singapore June 8–9 2017.

Read the Full Article

Back to Resources

fcasprint |

FCA TechSprint March 2017

21 March 2017

On the 14th & 15th of March, members of the iProov team participated in the 3rd two-day TechSprint organised by the Financial Conduct Authority (FCA) and hosted by PwC on the theme of “Money and Mental Health”.

The FCA is working with the Money and Mental Health Policy Institute to achieve real change by bringing together financial services and technology organisations, encouraging the industry to come up with practical innovative solutions that address the challenges faced by those with mental health problems and their financial services providers.

The solutions developed collaboratively over the two days by cross-organisational teams including developers and designers from iProov, Monzo, Aire, Hitachi Data Systems, Lloyds Banking Group and Nationwide Building Society included “the NIV-Bot” (a chat bot which allowed users to delegate access responsibility using iProov), “MoneyBuddy” (a solution to help enable better financial decisions, including a trusted buddy, user mood feedback, and improved user accessibility) and “Money Jars” (allowing users to set aside their fixed monthly costs in protected “jars”).

 

Back to Resources

cyberUK roundup |

CyberUK 2017 Roundup

20 March 2017

A very exciting three days for iProov at the NCSC’s CyberUK event! Held at the ACC Liverpool from 14-16 March, CyberUK is the Government’s biggest and most influential IA and Cyber Security event to date, hosted by the National Cyber Security Centre (NCSC).

Our team was busy showing the iProov Verifier solution for authentication and remote onboarding to delegates at our stand in the Innovation Zone (sponsored by the DCMS) of the conference.
On the first day, CEO & Founder Andrew Bud delivered a Dragon’s Den-style pitch (an initiative of the DCMS Cyber Security Growth team) to the NCSC’s Dr. Ian Levy, Jon L and Rob T. After facing the “dragons’” questioning, iProov was chosen as the winner of the competition, which was announced by Ciaran Martin (Director, NCSC) during the conference.

The reward for the winner is assistance from the NCSC that will be tailored to suit the selected product or service. It could take the form of developing, assessing and piloting their product or service. It may include consultancy on the technology, targeted penetration testing of the product to improve its security, or potentially working with a government department to test deploy the offering.

After winning the competition, the iProov team also had the opportunity to give a 4-minute presentation on the conference’s Spotlight Stage during the networking evening of day 2 and was featured on BBC Radio4’s You&Yours and itv’s Good Morning Britain.

CyberUK iProov Media

Here are the links to some of the highlights:
NCSC Blog Post “In the Den with the Dragons”
NCSC News “Cyber Security summit closes with commitment to a more diverse future”
ComputerWeekly.com “NCSC commits to greater diversity”
Wookbox.com “NCSC devotes to higher variety”
BBC Radio4 You&Yours “Cyber UK, Mobile phone charges, Granny chic”

Read more about CyberUK

Back to Resources

finovate demo |

Finovate Europe 2017 Roundup

14 February 2017

Two very exciting days at Finovate Europe in London for the iProov team:

Our first live demonstration was of the BT Agile Bank prototype app, which is currently in BT’s Innovation Showcase in Adastral Park. Here, the iProov SDK was seamlessly integrated into the banking app for simple and secure account login purposes. It then repelled an attack with a retina video of Matthew blinking and smiling.

Mobile iOS data vault application FaceCrypt was demonstrated next. This app, which is available on the App Store today, uses iProov to protect access to sensitive personal data such as passwords and credit card numbers.

The final live demonstration showed a revolutionary mobile onboarding app in action.  Armed only with a passport and an Android phone, DNB Innovation Lead Ronny Khan showed how a user can be securely verified for KYC/AML purposes.  This app, which generated enormous interest, was developed using the ReadID product of our partner, Dutch ID document experts InnoValor.

DNB app demo screen

Using InnoValor’s ReadID technology to scan the MRZ information and read the embedded NFC chip of the passport, the thus obtained high-quality image of the passport holder is used to authenticate against an iProov selfie capture to make sure that the correct person is physically present for the onboarding process.

A video of the whole 7-minute presentation coming soon, but in the meanwhile you can see the onboarding demo at the link below:

Watch the onboarding demo

Back to Resources

btshowcase 2 |

The future of banking security: take a glimpse at the BT Adastral research centre

8 February 2017

iProov showcased their unique biometric antispoofing technology to Techworld at the BT Adastral Park research centre in Suffolk.

“The business of banks relies on keeping savings safe, but hackers are finding ever more sophisticated methods to access them.

Swindlers stole £755 million across payment cards, remote banking and cheques in 2015 according to Financial Fraud Action UK, an increase of 26 per cent compared to 2014. The declining cost of technology is lowering the barriers to entry for budding fraudsters, while emerging technologies give them new methods of theft.”

Back to Resources

wired pressclipping frame 2 |

iProov @ WIRED Security

20 October 2016

“Meet the hottest security startups making the web a safer place to be”

iProov CEO speaking at the Wired Security mainstage about the challenges facing biometric technology.

Continue Reading

Back to Resources

sony fintech innov |

iProov wins the FinTech Innovation Challenge by SONY

21 June 2016

iProov to commence with PoC project within Sony Corporation

The winning solution is Verifier, iProov’s next generation strong authentication service. It combines great simplicity of use with very high levels of security, in a cloud-based authentication-as-a-service solution that works on mobile devices and Windows computers.

Download Press Release

Back to Resources

|

iProov @ the FCA TechSprint

30 May 2016

In April 2016 iProov took part in a 2-day technology idea and innovation TechSprint event hosted by the FCA. The Financial Conduct Authority brought together leading financial organisations, regulators and FinTech companies to collaboratively develop solutions around financial inclusion and making banking more accessible.
The event was held to support an Occasional Paper on ‘Access to Financial Services in the UK’, which was published on 24 May 2016.

“In April 2016, the FCA brought together a group of financial services and technology firms along with consumer groups for a ‘TechSprint’ event. Each development team was given 48 hours to come up with a prototype solution to overcome seemingly intractable access barriers.Organisations taking part included peer-to-peer lender Funding Circle, FinTech firm iProov, technological innovator HCL, Lloyds Banking Group and Visa. Judges included representatives from the FCA, Post Office and Fidor Bank. In direct opposition to normal commercial principles, the vast majority of TechSprint participants chose to create cross-organisational teams to maximise knowledge, experience and creativity. Freed from any one commercial perspective, business or technological model, the resulting solutions were framed entirely from the consumer’s perspective. The developed solutions ranged from working models to mobile, tablet and laptop applications that were virtually ready to use. Prototypes included advanced facial recognition, voice recognition with speech playback and a multi-lingual capability and simplified command buttons to help make services easier and simpler to use. Personal control over individual identity and data also featured strongly.” (FCA, Occasional Paper 17, 2016)

Back to Resources

NOVA24copia scaled |

Il conto, la tua voce

18 April 2016

An article discussing the use of biometric technology for banking published in nòva Il Sole 24 Ore (in Italian).

“Riconoscimento biometrico degli utenti e semplificazione dei servizi e delle app. La banca “distribuita” che arriverà ad avere una sola app per fare tutto, senza passaggi autorizzativi, richiede un maggior livello di sicurezza. Ci sono banche che già utilizzano il riconosciemento vocale o facciale.”

Continue Reading

Back to Resources

kpmg |

iProov Verifier selected as the winner for the CyberSecurity & Biometrics category of the KPMG FINTECH INNOVATION CHALLEGE

21 January 2016

“The KPMG FinTech Innovation Challenge was launched with the intention to source six groundbreaking FinTech innovations to match with multiple financial institutions at the FinTech Innovation Summit, hosted by KPMG in London from 10-11 February 2016.

This is the second annual summit arranged by Matchi to promote collaboration and innovation between both FinTech firms and financial institutions. Confirmed summit participants include Caixa Bank (Spain), Bank Hapoalim (Israel), Rabobank (Holland), Nationwide (UK), Standard Bank (Africa), Westpac (Australia), AIB (Ireland) and Liberty Group (South Africa).”

Continue Reading

Back to Resources

meffys logo |

iProov named finalist for the 2015 MEFFY Consumer Trust Award

10 September 2015

iProov, the world leader in user-friendly, highly secure authentication on mobile devices, has been named a Finalist in the prestigious international MEFFY awards for its Verifier service.

The success recognises iProov’s contribution to user trust by authenticating users to extremely high standards of security whilst delivering an exceptionally easy, simple and accessible user experience. iProov uses a unique combination of high-performance face verification and its patented protection against all types of spoof and forgery. Its authentication service is used by enterprises including financial services providers, healthcare operators and entertainment majors.

The Awards, now in their 12th year, reward innovation and recognise commercial success across the mobile ecosystem. Judged by an independent panel of 40 journalists, analysts, accelerators and VCs from around the globe, the winners will be announced at a glittering gala dinner on October 19th 2015 in London.

The other shortlisted finalist for the Consumer Trust Award are AVG, F-Secure, the International Age Rating Coalition (IARC) and Smart e-Money.

Back to Resources

Get a demo