Guide to biometric conformance testing and certification

What You Need to Know About Biometric Conformance And Testing

March 6 2024

In today’s digital landscape, remote identity verification has become crucial for ensuring security and trust. Facial biometric verification has emerged as one of the most secure and trusted methods. However, organizations require a level of confidence that they are choosing a proven solution.

Conformance testing plays a vital role in ensuring the effectiveness and integrity of biometric systems. It can provide a benchmark for accuracy, capability, and interoperability – which instils trust, enhances system performance, and reduces the risk of fraud or unauthorized access.

iProov, a pioneer in the biometric identity verification space, has undergone extensive efforts to make its Biometric Solutions Suite one of the most accredited, thoroughly tested, and robust in the world. 

First, we will review iProov’s existing conformance testing framework certifications, and then consider how biometric security must go beyond those existing frameworks. 

iProov Conformance Achievements

iProov has achieved the following certifications and accreditations, demonstrating commitment to industry-leading standards and best practices. 

ISO/IEC 27001:2013

ISO IEC 27001 2013 Certification

ISO is a standard that seeks to ensure organizations have adequate and appropriate information security management systems in place. It provides credibility that an organization is protecting customer data and taking data security seriously.

  • Frequent voluntary audits by the British Assessment Bureau reinforce iProov’s commitment to protecting customer data.
  • Our ISO Certificate number is 231387 and can be verified here.

SOC 2 Type II

SOC 2 Type II Logo Certification

SOC 2 is an internationally recognized standard that verifies effectiveness of controls managing customer data in a cloud-hosted environment. 

  • This certification assures that iProov’s system is designed with suitable organizational controls to protect sensitive information. 
  • Linford & Co conducts annual audits, ensuring iProov’s ongoing commitment to data confidentiality and privacy.
  • Learn more about iProov and SOC 2 Type II here

Web Content Accessibility Guidelines (WCAG) 2.2 AA

WCAG W3c 2.2 AA Certification Logo

Web Content Accessibility Guidelines (WCAG) are an internationally recognized accessibility best-practice standard for digital experiences. All iProov facial biometric products are conformant to WCAG 2.2 AA, demonstrating iProov’s user-centric design, emphasising inclusivity and accessibility.  

European eIDAS Regulation To Qualified Trust Service Level And eID Level Of Assurance High

European eIDAS Regulation to Qualified Trust Service Level and eID Level of Assurance High

iProov solutions conform to EN 319-401, certified by independent auditors including TÜV Austria and Ernst & Young for conformance to eIDAS Clause 24 1(d). In addition it is modular certified as compliant with eIDAS regulations for the provision of biometric verification and authentication services, ETSI EN 319 411-1 and ETSI EN 319 411-2. 

eIDAS Levels of Assurance refers to the “degree of confidence in the claimed identity of a person”. Conformance with LoA High provides confidence in the rigour and strength of the solution. 

  • iProov’s compliance with eIDAS regulations enables iProov to supply onboarding and authentication services to Qualified Trust Service Providers (QTSPs) throughout the European Union (EU) without complicated integration audits being required.
  • iProov is the first to achieve LoA High conformance, setting the international standard for security. 
  • Learn more about the significance of eIDAS and iProov’s association here.

UK Digital Identity and Attributes Trust Framework (DIATF)

UK Digital Identity and Attributes Trust Framework DIATF certification logo

  • iProov is a certified Digital Identity Service Provider (IDSP), having undergone a rigorous independent assessment.
  • Annual audits by EY British Assessment Bureau attest to iProov’s adherence to the highest standards in technology, security, and processes.

iBeta ISO/IEC 30107-3 and ISO 9001-2015

iBeta ISO IEC 30107 3 and ISO 9001 2015 certification logo 2 iBeta ISO IEC 30107-3 and ISO 9001-2015 certification logo level 2

iProov conforms to the relevant requirements of ISO/IEC 19795-1:2006 and ISO/IEC 30107-3:2017.

  • Our methodologies for testing presentation attack detection sufficiently conform to ISO standards – audited by both iBeta and the UK National Physical Laboratory (NPL).
  • iProov also conforms to ISO 9001:2015,  audited by the British Assessment Bureau, ensuring comprehensive testing practices.

CSA Star Attestation

ISO IEC 27001 2013 Certification

The CSA Star Attestation is the “industry’s most powerful program for security assurance in the cloud.”

  • Annual audits by EY ensure iProov’s employees are professionally developed to achieve cloud security competency. 

Australian IRAP (Information Security Registered Assessor Program)

Australian IRAP (Information Security Registered Assessor Program) logo

  • iProov conforms with IRAP in line with Australian Signals Directorate (ASD) policies and standards.
  • Annual audits by Foresight establish iProov’s ongoing conformance to high-security standards set by the Australian government.

iProov has also been exhaustively tested outside of conformance standards: The Department of Homeland Security deployed cutting edge techniques to spoof iProov, but were unsuccessful. iProov was also verified by the UK, Singapore, and Australian governments as part of their National Due Diligence. 

In essence, these achievements signify iProov’s dedication to industry-leading standards, emphasising not only the effectiveness of our biometric solutions but also our commitment to user accessibility, data security, and global regulatory compliance.

Visit our Compliance Repository to learn more.

What’s The Difference Between Compliance And Conformance Testing?

Conformance testing is voluntary, whereas compliance with regulations is a legal requirement. For example, all entities that process data in the EU must be compliant with GDPR by law. Accordingly, iProov complies with the UK Data Protection Act and EU GDPR. Conformance testing, however, is not a legal requirement – organizations choose to conform to standards such as ISO, WCAG, eIDAS, and iBeta of their own volition. 

If you are evaluating biometric vendors, examining which standards those vendors conform should be an important step in selecting  the right supplier. Achieving conformance to a variety of standards indicates that a given biometric supplier has been third-party tested, and may identify if the vendor is equipped to meet your needs.

Limitations On Existing Conformance Testing For Biometric Solutions

Conformance testing is well suited for demonstrating adherence to relatively stable goals, such as the usability and accessibility of a technology.

But when it comes to biometric cybersecurity, the threat landscape is anything but static. Evaluation to ISO/IEC standards for presentation attack detection (PAD) are among the most common testing provided by certified, independent laboratories. But in today’s threat landscape, this does not go far enough. 

Sophisticated attacks that involve digital injection, face swaps, and generative AI have skyrocketed. But he industry currently has no standards to certify a solution’s ability to detect and defend against digital injection attacks or metadata manipulation – leaving a vacuum that threat actors are eager to fill.  It’s important  to certify defenses against what we already know and understand, but biometric vendors also need to observe and understand novel, evolving threats like injection attacks in real-time – and be able to roll out defenses against them as quickly as possible.

Leading analyst Gartner urges businesses to choose a vendor that takes a proactive approach to security, after announcing that “30% of Enterprises Will Consider Identity Verification and Authentication Solutions Unreliable in Isolation Due to AI-Generated Deepfakes by 2026”. This highlights the need for biometric vendors to proactively address novel and evolving threats, rather than solely relying on testing against known attack vectors. 

How Does iProov Go “Beyond” Conformance Testing?

Given the transformative nature of generative AI and the scalability of digital injection attacks, it is imperative that biometric security be actively managed 24/7. iProov monitors traffic in real-time through our iProov Security Operations Centre (iSOC) to detect attack patterns across multiple geographies, devices, and platforms.

This enables iProov to monitor attackers’ methods, sources, and patterns – and constantly adapt to them. You can read more about this in our 2024 biometric threat landscape report. 

By supplementing software with scientific analysis and human expertise, iProov delivers world-leading liveness technology that not only stops today’s threats but also mitigates those of tomorrow. Learn about our evolving and adaptive approach to security here.

Closing Thoughts

As evidenced through our array of certifications and achievements, iProov’s pursuit of industry-leading standards extends beyond “good enough”. By setting new industry standards, such as being the world’s first biometric vendor to achieve WCAG 2.2 AA conformance and eIDAS Level of Assurance High, iProov raises the bar for biometric security.

As we continue to navigate this dynamic landscape of biometric cybersecurity, iProov remains dedicated to staying ahead of emerging threats and consistently delivering world-leading liveness technology. For those assessing biometric vendors, our certifications and adaptive security measures demonstrate iProov’s capability to meet both existing and evolving needs. 

Back to Resources

How to choose a biometric vendor: top reasons and considerations

Choosing the Right Biometric Vendor: A Comprehensive Guide 

February 29 2024

In today’s digital era, the demand for robust identity verification and security measures has surged. Traditional methods like passwords, One-Time Passcodes (OTPs), and video call verification are failing organizations and users alike.

Biometric facial verification stands out as the most secure and user-friendly way of proving identity online, but there are many different companies to choose from.

To assist you, we’ve crafted a comprehensive guide to ensure you make an informed decision that aligns perfectly with your organization’s needs. Let’s walk through your top considerations when evaluating biometric vendors.

1. Evaluate Security 

The very first step is to determine the levels of security required and identify risks in your own organization. What are the implications of account takeover? For banks, this could mean an account being emptied or large sums of money being stolen.

What damage could be caused to your organization by allowing criminal to set up fraudulent account using a stolen or synthetic identity? If you’re in the financial sector, fraudsters can set up accounts for money-laundering, and you risk being prosecuted by the regulators for failing to follow know-your-customer (KYC) or anti-money laundering (AML) guidelines. If you’re a government agency, fraudsters could steal money allocated for social benefits.

The potential scale of the problem should also be considered, as a mass-scale attack could lead to thousands of successfully compromised accounts in a short period of time.

From there, you can assess the biometric vendor’s defenses. Here’s a list of areas you can ask the vendor about:

  • Spoof detection:
    • Inquire about the vendor’s anti-spoofing capabilities. How do they detect and prevent presentation attacks (e.g., photos, videos, or 3D masks)? Presentation attack detection (PAD) can detect attacks such as masks and paper printouts.
    • Can the solution defend against more sophisticated attacks that the industry currently does not certify defense against – such as digitally injected attacks, deepfakes, and generative AI attacks?
    • Determine how far the vendor’s deployments have been tested by externally-accredited penetration testing agencies or a government’s own Red Team.
  • Evolving security:
    • How do the vendor’s defenses stay ahead of the evolving threat landscape? Ask: how do you defend against zero-day threats? What meta and imagery data are you analyzing as part of your threat detection methods? How do you protect the integrity of your software from cyber attacks such as emulators?
    • A Security Operations Centre (SOC) is vital to detecting and preventing generative AI, deepfakes, face swaps, and metadata manipulation techniques on an ongoing basis.

2. Assess Usability And Inclusivity

Usability and inclusivity determine how the biometric solution will be accepted and embraced by users. Your biometric solution should be usable by the largest section of the population possible. Ensuring inclusivity is not only the right thing to do, but also expands your total addressable market and therefore can maximize revenue. Here are some areas to cover:

  • Inclusivity: Can the vendor demonstrate how they actively mitigate against bias? Do they already support customers in multiple regions and for diverse customer populations? Do they train their algorithms on diverse data sets? Is the solution accessible by digital newbies as well as digital natives? Can it be used on any device – what types, makes, and models do they support
  • Certification: Is the biometric vendor conformant to WCAG 2.2 AA and 508?
  • Usability and convenience: Can users complete the authentication easily? What techniques are implemented to support completion rates and mitigate friction? Can it demonstrate improved performance and high success rates?

3. Address Privacy Concerns

When selecting a vendor, ask the following questions:

  • How and where is the data being processed and stored? What types of security measures are in place to protect the biometric data collected?
  • How is the vendor complying with regulations? Is the organization ISO 27001, SOC 2 Type II certified?
  • How do you handle data retention, deletion, and compliance with data protection regulations, such as GDPR?
  • What is the disaster recovery and business continuity plan in case of system failures or other emergencies?
  • For EU organizations: is your organization compliant and audited to eIDAS Level of Assurance High?

4. Compare System Accuracy And Performance

If an authentication fails, for whatever reason, a user’s frustration will increase. This, in turn, affects your brand image and customer satisfaction as well as cost. Ask: what is the accuracy rate of your facial verification technology, and how do you measure it? What are your average attempts to pass and in-production completion rates? Evaluate the following areas:

  • Number of attempts to pass: When evaluating a product’s performance, ask for the average number of attempts genuine users need to pass authentication. While the goal is for every legitimate user to pass on the first attempt, some failures are inevitable. The extent to which the average number of attempts exceeds one indicates the product’s usability and likely conversion rate. Request this metric from the vendor, along with the sample size and calculation method used. Additionally, gather feedback from existing customers to gain insights into their experiences.
  • False Acceptance Rates (FAR) and False Rejection Rates (FRR): It’s important to establish the vendor’s FRR and FAR to measure this quantitatively. The quality of a vendor’s liveness technology will impact FAR and FRR.
  • Device-based performance: How does the vendor ensure consistent performance (high completion rates) regardless of the device used?

5. Understand Your Scalability Needs

When implementing biometric authentication, many organizations are uncertain about the level of user adoption. Projected demand might differ significantly from actual outcomes. You need to ensure that the solution you choose will scale quickly and cost effectively. If you host the solution yourself, can you provision and afford the servers needed to cover all outcomes? If you opt for a cloud-based provider, evaluate their track record in handling high levels of demand.

6. Compare Costs

The pricing of biometric systems can vary and may include different components. For example, some cloud vendors include hosting costs in their pricing, while others expect the organization to bear these expenses directly. To find the best option for your budget, create several potential usage models and work with the vendor to determine the most suitable model.

Ask: Can you provide information about the cost structure of your facial biometric verification service, including any licensing fees, subscription models, or additional costs?

7. Understand The Vendor’s Level of Human Intervention

Explore how vendors manage human intervention in their processes. Manual intervention has implications for both privacy and accuracy. Manual checks also lack scalability; vendors may struggle to double their workforce if the workload unexpectedly doubles. Additionally, human-operated systems struggle to consistently and accurately identify synthetic media like deepfakes.

Human, hybrid, and automated biometric verification processes can be split into five categories:

Human Intervention 1

 

To reap the benefits of biometric technology, it is advisable to deploy hybrid, automated identity verification processes that leverage human experts for real-time supervision. This approach ensures reliable, consistent results

It must be noted that all remote identity verification methods are vulnerable to synthetic media attacks (such as deepfakes), whether that be human-operated video verification calls, hybrid processes with facial biometric checks and human oversight, or fully automated processes. Read more about the threats to remote identity verification systems here.

8. Evaluate Level of Assurance

Consider:

  • The Level of Assurance (LoA): LoA refers to the certainty you can have that an identity can be trusted to actually be the claimant’s “true” identity. The higher the assurance level, the more secure the identity and the lower the risk of successful attacks such as new account fraud, synthetic identity fraud, and identity takeover. Ask: How does the technology determine real-time authentication, ensuring that is not a replay of a previous authentication? Do they offer different levels of assurance to accommodate different use cases and risk appetite (e.g., low-security access vs. high-security transactions)?
  • The customer’s perception of assurance: To strike the right balance between speed and security, think carefully about the scenarios you’ll be serving. A split-second authentication may not offer the reassurance needed if a user is completing a high-value transaction, but an authentication that takes 30 seconds may cause frustration.

9. Consider The Vendor’s Deployment And Integration

Ask: How is the technology deployed? And, on average, how long does it take to deploy in production? What kind of hardware or software is required to integrate the facial verification solution into your existing infrastructure?

Can your system handle a large number of simultaneous requests in real-time? What is the processing speed and transactions per second (TPS) that it can handle? Will I get a dedicated point of contact? What steps will they take to improve our business outcomes? How can I measure performance? Do you have 24/7, real-time reporting capabilities?

10. Check The Vendor’s Profile And References

  • Does the vendor have a strong presence in the industry? Are they involved in setting standards and working with other organizations to define the future of the industry? Has the vendor won any awards? Choose a vendor that is reputable, is proven, has good references, and can demonstrate strong market adoption.
  • Who are they working with and what testing and audits have they been through? For instance, choosing a vendor with a global customer base might be crucial in providing reassurance on bias and inclusivity.
  • Are they easy to work with? Do they have customer-focused people and processes? What do their other customers and partners say about them?

voice vs iproov 1

 

If you’d like to learn more about how iProov can secure and streamline your organization’s online verification, authentication, and onboarding, book your demo today.

Back to Resources

KYC AML: explaining the importance and difference

Know Your Customer (KYC) and Anti-Money Laundering (AML): Importance and Differences

February 1 2024

At their core, Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations exist to limit or mitigate the impact of money laundering, terrorism funding, corruption, and other forms of financial crime. 

KYC and AML are mandatory for regulated entities deemed at high risk of facilitating financial crime. While Financial institutions (FIs) are typically associated with KYC and AML, the regulations can apply to anything from a casino to an art gallery. Some countries do not yet have AML regulations, and some jurisdictions’ regulations are far more stringent than others — so you should always refer to your country’s specific regulations (such as AML6 in the EU and the Bank Secrecy Act in the US).

While these two terms are often used together, understanding their distinct meanings and importance is crucial for businesses operating in this highly regulated landscape. Essentially, KYC is the process organizations use to verify the identity of customers, and it falls under the wider AML framework.

One major problem for organizations is being able to quickly and accurately verify the identity of a new customer through a remote online channel while providing a positive customer experience. Robust procedures are critical to mitigate risks, comply with regulations, and maintain trust with clients and authorities; the first and most crucial step in KYC/AML efforts is to reliably verify who your customers actually are. 

What is Know Your Customer (KYC)?

KYC is a financial regulatory requirement which is mandated by different regulations depending on the region. In the US, for example, it’s generally known as Customer Identification Program (CIP) and is mandated by the USA Patriot Act.

KYC is a requirement by which regulated entities must obtain personal information about a customer to ensure that their services are not misused and ensure that people applying for financial services are not on sanctions or PEP lists. These KYC procedures take place at account opening and periodically thereafter, or when a customer changes their details. The personal information gathered differs globally based on regulations, the organization’s risk appetite, and the product.

It’s important to be able to verify a person’s asserted identity on an online/remote channel. With biometric technology, you can verify a customer against their asserted identity in a way that delivers the highest level of security while being easy to use and inclusive. iProov uses biometric face verification, because it is the most secure, convenient, and inclusive method of supporting KYC compliance remotely.  

Currently, KYC costs the average bank in Europe $60 million per year. Using a face verification solution such as iProov can help mitigate some of this burden by enhancing efficiency and customer experience during onboarding. 

What is Anti-Money Laundering (AML)?

AML is a framework of laws and policies aiming to prevent and identify financial crime, including everything from terrorist financing to money laundering. For most institutions, AML will start with KYC knowing your customers and will then continue through monitoring financial activity and reporting suspicious behavior. 

Therefore, AML can refer to a large pool of techniques employed to meet stringent requirements and avoid liabilities. 

Global banks were fined $5bn for AML infractions in 2022, a 50% increase on the previous year. Accordingly, banks are investing heavily in compliance, particularly through strengthening onboarding processes.

Biometric face verification can help organizations with specific, critical parts of AML. The areas where iProov can help include…

  • Preventing bad actors from gaining access to your services at the point of enrollment.
  • Verifying that a user is the right person using their asserted identity during onboarding and returning authentication.
  • Protecting against financial crime by verifying that customers are who they say they are.

More on how we help protect leading banks against money laundering can be found here.

What is The Difference Between KYC And AML?

In short, KYC and AML are not to be positioned against one another. This is because AML is an umbrella term for several techniques and regulations, and KYC falls within this. KYC is one of the many mechanisms that can facilitate compliance with the wider AML framework.

KYC refers specifically to identity verification and risk assessment, whereas AML could refer to a much wider range of techniques (such as transaction monitoring, enhanced due diligence, sanctions & PEP screening, and more) to monitor risk during and after KYC checks.

Ultimately, KYC is a part of AML. 

Which Do You Need: KYC or AML? 

KYC and AML regulations vary according to jurisdiction, but in the majority they’re compulsory. For example, KYC and AML compliance has been compulsory for US banks since 2001, when the US Patriot Act was enacted.

Due to the overlap, it would be impossible to comply with AML requirements without first having proper KYC controls in place. 

Ultimately, money laundering is on the rise, and financial institutions have a  lot of work to do to keep up. That’s why solutions such as iProov, which can securely verify the identity of a remote customer in jurisdictions that allow remote automated onboarding, have become essential.

Consequences of Poor AML & KYC Compliance

  • Facilitating criminal and terrorist activities unknowingly
  • Significant regulatory fines and legal penalties
  • Loss of consumer confidence and reputational damage
  • Exposure to greater financial and operational risks

Why Is Customer Due Diligence Important?

KYC is a fundamental part of the anti-money laundering framework, and Customer Due Diligence (CDD) is a subset of KYC processes.

Having proper KYC controls in place will then allow you to conduct the appropriate due diligence on a customer or account according to their risk level.

iProov does not provide customer due diligence checks. We provide trusted identity verification during onboarding and ongoing authentication using face biometrics. However, identity verification is part of CDD. Once verified, FIs can then determine which accounts require further due diligence. 

Ensuring Robust KYC/AML Compliance with Biometrics: How Does iProov Support You?

Traditional KYC/AML processes often rely on manual document verification and knowledge-based authentication, which can be time-consuming, prone to error, and vulnerable to fraud. Biometric identity verification solutions provide a secure and efficient alternative.

With a brief facial scan, iProov’s highly secure face verification can assure the genuine presence of a remote user and support compliance with KYC and AML regulations effortlessly.

Trusted remote identity verification depends on linking the physical person asserting their identity to an identity document. The only way to do that is with biometrics. Government-issued photo ID enables an individual to assert their identity online and iProov enables an organization to verify that the physical face of the person asserting that identity is indeed the genuine holder of that ID document. iProov’s science-based liveness ensure that the applying ‘face’ are authentic and not spoofed. 

Our market-leading biometric verification is deployed across the world in conjunction with document verification to create an end-to-end KYC solution, which can then support further AML compliance.

This has a number of key benefits:

  • Improve the accuracy and efficiency of onboarding new customers remotely: iProov research in 2020 showed that while half of the top 20 US banks enabled a new customer to open an account in 30 minutes or less, almost half took 2 days or longer. iProov technology solves this problem by removing the need for in-person checks or manual verification, which  increases accuracy and reduces costs. It also speeds up the process, enabling customers to quickly get access to their new accounts, while maintaining high levels of security. 
  • Mitigate the risk of fraud and financial crime: iProov enables you to ensure that new customers are who they say they are with a high level of assurance.
  • Reduce the risk of compliance penalties and reputational damage from negative publicity: iProov enables FIs to meet regulatory guidelines while reassuring customers and protecting the organization’s reputation.

This ultimately reduces the costs and time taken for KYC and identity verification, removing much of the burden associated with the KYC/AML ecosystem. 

Why Do You Need To Assure Liveness In KYC & AML?

Liveness refers to technologies that verify a face presented to a device is a live human being. But not all liveness solutions are equal. iProov’s Biometric Solutions Suite one of the most accredited, thoroughly tested, and robust in the world

Our solution uses an effortless, passive face scan to assure that an individual…

  • Is the right person, using face matching by matching the identity to a trusted photo identity document.
  • Is a real, live person, and not a presentation attack (a physical or digital artifact presented to the device sensor, like a photo or mask).
  • Is authenticating right now, and not a digitally injected attack using a deepfake or other synthetic media (ensured by a one-time biometric delivered by Flashmark).

Liveness for KYC and AML infographic - explaining Genuine Presence

The highest level of assurance is recommended for KYC/AML because initial user onboarding is a high-risk action – you don’t know anything about the user or their risk until you have onboarded, so it’s important to start off securely as trust established at onboarding will carry through the customer lifecycle. Our solution assures users are authenticating in real-time and our industry-first iSOC active threat management system enables response to new and emerging threats.  

KYC and AML: Summary

  • KYC is the requirement for financial organizations to obtain personal information about their customers to ensure that services are not misused. 
  • KYC is part of the larger AML framework, which refers to a set of regulations and techniques aiming to minimize money laundering.
  • Financial institutions are spending billions of dollars annually to combat financial crime. These organizations face significant regulatory and reputational risks if they do not comply with KYC and AML.
  • iProov supports KYC and AML compliance through two methods: customer verification during remote onboarding and ongoing authentication of returning customers. This means that you can be confident that your customers are who they say they are. 
  • Using iProov to assist with KYC and AML can cut costs, enhance and streamline regulatory compliance, reduce onboarding times and minimize frustrations, and delight customers.
  • Remember that these points are dependent on country and jurisdiction. Be sure to check your jurisdiction’s directive for more specific information. 

Understand that KYC and AML regulations are no empty threat: in 2020, a staggering $10.6 billion in fines were imposed globally for non-compliance with AML and KYC regulations, rising 27% from the year before. Organizations are under increasing scrutiny and iProov can help. 

Biometric verification can streamline KYC/AML processes while minimizing risks and ensuring regulatory compliance. Request a demo of our solution here.

Back to Resources

Deepfakes threaten all remote identity verification, not biometric verification

How Deepfakes Threaten Remote Identity Verification Systems

January 11 2024

Remote identity verification is one of the most pressing challenges of our increasingly digital era. Confirming a person’s identity without seeing them physically, in person, is a need that continues to grow in both importance and difficulty.

Among the most insidious threats to remote identity verification is the use of Generative AI created deepfakes. Deepfakes aren’t intrinsically harmful but can pose significant security threats. As it’s now impossible to reliably distinguish between synthetic imagery and real imagery with the human eye, AI-powered biometrics have emerged as the most robust defense against deepfakes – and, therefore, the only reliable method of remote identity verification. In fact, combating them requires continuous research and mission-critical solutions with evolving security. People value the convenience of facial biometric verification, too – 72% of consumers worldwide prefer face verification for online security.

However, as biometric technology advances, malicious actors seek out new and more sophisticated methods to compromise these systems. It’s important to remember, though, that deepfakes are not a threat to biometric security they’re a threat to any method of verifying a human’s identity remotely.

The Deepfake Threat: A Look Inside The Rise of Deepfake Technology

In the beginning, deepfakes were just harmless fun, with people creating videos and pictures for entertainment purposes. However, when combined with malicious intent and cyber attack tools, they quickly transform into sinister threats. Deepfakes have quickly become a very powerful way of launching cybersecurity attacks, spreading fake news, and swaying public opinion. You’ve probably already come across a deepfake without even realizing it.

Deepfake technology involves the use of tools such as Computer-generated imagery (CGI) and artificial intelligence to alter the appearance and behavior of someone. Machine learning algorithms work to generate highly realistic synthetic content to imitate human behaviors, including facial expressions and speech. When used maliciously, this technology can be employed to create counterfeit identities, imitate people, and gain access to secure locations, for example.

Due to the sophistication of the technology, deepfake content often appears highly realistic to trained humans and even some identity verification solutions – making it difficult to discern from genuine from synthetic. The rapidly evolving pace of AI means deepfakes are continually evolving, too – they’re not a static threat.

Deepfake Detection: Evidence Establishes that Humans Cannot Reliably Spot Deepfakes

We’ve compiled a list of studies that highlight how humans are simply not a reliable indicator for spotting deepfakes:

  • A 2021 study titled “Deepfake detection by human crowds, machines, and machine-informed crowds” found that people alone are much worse than detection algorithms. Detection algorithms even outperformed forensic examiners, who are far more skilled at the task than the average person. The study also found no evidence that education/training improves performance.
  • Another 2021 study called “Fooled twice: People cannot detect deepfakes but think they can” found that people are less capable of identifying deepfakes than they think; that people are not reliable at detecting manipulated video content; that training and incentives don’t increase ability; that people have a bias towards a False Rejection Rate; and finally that people are particularly susceptible to being influenced by deepfake content.
  • In 2022, a group of security researchers found that person-to-person video call verification could be easily overcome with OS software and watercolor (i.e. digital art manipulation). This shows that human operator video identification systems are easily overcome with basic everyday approaches and very little skill – sometimes not even deepfakes are needed to fool humans.

See if you can spot a deepfake in our interactive quiz!

How Deepfakes Threaten All Online Identity Verification

To reliably verify identity remotely, you’re going to have to see the person and their identity document. Video call verification – sometimes known as video identification – refers to the process of talking to a live person over video calling software in order to prove who you are. But it is an undesirable option – not least because it’s inconvenient, labor and cost intensive, and cannot be automated (so is harder to scale).

Deepfakes can be injected in a live video stream anyway, so they’re an even more critical threat to video verification. As we’ve established, humans are less reliable at detecting deepfakes than biometrics. This is why we caution organizations to remember that deepfakes and other forms of Generative AI are not a “biometric problem”; they’re a remote identity verification problem.

Remote identity verification is critical for the majority of organizations that conduct business online. It’s non-negotiable in many instances. Against the threat of deepfakes, organizations must utilize AI for the good of cybersecurity (i.e. AI-powered biometrics).

Can’t I Verify Users With Another Biometric Method, To Avoid Deepfakes Altogether?

You might next wonder: “why aren’t other biometric methods a suitable alternative for identity verification? Can’t you just use iris or voice authentication, so you don’t need to deal with deepfakes at all?”

Biometric face verification specifically has emerged as the only reliable method of remote identity verification because:

  1. Other biometric methods cannot verify identity. They can only authenticate it. This is because your voice, iris, and so on are not generally on any of your identity documents (unlike your face). So you have nothing trusted to verify the biometric data against – no source of truth. It’s possible in rare cases – maybe an organization has access to an official fingerprint data, for example. But it’s not scalable like face verification is. The same goes for traditional methods, such as passwords and OTPs, which have entirely failed to keep users secure online. You can’t be 100% certain of someone’s identity just because they know something (a password) or own something (a phone with a code on).
  2. AI-driven cloning is a threat to all biometric methods. A voice, for example, is considered the easiest biometric to clone. You can read more about the threat of voice cloning in this article and the disadvantages of voice biometrics here.

Safeguarding Against Deepfake Attacks

When we talk about the threat of deepfakes, it’s to stress how critical a robust facial verification solution is to defend against them, and to educate organizations on the consequential differences between the solutions available.

As the 2023 Gartner Market Guide articulates, “Security and risk management leaders must make deepfake detection a key requirement, and should be suspicious of any vendor that is not proactively discussing its capabilities”.

To mitigate the risks associated with deepfake attacks on biometric systems, several measures can be implemented:

  • Multi-Modal Biometrics: Combining multiple biometric methods, such as facial verification and fingerprint scanning, can enhance security by making it harder for attackers to fake multiple modalities simultaneously.
  • Liveness Detection: Implementing science-based liveness detection checks can help differentiate between real biometric data and synthetic representations, such as deepfakes which lack vital signs of life. Learn more about liveness technology here.
  • Continuous Monitoring: Biometric systems should incorporate continuous monitoring and anomaly detection to identify unusual patterns or behaviors that may indicate a deepfake attack. Organizations must embrace advanced techniques that can adapt to the rapidly accelerating landscape of cyber threats (not ones that rely on static defenses – the solution is an evolving service rather than a software).

Technical biometric solutions like science-based liveness detection and active threat intelligence will take center stage in identifying synthetic media. However, human research and critical thinking skills are still essential when it comes to identifying potential threats. The ultimate solution lies in combining the strengths of both humans and automation to create a foolproof solution – as iProov does, utilizing our mission critical biometric verification with our iSOC capabilities.

The question of “how can we be sure of someone’s identity online?” is an extremely important and serious topic, and it’s not going away.

Learn more about how iProov specifically defends against deepfakes in this blog post and read our report, Deepfakes: The New Frontier of Online Crime.

Back to Resources

Wealth Management biometrics face verification technology

How Facial Biometric Technology Secures the Wealth Management Industry

January 10 2024

In the high-stakes world of wealth management, fortunes hang in the balance. Projected to reach a staggering $500 billion market by 2030, this highly regulated industry faces intensifying threats from sophisticated fraud attacks. Traditional authentication methods like passwords and one-time passwords (OTPs) – coupled with outdated, manual onboarding processes – wealth management firms and their high-net-worth individual (HNWI) clients vulnerable. Additionally, incumbent firms must fend off mounting competition from digital-first disruptors.

The importance of verifying the genuine presence of an online client without inconveniencing them has never been higher. Biometric face verification enables wealth management organizations to prove an individual’s identity when they access services remotely, without inconveniencing the user in any way. The right solution should be secure, convenient, and easy to use.

This article explores how advanced biometric face verification technology can enhance security, build trust, and streamline onboarding nd authentication processes in the wealth management sector.

How Is Fraud Fraud Affecting Private Banks and Wealth Management Companies?

Account Takeover Fraud (ATO) stands as the preeminent threat facing wealth managers today, with incidents skyrocketing 500% year-over-year from 2019 to 2022. The consequences of such attacks can be catastrophic – in 2021 alone, for example, firms reported fraud losses up to $20 million each.

Successfully compromised accounts can erode trust between a firm and its HNWI clients, who may contribute up to 80% of a bank’s net income. In these scenarios, customer attrition becomes a very real risk, compromising future revenue streams and market share.

Moreover, outdated fraud response infrastructures that reactively investigate incidents after the fact create significant operational overhead. This inefficient approach consumes valuable time and resources that could be better allocated toward preventative measures and core business priorities.

Why Traditional Security Methods Fall Short

For such a high-risk sector, single-factor authentication simply isn’t secure. It’s easy for a savvy fraudster to bypass it. Passwords are weak and only fit for purpose as part of a wider multi-factor authentication (MFA) strategy, and social engineering attacks are rife. Plus, technology has made brute force attacks easier than ever. AI-driven voice cloning has also emerged as an issue.

In addition, there is a unique complexity to financial affairs in this industry, which increases opportunities for fraud. Private banks and wealth management companies can carry out a wide range of financial services for HNWIs and their families, including retail banking, investment management, tax affairs, estate planning, and legal matters. Establishing trust in this context is complex but essential. 

Criminals target wealth management firms’ clients because:

  • HNWIs are often a good target, offering high returns for successful scams. They do not have a standard profile for spending; patterns can cross different time zones and locations. This can mean fraudulent transactions fly under the radar.
  • It can be easier to impersonate someone in the public eye, as everything is known about them – it can be easy to find their mother’s maiden name or pet’s name, for example.
  • Clients often don’t like (and are resistant to) the inconvenience of multi-level authentication, where they are asked to confirm different knowledge-based or possession-based information.
  • Clients frequently have others managing their money for them such as money managers, PAs, housekeepers, and other staff. Traditional retail banking based fraud solutions can’t protect this structure.

How To Enhance Identity Assurance with Face Verification

iProov works with wealth management firms to verify and onboard new clients with the highest level of assurance. We have undergone extensive efforts to make its Biometric Solutions Suite one of the most accredited, thoroughly tested, and robust in the world. Amidst the evolving threat landscape that that threat management firms face, iProov’s science-based biometric solutions provide a robust defensive layer to secure wealth management operations throughout the customer lifecycle.

How does it work?

For onboarding, you complete a brief facial scan followed by a document scan. This matches a unique biometric characteristic against a trusted identity document (such as a driver’s license or passport) in order to establish genuine identity. Only the face can be matched in this way, because it’s generally the only characteristic on official documents. Critically, robust liveness technology works to ensure an online user is a real person in that moment, detecting if the face being presented to the camera is a live human being or not.

Once onboarded, high-net-worth individuals can sign in and authorize payments or other transactions with just a brief, effortless facial scan. This multi-pronged defense minimizes the risk of account takeovers, fraud, and other threats by permitting access and transaction approval only to those whose identities have been robustly verified and authenticated. HNWIs can use any device with a user-facing camera to authenticate; there are no complicated instructions or steps to follow. It’s simple, yet delivers the highest levels of security.

iProov further streamlines the process by enabling users to effortlessly recover their identity or rebind if a device is lost, stolen or replaced, without the hassle of re-verifying manually through insecure physical document checks.

In the high-stakes wealth management realm, only the most mission-critical liveness solution can assure with the highest confidence that the remote user is the the right person, a real person, and that they’re authenticating right now.  Not all facial liveness technologies provide equal levels of defense against emerging threats, so choosing the right vendor is crucial.

The Advantages of Face Biometrics for Wealth Management Firms

1. Building and maintaining customer trust

Wealth managers typically have strong personal relationships with their customers, and in-person visits are common. However, today’s HNWIs increasingly favor digital channels, with 71% preferring omnichannel experiences and 25% desiring fully remote (with remote human help if needed).

iProov’s technology enables wealth management firms to demonstrate to their clients that they are using the gold standard in online security and user experience. This builds initial trust and retains it through secure, effortless authentication that does not inconvenience the client.

2. Adding value to customer service

Private banks and wealth managers often use ‘callbacks’ to maintain security and to demonstrate a responsive and personal service to their clients. This means that transactions are validated via a callback either from a call center team or by the relationship manager. This is a common point of friction between wealth management firms and their customers: “I’m busy/in a meeting/I can’t talk now so just go ahead etc…”. It’s also a weak link in the security chain: a fraudster could manipulate this process if they’ve intercepted a user’s mobile. 

iProov helps add value to the customer service process by:

  • Accelerating onboarding, reducing the time and cost involved in onboarding new customers by automating identity verification and digitizing security processes – which accelerates time-to-revenue while boosting productivity and customer satisfaction, reducing abandonment.
  • Reducing the reliance on inconvenient (and costly) callbacks.
  • Eliminating the need for further digital authentication tools.
  • Reducing staff and client time spent combating fraud through checks and manual interventions.

3. Delivering effortless user experience and accessibility for all clients 

Each HNWI will expect a level of service that meets their individual needs. Some HNWIs will be technically advanced and want to engage with their wealth managers on multiple devices smartphones, tablets, and laptops. Others may not even own a smartphone. 

iProov offers a consistent, effortless user experience across all devices which…

  • Is accessible on any device with a user-facing camera, including mobile devices, desktop computers, and tablets. 
  • Is effortless to use. Age and ability should not be barriers to accessing services.
  • Uses carefully selected training data to ensure diversity and check for bias in our system.
  • Meets WCAG 2.2 AA and Section 508 standards.

4. Protecting against fraud

 iProov’s high-assurance biometric solutions defend against leading fraud types such as:

  • Account takeover fraud: where an imposter or fraudster gathers credentials and personal information about a target, in order to gain direct access to a client’s accounts online so they can steal money.
  • Credential stuffing attacks: achieved by taking collections of login credentials from data breaches on other less protected sites and using them to access wealth management accounts.
  • Impersonation fraud: where an imposter or fraudster pretends to be a client and approves transactions.

Criminals use a variety of tactics to steal money and cause disruption. These include malware, digitally injected attacks and the use of deepfakes. iProov is unique in being able to detect and mitigate against the use of synthetic imagery, such as deepfakes or face swaps, in attacks. 

5. Avoiding reputational risk

Wealth management firms depend on their reputations. In wealth management, a single security lapse can irreparably tarnish a firm’s reputation, jeopardizing existing and future client relationships. iProov’s future-proof capabilities minimizes your risk: we delivers industry-first active threat monitoring, which evolves defenses continually to counter zero-day attacks and emerging threats in real-time.

By delivering the ultimate in security and convenience through face biometrics, wealth managers can build powerful client trust, amplify brand reputation, accelerate revenue growth, and provide truly inclusive digital experiences for all customers.  iProov is trusted by the world’s most security-conscious organizations – such as the Department of Homeland Security, UBS, and the UK Home Office – and other banks such as Knab and Rabobank for a reason. Book a demo here.

Back to Resources

OTP Authentication: what is it? What are the risks? What is the biometric solution?

One-Time Passcode (OTP) Authentication: What Are the Risks?

January 8 2024

Mela Abesamis had always considered herself careful when it came to cybersecurity. She was well aware of phishing attacks and other common fraud tactics, and how to spot them. She was also used to receiving One-Time Passcodes (OTPs) from her bank, sent by SMS to her mobile device to authenticate her identity.

But then in December 2020, Mela received a message from her bank, saying that 50,025 Philippine pesos (around $950) had been moved from her account to a Mark Nagoyo. This was the first and only indication she received that money had been transferred. She had never heard of Mark Nagoyo, she certainly hadn’t made the payment, and she had not received a one-time passcode during the transaction.

She wasn’t alone. Over 700 account holders were affected by the fraud. In Filipino, the word “nagoyo” means to make a fool out of someone.

Four individuals were eventually indicted for the scam. The fraudsters had used a combination of social engineering and phishing techniques to harvest the bank log-in details and cellphone numbers of hundreds of citizens. With these, they could intercept SMS OTPs and drain people’s bank accounts.

The bank repaid the affected amounts, but this didn’t fully offset the traumatic experience for the victims.

OTP Authentication: What’s The Issue?

This is just one example of how compromising OTP authentication is becoming less and less of a challenge for increasingly sophisticated hackers. It would seem that OTP authentication is no longer fit for purpose as a security method. Yet, they remain a common verification process for organizations across the globe.

This article looks at the security risks that come with OTP authentication. It discusses how hackers are able to compromise the process, and proposes safer and more accessible alternatives for identity verification.

What Is OTP Authentication?

If you’ve ever used online banking, chances are you’ve completed an OTP authentication.

An OTP (One-Time Passcode) is a computer-generated code delivered via email, Short Message Service (SMS), or hardware token. The code serves as a form of authentication or verification that you are who you say you are because you’re in possession of your device.

You then enter the code from your SMS into the online field in order to gain access to a given website or app. The code will expire in a limited time. 

OTP authentication is often used as a method of multi-factor authentication (MFA) and meets the what you have factor of assurance. 

Multi-factor authentication requires two or more of the following elements:

  • Knowledge: something only the user knows – eg, a password or PIN
  • Possession: something only the user possesses – eg, a mobile handset or token
  • Inherence: something the user is – eg, a biometric

The two factors also need to be independent of each other. The objective is to make it more difficult for an authorized person to access an account through layered security.

In the case of OTPs, the ‘what you have’ is your mobile device.

The Main Types Of OTP Authentication:

  • SMS OTP authentication: A one-time passcode is sent to your mobile device via text message.
  • TOTP (Time-Based One-Time Passcode): You are instructed to open an authenticator app where you’ll find a passcode. You are given 30-60 seconds to enter the passcode into the website, app, or portal you are trying to access before it expires.
  • Hardware tokens: A physical device (not a cellphone) displays a one-time passcode that enables you to access a website, app or portal.

What Are The Security Risks Of OTP Authentication?

The fundamental issue with OTP authentication is that it only meets the what you have factor of authentication (otherwise known as the possession factor). What you have – be it your cellphone or hardware token – can be lost, stolen, or compromised. 

SMS OTP authentication security risks

As shown in the case in the Philippines, hackers don’t need to steal your cellphone to compromise SMS OTP authentication. In fact, they don’t have to be anywhere near you.

Text messages aren’t encrypted, and they’re tied to your phone number rather than a specific device. Below are two types of common attacks that enable hackers to intercept SMS OTP authentication:

  • SIM swaps. The fraudster harvests personal details from the victim, either via phishing or social engineering. They use these details to convince the phone provider to switch the number to their device. The SMS OTP is then sent to the attacker, allowing them to verify and complete the activity.
  • The SS7 flaw. SS7 (Signaling System No. 7) is a protocol that facilitates all mobile phone activity, including SMS messages. The trouble is that it includes a design flaw that means hackers can intercept calls and SMS messages. 

When a mobile network provider’s SS7 protocol is successfully compromised, attackers have access to a wealth of users’ personal data. Crucially, they can intercept SMS messages and phone calls.

Not only does this allow attackers to authenticate fraudulent activity using OTPs, but it allows them to do it at scale. 

In Germany in 2017, fraudsters compromised the 02 Telefonica SS7 protocol and intercepted SMS OTPs. It led to an undisclosed number of bank account holders having funds removed from their accounts.

TOTP Authentication Security Risks

TOTP and app-based authentication offer more security than their SMS counterpart. The fact that the OTP is constantly changing and is not linked to your phone number makes it harder for attackers to compromise.

That said, TOTP authentication isn’t entirely without its flaws. For example:

  • Device vulnerability. TOTP authentication still only meets the what you have factor of authentication. No matter how encrypted the OTP, the reality is that your device can be at risk. Mobile devices can be lost or stolen.

This brings into question whether OTP authentication can actually be classified as MFA. If an attacker steals your cell phone, carries out an activity (such as making an online payment), and then uses your TOTP authenticator app to authorize it – can we really say they used multiple factors? After all, it all happened on the same device.

On the other hand, iProov face authentication is out of band – a type of authentication method that utilizes a separate communication channel, or ‘band’. iProov technology assumes that the device has been compromised and so the authentication is processed securely and privately in the cloud. An iProov authentication is therefore independent of the device being used. Even if a bad actor had full access to another’s device, the authentication process remains secure.

Does OTP Authentication Offer An Outdated User Experience?

The global pandemic forced many people to carry out their daily activities remotely. This led to surging demand for quick, effortless, and inclusive user experiences.

However, the experience that OTP authentication provides comes with its shortfalls. We’ll discuss them here.

Active process 

An active process in this sense means that the user has to do something for the activity to work. Regarding OTP authentication, it means retrieving your phone or hard token.

This can be irritating. You may not have your device with you at all times. Therefore, you’re required to fetch it to complete the activity, adding friction to the user experience.

This is especially the case for TOTP. The time-sensitive nature of this verification process can result in the one-time passcode expiring before you’re able to use it. Oftentimes, users become so exasperated by the procedure that they abandon the whole activity.

Reliance on phone signal

OTP authentication relies on the assumption that you have a phone signal or access to the internet. If not, it doesn’t work. With SMS OTP, not having a strong signal can delay the passcode, meaning that you have to wait to complete the activity.

Let’s say you’re trying to buy airline tickets urgently, or you have a family member who’s genuinely in a predicament and needs money. You begin the transaction online, and the SMS OTP is sent to you, but you have no phone signal.

You don’t receive the OTP and have no other way of making the purchase or transferring the funds to help your family member.

A lack of inclusivity

Lastly, OTP authentication wrongly assumes that everybody has access to a mobile device. Not everybody does. The global pandemic forced everybody – cell phone owners or not – to carry out access services remotely.

Why Is Biometric Verification A Better Alternative To OTP Authentication?

Whereas OTP authentication meets the what you have factor of authentication, biometric verification employs what you are verification. That means it uses your inherent characteristics, such as your face, to verify your identity.

While a one-time passcode can be lost or stolen, nobody can steal your face. As such, biometric authentication can offer a more secure method for organizations to verify users against a government-issued ID (which generally use photos of the face) to validate them during onboarding and enrollment.

How Does Liveness Weigh Up Against OTP Authentication?

As stated previously, your inherent characteristics, like your face, can’t be stolen. But they can be copied. Attackers can present a mask, picture, or recording of the victim to the camera to spoof the authentication process.

This is where liveness comes in. Liveness detection uses biometric technology to verify that an online user is a real live person. OTP authentication cannot deliver such levels of assurance. Mark Nagayo was not a real person, but the scammers were able to verify hundreds of transactions using stolen credentials.

How is Biometric Face Verification Different From OTP Authentication?

Liveness detection uses facial verification to assure that it’s the right person and a real person – two layers of security that OTP authentication cannot achieve.

However, liveness detection can’t verify whether a person is verifying right now. iProov’s science based biometric solutions, on the other hand, can. It does this with iProov’s Flashmark™ technology, which illuminates the remote user’s face with a unique, randomized sequence of colors that cannot be replayed or manipulated synthetically, preventing spoofing. 

Unlike SMS OTP authentication – which uses compromisable phone networks to deliver passcodes – iProov is a cloud-based technology, meaning its defenses are hidden from attackers, making it much harder for attackers to intercept vital data.

As discussed, OTP authentication falls short of providing an effortless user experience, largely because it forces users into an active process. GPA, meanwhile, is entirely passive. Using any device with a front-facing camera (a cell phone, a laptop, a kiosk), users simply need to look at the camera and the authentication will be done for them. The authentication works irrespective of cognitive ability because there are no complex instructions to read, understand or execute.

If you’re looking to make your online customer onboarding or authentication more secure and effortless and want to benefit from biometric authentication, request a demo here.

Back to Resources

Authentication statistics - FIDO study on passwords and biometrics

FIDO Reveals New Authentication Statistics | The Era of Biometric Face Verification

January 5 2024

Fast Identity Online (FIDO) aims to reduce the world’s over-reliance on passwords and address the lack of interoperability among strong authentication technologies.

Recently, FIDO Alliance conducted two comprehensive market research studies analyzing authentication methods – largely focusing on the inefficacy of passwords.

The purpose of this article is to review the key findings from these reports, understand their implications, and finally to consider how biometric face verification addresses the problems surrounding authentication today.

Online Authentication in 2023: An Overview

FIDO surveyed 10,000 consumers across various countries including Australia, China, France, Germany, India, Japan, Singapore, South Korea, U.K., and the U.S. in their “FIDO Barometer Report”.

So, what were the takeaways?

Key Finding #1: Although Proven To Be Insecure And Cumbersome, Passwords Are Still Dominant Across Use Cases

It’s startling to know that passwords are still so dominant when they are commonly accepted to be among the weakest forms of authentication. They are easily undermined by phishing, malware, and brute-force attacks (the latter is streamlined by people continuing to use weak passwords). Additionally, our passwords are often available online following data breaches, which can be quickly exploited across the web using credential stuffing attacks.

Today, most data breaches owe to the use of passwords. Verizon found in 2023 that the human element contributes to 74% of breaches, whether it’s through error, misuse of privileged credentials, or social engineering. Removing credentials from the process minimizes this risk.

You can’t just make passwords stronger and more complex indefinitely – that isn’t a scalable option. People can’t be expected to remember increasingly complex passwords for all of their online accounts and change their passwords over and over. It’s tiresome and outdated.

iProov found that 37% of global consumers have forgotten a password in the last 24 hours. These issues compound and intensify each other, creating an industry of administrative burden for organizations. Forrester Research identified that several large US-based organizations in different verticals allocate over $1 million annually just for password-related support costs.

Ultimately, passwords are no longer a suitable form of authentication. FIDO’s next finding considered the alternative:

Key Finding #2: Biometrics Is Considered the “Most Secure” And Preferred Method for Consumers Login

This comes as little surprise – factors such as convenience, data protection, privacy, and identity theft are massive challenges for organizations today. Passwords can do little to safeguard against these concerns, but the right biometric solution can.

Previous iProov surveys similarly found that 72% of consumers worldwide prefer face verification specifically for secure online services, and 64% said they either already use face authentication for accessing their mobile banking app or would do so if it was available.

While passwords are the ‘bare minimum’ for low risk online security, weak security is no longer adequate for most organizations. Today, it’s essential to bind digital identities to real-world government IDs rather than just something a user knows or owns – which only face biometrics can do reliably and at scale. The right biometric face verification solution is very difficult to undermine, as your genuine face cannot be stolen, phished, lost, or forgotten.

Read more about the security of biometric face verification and how biometric systems can deliver ongoing and evolving security here.

Key Finding #3: Online Scams Are Becoming More Frequent and More Sophisticated (Likely Fuelled by AI)

Over half (54%) of FIDO’s respondents have seen an increase in suspicious messages and scams, and 52% believe these scams have become more sophisticated of late.

We know that AI is intensifying the threat landscape. AI-fuelled phishing attacks are on the rise, as fraudsters can use tools like ChatGPT to bolster the fraud/social engineering process, enabling them to converse convincingly and in real-time with their target.

This makes it harder to differentiate between a genuine communication from your banking institution, for instance, versus one where you can easily spot glaring issues. This is, in part, because now AI can provide fraudsters with a perfect template to assist social engineering and phishing attempts.

Key Finding #4: The Financial Impact of Legacy Sign-in Methods Is Growing

Increasing numbers of people are abandoning their carts online. FIDO found that this is 15% more common than last year, with nearly four purchases abandoned each month per person.

This is largely because passwords increase user friction. This leads to customer frustration and increased abandonment rates. Frustration makes customers less likely to complete the authentication process, which damages businesses’ bottom line – an iProov survey similarly found that 15% of global consumers are abandoning purchases at least once a week because of passwords.

Passwords Must Make Way For Passwordless Authentication

FIDO second report – The 2023 Workforce Authentication Report: Embracing the Passwordless Future – focusses on passwordless authentication.

Let’s break down a few of the key report findings:

  • “92% of businesses already have, or plan to move to, passwordless technology”, although 55% of IT leaders feel they need more education on how passwordless technology works.
  • Like the Barometer report, it found that a majority of businesses are still using easily compromisable authentication methods: “76% use passwords for authenticating users within their organisation”.
  • 50% of IT leaders believe that passwordless authentication will reduce the need for non-passwordless MFA offerings.
  • 56% believe it will also result in a reduction in IT help desk requests.

The takeaway is that businesses now accept that passwords — despite their lingering dominance – are ineffective, and the vast majority have a plan to move away from them.

Together the two reports establish that passwords are truly ineffective, and we’ve learned that the problem is being exacerbated by AI. We know that users prefer biometrics, and IT leaders believe that the future is passwordless.

We are seeing a decisive shift across society. But as tech giants and other organizations across the globe continue towards passwordless authentication, they need to ensure that they’re choosing the right solution…

The Solution: Biometric Face verification

Biometric face verification has emerged as the most secure and convenient method for organizations to verify and authenticate user identity online – it is able to deliver multiple levels of assurance including mission-critical security without compromising individual convenience.

Facial biometrics brings identity back to its core: what a user is. It’s inherent to an individual and cannot be lost, forgotten, or compromised, unlike knowledge or possession factors. Since people always have their faces with them, they can verify or authenticate from anywhere.

By replacing passwords with a more secure, passwordless face verification solution, organizations can help protect users from phishing and other attacks that often result in account takeover fraud.

Static defenses and credentials don’t work anymore.The solution must take an evolving and adaptive approach to security. Ultimately, organizations must carefully consider the authentication strategy that they choose to replace passwords. iProov face biometrics balances additional security with maximum usability, simplicity and convenience in order to minimize friction and customer frustration.

Opt-in facial biometrics is the future. There are a variety of passwordless options available, but organizations must be very careful in selecting one that can deliver the security, convenience, and inclusivity required.

iProov technology enables passwordless authentication through face biometrics. But it does not require any specialist hardware, and can be used with consistent success by anyone regardless of their skin tone, socio-economic class, cognitive ability or other accessibility needs. Enabling organizations to implement a passwordless strategy without discriminating against users. Our face verification solution is trusted by the world’s most security conscious organizations such as UBS, The Department of Homeland Security, and The UK Home Office.

If you’d like to learn more about how iProov can be used to replace passwords and enhance authentication security at your organization with biometrics, book your demo today.

Back to Resources

ITRC Working Group Report on Biometric Identity Verification

The Growing Importance of Biometric Identity Verification in Fighting Identity Theft and Fraud | ITRC Report

December 31 2023

The Identity Theft Resource Centre (ITRC), a victim-centric non-profit organization, recently released its Biometric Working Group Discussion Paper written by recognized policy, academic, technical, and business experts.

Following the public sector fraud crisis during COVID-19, the ITRC received a surge of complaints, as the world experienced unprecedented levels of identity-based fraud. After diligently researching and analyzing the problem, the group concluded that “biometrics represent the best chance for protecting the identities of individuals as well as improving the integrity of public and private sector process”. In other words, the question is not whether biometric technology should be adopted, but how?

Recognizing that traditional credential-based security methods are failing, organizations have begun to see that biometric-based identity verification is the antidote to cybercrime and fraud.

But not all biometric solutions are the same. The report provides recommendations around what key capabilities a “good” biometric solution should include. In this article, we will provide an overview of what constitutes a robust, secure biometric solution.

The Ever-Increasing Threat of Identity Fraud

Identity fraud is a colossal issue, particularly in America. According to Javelin Strategy & Research, Identity fraud cost $52 billion in loss in the US across 2021. iProov data found that a staggering 29% of Americans have been a victim of identity theft, compared with just 15% of Brits and 13% of Australians. With a new victim every 22 seconds, the scale of the problem is immense.

It is important to note that the ITRC is unsponsored and not a biometric-focussed organization; it operates the largest repository of U.S. data breach information since 2005. Their position is that “data alone can no longer be trusted as the sole source of truth about a person’s identity in most processes”.

The ITRC concludes that biometric-enabled identity verification is now the only reliable method of verifying identity remotely, and therefore better protects customers.

Face Verification is NOT Face Recognition

The report also critically examines how the adoption of facial biometrics has been hampered by its confusion with facial recognition. There are key differences:

  • Facial verification is consent-based, unlike facial recognition. Face verification can be privacy-preserving. Face recognition cannot, as the person does not consent to the process.
  • Face verification is one-to-one verification that’s beneficial for the user. Face recognition is one-to-many. Its main purpose is to aid law enforcement, but it’s not consensual – it’s trying to find a user in a large database.
  • The role of facial verification is asserting identity, using their face to prove that they are indeed that user. It aims to reduce identity fraud, increase accuracy, and provide an inclusive and secure identity verification solution that protects individuals from the growing threats of identity-related crimes.

Ultimately, the distinction between face verification and face recognition is crucial for the adoption and implementation of facial verification technologies. iProov has been underscoring the importance of this distinction for years. You can learn more in this article.

Face Verification vs Face Recognition. Online face verification with biometrics

What Makes Biometric Face Verification the Gold Standard For Remote Identity Verification?

By utilizing facial biometrics as part of a comprehensive identity verification process, the authenticity of an applicant can be ensured in a low-risk and equitable manner. This approach reduces the value of compromised Personally Identifiable Information (PII) to bad actors and offers an inclusive solution that goes far beyond what traditional verification methods can offer

Facial verification provides an alternative to legacy identity verification solutions that may rely heavily on credit data, which may exclude individuals with limited or no credit history. This aspect is particularly beneficial for reaching and verifying the identities of individuals who would otherwise face challenges in remote identity verification processes.

You can read more about the advantages of face biometrics here.

Not all Biometric Solutions are Equally Effective

Choosing a science-based solution that can deliver the highest levels of identity assurance and have proven track records with security-conscious organizations is essential.

Let’s examine a few of the criteria that form a robust facial verification system:

  • Liveness detection: As the ITRC articulates, the best solutions not only verify the captured image presented, but also determine the “liveness” of the individual and that the individual is real and not a spoof.
  • One-time biometric: One-time biometric technology is essential. It verifies that an individual is authenticating in real-time and is not a photo or mask, nor a digitally injected attack using a replay of a previous authentication, or synthetic video (such as a deepfake). Learn more about one-time biometric technology here.
  • Active threat monitoring: The report also stresses the importance of active monitoring: “Real or near-real-time monitoring can provide early detection of performance anomalies and enable timely remediation”. iProov provides this through our Security Operations Center (iSOC), which gathers insights into advanced biometric attacks and builds resilience to ongoing threats. We are the only biometric vendor to share our findings in our annual Biometric Threat Intelligence Reports.

Inclusivity and performance:

  • Evaluate certifications: The report acknowledges that some biometric solutions are “more accurate than others”, and that some “work better across a diverse population than others, including persons with disabilities”. Look for solutions like iProov’s, which are certified by the National Institute of Standards and Technology (NIST) and is one of the few vendors to achieve full WCAG 2.2 compliance. The biometric vendor should keep up to date with evolving standards, certifications, and conformance.
  • Evaluate bias mitigation practices: this is not a one-time endeavor but an ongoing commitment. Transparency, diversity in training data, regular testing, and adaptability are essential components of a robust strategy. Bias mitigation is not limited to age, skin tone, or gender; other socio-demographic impacts, such as access to devices with cameras, need to be considered.

Privacy-protective Considerations:

  • Biometric template: The vendor should only store biometric data in an anonymized format, so it’s useless to an attacker. Rather than stored imagery, a biometric template is a mathematical representation of biometric data that cannot be associated with an identifiable person. Ultimately, this bolsters user privacy and data protection. You can learn more about biometric templates here
  • Privacy firewall: The vendor should use a technology that uses a privacy firewall, where there’s a structural separation between the user identity and the user’s biometric. All PII is stripped away, leaving only the biometric, which, on its own is useless if leaked or stolen. It’s highly effective in safeguarding the privacy of the user.
  • Cloud-based authentication: There are many benefits to cloud-based biometric security. A key one is the protection of user data: cloud security is opaque to an attacker and far more difficult to reverse-engineer.

The report also specifically recommends finding a vendor that has real-time verification capabilities and passive detection techniques. iProov is unique in the identity assurance space, largely owing to its ability to confirm whether a device is sharing correct real-time information about a real user right now.

You can learn more in our guide to choosing a biometric vendor here.

Closing thoughts

Ultimately, ITRC does not recommend any particular vendor but stresses that biometric-enabled identity verification is the “best hope for reducing impersonation crimes in the short and long term”, and that organizations should seek the “best solution for them as soon as possible” to reduce the severe and ever-growing threat of identity crimes.

iProov delivers the most validated face biometric solutions in the world, having been tested to national security standards by the U.S. Department of Homeland Security, the UK Home Office, the Singapore Government, and the Australian Government – often completing over a million verifications per day with pass rates over 98%.

Download the full ITRC Biometric Working Group Discussion Paper here.

Back to Resources

UBS Kuppinger Cole Digital Transformation with Biometrics

Unlocking The Future of Finance: Digital Transformation With Biometrics | UBS & KuppingerCole

December 20 2023

Recently UBS – leading a multinational investment and wealth management bank – and Kuppingercole, a key analyst firm that specializes in providing advice and insights on Identity and Information Security participated in an iProov-sponsored webinar to showcase how UBS is innovating its digital identity strategy to better service the needs of its customers.

The webinar featured industry experts John Tolbert (Director of Cybersecurity Research and Lead Analyst at KuppingerCole) and Pascal Tavernier (Executive Director of Identity & Access Management Architect at UBS) discussing how biometrics can support digital transformation in the financial services industry.

Read ahead to learn the webinar’s key themes and insights.

Increasing Fraud and Regulations Drive Digital Transformation

Financial services is a colossal sector, forecasted to reach approximately $30,000bn by 2030. Organizations face increasingly stringent regulations, driven largely by growing levels of financial crime.

While some of the most pertinent regulations willl depend on your country/jurisdiction, the webinar identified the four most critical types for financial institutions:

  • Anti-Money Laundering: Aims to prevent money laundering and terrorist financing.
  • Know Your Customer: An extension of AML which is about ensuring that businesses are engaging with the same person they entered into the financial agreement with (and that the same person is still in control of their account).
  • Politically Exposed Persons: These checks are all about identifying high-risk individuals and providing additional screening and information to mitigate any economic, regulatory, or reputational risk. They often relate to politicians or other prominent people.
  • Sanctions Screening: Financial institutions must ensure they’re not transferring or holding money for sanctioned individuals.

Noncompliance leads to penalties, including fines and even criminal proceedings. In 2022 overall, banks globally incurred over $2bn in AML fines.

The other leading driver for digital transformation is fraud prevention. Financial Services is one of the most targeted industries due to lucrative financial incentives (receiving the highest share of account takeover attacks, 38%). The goal is to stop the most prevalent types of fraud, such as:

To achieve this, financial institutions have invested heavily in compliance processes and personnel. However, this has also increased onboarding and customer acquisition costs.

This landscape, combined with a general move towards all-encompassing online services, has made digital transformation more important than ever. Procuring the right technologies is key.

Biometric Verification Is The Foundation of Digital Transformation For Financial Institutions

The difficulty of proving that online users are who they claim to be is one of the biggest challenges FIs face. Ineffective identity verification controls are often the root cause of regulatory infringements and fraud.

Robust identity verification depends on linking the physical person asserting their identity to a trusted ID document. The only way to do that reliably is with biometrics. Biometric verification works by linking the data on a Government-issued ID to the biometric data of the person asserting their identity, and performing checks to ensure they’re real and indeed the genuine holder of that ID document.

Biometrics verification is preferred for a number of reasons:

    1. It’s a self-service, automated process: The ability to automate onboarding and authentication is crucial for organizations. It means you can operate a 24/7 service, at a lower cost, and usually with higher conversion rates – in a way that’s generally preferred by clients.
    2. Better security: The right biometric solution can deliver unparalleled security, enabling FIs to avoid or at least minimize the security and usability issues posed by legacy methods such as passwords and one-time authentication.
    3. Better user experience: The end-user does need to remember anything; their biometric is always on their person. This also means there’s nothing to lose or forget. The right biometric solutions makes everything exceptionally easy for the customer.
    4. Improved accuracy and efficiency: Biometric technology removes the need for in-person checks or manual verification, which increases accuracy and reduces costs. It also speeds up the process, enabling customers to quickly get access to their new accounts.
    5. Reduced risk of compliance penalties and reputational damage from negative publicity: A robust solution enables financial institutions to meet regulatory guidelines while reassuring customers and protecting the organization’s reputation.
    6. Easy account recovery: Account recovery inherently introduces fraud risk, because the person recovering it could be a fraudster attempting to hijack control of an account. You need to be certain of their identity; the right biometric solution can deliver self-service account recovery that is effortless and does not require re-binding of their device.

Biometric face verification has emerged as the only reliable method of remote identity verification because, generally, other biometric methods cannot verify identity – they can only authenticate it. This is because your voice, iris, and so on are not usually on any of your identity documents (unlike your face). You need a source of truth to match against. Face biometrics can truly be the foundation for a customer’s identity lifecycle.

Other ID verification methods like video call verification (over Zoom or Skype, for example) are inconvenient and difficult to scale. Pascal stated that “prospects and clients do not like, and it takes up a lot of time.”

Not All Solutions Are Equal: Understanding Biometric Accuracy

The effectiveness of biometric solutions varies. John Tolbert (KuppingerCole) discussed how biometric systems can deliver higher identity assurance by evaluating biometric accuracy. Biometric accuracy is determined by a number of factors:

  • False Acceptance Rate (FAR): The measure of the likelihood that the biometric security system will incorrectly accept an access attempt by an unauthorized user. A system’s FAR typically is stated as the ratio of the number of false acceptances divided by the number of spoof identification attempts.
  • False Reject Rate (FRR): The percentage or probability of biometric authentications that reject the correct user when that user’s biometric data is presented to the sensor and incorrectly marked as ‘fail’. If the FRR is high, users will be frustrated with the system because they are prevented from accessing their own accounts. Also known as False Non-Match Rate (FNMR).
  • Equal Error Rate (EER): Where FAR and FRR meet, usually best tradeoff between usability and security.

Liveness is a crucial factor in FAR and FRR. Liveness refers to the technologies that determine whether a sensor is viewing a live biometric – i.e. if it’s a living person or not. This makes liveness a key differentiator between facial biometric solutions.  

The quality and sophisticated of the liveness technology will affect the numbers of fake images misclassified as real (FAR) and number of real images misclassified as fake (FRR). Generally, multi-frame solutions will acheive a more desirable FAR/FRR than single frame-solutions. The quality of the face matcher will also impact the FAR and FRR.

Critically, FAR and FRR, will underpin the users conversion rate. You need to ask: how many of your users can use the product, and of that number, how many of them can complete the verification? The success rate of user verification is a critical driver for identity assurance technology.

Implementing and Testing End-to-End Identity Verification Systems

Pascal Tavernier helped design and build the UBS end-to-end remote identity verification system, which uses iProov for facial biometric verification. While biometric accuracy is key, there are many other success factors.

Pascal shared his valuable insights on maximizing success rates for digital enrollment journeys:

  1. User Guidance: Visual, animated guidance is a must. The less effort the user has to expend to complete the process, the better. Biometric solutions must provide users with crystal clear, visual, and animated instructions.
  2. Error Handling: Context-based help is essential along the user journey. Users need to know what they did wrong if they face an error, with real-time feedback, or they’ll be frustrated and drop out.
  3. Eligibility: Evaluate self-service support at the start of the process (i.e if your app only supports users to register from specific countries, ensure that users complete a country selection at the beginning of the process so they’re not disappointed later).

Other factors discussed were SDK size; the need for clear developer documentation; active versus passive biometrics; and accessibility/inclusivity.

Pascal suggested that organizations conduct as many usability lab sessions as possible to get things right the first time around. He also recommended engaging an “independent third-party vendor that specializes in biometric penetration testing”, rather than taking security claims at face value.

Closing Thoughts

Ultimately, biometric verification removes the reliance on in-person checks, providing self-service automated remote identity verification. This enables organizations to deliver services remotely to customers that were once relegated to in person visits, which is a huge customer experience win (and indeed often a expectation from today’s end-user).

Biometric technology helps financial institutions with their two main challenges: regulatory compliance and fraud prevention – making it a perfect tool for digital transformation in the financial services industry.

You can read more about the advantages of face verification here and consider our guide to choosing a biometric vendor here.

Click here to watch the whole webinar on-demand here. Enjoy!

Back to Resources

WCAG22 Blog

WCAG 2.2 AA Introduces Critical New Change – iProov Achieves Full Compliance

December 12 2023

Web Content Accessibility Guidelines (WCAG) are an internationally recognized accessibility best-practice standard for digital experiences. WCAG 2.2 is the latest version of WCAG since it became a “W3C Recommended” web standard.

The evolution from WCAG 2.1 to 2.2 involves a number of important changes – one being that authentication processes can no longer include a “cognitive function test”. This is a transformative shift for any organization that wants to comply with WCAG yet still employs cognitive function requirements, such as passwords. This makes many traditional authentication methods explicitly incompatible with WCAG guidelines, and therefore incompatible with accepted standards for web accessibility.

iProov is dedicated to user accessibility and inclusivity – values ingrained within our culture and our technologies. As one of the few biometric facial verification providers compliant with WCAG 2.1 AA, we now extend our compliance to WCAG 2.2 AA.

Read on to discover the wider context of WCAG 2.2 and the potential impact of its changes on your organization.

Evolution to WCAG 2.2: What Is It and How Is It Different from 2.1 AA?

WCAG provides recommendations for improving web accessibility, promoting equal access for all, regardless of constraints (such as age, literacy, language, cognitive ability, or disability). WCAG 2.2 is the latest edition, adding 9 new success criteria. You can read more about the specification requirements surrounding each criteria here.

While WCAG 2.2 introduces many significant changes, we believe the most important is Accessible Authentication (3.3.8) – which states that a cognitive function test (such as remembering a password or solving a puzzle) must not be required for any step in an authentication process. It recognizes that remembering a password or solving a puzzle is not inclusive for many people.

The new guidelines are backwards compatible, meaning that by satisfying the requirements of WCAG 2.2, you satisfy the requirements for previous versions, too. So for instance, iProov conforms to both WCAG 2.1 Level AA and 2.2 Level AA.

What does the “AA” refer to?

This refers to the tiers of criteria within WCAG:

  • Level A requirements prohibit any elements that make the product/website inaccessible for people with disabilities to use.
  • Level AA conformances requires that the solution is easy to use and understand for the majority of people (with or without disabilities).
  • Level AAA demands a number of additional requirements and is the highest possible conformance level in WCAG, but it is not required by regulation (so is optional).

How Does iProov Comply With WCAG 2.2 AA?

iProov face biometrics SDKs have achieved WCAG 2.2 Level AA conformance.

Testing for conformance was carried out by external accessibility experts TetraLogical, a member of the W3C and contributor to standards, including WCAG. By virtue of conformance, aligning your face in the oval to iProov with Flashmark isn’t deemed a cognitive function test, as the user doesn’t have to do anything except look into their user-facing camera. This is critical.

Why Is WCAG 2.2 AA Important?

WCAG and accessibility efforts should be a priority for all organizations, because without proper accessibility measures you’re potentially excluding up to 1/5th of the population that live with a disability.

However, WCAG compliance is particularly essential to the public sector organizations. Websites and other digital content created by public sector and other arms of government are often mandated by law to deliver accessible digital content for citizens with some form of disabilities – meaning that meeting WCAG requirements is the easiest way to ensure you’re compliant.

For example, The UK government explicitly states that compliance with WCAG ensures your digital content meets the legal requirements under the Public Sector Bodies Accessibility Regulation. The Government Digital Service (GDS) is already working on how to assess the new WCAG 2.2 rules and will begin monitoring for the extra criteria in October 2024.

In the EU, the Web Accessibility Directive 2016 draws heavily heavily from WCAG, and requires all websites and mobile applications of public sector bodies to comply. While WCAG guidelines are not explicitly tied to US legislation as they are in other countries, adhering to them can provide your organization with a great defence against lawsuits such as ADA Title III for web accessibility.

Even for organizations that are not mandated by law to meet accessibility requirements, compliance to WCAG remains one of the best ways to ensure that your web content is inclusive and accessible for as many people as possible, which should be a key business aim.

iProov Technology Supports Your Compliance with WCAG 2.2

At iProov, we’ve historically questioned the security of passwords and instead recommended authentication that promotes user accessibility. Now with WCAG 2.2, it’s clear that your organization will struggle to meet the international standard for accessible authentication if you use passwords at any stage in your authentication process without clearly offering an alternative.

There needs to be a path through authentication that does not rely on cognitive function tests. So if accessibility is important to your organization, you need to select a solution that does not include them.

Ultimately, the takeaway is that most knowledge-based authentication methods (such as remembering passwords) and possession-based methods (such as retyping one-time passcodes) that are cognitive function tests, which means that your organization cannot comply with the leading internationally recognized standard for accessibility if you rely on them.

iProov solutions provide a non-cognitive function test that you can use to verify and authenticate your users or citizens. Our biometric face verification is incredibly secure, effortless to use, and truly inclusive. Organizations should strive to achieve WCAG compliance, and individuals should check with their authentication vendor if they’re compliant with the new WCAG 2.2 requirements.

If you’d like to learn more about how iProov can secure and streamline your organization’s online verification, authentication, and onboarding with maximum accessibility and inclusivity, book your demo today.

Back to Resources

Understanding the different types of generative ai

Understanding The Different Types of Generative AI Deepfake Attacks 

November 30 2023

Deepfakes and other synthetic media – largely created by generative AI technology – are becoming increasingly well-known, and it’s now widely accepted that synthetic media is a problem for individuals, organizations, and society alike.

Deepfakes come in many forms, such as re-enactments, face swaps, and Generative Adversarial Networks (GANs). It’s essential to understand the different forms of deepfake attacks in order to defend against them.

The issue of generative AI is particularly pressing as the frequency of these attacks is on the rise, as it becomes easier and easier to create convincing synthetic imagery. As generative AI continues to advance in sophistication, accessibility, and scalability, it will grow more difficult to trust what we see and who we interact with online.

In this article, we will demystify the often complex world of generative AI-based fraud, and explain the methodologies behind each type.

What Is Generative AI?

Generative Artificial Intelligence (AI) refers to algorithms that can generate new content – including text, images, video, or other media – in response to a given input or prompt. Often leveraging technologies such as neural networks and computer vision, generative AI learns from patterns and structure from existing “training data” in order to create content. For example, “analytical AI” serves to analyze existing data and automates the process of spotting patterns or extrapolating trends which can be useful in fields such as medicine and health data.

Generative AI has captured the technological zeitgeist, with equal amounts of awe and controversy surrounding tools such as Chat-GPT. These tools can significantly accelerate content creation, but there’s real concern around how they can be weaponized by criminals in the cybersecurity arms race – bolstering fraud and social engineering, disinformation, and cybercrime through manipulative synthetic content.

Additionally, the growing accessibility of generative AI tools in crime-as-a-service marketplaces means that less tech-savvy attackers now have easy and affordable access to sophisticated tools to create synthetic media. The highest-tech software options of yesterday are now commonplace, as the technological barrier evaporates.

A recent proof point on the quality of these AI-generated spoofs was featured in a study conducted by the Center for Strategic and International Studies, which indicates that we have “reached the inflection point where humans are unable to meaningfully distinguish between AI-generated versus human-created digital content”.

In this article, we’re focussing particularly on generative AI as used to create synthetic imagery, including deepfakes.

Understanding Different Types of Deepfake Attacks

Let’s take a moment to understand some of the forms of generative AI attacks.

Face Swaps: A form of synthetic media created using two inputs. They combine existing videos or live streams and superimpose another identity over the original feed in real time. The end result is fake 3D video output, which is merged from more than one face, but with the biometric template of the genuine individual still in tact, even if visually the resemblance is closer to that of the attacker. A face matcher without adequate defenses in place may identify the output as the genuine individual.

Re-enactments: Also known as “puppet-master” deepfakes. In this technique the facial expression and movements of the person in the target video or image are controlled by the person in the source video. A performer sitting in front of a camera guides the motion and deformation of a face appearing in a video or image. Whereas face swaps replace the source identity with the target identity (identity manipulation), re-enactments deal with the manipulation of the facial expressions of one input at a time.

Generative Adversarial Networks (GANs): A GAN works by two AI models competing with each other to create as “accurate” or authentic of a deepfake output as possible. The two models – one a generative and one a discriminating model – create and destroy in tandem. The generative model creates content based on the available training data to mimic the examples in the training data. Meanwhile a discriminative model tests the results of the generative model by assessing the probability the tested sample comes from the dataset rather than the generative model. The models continue to improve until the generated content is just as likely to come from the generative model as the training data. This method is so effective because it improves the outcome of its own authenticity by constantly checking against the very tools designed to outsmart it.

How Are Generative AI Attacks Typically Used by Fraudsters?

Creating and using generative AI-created synthetic imagery is not inherently criminal. However, synthetic imagery is unfortunately a gift for cybercriminals – aiding crime such as extortion and harassment, purposefully spreading political disinformation, or facilitating identity and document fraud (such as attempting to bypass identity verification checks mandated by Know Your Customer regulations).

Common forms of fraud supported by synthetic imagery include:

What’s the Difference Between Digitally Altered and Digitally Generated Synthetic Media?

Synthetic media is the output of generative AI, but not all synthetic media is created by generative AI.

Generative AI generates entirely new data that is unique and original, as opposed to simply processing, analyzing and modifying existing data. This distinction could be summarized as digitally generated versus digitally altered imagery.

Why Is Everyone Talking About Generative AI?

While AI can deliver an array of positive use cases – including task automation, creative inspiration, and analysis of complex data sets – the dangers of generative AI are currently taking center stage.

Generative artificial intelligence popularity - interest over time has exploded in this graph

Note: Google Trends represents the number of organic searches for a specific term over time; the graph data is normalized from a range of 0 to 100 and is referred to as “interest over time”.

One thing is for certain: generative AI is advancing rapidly, and it promises deeply disruptive and transformational impacts across a variety of industries.

Generative AI has captured the interest of the public, policymakers, and governments alike. You can learn more about generative AI and the public sector in this article – which provides a list of responses from governments and policymakers across the globe, and details how iProov is safeguarding against the threat.

In today’s digital-first world, there is a larger digital attack surface with a greater number and variety of high-risk transactions taking place online – often meaning bigger rewards for fraudsters. Ultimately, the concern is how bad actors can utilize AI-generated synthetic media for fraudulent purposes and to facilitate the spread of false information online.

Closing thoughts on Generative AI and Biometric Face Verification

A genuine, human face is unique and cannot be truly replicated – which is why biometric face verification has emerged as the most secure and convenient method of verifying user identity online.

One thing is clear: biometric technology will serve as a lifeline for verifying genuine presence remotely, particularly as replicas can no longer be distinguished by the human eye. In truth, only the most advanced systems that have been fighting this rapidly scaling arms race are equipped to recognize generative AI.

How iProov Can Help

To verify a deepfake, iProov utilizes patented one-time biometric technology with deep learning and computer vision technologies to analyze certain properties that generative AI-created media cannot recreate – as there is no real person on the other side of the camera. This is why having a real-time biometric incorporated into liveness technology is critical for organizations to distinguish between synthetic media and genuine people.

To learn more about how fraudsters are harnessing generative AI to undermine identity verification and bolster synthetic identity fraud, read our new report “Stolen to Synthetic” here.

Book a demo or request a custom consultation with an iProov expert here today.

Back to Resources

iproov vs voice v2

From Voice to Face: Transitioning Your Biometric Authentication

November 20 2023

In our last article in this series, The Disadvantages & Vulnerabilities of Voice Biometrics | What’s the Alternative?”, we examined the limitations and vulnerabilities of voice biometrics – ranging from low assurance levels to security concerns and usability issues.

This article picks up where we left off. We’ll evaluate face biometrics as a secure and convenient alternative to voice biometrics. But the next question is crucial: how do you know which solution to trust?

To help navigate the challenge of identifying a trustworthy biometric solution, we’ll investigate the specific differentiators within verification technology – and explain the key factors to consider when making the leap from voice to face.

Key Business Drivers To Consider When Moving From Voice to Face

First, consider the leading factors that may be affecting your business’s key performance indicators (KPIs):

  • Completion rates: The success rate of user verification is a critical driver for identity assurance technology. It is important to evaluate how many users can successfully complete the verification process, as this will vary between vendors and technologies.
  • Security obligations and organizational reputation: Voice biometrics can cause breaches through false positive results or inadequate security – which often means significant reputational damage for organizations. With the rise in voice cloning technology, customers demand more reliable authentication alternatives.
  • Regulatory and privacy compliance: Organizations operating in heavily regulated industries or jurisdictions may struggle to meet privacy regulations with voice biometrics. Evaluating alternative authentication solutions which better align with regulatory obligations and offer a higher Level of Assurance is critical.

When deciding to abandon voice biometrics, it’s important to conduct a comprehensive evaluation of the business drivers and assess how they align with your organization’s specific objectives and goals.

The right biometric face verification solution can enhance completion rates, security, and compliance in one end-to-end solution. With this in mind, let’s move on to the specifics.

Why Choose iProov Face Verification Over Other Biometric Options?

As we’ve established in the previous two articles, voice is not a reliable indicator of identity. It’s prone to spoofing, is difficult to obtain an authentic “source” to match against, and is prone to variance over time.

With face biometric verification, as with any remote identity solution, it’s crucial to evaluate the merits of the individual vendors and technologies, as not all technologies are created equal. iProov is trusted by some of the world’s most security-conscious organizations – such as UBS, The US Department of Homeland Security, and the The UK Home Office. Here’s why:

voice vs iproov 1

Level of Assurance:

Level of Assurance (LoA) refers to the certainty you can have that an identity can be trusted to actually be the claimant’s “true” identity. The higher the assurance level, the more secure the identity and the lower the risk of successful attacks such as new account fraud, synthetic identity fraud, and identity takeover.

iProov has proved its LoA rating through certification from a number of leading LoA frameworks. For example, iProov is certified as a Trusted Service Provider (TSP) for biometric face verification of a natural person with Genuine Presence Assurance ‘GPA’ technology to the highest level of assurance in accordance with the eIDAS Regulation. Additionally eIDAS Module Certification as Trusted Service Service Provider (TSSP) for Electronic Identification (eID) and Electronic Signature (eSig) means we can provide trusted services to trusted service providers (TSP).

Whereas voice biometrics cannot even verify an identity – it can only authenticate it – iProov can verify and authenticate users with a Level of Assurance that meets the highest international standards for technology and business systems. This is a key competitive advantage and can reduce the associated cost and burden of implementation, auditing, and legal compliance for your business.

Certifications and Governance:

Certification and governance accreditations are a market differentiator for biometric verification vendors. iProov’s Software Development Kit (SDK) conforms to many of the most stringent standards, for inclusivity, security, and privacy, including WCAG 2.1 – demonstrating online accessibility for all, regardless of age, literacy, language, cognitive ability, disability, or other constraints

All iProov solutions have been inherently designed for privacy, and the business is certified to ISO/IEC 27001 and SOC 2 Type II – demonstrating how we safeguard customer data and how successfully those controls are operating. Plus, iProov is one of the only companies named a SIF mitigation vendor by the Federal Reserve.

You can learn more about some of iProov’s long and distinguished list of certifications here.

Security Testing:

iProov provides science-based biometrics which includes a multimodal approach to attack detection, testing both imagery and metadata to deliver a high level of assurance that a remote user is genuine. Our security has been evaluated by the best: external Red Team Testing (e.g., DHS, Outflank & AIS); full accreditation by iBeta for Presentation Attack Detection to the standard ISO 30107-3; and continuous in-house Red Team Testing.

iSOC:

Adaptability is critical for identity assurance technologies. The lag between the time an exploit is detected, processes are adapted, and security is redeployed presents a significant risk as the threat landscape constantly evolves. Therefore, organizations must remain vigilant and agile to ensure their systems are secure and resilient to evolving threats. Static on-premise security is outdated and ineffective.

iProov is the only biometric vendor with active threat monitoring in the cloud, enabling us to track threats, evolve, and respond in real-time. You can read about the importance of evolving and adaptive security here.

One-Time Biometric Technology:

iProov delivers a unique one-time biometric technology, which verifies that an individual is authenticating in real-time and is not a photo or mask, nor a digitally injected attack using a replay of a previous authentication, or synthetic video (such as a deepfake). The user’s device screen illuminates their face with a unique sequence of colors that cannot be replayed or manipulated synthetically. It also analyzes multidimensional information derived from the way the face behaves and how light is reflected off of a face, which is key in uncovering synthetic imagery.

One-time biometric technology is essential to defend against the growing threat of fraud and synthetic media. iProov is completely unique in the identity assurance space, largely owing to its ability to confirm whether a device is sharing correct real-time information about a real user right now.  It’s more than just a timestamp that can be easily manipulated – it’s a challenge-response mechanism, utilizing a science-based flashmark technology to ensure real-time authenticity.

Proven Experience Delivering at Scale with Industry Leaders:

The iProov solutions are designed to be accessible, scalable, and resilient, with a high level of uptime and the capacity to handle millions of verifications. iProov has proven its ability to scale in real-world scenarios, with major deployments globally processing over 1 million verifications daily. iProov is a proven supplier, and financial services organizations such as Bradesco, Rabobank, and Knab already actively use and rely on it.

Making the Leap – Moving Away from Voice Biometrics:

Overall, voice biometrics has fundamental and significant limitations and should only be deployed in low-risk scenarios.Voice is only suitable for use cases where the level of assurance required is low, and there’s already a lot of contextual data that the person is who they claim to be.

Biometric face verification has emerged as the most secure and convenient way to verify identity online, as traditional methods such as passwords and one-time codes have failed for high-risk use cases. Now, other inherence-based factors reveal cracks in their foundations – failing to defend against the growing threat of synthetic media and groundbreaking advances in generative AI.

With iProov’s combination of patented features, key certifications, and proven experience with industry leaders, your organization can confidently transition from voice to face biometrics, ensuring a secure, convenient, and inclusive verification and authentication process.

What happens when you transition to iProov?

  • Initial consultation and setup: A dedicated team of solution architects and customer success professionals will be assigned to support you through your integration. You can expect an implementation kick off and dedicated solution architect introduction immediately. While the iProov SDK has been designed to be very simple to set up, we know that each business has many additional complexities to consider, such as existing codebase and architecture, or regulatory environments to navigate – which is why we take a consultative approach. We have proven experience working through even the most complex integrations and we are well-versed in compliance and regulatory requirements
  • In-depth, guided training: The iProov team will provide your teams training on to the API, SDK of your choice (iOS, Android, Web, Cross Platform), iProov best practices, UI/UX guidelines and on happy/unhappy path application logic – alongside handling setup and sharing necessary resources, documentation straight away. You can then expect further technical training tailored to your organization’s needs and use-cases.
  • Ongoing support and technical development: We’ll help you with customer app and iProov integration development support; iterative support and weekly progress touchpoints; end-to-end review, testing & QA; and ongoing solution review and optimisation, alongside continued support from your dedicated customer success manager.

If you’re ready to transition away from voice biometrics and enhance your authentication process with secure and convenient face verification – or if you’re interested in learning more about how iProov technology can benefit your organization – book your demo today. Our team will swiftly be in touch to provide the assistance you need.

Back to Resources

Generative AI 2

Generative AI and Identity Risk – Protecting your Digital Ecosystem

November 14 2023

iProov and Ping Identity share the common goal of establishing trust in digital interactions. The need for strong authentication and verification methods has never been more crucial as organizations seek to ensure that their online users are authentic.

While passwords and secret questions were once adequate, today, 74% of all breaches include the human element, with people being involved either via error, privilege misuse, use of stolen credentials, or social engineering. Authentication and verification technology has advanced considerably as the need for more robust measures has grown. Now, it’s essential to bind digital identities to real-world government IDs rather than just something a user knows.

However, cybercriminals are also keeping pace, and Generative Artificial Intelligence (Gen AI) has accelerated the development of cyberattacks and fraud. AI is neither good nor evil – it’s a tool that’s employed by both cybersecurity organizations and threat actors alike. One thing is certain, though: it poses a significant challenge to organizations seeking to protect their users and data.

iProov and Ping have integrated their best-in-class technologies in order to utilize face biometrics as part of identity verification and a wider Identity and Access Management (IAM) solution to defend against cyberattacks, credential compromise, and fraud at scale. Read on to discover how Ping and iProov’s groundbreaking technology works and why we have partnered to combat the growing threat of Generative AI.

What is Generative AI, And Why Is It A Problem?

Generative AI utilizes algorithms to generate fresh content in the form of text, images, videos, or other media in response to given inputs or prompts. Gen AI generally leverages AI technologies such as computer vision and neural networks – these enable computers to derive information from images, videos, and other visual inputs to make actions or decisions based on what they “see” based on that information. These technologies have given rise to the increasing use and quality of deepfakes and other synthetic imagery.

Gen AI poses a threat to online identity assurance. The ultimate aim of identity verification is to establish that the user is who they claim to be remotely. But with Gen AI, it has become increasingly easier for fraudsters to impersonate others or render new identities from scratch by utilizing tools like ChatGPT (and its evil twins Fraud & Worm-GPT), and other tools to create voice clones and synthetic imagery.

Gen AI is no longer a technology of the future. In fact, research shows that humans can “no longer meaningfully distinguish between AI-generated and human-created digital content,” and easy access to the aforementioned tools means that low-skilled threat actors can launch targeted attacks with relative ease.

Choosing the right user verification and authentication solution is now critical. iProov and Ping have developed solutions to address this problem, with an approach aimed at simplifying online user verification while maintaining the highest level of security. Organizations must embrace advanced techniques that adapt to the rapidly accelerating landscape of cyber threats, utilizing AI for the good of cybersecurity.

How Does iProov and Ping’s Joint Solution Work to Combat Generative AI?

The use of AI can also enhance accuracy, security, and speed in identity verification processes. Deep learning models, including Convolutional Neural Networks (CNNs), can help detect and match images. At the same time, computer vision can help ensure that the imagery belongs to a real person and not a deepfake, mask, or other synthetic media.

With the implementation of a robust facial biometric verification system, organizations can easily mitigate most of the threats posed by Gen AI. By scanning their faces with a one time biometric and adding a trusted identity document such as a passport or driver’s license, users can remotely opt-in to verify their identities with utmost security.

rtaImage 1

In this context, iProov and Ping’s technologies stand out as market leaders. Let’s consider how iProov and Ping’s technologies work in more detail:

Ping: Identity Security for the Digital Enterprise

Ping allows organizations to design, test, and optimize digital identity experiences with PingOne DaVinci for easy creation of frictionless security.

Ping’s open architecture enables customizable identity architecture where decentralized digital identity applications like PingOne Neo put users in control of their identity, effectively protecting against data breaches and other security incidents. Ping takes a multi-faceted and customizable approach to threat protection, with a proven track record of detecting bots and account takeovers even before the session begins.

Decentralized identity helps defend against AI-based attacks by limiting the incentive for the attacker and reducing the risk of a compromise. With DCI, the attractiveness of a hack is massively reduced as a breach likely results in a single individual’s records being compromised–as opposed to the sensitive data of millions of people in a centralized system. DCI also makes it harder for cybercriminals to successfully execute takeovers and fraud with digital credentials, which provide a secure and tamper-proof way for people to authenticate themselves. 

PingOne Neo is the only solution on the market that offers native digital credential issuance and verification. Neo is architected to limit how much identity information is collected and stored by organizations. This approach is critical to preventing data breaches and security incidents. Learn more about Identity Solutions in the Age of AI here.

Discover more about Ping’s products and their capabilities below:

iProov: Mission-Critical Biometric Face Verification

iProov’s patented biometric solutions suite assures that an online user is the right person not an impostor), the real person (not a spoof), and is authenticating right now (using a one-time biometric).

iProov’s science-based face biometric verification uses computer vision technology to detect the genuine presence of a living user with a time-limited session code that illuminates the face with an unpredictable sequence of colors. Deep-learning techniques then analyze the reflected sequence to confirm real-time authenticity, analyzing multidimensional information derived from facial behavior and other contextual data for comprehensive identity assurance and identity fraud risk mitigation. Traditional timestamp methods which can be falsified are not adequate to ensure real-time authenticity.

To confidently detect that an individual is a ‘live’ person, technology leveraging artificial intelligence is needed to ensure they are verifying in real-time. This is the only way to effectively mitigate digital injection and Gen AI attacks with the highest level of assurance. iProov also incorporates active threat monitoring and response enabling us to respond to zero-day vulnerabilities and stay one step ahead of Gen AI attacks.

In the fight against Gen AI, organizations must bind individual’s digital identity to their real-world, government-issued ID and ensure they do so in real time. This identity should be reusable so individuals can authenticate with the same credentials throughout their user lifecycle. iProov and Ping make this process simpler and more secure than ever before, offering the versatility to apply the appropriate authentication technology for each transaction according to the risk of the activity, with Flexible assurance levels in the iProov Biometric Solutions Suite – LA (Standard) and GPA (Premium) – available in one integration

Advantages of Employing iProov and Ping’s Joint Solution

You can deploy iProov and Ping for a range of use cases, including using face biometric verification for passwordless login, multi-factor authentication (MFA), account recovery, and step-up authentication. It’s ideal for organizations looking to bolster their cybersecurity posture while delivering a frictionless customer experience.

The two solutions complement each other, combining Ping’s industry-leading IAM/CIAM and iProov’s biometric verification with best-in-class liveness detection to offer a powerful, end-to-end solution. Advantages of this include, but are not limited to:

  • Enhanced Regulatory Compliance: Secure digital onboarding and authentication supported regulatory compliance – certified under eIDAS, complying with KYC, AML, Strong Customer Authentication (SCA), and GDPR regulations – safeguarding customers against fraudulent attacks while utilizing digital channels.
  • Improved Security: Ping’s adaptive authentication and customizable security measures, coupled with iProov’s award-winning biometric security – all monitored by the iProov Security Operations Center – drastically minimizes the risk of various fraud types. This may include account takeover and synthetic or stolen identity fraud, as well as data breaches – which can be costly for organizations and damaging to their reputation.
  • Ease of Integration: Both iProov and Ping are cloud-delivered solutions equipped with lightweight, cutting-edge SDKs. These enterprise-proven technologies are easily integrated with any API, web, mobile, or SaaS application, regardless of its location, using various APIs, SDKs, and SSO integrations. Ping’s DaVinci orchestration engine can be used to integrate with hundreds of other business applications.
  • Improved Conversion rates: iProov in production success rates typically >98%.
  • Enhanced Customer Experience: The experience surpasses past online security methods by being exceptionally fast and frictionless. The solution is independent of platform, format, or device.

For more information on Ping and iProov, check out our integration listing. Alternatively, book a demo of iProov’s solution here or begin a Ping free trial here.

Back to Resources

Meet the team LATAM Team v2 02

Digital Identity in Latin America: Insights from our Team

October 13 2023

It’s National Hispanic Heritage Month. First established in 1968, this month is celebrated across Latin America and recognizes the many dates of importance and independence days throughout this region. 

To honor this month, we introduce you to our LATAM iProovers: Daniel Molina, Omar Sanjuanero, Gustavo Ferreira da Silva, Renato Andrade, Ronald Chapman, & Eduardo Montellano. They share what makes them proud to be Latin American, as well as unique insights into the future of digital identity, the importance of inclusivity and diversity, and more.

Question 1: Can you tell us a bit about yourself:

Daniel

I was born in Mexico and moved to the States when I was 11.  It was working as a pre-sales engineer in cybersecurity that I first realized the key pillar to any security issue is the identity of the person, and from there, it’s only one step away from realizing how many people are disenfranchised today because they don’t have a legal identity. 

The opportunity at iProov arose and came with it the huge challenge of expanding the company in the LATAM region where many people are disenfranchised, and the infrastructure for providing digital identities is not yet available. But I was determined to see this area develop, so I took the role and started to build out my team.

Omar

My role is a Business Development Consultant for LATAM where I get to talk to interesting companies and potential partners and spread the word about iProov. I was born in Mexico City and I’m still living here today – I love it, so I’m not looking to move out anytime soon! All my previous roles have been within the technology sector, I enjoy being part of this community of software and innovation which is what first attracted me to iProov, and why I’m still here 10 months later! 

Gustavo

I’ve been at iProov for 9 months as a LATAM presales consultant, and part of my responsibility is to help our partners and clients understand, test, and implement our technology. I was born in Curitiba, Brazil, and spent ten years here before traveling from state to state and finally landing in Santa Catarina State. After studying mechatronics, I joined a company that delivered fingerprint biometric devices for governments, before eventually meeting iProov and Daniel Molina. 

Renato

I’m from Brazil and based in Sao Paulo. My role as a Channel Sales Manager consists predominantly of building a partner ecosystem in the Brazilian territory while generating demand and developing relationships with end users.

Ronald

I was born in Venezuela, lived in Mexico for three years, and now I’m based in Bogota, Columbia. I joined iProov as a Channel Sales Manager and have been here for around 7 months. For 20 years prior, I worked in the telecommunications industry before eventually moving into identity. The identity industry was where I learned the importance of having access to a legal identity and part of the reason I joined iProov.

Eduardo

I’m a Channel Manager at iProov, born and based in Mexico City, and have lived here almost all my life, but when I first heard of the iProov opportunity I was living in Canada. Daniel Molina and I discussed my soon-to-be role and what excited me the most was the goals iProov had to expand our reach across Latin America. I fell in love with the mission and decided to move back to Mexico with my family to begin this new and exciting adventure.

Question 2: What are the key trends you’ve noticed within digital identity across the LATAM region?

Daniel

I have three trends! The first is that over the past 18 months, we have seen maturity in the legal framework and cultural acceptance of digital identity and biometric technology. 

Secondly, We have seen that Brazil has the most advanced criminal organizations for digital fraud. 

Finally, maturity levels vary across Latin America. Brazil is far ahead in terms of adopting biometric and digital identity technologies. Our team can utilize our experience and expertise from working with Brazilian organizations in less mature countries such as Colombia, Chile, or Peru. 

Omar

We have started to see uneven development of digital identities in this region. The levels of maturity, the different use cases we’ve experienced, and people’s understanding of biometrics differ greatly – which I think is one of the most interesting things about working in LATAM – each country poses different challenges.

Gustavo

Knowledge will vary. In one country I might be discussing the rise in digital injection attacks, deepfakes threats, or how to implement resilient liveness solutions, whereas in another country you feel you’re 10 years in the past and your role will consist of educating organizations on what biometrics are how they can be used to make life better for their customers.

Ronald

We are seeing the digital transformation of financial services. Banks are turning to digital transactions as opposed to cash transactions, which brings with it new challenges of inclusivity and security. Currently, it is estimated only 45% of Latin Americans have a bank account, so enabling people to be involved in formal finance, and the economy, will be a focus for policymakers, governments, and financial institutions alike.

Eduardo

There is a great difference in culture regarding the adoption and practices of digital identity programs compared with the United States for example. However, it is evident now that laws and legislation, pushing for the adoption of digital identities, are moving very quickly within the LATAM region.

Question 3: Why is creating inclusive and accessible digital identities crucial in Latin America?

Daniel

Inclusive and accessible digital identities mean you can be a part of the economy.  Whether it’s taking part in voting, taking out loans, or accessing crucial digital services from governments, banks, or other organizations – an inclusive and accessible digital identity program will ensure you are not excluded from those processes.

Omar 

The next step in security is resilient biometrics, but to successfully provide this security to all your customers you need to do so regardless of the quality of their device, or the individual’s ability. You have to protect everybody. Building inclusivity into biometric security solutions will play a crucial role in the public’s acceptance of the technology.

Eduardo

Large segments of the Latin American population are low-income and find themselves unable to access basic services, such as benefit programs. A way to fuel financial and digital inclusion is through digital identity programs. This ensures no matter how remote the user is, or whether they can afford the latest smartphone, they can access digital services.

Question 4: What does the future of digital identity look like to you?

Daniel

We are starting to see a trending topic in the region: user-centric distributed identity, if you are required to show proof of age a user-centric identity enables you to share an approved ID showing you are over 18 years old, as opposed to sharing an ID card with your address, name, and date of birth. You can protect and have control over, your data and identity.

Gustavo

We will continue to see more digital identity use cases applied across sectors, from financial to transportation. The LATAM region is in a great position where we can see the ways countries across the world are utilizing digital identity programs, including iProov’s very own use case: the EU digital identity wallet. This allows LATAM countries to see the potential ways digital identity programs can be used for their own needs. We will certainly see the adoption of digital identity programs here – but it will take time.

Renato

All services; government, banking, health, etc. will migrate to the digital world. Digital inclusion is undoubtedly a challenge in some regions due to a lack of infrastructure, but over time this will improve, and iProov is helping solve this issue.

Eduardo 

Digital Identity is a primary issue throughout the whole of Latin America. However it is something that is moving in the right direction, and about to accelerate with opportunities to be applied across all industries and a huge variety of use cases. It’s an exciting time for us!

Question 5: As financial institutions undergo digitization what challenges will they face?

Daniel

There is a huge shift from stolen to synthetic identity fraud, and from presentation attacks to digitally injected attacks. Two years ago the majority of fraud in Brazil were presentation attacks and stolen identities, but today we see higher numbers of synethic identity fraud and digital injection attacks. The immense increase in synthetic identity fraud, deepfakes, and digital injection attacks is having an impactful detriment on banks.  

One key difference is that synthetic identities defraud the bank, not the account holders…  and that makes it harder to quantify.  It is often misrepresented as a business loss, instead of the fraud that it is.

Omar

There are two focuses for financial services. One is combating fraud. We are finding that banks are increasing their digital transactions without the correct security measures in place which leaves them vulnerable to more fraud, and this number will only increase if they don’t take action. 

Secondly, where security levels are increasing there is a risk that usability is lost. There needs to be a focus placed on the inclusivity and accessibility of authentication to create a seamless user experience for banks’ customers.

Gustavo

Financial institutions must stick together and share information to survive. They need to remember that when a fraudster is successful in their attack, it means they have been attempting, and are still attempting, to attack many different financial institutions. One attack is not only bad for that specific organization, it’s bad for the whole of the financial sector in the region.

Renato

The high risk for banks lies in digital attacks, particularly the more sophisticated ones. These attacks leave financial institutions across the globe at risk, especially medium and small banks in Latin America who are not adequately prepared to combat this threat. 

Ronald

Challenges for financial institutions include ensuring individuals across the whole country have equal access to services offered. Currently, many regions don’t have access to the internet, so developing a service that caters to all will be difficult.

Eduardo 

One of the first to adopt digital identity is the banking industry. However, they have not yet implemented solutions to ensure the real-time authentication of the person, this is a crucial step banks need to take so they can trust that the individual authenticating is who they say they are.

Part of the reason why this transition to real-time authentication hasn’t happened is that banks in Latin America are still not aware of the damage that cutting-edge attacks can cause. It is our role to raise awareness of these attacks.

Question 6: What aspect of being Latin American makes you proud?

Daniel

There is a work ethic that comes from being Latin American that is unique. The countries we come from are economically underrepresented, and there is huge financial inequality. But in the face of hardship, people from these countries work extremely hard and are proud of their work.

Omar

What makes me most proud to be a Mexican is that we have a rich culture. We have many traditions and beautiful architecture incorporated with Spanish influence. And of course… I’m most proud of our food – we have incredible food! Some of our dishes have over 15 ingredients and take days to prepare and a lot of pride goes into preparing it.

Gustavo

Throughout all of Latin America, you’ll find people’s hearts are full. People here are happy regardless of their material possessions.

Renato

Many aspects make me proud to be Latin American including our rich culture, longstanding arts and traditions, the welcoming and positive attitude of the people… and, of course, our food!

Ronald

To sum up our culture in one word it would be ‘Hope’. Inequalities can be seen throughout Latin America and are more prevalent compared with other countries, but, despite this, we have a strong sense of happiness and belonging.

Eduardo

One aspect that makes me proud of being Latino is that I belong to a culture where there is much love for people, especially family. We are hard-working and honest people who always look for a reason not only to be better and happier but to share this with others. 

Bonus Question for Daniel Molina – the team lead: How have you built an enthusiastic, highly motivated, and entertaining team?

My main job is to look after the culture of the team. When we come over to the UK, we’ll bring some candy or food from the region as a way of extending our Latin love. I try to imbue that into our team, we are coming into a different culture but we can bring a part of our culture with us.

As a team lead, I ensure I’m developing the right environment for them to grow and flourish, and challenging the people to be their best. Numbers are nice, but having the right balance is important. Learning, growing, and achieving results is really what matters.

Learn More About Deepfake Trends in Latin America Here.

Meet more of the iProov team below.

 

Back to Resources

Generative AI in the Public Sector – And the Role of Facial Biometrics

Generative AI in the Public Sector – And the Role of Facial Biometrics

September 22 2023

Across the globe, governments, policymakers, and regulators are turning their attention to the subject of generative artificial intelligence (AI). This technology greatly reduces the technological barrier to creating highly realistic fake images, videos, and audio.

As generative AI develops, it will make it increasingly challenging to distinguish between real and manipulated content – leading to misinformation, propaganda, and deception on a grand scale. This threatens to erode trust and blur the lines between reality and fiction, ultimately challenging the function of an effective civil society.

In this article we discuss the topic of generative AI, alongside the tools, methods, and technologies available to combat the growing threat.

Why Does Generative AI Pose a Growing Threat?

AI is not intrinsically harmful – there are many beneficial and positive applications. However, a number of factors are leading to increased concern over its vast capabilities for nefarious purposes:

  • The volume of AI technology-driven cybersecurity attacks is increasing at an alarming rate: For example, iProov revealed that face swap attacks are increasing in frequency: our Biometric Threat Intelligence Report report highlights face swaps were up 295% from H1 to H2 in 2022.
  • AI-driven cybercrime has become far more accessible and scalable: Low-skilled criminals are gaining access to the resources necessary to launch sophisticated attacks at a low cost, or even for free, online. This makes it easier for bad actors to gain footholds in organizations’ information and cybersecurity systems. Similarly, the accessibility of this technology can make it easier for fraudsters to convince individuals they’re interacting with an authentic person, further enabling cybercrime, and fraud..
  • The sophistication of generative AI is developing quickly, and people can no longer spot deepfakes: Synthetic media has reached the stage where it is impossible to distinguish between what’s fake and what’s real with the human eye – so manual inspection is not a viable solution. Similarly, approaches that place the burden of responsibility on people to spot synthetic media will only have a limited impact.
  • Growth of Crime-as-a-Service: Generative AI is empowering bad actors, and the availability of online tools is accelerating the evolution of the threat landscape. This is enabling criminals to launch advanced attacks faster and at a larger scale. If attacks succeed, they rapidly escalate in volume and frequency as they are shared amongst established crime-as-a-service networks or on the darkweb, amplifying the risk of serious damage.
  • Public perception and disinformation: Generative AI not only threatens individual organizations or governments, but also the information ecosystem and economy itself. This is already having real-world effects: for example, recently an AI-generated image of an explosion at the Pentagon caused a brief dip in the stock market.

The impacts of generative AI on society are endless: public sector benefit fraud, new account fraud, synthetic identity, fraud, voting fraud, disinformation, deceptive social media bots, robocalls, and more.

The dangers of combining different types of AI – such as imagery, voice, and text – pose a synergistic threat of rapidly evolving technologies that can be used in conjunction for massive impact. You can learn about the critical and urgent risks of voice spoofs in particular here.

The Worrisome Trend of Generative AI Has Caught the Attention of Governments and Policymakers Worldwide

Let’s consider a few examples:

Ultimately, there is now an arms race between the destructive uses of generative AI and the tools that we have to defend against them. The potential outcome is an identity crisis in the digital age, where the public cannot trust the media or public officials.

iProov Response to Safeguarding Against Generative AI Threats

It will become increasingly more difficult for governments, businesses, journalists, and the general public alike to combat or spot fraud, disinformation, and cybercrime. This is particularly pertinent as we approach many major political elections across the globe.

So, what can governments and policymakers actually do? What regulations and technologies are available? In summary:

  • Facial biometric identity verification, with liveness and active threat monitoring, is critical: In an age where traditional technologies and the human eye can no longer verify the genuineness of a person remotely, biometric identity verification is needed to assure that a person is the true owner of their identity, content, and position. The most effective solutions incorporate mission-critical liveness technology with a one-time biometric and active threat management, which can determine whether the image presented is a real person and that the person is actually present at the time the information is being captured.
  • Remote onboarding and authentication should be further secured: Biometric face verification has emerged as the most secure and convenient way to verify identity online, as traditional methods such as passwords and one-time codes have failed. However, when confronting generative AI, it is critical that liveness capabilities be thoroughly evaluated. Good is not good enough; security must be paramount for organizations.
  • Regulation has to set guardrails for the moral majority: It’s critical to establish legal frameworks to address the ethical and social implications of generative AI and synthetic media. This enables law enforcement to target the bad guys with clear directives, while providing commercial drivers to address platform incentives. iProov has been submitting its PCAST response on this topic to various governments and policymakers across the globe.

Governmental and Policymaker Approach to AI: A Summary

Ultimately, generative AI poses significant risk to society. Clear policy and regulation is needed urgently in order to set the guardrails, align the moral majority, and guide organizations’ response.

Biometric and identity verification technology offers a critical lifeline for governments and other organizations that need to assure people who they say they are in the age of synthetic and falsified imagery and information.

But not just any verification technology will do. As generative AI advances, defenses will need to keep pace: mission-critical solutions that continuously evolve are essential.

iProov is soon set to release its “Identity Crisis in the Digital Age: Using Science-Based Biometrics to Combat Generative AI” report. Inside, we examine the criminal side of generative AI, discuss the “trust deficit” that threatens to undermine nations’ abilities to reach sustainable development goals, and advise on the technology and processes required to combat this threat. Keep an eye out on our socials for its imminent release.

Alternatively, book a demo of iProov’s solution here today.

Back to Resources

Voice biometric disadvantages

The Disadvantages & Vulnerabilities of Voice Biometrics | What’s the Alternative?

September 14 2023

In our last article, “Voice Biometrics For Private Banking and Wealth Management: A False Sense Of Security?”, we explored why voice biometrics is being questioned by consumers, governments, and policymakers around the world. The article established that against the growing threat of generative AI, voice is positioned as the easiest biometric modality to clone.

Now, we’re going to dive deeper into the exact disadvantages of voice biometrics. We’ll then explore face biometrics as an alternative authentication method – one that offers enhanced security against the evolving threat landscape while delivering a seamless user experience.

The Disadvantages of Voice Biometrics

Financial institutions have sought to meet demand for end-to-end, convenient digital experiences in their wealth management and private banking organizations. This has involved a pivot towards remote onboarding, investing, and customer service.

Voice biometric technology has proven to be unreliable with increasingly advanced, effective, and accessible synthetic audio – voice cloning attacks are rampant. Voice biometrics has also come under fire for failing to meet performance and accessibility expectations.

Let’s break down the key issues with voice authentication:

  1. Low level of assurance; unsuitable for user onboarding: One of the challenges with voice biometrics is establishing that the original sample voice is authentic and that it belongs to the intended identity – there is no trusted source or identity document to remotely verify against. Even if a genuine sample is obtained, the enrollment samples may not be diverse enough or may not adequately represent the variability of an individual’s voice, which could lead to difficulties in accurate identification. Ultimately, biometric voice technology provides no assurance that an individual is who they claim to be – only that a voice matches the original template. By this logic, voice biometrics cannot secure the highest risk point in the user journey: onboarding. As such, it provides limited defense against the most pervasive and damaging identity fraud types: deepfakes and synthetic identity fraud. This fundamental flaw is critical to financial services organization’s security; the inability to to bind a digital identity to a real-world person means that financial institutions must rely on other methods to establish high levels of assurance.
  2. Security concerns: Voice biometrics is particularly susceptible to deepfakes and synthetic media attacks, potentially leading to unauthorized access or identity theft. Threat actors have even developed voice cloning services, with tools available for purchase on Telegram. This signals the arrival of voice–cloning-as-a-service (VCaaS).
  3. Usability issues: Voice biometrics can be adversely affected by certain medical conditions or disabilities that impact speech patterns, making it difficult or impossible for some individuals to use the technology effectively. Individuals may not always speak clearly or consistently, which can impact the system’s performance. The voice changes over time, which is problematic . Additionally, someone could be mute, or have a flu/illness – a leading voice biometric vendor conceded that “if a person has laryngitis, then the voice biometric system will have trouble matching the voiceprint”.
  4. Privacy concerns: While using voice authentication, you can be overheard – making it less suitable for public usage. This also raises accessibility concerns, as people may not be comfortable speaking aloud.
  5. Relatively low accuracy and reliability: Voice biometric technology is sensitive to environmental factors, such as loud background noise, the quality of the microphone or its condition, audio degradation, and the speaker’s emotional state or physical condition. These factors can affect the accuracy and reliability of the biometric voice system, leading to poor false acceptances or rejections rates.

The Alternative to Voice: Biometric Face Verification Technology

How can facial biometric technology circumvent the various disadvantages of voice biometrics?

Firstly, the face can be verified against government identity documents. The voice cannot. This means you can establish a source of truth to match a remote identity against, and ensure the identifiers associated with that person are endorsed by a legal authority.

Secondly, face biometrics is fully accessible even for visually impaired users. By definition, voice biometrics require users to speak — meaning not all users can use the product.

Additionally, face biometrics is a mature technology and has performance benchmarks by government organizations and standards bodies. There lacks independent, objective ranking for voice biometric performance.

Not All Biometric Face Verification Is Created Equal

There are a number of key differentiators that iProov employs to stay ahead of other security methods and other vendors. This includes, though is not limited to:

  • Dynamic, evolving security and understanding of threats: Defense against generative AI cannot be static, because the development of AI is inherently dynamic – continually evolving and developing, often testing itself against the very tools used to detect them. Biometric security must learn from threats on an ongoing basis and be actively managed 24/7.
  • Cloud-based delivery: Verification technology that is delivered via cloud allows for real-time threat monitoring. It also enables defenses to be updated quickly and efficiently (server-side) where needed, rather than waiting for manual patches.
  • One-time biometric technology: A one-time biometric – patented by iProov – ensures that a remote user is not just ‘live’ at the point of onboarding but also verifying in real-time, using science-based technology, with random challenge response to distinguish between synthetic media and a live, real-time person.

These differentiators are essential to defend against generative AI and the growing threat landscape. The right biometric face verification solution can form the foundational technology for a customer’s entire identity lifecycle, whereas voice biometrics can only play a limited, unreliable role.

Voice Biometric vs. Face Biometric Technology: A Summary

Given the above outlined concerns, the risks posed by voice cloning in the realm of financial services demands immediate attention and action. Face biometrics stands as the best alternative.

Because there is such little data inherent in a voice recording, it has ultimately become impossible to distinguish between the real and the forgery. Due to the proven ease of circumventing voice authentication with synthetic audio within financial services use cases, and the lack of assurance the technology delivers, voice biometrics should only be used in very low-risk scenarios.

In pivoting from voice biometric authentication to facial biometrics for onboarding and authentication, or using both technologies, financial services institutions can achieve higher assurance that remote customers are who they claim to be. This can reduce fraud and financial crime, mitigate the risk of regulatory noncompliance, and improve customer satisfaction.

Our next blog will examine how organizations can transition away from voice biometrics, and further details the specific differentiators that separate iProov face verification technology from other vendors.

If you’re interested in learning more about iProov’s biometric face verification technology – or how to transition from voice to face biometrics – you can contact us or book a demo directly here.

Back to Resources

Entrust 1

Biometric IDV for eKYC: The Key to Creating Safer, Simpler and More Accessible Banking Experiences

September 7 2023

Remote onboarding and digital banking has grown dramatically in recent years, and the sector is only set to develop further – market size is projected to surge from USD 8.4 billion in 2021 to USD 19.2 billion by 2028, forecasting a healthy compound annual growth rate of 14.80%. 

With this rise in remote onboarding, financial institutions are seeking innovative ways to improve their new customer acquisition strategies while ensuring they are compliant with relevant regulations. 

It has therefore become increasingly important for banks and credit unions to ensure that their customers’ identities are genuine, and that customers can lawfully use (and are lawfully using) the services offered by the financial institution. The use of biometric identity verification and eKYC (electronic Know Your Customer) checks have become essential, as they enhance security while simplifying the end user’s journey.

To meet this evolving requirement, Entrust and iProov – two industry leaders in digital identity verification and authentication – have partnered to deliver biometric identity verification and eKYC checks in one powerful, end-to-end solution. This solution revolutionizes how banks and credit unions onboard new users, ensuring a fast, secure, and user-friendly experience for customers and financial organizations alike. 

What is Biometric Identity Verification and How Does It Work?

Biometric identity verification is a process of identifying individuals based on their unique biological characteristics, such as fingerprints, face verification, voice recognition, or iris scanning. It is a highly reliable and secure way to verify a person’s identity, and it minimizes or eliminates the need for passwords or conventional authentication methods, which are more easily hacked or stolen.

iProov’s patented biometric solutions suite assures that an online customer is the right person (and not an impostor), the real person (not a spoof), and is authenticating right now (using a one-time biometric). iProov’s science-based biometrics use computer vision technology to detect the genuine presence of a living user. A one-time biometric code tells the device to illuminate the individual’s face with an unpredictable sequence of colors to establish real-time authenticity. The challenge-response mechanism is randomized, making the authentication process unpredictable, impervious to replay attacks and highly challenging to reverse-engineer.

This helps organizations to verify that someone is who they claim to be, rather than a representation such as a photograph or a mask or a generative-AI based spoof like a synthetic identity. The solution also analyzes multidimensional information derived from facial behavior as well as other contextual data for comprehensive identity assurance and identity fraud risk mitigation.

iProov has been successfully deployed by top governments and financial institutions around the world to verify the identity of their users. The technology ensures that the person presenting themselves for identity verification is genuine, physically present, and not a photo, video, screen replay, or digitally injected attack.

What are eKYC Checks and How Do They Work? 

eKYC checks are a digital alternative to the traditional KYC process, which is required by regulatory bodies to prevent money laundering, terrorist financing, and other illegal activities. eKYC allows customers to open accounts remotely without the need for physical paperwork or in-person interactions. It’s the most effective way to speed up the onboarding process and improve customer and member satisfaction right out of the gate.

Entrust’s identity solutions portfolio combined with iProov offers identity verification and eKYC services to financial institutions for account opening. It integrates iProov’s biometric solutions suite to provide a seamless and secure onboarding experience. Customers can use their smartphones to capture their biometric data, take a selfie, scan a government-issued ID, and submit the information for verification. The technology can process thousands of identity verifications in minutes, reducing the time and costs associated with manual identity checks.

What Are the Benefits of Combining Biometric Identity Verification With eKYC?

By incorporating biometric verification into eKYC processes, banks and credit unions can reduce the risk of onboarding illegitimate users with stolen or synthetic identities. 

Additionally, eKYC checks enhanced with biometric technology have proven to be more efficient – McKinsey says that the potential cost reduction in onboarding costs by using digital enabled processes is 90%, and If a digital onboarding process takes longer than 20 minutes, 70% of customers completely abandon account opening their attempt to open an account.

Ultimately the benefits of using biometric identity verification and eKYC checks include, but are not limited to:

  • Faster, more convenient, and more secure onboarding experience for customers and members.
  • Support for compliance and regulatory requirements. 
  • Reduced risk of both synthetic and stolen identity fraud, as well as data breaches, which can be costly for financial institutions and damaging to their reputation.

The Next Step In Customer Experience: Digital Payment Card Issuance

A critical objective of this joint solution is creating an effortless experience for users, from beginning to end.

Following this, it’s important to prioritize delivering value to customers and members as soon as their account is created. One of the most meaningful milestones is debit card issuance, which provides customers with purchasing power and access to their newly deposited funds. Streamlining the issuance of digital payment cards as a part of the account opening process creates a seamless and valuable experience. By linking the onboarding process with the instant issuance of digital payment cards, banks and credit unions can provide a seamless and convenient experience for their customers and members.

This innovation in digital payment card issuance is part of the joint solution and is particularly valuable, because it eliminates the need for physical cards and the delays associated with postal delivery. Customers can start using their new accounts immediately, contributing to a more satisfying onboarding experience. 

This enhanced digital payments experience not only drives accelerated time to value, with a rich set of spend enablement tools, it also provides a more secure payments experience with real-time card controls and alerts. The integrated experience –  all housed in a single application – drives a safer, simpler, more valuable end user experience while removing much of the complexity from the implementation and ongoing maintenance of the technology.

iProov and Entrust Solution: Summary

The partnership between Entrust and iProov is a game-changer for the banking industry. It offers a cutting-edge solution that combines biometric identity verification and eKYC checks to provide a secure and user-friendly onboarding experience for both customers and financial institutions. As digital banking continues to grow, this technology will become increasingly important for financial institutions to stay ahead of the curve and provide their end users with the best possible service

Visit Entrust and Request a Demo

Request a Demo from iProov

Back to Resources

image 11

Voice Biometrics For Private Banking and Wealth Management: A False Sense Of Security?

August 15 2023

Biometric technologies have become ubiquitous in today’s digital-first world, revolutionizing the way we authenticate and verify identity remotely. There are a variety of biometric modalities that organizations are using to confirm the identity of their users.

One popular option has been voice biometrics, which has gained significant traction in the private banking and wealth management sectors. This technology has been adopted to make customer authentication faster and safer – the working principle behind voice biometrics is that people have their voice with them all the time, and that each voice should “belong” to only one individual. 

However, voice biometric technology has been making the headlines recently – gaining a reputation for being among the “easiest of biometrics to clone”. Synthetic “voice cloning” technology in particular has become a preeminent risk, as the tools used to realistically dupe voices grow more accessible by the day. A high-quality synthetic voice sample can easily fool the human ear, with MIT and Google reporting that a minute of voice data is all that’s needed to create convincing, human-quality audio.

Cloning is not the only weakness however, as there are additional concerns with the identity assurance, performance, and accessibility that voice biometrics can provide. 

This blog is the first part of a series on voice biometrics. The series will detail the performance, effectiveness, and the development of AI-generated synthetic voice technology, as well as the potential for stronger security using biometric face verification. In this article, we’ll examine whether voice biometrics should still play a role in financial transactions.

What is Voice Biometrics?

Voice biometric technology measures the physical and behavioral markers in an individual’s speech in order to confirm their identity. The technology works by comparing features in a given audio sample (or live audio feed) against a template “voiceprint” obtained from previous recording(s).

With the dramatic rise of digital banking, voice biometrics has become a popular form of authentication for financial institutions. Customer service calls have traditionally played an important role in the banking experience, and voice biometrics allow customer authentication within the same communication channel. However, the method is prone to background noise, can be overheard, and can be spoofed by a recording or deepfake.

Generative AI has accelerated the development of voice cloning technology, which can generate a voice that sounds identical to an authentic voice. While the concept of synthesized voice threatens many spheres of life, in this piece we are focussing specifically on the efficacy of voice biometrics for organizational security (i.e. authenticating or verifying identity remotely).

What is the Difference Between Voice Biometrics and Other Modalities, Such As Face Biometrics?

Each biometric modality uses a different unique trait – such as face, iris, or fingerprint – to identify an individual, and decisions around procuring biometric technology are often use-case driven. 

Voice biometrics is not generally used for onboarding new customers, but to authenticate customer service access by returning customers when individuals need help over the phone. Their speech patterns are passively analyzed while they speak. Alternatively, voice biometrics may be deployed within a banking app — the app requests the user to tap a button and say a passphrase in order to gain initial or step-up access to further services.

Face biometric technology, conversely, can be used for both onboarding and ongoing user authentication. One essential differentiator for biometric face verification is that the face can be matched against a government-issued trusted ID document, whereas a voice cannot. Voice biometrics cannot secure the highest risk point in the user journey: onboarding. As such, it provides no defense against the most pervasive and damaging identity fraud types, such as synthetic identity fraud. This limits the use of the technology as it cannot provide the necessary identity assurance. 

Even for its intended use-case, the security of voice biometrics has been repeatedly undermined. One paper examining a practical attack on voice authentication systems from the University of Waterloo, Canada, developed a methodology that could bypass security-critical voice authentication in its strictest form with success rates of up to 99%

This study also discovered that voice authentication systems tend to “mistakenly learn to distinguish between spoofed and bonafide audio based on cues that are easily identifiable” – and thus easily spoofed. And while the threats have rapidly grown and evolved, the technology has stayed much the same.

Given that voice authentication is often employed in high-risk, high-value industries – including private banking and wealth management – the use and security resilience of voice biometrics should be examined. Other mature technologies that can prove adherence to biometric performance benchmarks and demonstrate evaluation by government standards should be favored. 

Voice Biometric Case Studies & Contexts

To understand why the effectiveness of voice biometrics is gaining critical attention, let’s take a look at some of the headlines from this year:

Ultimately, this raises questions: does your organization have resilient identity assurance protocols in place? Can your security processes stand up against the evolving threat landscape and the reality of increasingly sophisticated cybercrime technologies?

To help, iProov will be releasing findings, research, comparisons and use case examples of voice biometric technology over the coming months. We’ll examine how it’s been deployed, and offer recommendations based on risk appetite and level of assurance. 

For more information on the different biometric face verification technologies on the market, alongside their key differentiators, read our Demystifying Biometric Face Verification ebook here.

If you’re interested in learning more about iProov’s biometric face verification technology – or how to transition from voice to face biometrics – you can contact us or book a demo directly here. 

Back to Resources

Image of two travellers using the Eurostar Smartcheck Biometric Check-in System For Contactless Travel

Eurostar Smartcheck Biometric Check-in System For Contactless Travel: What Is It, and How Does It Work?

August 9 2023

Each year, Eurostar faces the challenge of processing 11 million people through a space no larger than 3 tennis courts – a task further complicated by manual ticket checks and UK exit check delays.

iProov and Eurostar have been working tirelessly on a solution that reduces processing time and creates a seamless user experience for travelers – which has now officially been launched under the name SmartCheck.

As Andrew Bud (iProov’s Founder and CEO) articulates: “this is the first time remote enrollment and facial verification have been used in the railway industry anywhere in the world”.

SmartCheck enables contactless travel at London St Pancras International Station by utilizing cutting-edge biometric facial and remote identity verification technology. Eligible travelers can now use a dedicated lane that replaces the traditional manual check-in and border exit check, by making your face your ticket.

SmartCheck is the future of border crossing, enabling travelers to complete the ticket and UK exit checks carried out by Eurostar staff in the station in less than 2 seconds.

In this article, we summarize what to expect with the Eurostar SmartCheck process, explain how the technology works, and bring to life the many advantages of this innovative solution.

How Does Eurostar SmartCheck Work?

In short, Smartcheck enables you to travel without needing a physical ticket– you breeze through the gate using your face!

How does this work? Eligible customers departing from London St Pancras can pre-onboard themselves using their mobile device from any convenient location.

You upload a picture of your passport, complete a brief facial scan to verify that you are the genuine holder of that document, and you’re good to go.

This process links your passport, your face, and your ticket together securely and effortlessly. Doing so ensures that on the day of travel, you can simply show up at Eurostar St. Pancras International station and walk through the designated SmartCheck biometric corridor rather than present tickets.

iProov’s national-grade security technology works behind the scenes to defend against spoofs and other threats, such as presentation attacks and digital injection attacks – ensuring that only the intended user can pass through the dedicated lane.

Essentially, the solution works in two parts: remote enrollment on the user’s device before travel, and then physical access on-site. The result is a contactless, fast, and secure journey that enhances the overall passenger experience.

Ultimately, this means passengers avoid manual checks of tickets and passports by Eurostar staff and enter via a facial verification system. All that’s left to do is go via baggage check and pass through the French Border Control before enjoying your Eurostar journey.

This process ensures exit checks and ticket checks are done in one easy step rather than queuing at each point – it does not eliminate them. With SmartCheck, technology is doing the work, ensuring maximum convenience for the end-user. Additionally, SmartCheck is completely optional. It’s there for those that choose to opt in.

How Do I Use Eurostar SmartCheck?

Let’s breakdown the Eurostar Smartcheck workflow into a few simple steps:

  1. Install the SmartCheck app iProov.me onto your mobile device from the Apple App Store or Google Play Store.
  2. Enter your details and scan your identity documentation, as guided by the app.
  3. Link your e-tickets in the app using a brief biometric facial verification scan.
  4. Up to 24 hours before departure, confirm you’re traveling in the app.
  5. On the day of travel, simply walk through the dedicated SmartCheck lane at London St Pancras.

Note: The identity verification process can be completed in a matter of minutes at the station. However, we’d recommend downloading the app and completing the identity verification process at least one day before your scheduled departure – at a time when you have a good internet connection. This ensures you are completely prepared for your journey prior to travel.

What Are the Advantages of Using Eurostar Smartcheck?

  • Save time and avoid queues: Reduce time and avoid frustration at St Pancras Station caused by congestion and bottlenecks, which can lead to slow and delayed entry.
  • Improved user and staff experience: Contactless entry is far simpler, enabling fast, secure, hassle-free access to the end-user and less processing for staff/attendants – enabling them to focus their time on providing high-value services to individuals. It’s more enjoyable for travelers, who face less stress by sorting their ticket and the UK-side passport checks prior to arrival. Additionally, the saved labor hours can be put towards other opportunities, such as increased customer personalization.
  • Reduce manual checks: Manual checks can increase the likelihood of complications – such as processing time, mistakes, or even forgotten/lost tickets.
  • Threat protection through privacy-preserving technology: SmartCheck demonstrates how consent-based biometrics can dramatically reduce manual checking, congestion, and provide the highest level of identity assurance with advanced threat protection in a privacy-preserving way. This means only the necessary data is processed and used to verify an individual’s identity and then allowing correct access at the station.
  • Reusable digital travel credential: Once you’ve enrolled with Eurostar SmarthCheck on the iProov.me app, each subsequent time you travel with Eurostar from St. Pancras International, you’ll only need to add your ticket for travel – which will be linked to your digital travel credential held within the iProov.me app. This supports ongoing convenience for returning travelers and staff alike.

Who Can Use Smartcheck? Where Can They Travel To?

Travelers can remotely verify without regard to cognitive ability, nationality, or ethnicity. There’s no need for special hardware; travelers can verify themselves on any device with a user-facing camera. However, in accordance with GDPR regulations, SmartCheck cannot be used by children under 16.

SmartCheck is currently available from London St Pancras to all routes covered by Eurostar: Paris, Brussels, and Amsterdam.

SmartCheck Data Privacy

The iProov.me app uses the latest encryption techniques and pseudonymizes data, capturing only the necessary information to verify your identity.

Your verified information is securely stored in your smartphone, and it’s only shared with ticket gates and passport control systems when you travel. It will then be stored for 48 hours maximum and deleted after travel. All personal data is processed in compliance with GDPR, with full passenger consent.

Eurostar Smartcheck is entirely optional – travelers do not need to use the expedited process if they do not wish to.

From the technical side, SmartCheck incorporates iProov’s Biometric Solution Suite using Biometric checkpoints and facial verification, alongside Inverid’s ReadID NFC technology, and Entrust’s Identity Verification as a Service (IDVaaS) technology for identity orchestration and digital travel credential (DTC) management.

Read The Eurostar SmartCheck FAQ

Please refer to this page for any further questions you may have about Eurostar Smartcheck.

Eurostar SmartCheck provides a glimpse into the future of contactless border technology. If you have further queries about physical access solutions enabled by biometric facial verification technology, you can contact us here or directly book an iProov demo today.

Back to Resources

Threat Intelligence and Identity Verification Observations with Matt Welch Interview

2023 Threat Intelligence and Identity Verification Observations | An Interview Matt Welch

May 19 2023

As organizations digitally transform to expand access to online services, the challenge moves from enabling access to protecting people from cybercriminals. Threat actors are continually developing, using enterprise level tools and techniques in evermore sophisticated ways to circumvent the security systems protecting them.

Unfortunately, many organizations make a crucial cybersecurity mistake: they pour resources into commoditized security methods, constantly reacting to breaches and compromised credentials rather than future-proofing through preventative measures.

Today we’re speaking with Matt Welch, iProov’s Head of Threat Intelligence. Matt has an extensive history of leading and consulting global Threat Intelligence departments, following 16 years of service in the Canadian Armed Forces. Now, at iProov, Matt studies the evolving biometric threat landscape and the threat actors behind them, while developing frameworks to combat threat types.

We sat down with Matt to better understand the macro state of cybersecurity in the first quarter of 2023.

Understanding Threat Evolutions in Q1 2023

Q: Matt, what trends and evolutions have you seen in cybersecurity so far this year?

A: There has been a change in tactics observed from one prolific threat actor, the group that has been dubbed Scattered Spider by Crowdstrike. Interestingly, they’re changing their focus to phishing – particularly phishing emails and phishing domains. Phishing is a common and long-established form of threat – which aims to induce individuals to reveal their personal information – but it’s still remarkably effective against organizations that are reliant on credentials for information security. You can read more about this trend in crowdstrike’s latest report here.

The key point here is that threat actors realize credentials are still the low-hanging fruit. And often, they don’t even need phishing; threat actors can easily gain compromised credentials, as many are already scattered across the darknet. They can then use credential stuffing attacks to see what other accounts they can gain access to with this information.

The conclusion here is that because many organizations use multi-factor authentication protocols now, the other authentication types – “something you own” and “something you know” – will naturally come under fire after credentials are stolen. If an organization employs multi-factor authentication (MFA) and threat actors are harvesting credentials through phishing, logically, the other authentication factors will be attacked next.

That is, in part, why biometric technology has become essential: although you can collect and share compromised credentials easily, you cannot capture and use the genuine presence of someone’s live face. So the good news is that “something you are” can be incredibly hard to break, unlike “something you know” or “own”.

The Problem With Credential-Based Authentication Methods and Misplaced Emphasis “Something You Own”

Q: So, Matt, credentials are under threat from a renewed focus on phishing. What can be said about the other authentication factors?

A: Yes, threat actors are currently focusing on credentials. But as more and more organizations implement multi-factor authentication, they’ll turn their gaze toward the other factors used to secure MFA.

But a larger point here is that MFA protocols secured with “something you own” factors, such one-time passcodes (OTPs), are not a long-term solution. Cybercriminals have defeated these traditional verification technologies, which has led to the commoditization of what were once deemed secure options (you can read more about the risks of OTPs here, for example).

OTPs are a step up from passwords and often offer a higher level of security than credential-based authentication. However, possession-based factors are increasingly susceptible, and can still be stolen or intercepted. It’s no silver bullet.

More widely, I would say that overreliance on both credential and possession-based authentication has led to a vicious cycle in which organizations are stuck in a state of reaction and detection to threats rather than prevention, creating an “industry” of administrative burden in information security.

The Control Type Dichotomy: Prevention vs. Detection

Q: Matt, what can be done to combat threats to authentication systems?

A: Generally, organizations are too focused on what hurts them right now – they’re constantly putting out fires burning due to weak passwords and possession-based authentication, so information security professionals are too busy (or don’t have all the information they need) to realize there’s a much better way.

Biometric technology offers a better approach to security. There is a unique efficiency in adopting a mature and reliable product that assures the genuine identity of a remote user.

Cybersecurity can be broken down into preventive and detective controls. Cybersecurity has traditionally focussed on detective controls, which are incredibly expensive.

Think of it like this: it’s the difference between paying someone to walk around your building to see if anyone has broken in, versus simply locking the door. In this analogy, biometrics is the lock – stopping the vast majority of your problems at the earliest stage. In that sense, iProov technology is the ultimate preventative measure.

Additionally, the cost of a mature cybersecurity capability system in a given organization is astronomical; elements such as a Security Operations Centre (SOC), staffing, incident response, outsourcing, APIs, integrations, and threat intelligence platforms all add up. But the cost of a resilient biometric liveness solution is much lower.

iProov offers the iProov Security Operations Centre (iSOC) as part of its biometric solution. Through iSOC, iProov monitors traffic in real-time to detect attack patterns across multiple geographies, devices, and platforms. iSOC provides the depth of visibility and the breadth of control as though you were developing your own in-house technology, with the advantage of no additional overheads. All solutions are supported, enhanced, and upgraded without additional time, cost, or resources.

Additionally, these threat actors are aware that employees leave work for the weekend at a given time on a Friday, so they coordinate their attacks around then. That’s why automated processes are critical.

Ultimately an MFA process that incorporates the right biometric technology to ensure genuine presence takes away colossal amounts of that pain and stress by focusing on prevention.

Concluding Thoughts on Threat Intelligence Trends

Q: Thanks Matt! Any closing thoughts?

A: People must understand that it’s incredibly hard to identify generative AI attacks such as deepfakes or, more recently, face swaps – particularly to the naked eye. The fraudulent output can look entirely realistic and very different from the actual input. We can’t just rely on people to spot AI attacks.

Note: In an iProov survey, 57% of global respondents stated that they could tell the difference between a real video and a deepfake, which is up from 37% in 2019. However, IDIAP revealed that in reality only 24% of participants in their study could detect a deepfake. A high-end deepfake can be genuinely indistinguishable from reality to the human eye.

If we look at different biometric solutions, they can provide vastly different levels of assurance that a given authentication is a live human and not a spoof. So, education is needed on the different types of liveness and technologies available – the differences between single frame, multi-frame, passive, active, and so on – and why there’s such a need for a mission-critical solution.

The question of “how can we be sure of someone’s identity online?” is an extremely important and serious topic, and it’s not going away. Weak authentication and verification means weaker borders at the point of travel, compromised online accounts, weaker information security, and more. It worries me that to some people, biometrics is still seen as science fiction – because it’s real, it’s necessary, and it’s needed now more than ever.

Reminder: our latest report, “iProov Biometric Threat Intelligence”, is the first of its kind. Inside, we illuminate the key attack patterns witnessed throughout 2022. It highlights previously unknown in-production patterns of biometric attacks, so organizations can make informed decisions on which technology and what level of security to deploy. Read the full report here.

Back to Resources

mb iproov hero

Keeping Up With the Fraudsters: How to Combat Generative AI and Document-Based Biometric Attacks

May 18 2023

Digital transformation has significantly expanded how individuals interact with banks and financial service firms. Technology has made onboarding from a consumer’s couch at home just as viable as their local in-person branch.

On one hand, the development of remote verification and authentication technologies has opened the door for online banking and other digital experiences that are simpler and more convenient for individuals. On the other hand, it also increased fraud liability. 

Additionally, sophisticated technology with the power to create synthetic online identities has spawned new challenges. Deepfakes, synthetic identity documents (IDs), and digital injection attacks have given bad actors the tools to wreak havoc at scale. 

To keep up with fraudsters, financial service providers must strengthen their onboarding and authentication workflows with effective, accurate verification technology. 

New Unregulated Technologies Introduce Synthetic Identity Compromises

While traditional identity theft is on the rise, accounting for $52 billion in losses and affecting 42 million adults in the US alone in 2021, banks also face a new and more complicated threat: synthetic identity fraud (SIF).

Whereas traditional identity fraud typically relies on using stolen information, synthetic identity fraud involves the creation of a “person” – an entirely new identity – who doesn’t exist by mixing stolen, fictitious, or manipulated personally identifiable information (PII). 

How synthetic identities are created: 

  • Fraudsters create a detailed fake identity document. This information could be a mix and match of real, stolen, and fake information – for example, a stolen Social Security Number combined with an entirely falsified name or slightly modified address.
  • They then create synthetic imagery that matches the photo on the illegitimate identity document. They’ll use this combination to try to bypass an organization’s ID verification process. 

Fraudsters usually build up some form of credit or banking history as part of the process. This could involve maxing out their credit lines, for example, making it nearly impossible for banks or financial institutions to tell whether these individuals are simply facing financial challenges (e.g. job loss) or if they’re a bad actor committing illegal activities – until it’s too late.

This emerging variation of fraud specifically works to circumvent identity documents and biometric verification technology – the current standard for digital identity verification – and is nearly impossible to catch via data checks (e.g. verifying an identity with a credit bureau) alone. Combatting this type of fraud requires a “one-two punch” – an approach of identity document verification and biometric technologies working together to prevent these sophisticated threat types. 

What Is Synthetic Imagery? Why Are Synthetic Threats, Like Generative AI and Deepfakes, A Growing Concern?

As mentioned, one common method of making synthetic identities look real is to use synthetic imagery. Criminals can use technology to create realistic photos or videos that have been digitally manipulated to replace one person’s likeness with another, or to even “create” people that don’t exist. Generative AI and deep fakes are a hugely powerful tool in boosting the success of synthetic identity fraud. 

A deepfake is a video recording that has been distorted, manipulated, or synthetically created using deep learning techniques to present an AI-generated representation of someone – like a digital mask. Some of the most sophisticated variations of deepfakes are nearly indistinguishable from a real face, including natural eye and mouth movement. The use of deepfake technology in synthetic identity fraud spans from presentation attacks to digital injection attacks – both of which attempt to circumvent facial verification. 

Banks across the globe have rapidly adopted facial verification as it emerged as the most secure method of securing an online identity – over commoditised, weaker, inconvenient methods such as passwords and OTPs. Face verification has become intertwined with the digital banking experience, and according to an iProov survey, 64% of global consumers who use mobile banking either use face verification to access their accounts already or would do so if they could. 

That’s why it’s essential that any digital onboarding solution can robustly bind digital identities with real-world individuals. The Microblink-iProov solution confirms that a genuine human is verifying against their trusted identity document in real-time and that the document has not been tampered with. This thwarts synthetic identities during onboarding, before they enter the system.

Presentation Attacks vs. Digital Injection Attacks

There are a variety of presentation attacks that criminals can deploy to try and gain unlawful access to a user’s account or privileges. Alongside physically attempting to impersonate a genuine user, presentation attacks can also involve an artifact being held up to a user-facing camera.  A bad actor could also create a deepfake and then show that video, via another screen, to the device completing facial verification. 

Digital injection attacks leverage the same level of deepfake technology but involve the fraudster either rerouting the feed of verification video to a software-based camera, injecting a deepfake into the data stream of the application, or even leveraging an emulator to mimic a user device. 

iProov’s recent threat intelligence report revealed that injection attacks were five times as frequent as persistent presentation attacks on the web throughout 2022. What’s more, liveness detection (i.e techniques to determine whether the source of a biometric sample is a live human being or a fake representation) is relatively reliable at detecting traditional presentation attacks, making digital injection attacks the focus for the most adept fraudsters.

Deepfakes become even more dangerous when they are employed in digital injected attacks, as they can be scaled and automated very quickly to cause significant damage.

How to Combat Synthetic Imagery And Digital Injection Attacks

While most biometric technology involves some level of liveness detection to verify an individual’s identity, liveness detection alone cannot detect a digital injection attack. To combat the combination of deepfakes and digital injection attacks, financial service institutions need a robust, multifaceted approach – one that leverages the creation of a one-time biometric. 

Microblink and iProov’s digital onboarding solution utilizes one-time biometric technology to ensure that anyone attempting to verify their identity is doing so in real-time and not using synthetic imagery. 

How? By illuminating the individual’s face with a unique sequence of colors that cannot be replayed or manipulated synthetically. This assures a user is authenticating right now – it’s not a presentation attack using a photo or mask, and it’s also not a digital injected attack using a replay of a previous authentication or synthetic video such as a deepfake. It also analyzes multidimensional information derived from the way the face behaves and how light is reflected off of a face, which can uncover synthetic imagery.

Synthetic IDs Add More Complexity and Risk

Before the explosion of online banking, traditional identity fraud was limited in scale with one person presenting one stolen identity at a time. The process was slow and the vigilance of internal employees was key to combating fraud and mitigating risks.

With synthetic IDs and the rise of deepfakes, fraudsters can scale the scope of their attempts, and do so at a faster pace than ever before. 

Synthetic IDs are especially dangerous as they enable the production of countless “people” that a fraudster can impersonate. In one example from iProov’s report, some 200-300 attacks were launched globally from the same location within a 24 hour period in an indiscriminate attempt to bypass an organization’s security systems.

Attacks from threat actors are becoming more scalable and automated, and the synthetic imagery used to bolster fraudulent verifications is becoming more indiscernible from reality to the human eye. That’s why organizations require the most cutting-edge biometric and identity document verification technologies to combat threats. 

Combat Synthetic IDs With Better ID Scanning

With bad actors leveraging a combination of real and fraudulent information to create synthetic identity documents, a simple scan will no longer suffice. 

That’s where an AI-driven ID capture, extraction and verification can excel. An AI-based approach can understand the full context of the identity document it’s scanning, providing data consistency and validation checks across the extracted information, and systematically looking for visual defects or anomalies to provide a greater level of assurance.

By taking a data-driven approach that combines non-forensic and forensic inspection of diverse identity documents, as well as liveness detection that creates a one-time biometric, your business can feel confident user identity documents are genuine.

Lastly, the flexibility and continuous learning of an AI-based solution ensures that it can extract and verify a vast majority of ID types and geographic varieties — ensuring you’re not sacrificing flexibility and end user experience or ease-of-use in favor of security and trust. 

Risk Reduction Requires the Right Tech Partners

The combination of synthetic identities and their accompanying IDs, along with deepfakes, are introducing more risk to digital onboarding processes for organizations of all sizes across industries.

Without a tech stack that helps protect against the sophistication of these new and improved fraud methods, the risks to financial service providers include lost revenue, customer goodwill, and regulatory penalties. 

Leveraging AI-based ID capture, extraction and verification technologies – like those offered by Microblink – alongside one-time biometric scan solutions like iProov – enables a more secure digital onboarding experience. Combining the assurance and flexibility of these proven technologies can help combat the growing danger of financial fraud.

Back to Resources

How Can Biometric Technology Safeguard Public Sector Funds?

How Can Biometric Technology Safeguard Public Sector Funds?

May 11 2023

Defrauding the government has become a big business for criminals. To give an idea of the scale: the Government Accountability Office (GAO) stated in its 2021 audit report that over $662 billion was lost due to fraud and improper payments alone. Plus, these audits generally do not even include fraud from COVID-related programs. Federal officials state that an additional $191 billion in COVID unemployment aid may have been misspent.

The losses are staggering, and Pandora’s box has been opened: criminals are now equipped with the technology, tools, and expertise to systematically plunder the public sector at scale.

In response to the growing threat, President Biden has promised a major crackdown. At the State of the Union address, he stated that criminal syndicates continue to steal “billions of dollars”, but that “the data shows that for every dollar we put into fighting fraud, the taxpayers get back at least 10 times as much”.

The Context: The Exponential Rise of Online Governmental Benefit Fraud

The pandemic caused a scramble to digitize in-person services and provide extensive financial aid to those in need. Government agencies rushed to provide remote access to benefits without having the appropriate time to ensure that these transactions would meet desired security standards.

The massive influx of public funding combined with immature security created an ideal scenario for fraudsters. The resulting levels and cost of fraud have been unprecedented. An estimated $80 billion — or ~10%— of the $800 billion handed out in the COVID Paycheck Protection Program was stolen by fraudsters. And that’s just losses from one specific plan.

Digitizing public sector services is essential, but without adequate security it makes benefits more
accessible to fraudsters too. Ultimately, public sector fraud has become a humanitarian issue wherein public funds are consistently lost to bad actors.

The Problem: Public Sector Programs are Not Built to Resist Online Fraud

How are vital public programs – such as food stamps (SNAP), unemployment insurance, and the tax system – being systematically siphoned by domestic and foreign criminals?

  • Technological asymmetry: Many government agencies have yet to adopt the most threat resistant identity verification technologies. Some states rely on methods such as video call verification (i.e in Kentucky, Nevada, New Jersey, and Pennsylvania) or other rudimentary methods to prevent fraud. This leaves agencies at a consequential disadvantage against modern-day fraudsters who are using sophisticated technologies.
  • The scale and evasive nature of fraud: As soon as an agency identifies a scheme and sets controls to mitigate it, fraudsters quickly find new ways to exploit them. Government anti-fraud programs and technology must be highly adaptable to keep pace, which means going beyond manual processes and static business rules. The scope is just too large.

Cybercriminals today have easy access to generative AI-based technology such as deepfakes, synthetic identities, and digitally injected attacks that are sabotaging traditional online security methods. Read more about the evolving threat landscape in our latest report here.

The Impact of Public Sector Fraud

  • Americans are left without support: Those who need aid the most find that their lifeline has been severed. More than 42 million Americans rely on Electronic Benefit Transfer (EBT) cards for everyday necessities and nutrition. But in many cases of EBT fraud, individuals find that their account has been emptied – criminals drain cards over short periods of time, generally through account takeover fraud.
  • Taxpayer money is wasted or spent inefficiently: Money is going to fraudsters rather than those who need it most, making a mockery of the entire benefits system. A hit to the governmental budget from fraud is a hit to the level of services and care states and agencies can offer, and money saved from stemming fraud could mean billions more available to help.
  • Overspending and misdirection of funds: The government has to spend more and more on the benefits system because it is not working as intended.
  • Fraud negatively impacts the United States’ image: When controls are not in place to curtail fraud and funds meant for public services fall into the hands of bad actors and criminal organizations, this undermines trust in the government and damages the optics of future attempts to help society’s most vulnerable.

The Solution: User-Centric Biometric Security

Most public sector fraud stems from poorly secured remote access to government-issued services and benefits. The solution relies on trusted identity verification – which enables the government to be sure that those receiving funds are the intended recipients. There’s only one way to be sure of this remotely: by verifying a genuine document against a genuine face using biometric verification technology.

How does it work? When a person applies for government benefits or signs up for services online, they would be prompted to complete a brief facial scan. Face verification technology is essential here, as only the face can be matched against a government-issued identity document, such as a driver’s license. This provides a trusted reference image from a government authority. You can read more about the many advantages of face biometrics here.

Investing in robust identity verification technology is essential for tackling fraud – not only to provide the security that’s so desperately needed, but because it will actually be a cost-saving initiative to the benefit of the taxpayer. Investments in fraud technology for detection and prevention can deliver huge payoffs – typically 10 to 100 times ROI.

Given the amount of money at stake, how stolen benefits funds undermine their intended humanitarian efforts, and how these stolen funds can fuel further criminal and nation state activity – a mission-critical solution is needed.

Ultimately, public sector agencies would be well-positioned to adopt best practices around biometric technology from other leading public sector organizations such as the UK Home Office, The US Department of Homeland Security, Singapore GovTech, and the Australian Tax Office, which all have mature facial biometric security strategies in use.

You can request a demo of iProov here or read more about this topic inside our recent report, Using Biometric Technology To Fight Public Sector Benefit Fraud below:

Back to Resources

How to keep biometric security systems safe against attacks? Ensuring cybersecurity for online verification

How Can Biometric Systems Secure Against Evolving and Yet Unknown Attacks?

April 26 2023

The world is digitizing at an incredible pace, and traditional authentication methods, such as one-time passcodes, are failing to keep organizations secure. As fraud technologies and methodologies grow in sophistication and scale, facial biometric verification has emerged as one of the most secure and convenient methods for organizations to verify user identity online.

However, organizations must understand that not all facial biometric technologies have kept up with the rapidly changing threat landscape. Not all are equal in the level of security, resilience, or adaptability to novel threats.

Deploying a facial biometric verification solution without having visibility over threats and how they evolve is like building a house without the right materials to withstand the elements. To be effective, solutions must be resilient to the ever-evolving threat landscape and utilize threat intelligence to ensure that they can provide the expected level of identity assurance.

Understanding Trends in Biometric Attack Types

Recently, iProov published an industry-first Biometric Threat Intelligence Report, in which threats to in-production biometric technology were analyzed across the last year. Download the threat report here for all insights and data.

For now, we’ll highlight one key discovery:

There was a sharp increase in digital injection attacks across 2022

Surprisingly, digital injection attacks have dramatically increased and now occur five times more frequently than persistent presentation attacks across web browser verifications.

What is the difference between digital injection and presentation attacks?

Presentation attacks involve presenting an artifact – such as a printed photo, silicone mask, or deepfake video on a screen – to a cell phone or computer. Presentation attacks have a long history and are generally well-understood.

Digital injection attacks on the other hand are sophisticated, highly scalable, and replicable cyberattacks that bypass the camera on a device (or are injected into a data stream). They are far more scalable than presentation attacks and they do not require the manual creation of a physical artifact or any physical presentation. This scalability drives the higher frequency and danger of digital injection attacks.

Many biometric solutions are not equipped to defend against this threat type. In response to the ever-evolving threat of systemized and scalable attacks, security needs to be resilient and adaptive – rather than simply resistant to established and known spoofs.

How We Secure Our Biometric Solutions

Given the ever transformative nature of generative AI, and the scalability of digital injection attacks, it is imperative that biometric security be actively managed 24/7.

One key element in our security process is iProov Security Operations Center (iSOC) – the industry-first global threat intelligence and active threat management system. Through iSOC, iProov monitors traffic in real-time to detect attack patterns across multiple geographies, devices, and platforms.

This enables continuous monitoring and learning from attack sources, patterns, and methodologies, keeping our biometric systems one step ahead of the evolving threat landscape.

Having full visibility of threat development is crucial because once attack tools or methodologies are successful in breaching systems, they are often quickly shared – typically on the dark web or within Crime-as-a-Service networks – which means they can scale very quickly. You can read more about real-world examples of this in our LATAM Deepfakes Report.

If you do not have visibility of attack types, it makes it very difficult to prioritize which spoof types to mitigate against and doesn’t allow an understanding of how the attack behavior is changing. Visibility is crucial for long-term, dynamic defenses.

iSOC delivers:

  • Transparency: Attacks are spotted and investigated quickly.
  • Security: We continuously learn and stay ahead of future attacks while maximizing platform performance.
  • Satisfied customers: Customers benefit from ongoing security and active threat management, affording greater peace of mind.

iSOC explanation against evolving and unknown biometric security threats

This ultimately helps to protect your users and your organization from future and as yet unknown threats.

The Cloud is Critical For Ongoing Security and Rapid Response

Security systems also need to be able to implement fixes quickly in order to outpace threat actors and maintain ongoing protection.

That’s where cloud-based technology comes in:

  • Verification happens in the cloud: All verification attempts in the cloud rather than on the device. If an attacker manages to physically or digitally compromise a device with ransomware, for example, the verification remains unaffected because it is separated from potential vulnerabilities on the device.
  • The cloud powers iSOC: iProov is able to monitor and analyze attacks on our systems in real time because we verify within the cloud. This means full visibility over the execution environment.
  • Updates can be rolled out quickly: Cloud-based SDK deployment means that if platform updates need to be rolled out in response to a certain threat, they can be done server-side rather than devices being updated manually. Defenses and algorithms can be updated continually, which can make life much harder for attackers.

One-Time Biometrics Ensure Real-Time Authenticity

Sophisticated threats, such as deepfakes, can often successfully emulate a person verifying themselves, which many liveness technologies cannot spot. Advanced verification methods are needed to secure against advanced threat types.

How does our one-time biometric technology work? The user’s device screen illuminates their face with an unpredictable sequence of colors. We analyze the reflections of that screen light from the user’s face. The way that the light reflects and interacts with the face tells us whether it is a real-life, three-dimensional human or not.

The sequence of colors that we see reflecting from the face must be the sequence that we told the device to flash. If it looks realistic, but the color sequence is wrong, we know we’re looking at a spoof.

Once used, it can’t be replayed by a person attempting to use a previous verification to spoof the system. It’s worthless if stolen because the sequence is unique and is obsolete as soon as it’s used. The process is exceedingly user-friendly and entirely passive.

Genuine Presence Assurance Explanation

Ultimately, because the threats are constantly evolving, it’s essential to understand the threat landscape and make decisions based on real-world, in-production intelligence. iProov employs the discussed technologies – iSOC, cloud-based verification, and one-time biometric technology, amongst others – to deliver the solution of choice for the world’s most security conscious organizations. You are secured and reassured, active threat management in place to defend against new and yet unknown threats.

To read more about the key attack technologies and methodologies witnessed by iSOC throughout 2022: download our report, ‘iProov Biometric Threat Intelligence”. It highlights previously unknown patterns of biometric attacks that can help organizations make more informed decisions on biometric technology selection. Read the full report here.

Back to Resources

Image of someone holding a credit card to represent article: Biometrics in banking, what are the advantages of biometric technology for banks?

Biometrics in Banking: What Are The Advantages of Biometric Technology For Banks? 

April 6 2023

Banking inclusion has skyrocketed in recent years. According to the World Bank, 71% of people had access to a bank account in 2022, up from 42% a decade before. This growth can mainly be attributed to the digital revolution – two-thirds of adults worldwide now make or receive a digital payment, which has risen from just 35% in 2014. Juniper research estimates that the number of remote banking customers is expected to exceed 3.6 billion by 2024.

While there are many advantages to remote banking for banks and customers alike, there’s a serious challenge posed by this trend. Remote banking relies on a level of trust in the identity of the individual accessing the service, and that trust that can be exploited by cyber-enabled crime. As banks expand remote access to digital services and make access easier for users, they often extend an unintended invitation to fraudsters.

In truth, banks are facing pressure on all fronts – consumers expect to be able to open accounts and bank remotely with speed and ease. Meanwhile, fraudsters are siphoning money and undermining security through online channels. Simultaneously, banks face the threat of KYC and AML compliance fines.

In response, many banks are leveraging advanced verification technologies to onboard and authenticate the new era of online bankers – replacing cumbersome manual processes and supplanting outdated authentication methods like passwords and passcodes.

Biometric verification technology in particular can enable banks to deliver an effortless user experience, maximize customer inclusion, reduce user frustration, and provide the security needed to protect against fraud while supporting compliance with regulations. But not all solutions provide the same level of protection.

How Are Biometrics Used in Banking?

There are a few key use cases for biometrics in banking:

Customer Onboarding

The first and most critical step is verifying the identity of a new remote customer. This is how banks ensure that they’re engaging with a legitimate individual from the outset, which enables banks to filter out potential bad actors, bots, and fraudulent identities early while supporting compliance efforts (proving they “know” their customers).

By scanning their trusted identity document – such as a driver’s license – and then completing a brief biometric facial scan, banks can check the verified identity of each new customer without ever meeting them in person.

Onboarding is the point of highest risk because you don’t know anything about the user or their risk until you have enrolled them – so it’s important to start off with the highest level of identity assurance in order to defend against threats such as synthetic identity fraud. Trust established at onboarding will carry through the customer lifecycle.

Customer Authentication

An account could be onboarded legitimately, but then compromised through account takeover fraud, identity theft, phishing, or other fraudulent activity. Biometric face authentication ensures that the person trying to access an account (the ‘visitor’) is the same person that created the account (the ‘owner’) on an ongoing basis.

Once the individual’s identity has been established using the highest level of assurance, returning authentication doesn’t require the same stringent process and can be achieved through a simpler liveness check – unless something has changed to raise the level of risk. Examples of this include the customer asking for a new line of credit, adding a new authorized user to their account, requesting a password reset, or setting up a new device or rebinding an existing device. In these instances, a bank may decide to step up the authentication and require an additional biometric scan to ensure that this is in fact the customer requesting these changes. This enables banks to deliver the required convenience and flexibility for customers.

The two above processes have become absolutely essential for banks to deliver remote services securely and conveniently – and biometric technology is the core.

How Can Biometrics Be Implemented in Banking?

Biometric technology can be implemented in a number of ways. It can be combined with other authentication methods to create a multi-factor authentication or step-up authentication solution, for example.

In some jurisdictions, banks are required to implement multiple security factors under strong customer authentication laws.

Why Do Banks Need Biometric Technology?

Banking with biometrics delivers a number of key benefits:

The Benefits and Advantages of iProov Biometric Face Verification for Banks

Not all biometric solutions provide the same level of protection. This is because they are not created equal in their ability to determine the “liveness” of the supposed person trying to verify their identity, ensuring that the person is who they claim to be and present at that time. This is important when defending against generative AI attack methodologies like deepfakes and face swaps.

Additionally, there can be consequential differences in usability. When reviewing solutions, it is necessary to understand important things like if there are device or technology requirements, and if will the user be asked to perform certain movements as they will lower completion rates.

iProov technology delivers a number of key benefits:

  • Reduced operating costs: Minimize costs associated with manual processes and errors, and reduce associated fraud costs by assuring the customers are who they say they are.
  • Maximized completion rates: Top biometric solutions can deliver incredible completion rates – iProov’s are typically > 98% in production environments.
  • The highest levels of security: A strong biometric solution can deliver unrivaled security. iProov is chosen by the world’s most security-conscious organizations – such as the Department of Homeland Security, UBS, and the UK Home Office – and other banks such as Knab and Rabobank for a reason.
  • Customer and organization fraud protection: By ensuring the genuine presence of customers during onboarding and authentication stages, you minimize the pathways criminals have to defraud your services – ultimately resulting in lower fraud costs and safer, more secure customer accounts.
  • True inclusivity, usability, and privacy: iProov technology is accessible regardless of age, gender, ethnicity and cognitive ability. The technology is passive and intuitive. The user does not have to smile or turn their head but authenticates by simply looking at their device. The more people that can use a solution, the greater reach it has. You can read more about how iProov biometric technology delivers data privacy here and how it delivers inclusivity & accessibility here.
  • Reduced risk of compliance penalties and reputational damage from negative publicity: Biometric technology enables banks to meet regulatory guidelines while reassuring customers, which can in turn protect the organization’s reputation.
  • Supported Compliance with regulations such as KYC and AML: Biometric technology supports KYC and AML compliance by delivering secure, robust customer onboarding and ongoing authentication. This reduces the costs and time taken for KYC and identity verification, removing much of the burden associated with the KYC/AML ecosystem for banks.

Biometric Authentication and Verification Technology in Banking: Summary

Facial biometric technology…

  • Delivers a fast and easy onboarding process, with effortless authentication, which makes all the difference in attracting and retaining customers in an increasingly competitive environment.
  • Delivers the flexible authentication required by banks – organizations can choose different levels of identity assurance based on the activity carried out. Additionally the technology can be implemented flexibly – through multi-factor or step-up authentication, for example.
  • Creates overwhelming hurdles for adversaries to overcome.

Ultimately, the future of banking is digital and will owe much of its success in balancing security with customer experience to biometric solutions.

Back to Resources

DMV Modernization in America MDL -- identity proofing

Modernizing DMVs: The Role of Identity Proofing in America

March 30 2023

Department of Motor Vehicles (DMVs) across America are at a critical crossroads. They’re faced with all-too-familiar issues, such as long in-person wait times and a lack of digital services. Meanwhile, Americans are demanding that more in-person services be made available online. In a recent iProov survey, the majority (70%) of respondents confirmed that people want the DMV to provide online identity services.

So the question is not if DMVs will have to modernize, but when and how.

iProov is currently working with the DMVs in some of the largest US states to help them use secure biometric identity verification to increase customer satisfaction while improving efficiency, security, and privacy online. But many DMVs are struggling with how to take the first step.

In light of this, iProov is hosting an educational webinar on April 6 2022 in partnership with the Arizona Department of Transportation (ADOT) to discuss the role identity proofing can play in the day-to-day DMV transactions.

What Will You Learn in the iProov/ADOT DMV Webinar?

This webinar will examine…

  • How identity proofing will help DMVs enable people to prove that they are who they say they are online.
  • How face biometric verification technology can enable DMVs to provide the highest level of identity assurance during the identity proofing process – while keeping fraudsters out and being easy to use by all.
  • The changing role of the DMV in American society and the challenges of leveraging new technologies – such as biometrics – to create better experiences for the public.
  • How to ensure inclusivity and accessibility when verifying identities online.
  • The new identity proofing standards and guidelines coming next.

iProov will be joined by Eric Jorgensen, ADOT’s Motor Vehicle Division Director, who will share insights from his digital transformation journey at ADOT. We will also discuss some of the challenges Mr. Jorgensen has faced in moving DMV processes forwards and insights into how modern technologies can improve DMV processes and deliver better experiences for the public.

Read on for some key information surrounding DMVs, identity proofing, and modernization – but first sign up for the webinar here!

How Can iProov Help DMVs Across America?

DMVs have long provided organizations and individuals alike with a key identity verification tool in the form of a physical driver’s license – which is the primary way to prove identity in the US. So this is about more than just being able to renew licenses online – it’s about the role DMVs can play in revolutionizing America’s digital identity ecosystem.

But to transform DMVs into a digital identity-proofing resource for Americans, implementing appropriate technology will be vital to protect legitimate online users from impostors or fraudsters. The technology needed to securely verify the identity of people remotely is iProov identity proofing.

With iProov technology, DMVs are able to offer effortless and highly secure remote processes to ensure that the person asserting their identity remotely is the right person, a real person, and that they are authenticating right now. It’s secure, convenient, inclusive, and respectful of user privacy. Read more about iProov here.

Governments worldwide — including the US, UK, Australia, Singapore, and Estonia — are already using iProov’s market-leading technology to deliver online secure services.

In short, iProov helps make DMV digitization and modernization possible by enabling the secure verification of citizen identity online.

DMVs, Identity Proofing, and Modernization: A Summary

Americans are calling for digitization, and the DMV is perfectly positioned to be the hero of America’s digital transformation story.

Ultimately, this is about bringing identity into the 21st century in America – and the potential economic and social opportunities this could create for citizens and DMVs alike.

It’s about leveraging technology to enable DMV systems to handle today’s digital-first demands while protecting them from evolving threats and delivering a first-class user experience for people across America.

By leveraging modern technologies, DMVs can offer secure, inclusive, and convenient digital services to those who want to use them. In this webinar, we’ll illustrate how.

So, join us on April 6 for more information on DMVs, identity proofing, and digital transformation – this is shaping up to be a crucial event for DMV leads and stakeholders. Don’t miss out!

Sign up for the webinar here.

Back to Resources

What is passwordless authentication? How does passwordless authentication work? Using biometrics. Image is a man frustrated having forgotten the password on his phone

Passwordless Authentication: What is It? How Does it Work?

February 12 2023

You need to log into one of your online accounts – it’s time to prove that you are who you say you are. At a top level, you’ll encounter one of two options here:

  1. Knowledge-based authentication. This usually means a password. It’s a familiar option, but often causes problems for both users and organizations alike. For example, in the last 24 hours, 32% of users have had to request a password reminder. Forgotten passwords are a huge issue that causes significant administrative costs and lost business.
  2. Passwordless authentication. This could be an SMS One-time Passcode (OTP), fingerprint authentication, or any other authentication method that does not require a password. With iProov face biometrics, for example, a user can authenticate simply by looking at their device in order to gain access to their account.

In recent years, organizations have moved away from passwords and towards passwordless options, because password-based authentication is generally cumbersome, expensive, and insecure.

There are many different passwordless options, but they’re not all created equal – some options deliver better user experience, security, and inclusivity than others.

What Is Passwordless Authentication?

Passwordless authentication is the process of authenticating user access to an online account, software, or service without requiring a knowledge-based password.

A number of technologies can be used to enable secure user access without passwords, such as:

Why Do Organizations Choose Passwordless Authentication?

Passwordless authentication is beneficial because it can often strengthen security. Password vulnerabilities are well-known and they can be breached in numerous ways – plus, password management practices are often risky.

So, passwordless options are designed to strengthen security and to reduce the attack number of ways systems can be attacked. A good passwordless solution can also make the authentication process more convenient for users compared to passwords, because passwords are so easily lost, forgotten and breached, leading to lengthy recovery processes.

Quite commonly today, organizations choose to implement two-factor or multi-factor authentication to establish greater trust online under hostile conditions and limit fraud through stronger authentication. This means organizations don’t need to do away with passwords entirely if they don’t want to – instead they can combine them with another factor such as biometric face verification.

But remember: the specific benefits of going passwordless will depend on the solution you adopt. It’s important to strike a balance between security and user experience.

The Past and Future of Passwordless Authentication

In the early days of the internet, organizations typically relied exclusively on a user ID and password to verify a customer. As more money started changing hands online, fraudsters began to take advantage.

Fraudsters were successful: shockingly, 80% of hacking-related breaches involve compromised and weak password credentials. Passwords intrinsically weaken the integrity of the security process and expose the individual or service to risk. This causes society-wide security risks for users and organizations alike.

Along the way, the attacks bad actors use to undermine passwords became more sophisticated and scalable. They include, but are not limited to:

  • Phishing
  • Keylogging
  • Brute force attacks
  • Man-in-the-middle attacks.

So, new methods of authenticating customers sprang up to counter the disadvantages of passwords. Some stayed, and some died away. One method that stayed is biometric authentication – not least because it can offer secure access within seconds without the user needing to remember anything.

In 2023, iProov predicts that biometric combined with device will overtake password combined with device as a two-factor authentication solution – meaning we could finally see the end of passwords, even as part of two and multi-factor authentication solutions.

How Does Passwordless Authentication Work?

Passwordless authentication is generally split up into two categories:

1. Possession-based

Possession-based factors, such as OTPs, are sometimes referred to as “something you own”. They attempt to authenticate users through ownership of a device. For instance, if you can fetch and paste an OTP, then this should prove that you are the person who owns the device associated with that phone number and of which you have exclusive access to – thus proving your identity.

One problem with possession-based authentication is that it trusts devices over people. Codes are shareable and phishable, which means they are not a clear-cut representation of someone’s identity.

2. Inherence-based:

Inherence-based factors – i.e. biometrics – are sometimes referred to as “something you are”. They attempt to authenticate users by asserting a biological/physical characteristic. For instance, scanning your face using a device’s user-facing camera or pressing your finger against a device’s fingerprint scanning pad.

The third authentication factor is knowledge-based. Knowledge-based authentication usually means passwords, but can also mean secret answers, such your first pet or mother’s maiden name (though secret answers are used less commonly these days).

To put it simply, passwordless authentication works by users authenticating using a possession or inherence-based factor – such as a OTP or a facial biometric scan – rather than a password.

Auto-filling passwords is not passwordless authentication. Neither is using a cellphone unlock code to fill in a password field. Both of these options rely on an underlying password. Passwordless authentication works through bypassing the need for a password by using a different technology altogether.

Click here for a more in-depth understanding of the different authentication methods available.

Why Choose Face Biometrics for Passwordless Authentication?

The simplicity of face biometrics is one of its great advantages. It’s widely accessible, there’s no password to remember, and there’s no device or access token to carry around. This makes biometric face verification one of the most inclusive and accessible methods of security there is — if it’s implemented correctly.

While other methods can deliver benefits over the traditional password, the security still usually falls short of a sophisticated biometric solution. OTPs, for example, are often alarmingly easy to phish. Read more about the risks of OTPs here.

So, let’s consider a few of the areas where biometric passwordless authentication can make a real difference:

  • Security: Generally, speaking biometric-enabled passwordless authentication should be more secure than a password-enabled login. Passwords are hard to remember, so people tend to use the same password across multiple sites. This means if a password is guessed or breached, a hacker could gain access to a whole host of user accounts using credential stuffing attacks. Additionally, people often choose simple passwords that are easy to crack. That’s why the majority of security breaches involve passwords. 63 percent of consumers have had to change a password due to security breaches. You cannot lose your face or have it stolen, though.
  • Improved user experience and convenience: With passwordless authentication, the user generally doesn’t have to remember anything. In the case of iProov, they don’t even have to do anything: they just stare into the user-facing camera on their device. This makes authentication exceptionally easy for the end-user.
  • Reduced costs: Biometrics means reduced overhead on resetting passwords, and less time spent reminding employees to reset their passwords or to use secure ones. Password helpdesk tickets are a huge problem across industries – several large US-based organizations in different verticals allocate over $1 million annually for password-related support costs. They require constant maintenance from IT. Removing the password eliminates these costs by relying on more efficient and secure authentication methods.

Benefits of Implementing Passwordless Authentication Using iProov Face Biometrics

In the same vein that some passwordless methods are better than others, some biometric solutions are also better than others.

There are a number of unique propositions that elevate iProov technology above others as a passwordless solution:

  • Industry-leading completion rates: iProov completion rates are typically > 98%. Compare this statistic to the fact that Over 50% of users have abandoned online purchases because they forget their password and retrieving it took too long, and it’s easy to understand why organizations move away from passwords.
  • Cloud-based security. iProov cloud-based security means that our authentication is unaffected by any vulnerabilities on the device used. It also means that our security is opaque to the attacker and far harder to reverse-engineer. Finally, this enables iProov to deliver out-of-band authentication. Some passwordless authentication options are tied to the device – so if that device is compromised, an OTP or authenticator app will be worthless because the attacker has access to the codes on the device. This is why President Biden has stressed the importance of cloud-based architecture.
  • Truly passive experience: The iProov user experience is effortless, fast, and passive — all a user needs to do is look at the device’s user-facing camera.
  • Scalability and proven success: iProov has demonstrated its ability to scale in real-world environments with major deployments worldwide — with over 1 million verifications per day during peak periods. iProov is a proven supplier, already actively used and relied upon by top organizations such as the US Department of Homeland Security and UBS.
  • iSOC: The iProov Security Operations Center monitors day-to-day operations and identifies new and evolving attacks. Our defenses and algorithms are updated continually in response to new threats, which makes life much harder for attackers. This ultimately means that we learn more about the attackers than they learn about us.

Read all the advantages of iProov face biometric authentication in-depth here.

Why Is Liveness Important for Passwordless Authentication?

Liveness technology is a component of biometric technology that distinguishes between inanimate objects and a human.

Liveness technology is a key consideration for choosing a biometric passwordless authentication solution. When you are considering what kind of liveness technology to use, you have to think about what your threat profile looks like. How hard is the attacker going to try in order to break into your system? How important is it for you to establish that an online user is a real person and not a spoof? And how valuable is the information they are accessing? Different use cases require different levels of assurance – which is why some organizations choose step-up authentication.

Ultimately, not all liveness is created equal. There is a spectrum of liveness technologies. Some of them are very cheap and fast. Some of them are much more substantial and resilient to attackers’ methods that can detect even the most determined attackers. The latter can provide considerable reassurance for organizations and their users.

iProov offers solutions that cover low to high-risk use cases. But when a transaction is mission critical, only iProov Genuine Presence Assurance® (GPA) can ensure that the user is the right person, a real person, and is authenticating in real-time. This is vital in protecting against highly scalable digitally injected attacks. Using patented Flashmark™ technology, a one-time biometric code is created which cannot be replicated.

Learn more about Genuine Presence Assurance here.

Biometrics for Passwordless Authentication: A Summary

  • Passwordless authentication methods were developed to combat the inefficiencies, insecurities, and inconveniences associated with passwords.
  • Passwordless authentication is generally split into two categories: possession-based (such as OTPs) and inherence-based (such as biometrics).
  • Passwordless authentication methods should generally be more secure and convenient than password-based options. But there is a hierarchy to the options available: iProov champions face biometrics as the method that maximizes convenience, inclusivity, and security.
  • iProov’s face biometric authentication is being used at scale by the world’s most security-conscious organizations to deliver a passwordless solution that improves security and user experience simultaneously.

If you’re interested in knowing more about implementing iProov’s technology to deliver seamless and secure passwordless authentication, please request a demo here.

Back to Resources

Data Privacy Graphs Artboard 2

How Can Biometrics Assure Data Privacy? | Data Privacy Statistics

January 25 2023

Data privacy is critical to the biometric ecosystem. But why, exactly, does it matter?

  • Because traditional authentication methods are no longer enough to protect personal data: Fraud grows, both in scale and complexity as consumers and organizations move transactions increasingly online. Passwords and other traditional verification methods are no longer fit for purpose – they’ve become a well-known commodity to cybercriminals. Biometric security is necessary to protect users from the threat of data breaches, compromised credentials, and more.
  • Because consumers care: iProov research finds that an overwhelming majority (97%) of consumers care about the privacy of their data and how their data is used.
  • Because it is the law: GDPR and the UK Data Protection Act, for example, are enforced by regulators, such as the UK’s Information Commissioner’s Office (ICO). In many contexts biometric data is classed as special category data, affording it extra protections.

Protection of user data is built into iProov’s very design. When you procure iProov, you are procuring a technology that maximizes privacy protection, as highlighted by our conformance with many stringent security and privacy standards.

Next, we’ll answer a few questions about data privacy using iProov’s original research.

How Many People Care About Data Privacy?

It’s been suggested that the average person today has over 100 online accounts.  Does this mean that consumers are relaxed about sharing data? Not quite – consumers are concerned about privacy:

  • In total, 97% of consumers care about data privacy.
  • The majority of global consumers (68%) “care a lot” about data privacy.
  • 30% care about data privacy but feel they do have much control over it.

How much do people care about data privacy? Statistics graph

And here are the results breakdown by country:

Opinion on data privacy? Statistics graph by country

Clearly, consumers want control of their data. This could mean two things:

  • Consumers are more likely to avoid services that ask for too much information to be shared.
  • Consumers are more likely to avoid services that do not take data privacy seriously.

It’s interesting to see how attitudes have changed over time here. We asked consumers the same question in 2020; 25% of respondents “cared”, but did not feel they had much control over their data. In 2023, it’s up to 30% – indicating that consumers feel they are gradually losing control of data.

What Puts Data Privacy at Risk?

Aside from their inconvenience, he problem is that knowledge-based security (like passwords) can be shared, lost, guessed, and stolen. 80% of hacking-related breaches involve compromised and weak credentials. This puts data privacy at significant risk.

Let’s take a look at the statistics:

  • 32% of global consumers have forgotten a password in the last 24 hours. This was highest in Mexico (44%) and lowest in Spain (19%)
  • 74% of people have had to reset a password due to a data breach.
  • Shockingly, 12% of people reported that they have reset their password 5 or more times because of data breaches.

How many people have reset their password because of a data breach? Statistics graphChanging Passwords For Breaches Frequency Data Privacy Graphs Data Privacy Day 5 v3

It is difficult to protect the privacy of user data if the only thing standing between a fraudster and your customers’ data is a password. Clearly, they’re easily forgotten. Additionally, they have historically been undermined by large-scale data leaks and the availability of personally identifiable information on social media over and over again,

Biometric authentication replaces problematic knowledge-based authentication with inherence-based authentication. Trust is placed in who the person is, rather than the knowledge they can remember. Biometric data cannot be lost, stolen, or shared in the same way.

iProov’s biometric authentication systems have privacy built in by design to safeguard the user’s confidentiality, and strong encryption techniques protect all user data. Data is never shared with any third party and our security is exhaustively tested regularly by governments and enterprises.

It’s not just passwords. Traditional authentication methods, such as OTPs, have become commoditized in the wake of rapid digitalization. You can read more about the risks of OTP authentication here.

Ultimately, if data privacy is important to your organization – and you want to be seen as taking data privacy seriously – then passwords and other traditional verification technologies are unsustainable.

How Does iProov Ensure Data Privacy?

The truth is that iProov does not receive any biographical data (such as name, address, gender, date of birth) or even a phone number or email address. A firewall is in place so any and all end user personal data that comes to iProov – including facial imagery and the resulting biographic template –  is pseudonymized and cannot be associated by iProov with an identifiable person.

A  number of technological innovations are at play here:

  • Biometric templates: A biometric template is a stored representation of biometric data. But it is not the data itself – it is biometric data that is then analyzed through various algorithms and mathematical models in order to convert that data into a biometric template. This generally means that stealing a biometric template would be useless for a fraudster.  In iProov’s case, instead of imagery, the fraudster would find an anonymized binary code. Ultimately the template functions as a unique representation of the person, but it is not an image – ultimately bolstering user privacy and data protection.
  • Privacy firewall: iProov’s technology uses a privacy firewall. iProov has no access to other information apart from the face, and the organization using iProov has no access to the biometric data. There is a structural separation between the user identity and the user biometric, which is highly effective in safeguarding the privacy of the user.
  • Cloud-based authentication: There are many benefits to a cloud-based biometric security system over an on-device solution. One key one as it relates to privacy is the protection of user data: cloud security is opaque to an attacker and far more difficult to reverse-engineer. On the other hand, devices are far simpler to compromise, and when broken into provide access to the user’s identity – their image, their personal data, and access to their apps and services. Read more about cloud-based biometric security here.

Conformance and Compliance Highlights Commitment to Data Privacy

iProov delivers the most validated face biometric solutions in the world, having been exhaustively tested to national security and privacy standards by the U.S. Department of Homeland Security, the UK Home Office, the Singapore Government, and the Australian Government. 

We are compliant with or conformant to a number of key industry standards and regulations, providing our partners, customers, and future customers with the assurance that their data and users’ data is safeguarded properly by iProov. 

  • iProov is certified to SOC 2 Type II. This certification assures that iProov’s system is designed with suitable organizational controls to ensure sensitive information is kept secure in the cloud. 
  • iProov operates worldwide in compliance with the European General Data Protection Regulation (GDPR) and the UK Data Protection Act.
  • iProov is ISO 27001 compliant and maintains this status continuously with annual audits. Importantly, the ISO certification scope covers the whole company, including all of the products and services it provides, controlled from iProov headquarters.
  • iProov is certified under the European eIDAS regulation to Qualified Trust Service level and to eID Level of Assurance High.
  • Other certifications include, but is not limited to: iBeta Level 1 and Level 2, ISO/IEC 30107-3, and ISO/IEC 19795-1:2006. iProov also complies with, and is externally audited against the iRAP standard.

You can read more about our Governance here and learn more about conformance testing in our biometric encyclopedia. 

If you’d like to discover how iProov can secure and streamline your organization’s online verification, authentication, and onboarding while meeting the most stringent of data privacy requirements,  book your demo today

Back to Resources

Deepfake crime as a service

How Do Fraudsters Use Deepfakes for Crime-as-a-Service?

January 23 2023

Many understand how severe the threat of deepfakes is. But in this article, we expand upon a specific, worrisome trend: the role of deepfakes within the Crime-as-a-Service (CaaS) economy.

In this article, we’ll cover:

  • How deepfakes deployed via digital injection attacks and then circulated within Crime-as-a-Service networks can defraud organizations at scale
  • How this type of fraud scales compared to traditional attack types
  • How organizations can protect themselves from this threat

What Is Deepfake Crime-as-a-Service? Article Definitions

Let’s define the terms we’re going to use, with help from the iProov Biometric Encyclopedia. First, what actually is a deepfake?

“A deepfake is a video, visual, or audio recording that has been distorted, manipulated, or synthetically created using deep learning techniques to present an individual saying or doing something that they did not say or do.”

Second, a digital injection attack:

“Digital injection attacks are sophisticated, highly scalable, and replicable cyberattacks that bypass the camera on a device, or are injected into a data stream. By injecting replay attacks or synthetic imagery, including deepfakes, into a data stream, criminals can try to impersonate a bona fide user and gain unauthorized access to accounts or systems (or set up new accounts).”

And finally, deepfake Crime-as-a-Service:

“Deepfake Crime-as-a-Service refers to the process of cyber criminals developing advanced deepfake tools and services and then either selling them or sharing the technology across criminal networks, helping criminals to learn from, test, and spread their attacks.”

How Does Deepfake Crime-as-a-Service work?

Picture this example: Inside a data center operated by a criminal network, cloned devices are busy creating thousands upon thousands of manipulated, distorted, or synthetic images. Once this criminal network understands the exchanges between a given device and a targeted organization’s server, they target different organizations with various deepfakes to see which ones pass the security verification process. Once successful, the same software could potentially then run thousands of times in parallel to make it look like the imagery is coming from legitimate devices.

Additionally, once a criminal organization has successfully discovered a way to defraud a particular defense mechanism or organization’s system using deepfakes, they can use it for a variety of criminal purposes – such as account takeover fraud or synthetic identity fraud. Not only can they quickly sell effective tools, techniques, and identities within their network, but also to anyone with access to dark web marketplaces.

This is just one example of how deepfakes can be scaled and tooled as a global threat through Crime-as-a-Service networks. This is not the only example – the mechanisms can vary greatly depending on the delivery method.

The trend is particularly concerning in Latin America. The region is a global growth leader in online banking, but it is currently estimated that 20% of the region’s online revenue is lost to fraud.

Deepfakes + Crime-as-a-Service = Increased Risk

Why? Because:

  1. Liveness technology is not up to par. There was a rush to implement liveness technology during COVID, but not all are created equal. With over 3 years having passed since COVID was discovered, criminals have had plenty of time to play catch up – continuously probing for vulnerabilities and then exploiting them.
  2. People are ineffective at detecting deepfakes. Despite the fact that 57% of global consumers believe they can successfully spot a deepfake, research confirms that only 24% can.
  3. Research shows that traditional violent-crime gangs are teaming up with an underground cybercriminal community to achieve common goals, primarily of the financial variety – so financial organizations in particular should be carefully evaluating their security processes. Additionally, the danger of different skill sets being shared is that novel threats are being created at a much higher speed than seen previously.
  4. As Deepfakes-as-a-Service takes hold, a wider range of low-skill criminals will be able to purchase tried and tested software on the dark web, enabling them to effectively deploy mass attacks. They could potentially automate the deepfake crime process.

How Digital Injection Attacks Are Scaling Deepfake Crime

To fully understand the issue, we must look at how digital injection attack technology is powering deepfake fraud.

Some liveness technologies can now handle deepfakes that are simply presented to a screen. The process of creating a deepfake and presenting it to a camera can be effective, but it is limited in scope: realistically, the criminal can only do this one at a time.

Digitally injected imagery, though, is scalable. It enables criminals to inject deepfakes, either of synthetic or genuine individuals, directly into the data stream or authentication process. Digital injection attacks are the most dangerous form of threat because they are more difficult to detect than presentation attacks and can be replicated quickly.


As digital injection attacks are difficult to detect and highly scalable, they are particularly appealing to fraudsters who are devising ever more sophisticated cloaking methods making it even harder for advanced liveness technology to detect. They are being rapidly shared and tested from numerous locations worldwide, whether by the same criminal organization or via a Crime-as-a-Service economy.

Deepfake Case Study From the iProov Security Operations Center (iSOC)

Deepfakes-as-a-Service is not in its infancy. It is reaching maturity, with increased image quality, additional skills to cloak metadata, and is available more widely than ever before.

Throughout 2021, iProov’s Security Operations Center (iSOC) witnessed clusters of similar methods of digitally injected attacks. At first, the attack took the form of a manipulated image. Eventually, this attack spread and developed into a more sophisticated, digitally injected deepfake. The attacks occurred quickly across the globe.

Deepfake scaling threat crime as a service

Whether by the same criminal organization or sold over the dark web, this one example indicates that the attacker (or group of attackers) were organised, and rapidly shared tried and tested attempts from numerous locations. If attacks succeed, they rapidly escalate in volume and frequency, amplifying the risk of serious damage. Likewise, CaaS means that if a criminal fails to break into your organization’s system, they have access to retool and try again.

The iSOC is our global threat intelligence system. It exists to detect, block, and learn from sophisticated cyber attacks (such as the one above) that are attempted every single day against our customers worldwide.

Clearly, the threat is significant and it’s evolving. That’s why it’s essential that you choose the right biometric vendor to help protect you.

But how can you defend against it?

Choosing the Right Biometric Technology: Not All Can Combat Deepfakes

As we’ve established, cybercriminals can be shrewd and will try in an ever-increasing number of ways to probe and exploit weaknesses in security measures put in place.

Many basic liveness technologies can detect simpler attack vectors such as presentation attacks, where photos or pre-recording videos (and even presented deepfakes) are held up to a screen. But in the case of complex digitally injected deepfake attacks – intensified by Crime-as-a-Service networks – organizations need a more robust liveness solution. A solution designed to detect digital injection attacks alongside other advanced and novel threats.

That’s where iProov comes in. Only iProov’s Genuine Presence Assurance® can deliver the highest level of assurance – GPA can detect both presented deepfakes and deepfakes used in digital injection attacks. Patented Flashmark™ technology uses controlled illumination to create a one-time biometric that cannot be recreated or reused, providing greater anti-spoofing across a range of attacks, delivering an industry-leading level of assurance that the person is real and authenticating right now. The emphasis on real-time authenticity is crucial for detecting digitally injected deepfakes and is essential as part of a robust defense strategy.

Genuine Presence Assurance is packaged with iSOC – the technology behind the case study highlighted earlier. iSOC provides continuous and highly responsive defenses by:

  • Detecting biometric attack vectors from a range of devices, platforms, and geographies
  • Providing enhanced protection and defenses against known spoofing methods
  • Continually learning from new, previously unseen attacks, to close the vulnerability gaps, to future proof the system

Overall, Genuine Presence Assurance is essential for defending against the threats of today and tomorrow. You can read more about Genuine Presence Assurance here and the innovative Flashmark technology powering it here.

Want to Know More About Deepfakes?

Deepfake Crime-as-a-Service: Summary

  • Deepfakes are a critical threat not only to financial organizations, but society as a whole. This threat is being made increasingly scalable by the proliferation of digital injection attacks – an attack type that is widely available and used globally.
  • Additionally, Crime-as-a-Service networks are enabling criminals to share attack methodologies and tools with each other. iProov has seen these threats roll out in real-time through our iProov Security Operations Center.
  • Crime-as-a-Service networks also mean that deepfakes can be sold as a service to other criminals. Deepfakes (or even accounts that have been opened fraudulently using deepfakes) can then be sold on the darkweb, too. This makes deepfake crime even more scalable and accessible than ever before.
  • However, not many biometric technologies can help defend against these complex deepfake threats. Make sure you choose one that can.
  • There are many approaches to combatting deepfakes and the various methods being used to scale their impact. iProov’s approach – the deployment of one-time biometrics during verification and authentication sequences – has proven to be the most effective, usable, and inclusive way to safeguard against the threat.

In our latest report, ‘How Latin American Banks Can Safeguard Against Deepfakes: The New Frontier of Financial Crime’, we expand upon the contents of this article – with particular emphasis on the deepfake crime landscape in Latin America. You can download the full report here. It is free and available in English, Spanish, and Portuguese.

Back to Resources

Best of the blog iproov 2022

The Best Of iProov: What was Hot on The Blog in 2022?

December 21 2022

As 2022 comes to an end, it’s time for a little reflection. In this piece, we will rank and revisit some of our most popular articles of the year.

Overall, 2022 was another seismic year for biometrics and digital identity verification. Proliferation of cyber attacks, deepfakes making headlines, and a significant acceleration of identity verification programs across the globe.

The iProov blog provided insight into all of that. So, what were people most interested in reading across the year? Starting in reverse order with #10, let’s find out:

#10: Synthetic Identity Fraud: What Is It and How Can You Prevent It?

Synthetic Identity Fraud - what is it? how does it work? How can biometric liveness technology defend against it?

Synthetic identity fraud was a hot topic in the biometric space this year. It’s a sophisticated and dangerous type of fraud and is only set to become more of a concern as the technology used to create synthetic identities advances – which can also lower the barrier to entry for synthetic fraud.

There will be an estimated $2.42 billion in fraudulent funds being obtained in the U.S. alone next year. At iProov, we predict that synthetic identity fraud will break records in 2023.

Luckily, the right biometric solution can help to defend against synthetic identity fraud. So, read up on what it is and how you can prevent it as a matter of urgency.

#9: 10 Reasons to Become an iProov Partner

10 Reasons to become an iProov partner

2022 was the year iProov launched its reimagined global partner program, which comes with a whole host of benefits and resources – aiming to help iProov partners to drive more business.

But why pick iProov as a partner in the first place? Ultimately, not all liveness technology is equal, and not all liveness vendors are the same.

We listed the top 10 reasons you should pick iProov as your partner in an easy-to-read article.

Alternatively, you can apply to become an iProov partner here.

#8: The New EU Digital ID Wallet: How Will Face Biometrics Provide Trust and Security?

EU Digital ID Wallet eIDAS Digital Identity

 

The EU Digital Identity Wallet was a huge focus for iProov in 2022, culminating in iProov being chosen to launch the Pan-European payment pilot as part of the NOBID Consortium.

Earlier in 2022, when the pilots were still being developed, we wrote this article to explain why the most successful proposals would need to choose the right biometric solution for secure onboarding and authentication.

Read this article to better understand how biometric technology is critical to digital wallet rollout. In the meantime, we are looking forward to proceeding with the pilot and proving how biometric-enabled Verifiable Credentials can address the emerging challenges of the increasingly complex world of payments.

#7: One-Time Passcode (OTP) Authentication: What Are the Risks?

OTP Authentication: what is it? What are the risks? What is the biometric solution?

As more and more people recognized the limitations and risk of passwords throughout 2022, organizations turned to One-Time Passcodes (OTPs). But as you’ll discover in this article, OTPs simply aren’t as secure as they seem – hackers are able to compromise the process.

There’s also a must-read story in here about one particular criminal who used OTP vulnerabilities to defraud over 700 accounts!

#6: iProov, Eurostar, Entrust, and Innovate UK host demonstration of the Eurostar SmartCheck trial

iProov Eurostar Smartcheck scheme pilot contactless travel

Contactless travel will need to become a widespread reality if we are to avoid travel chaos. The ‘border of the future’ will need to become the ‘border of today’ in 2023.

iProov is a pioneer of contactless travel journeys, as highlighted by our SmartCheck Trial throughout 2022. SmartCheck allows travelers to complete secure ticket verification at home and then breeze through St Pancras using only their face.

To share the results of the trial, we hosted an industry event with Eurostar, InnovateUK, and Entrust – providing attendees with a demonstration of how the solution works. Spoiler: it went down well!

#5: Biometrics for Cryptocurrency Exchanges: Identity Verification Made Simple

Biometrics for cryptocurrency exchanges: identity verification from iProov

2022 has been a volatile year for cryptocurrency, with Bitcoin’s price ranging from a high of $47,498 to a low of $15,787. There were a number of shocking stories along the way – most notably the collapse of leading cryptocurrency exchange FTX, and the subsequent deepfakes and scams that emerged from the aftermath.

Throughout 2022, many cryptocurrency exchanges recognized the risks of operating with weak KYC and AML processes in place, and the importance of assuring customer trust. For many, procuring biometric technology was the solution.

This article explains how iProov technology can help cryptocurrency organizations by verifying the asserted identity as part of an onboarding and authentication process that’s secure, inclusive, and effortless

#4: 70 Biometric Statistics

70 biometric statistics - authentication facts & statistics graphic

This blog features a whopping 70 statistics on all things biometrics, ranging from the biometric market size and market demand, to deepfakes and digital identity – and much more.

This is your go-to resource anytime you need a biometric statistic – no surprise this blog had one of the highest return-visitor rates out of all our 2022 pieces.

A few choice takeaways:

  • 75% of 18-24-year-olds have used someone else’s password, and 10% have done so without permission.
  • Two-thirds of people have used biometrics and view them as easier and faster to use than traditional passwords.
  • Unique digital wallet users will exceed 4.4 billion globally in 2025, up from 2.6 billion in 2020.

Click the link for the full list of 70.

#3: How To Protect Against Deepfakes – Statistics and Solutions

Deepfake Statistics

Deepfakes have stolen headline after headline this year. Elon Musk. Sam Bankman-Freid – pranks, scams, and serious crimes.

We’ve conducted a lot a of original research here at iProov around online security and attitudes towards biometrics and the technology surrounding it. This article centralises some of our most important research on deepfakes.

If you’re curious about the answer to any of the following questions:

  • How many people know what a deepfake is?
  • How many people think they could spot a deepfake?
  • What scares people about deepfakes?
  • What scares people about deepfakes?
  • Are people more likely to use services that defend against deepfakes?
  • How can biometrics protect against deepfake crime?

Then click the link above!

#2: What Are the Advantages of Face Biometrics?

Advantages of biometrics explained

There are so many unique benefits to choosing face biometric technology from iProov that we had to get them all written down in one public resource. This article centralizes and expands upon all of the benefits of our unique technology, with a table of contents so you can easily jump to the areas most important to you.

These advantages include user experience, security, success rates, inclusivity, and more.

Give a read to see what you might be missing out on.

#1: What Is KYC and Why Is It Important? How Is It Part of AML?

KYC AML: explaining the importance and difference

Taking the number one spot is our article on KYC and AML. KYC and AML are complex topics and it’s often easy to trip over the terms. We wrote this article to demystify the two and clarify how they relate to one another.

We also explain how biometric technology can be critical for facilitating AML/KYC compliance.

If you need to brush up on your KYC/AML knowledge or wonder how biometric technology can aid your KYC/AML compliance, then this one is for you.

We like to think that this one does a great job of making something complex, simple. Give it a read and let us know what you think.

And there we have our 10 most popular articles of the year. We’re looking forward to even more exciting developments in digital identity and online user authentication in 2023. Read our predictions for 2023 here – we’re certainly not expecting a quiet year.

And if you’d like to be part of our journey, please check out our open vacancies – we’d love to hear from you.

Back to Resources

FTX crypto scam highlights threat of deepfakes

FTX Scam Highlights The Real and Growing Threat of Deepfakes

December 14 2022

A deepfake video of FTX former CEO Sam Bankman-Fried (SBF) has been circulated on Twitter – fraudsters looking to steal funds from users of the collapsed crypto exchange, lured viewers to a website where they could supposedly get compensated for their losses by sending in crypto tokens and receiving double in return.

The fraudsters, taking old interview footage of Bankman-Fried, used a voice emulator to capture his likeness. This is not the first time a deepfake has been used to scam those in the crypto industry. In July 2022, a sophisticated scam using deepfake technology managed to drain liquidity from Brazilian crypto exchange, BlueBenx, by impersonating the COO of Binance.

The recent high-profile SBF deepfake is the tip of the iceberg. Criminals now have access to the technology and means to create incredibly realistic and convincing deepfakes. And they’re using these deepfakes to launch large-scale attacks at organizations and their users worldwide.

This article will:

  • Look at how criminals are using deepfakes to attack organizations
  • Examine whether humans can successfully detect deepfakes
  • Recommend steps organizations can take to defend against the growing deepfake threat.

How Are Deepfakes Being Used To Attack Organizations?

Video Conferencing

The global pandemic accelerated the transition from in-person to remote activities. Thanks to this, the video conferencing market has boomed and is expected to continue growing. Now that many organizations are communicating with colleagues, users, and job candidates remotely, criminals are using deepfakes to exploit this channel.

They’re doing this in several ways. For one, deepfakes are being used to enhance traditional BEC (Business Email Compromise), also known as CEO fraud. BEC is a highly targeted social engineering attack where criminals impersonate an organization’s leader to convince staff to execute actions, such as making payments, switching payroll, and divulging sensitive information. In mimicking the faces and voices of individuals during video calls, deepfakes can make BEC scams far more convincing.

That’s not all. In 2022, the FBI warned that deepfakes are also being used for fraudulent job applications for remote tech roles. Read more about how deepfakes are used in remote working scams here.

Face Verification

Biometric face verification enables users to verify their identity and gain access to an online service by scanning a government-issued ID and their face. They can then use their face every time they wish to authenticate and return to the service.

Automated face verification is a highly secure and usable means of identity verification for onboarding. Other remote methods, such as staff-to-user video calls require costly resources and risk human error. Likewise, as an authentication method, face verification provides organizations with the opportunity to go passwordless and resolves the security and usability issues that come with OTP authentication.

However, as the use of face verification has increased, bad actors have conceived new ways to circumvent these systems to gain unauthorized access to online services. One of these methods is the creation and use of deepfakes. Next, we will explore the ways in which criminals try to achieve this.

How are Criminals Using Deepfakes To Exploit Face Verification?

Presentation Attacks

A presentation attack is an act of holding up an artifact to the user-facing camera to impersonate a legitimate bank customer, to try and spoof the face authentication sequence. These artefacts can take the form of static images, videos (e.g. replays of previous authentication attempts), and highly-quality masks. A deepfake video played on a device and held in front of the camera is another example of a presentation attack.

Presented deepfakes can be realistic and convincing. A non-reflective screen on a retina display makes images appear extremely crisp so that pixels are not visible to the naked eye or at viewing distance. To defend against presentation attacks, including presented deepfakes, biometric face verification systems must incorporate liveness detection, which we will explore later.

Digital Injection Attacks

Digitally injected imagery enables criminals to inject deepfakes, either of synthetic or genuine individuals, directly into the data stream or authentication process.

Digital injection attacks are the most dangerous form of threat because they are more difficult to detect than presentation attacks and can be replicated quickly. They carry none of the clues that artifacts do when they are presented to the camera, making the more sophisticated attacks challenging for systems to distinguish and near impossible for humans.

These attacks are also far more scalable. The process of creating a deepfake and presenting it to a camera can be effective, but it is limited in scope. The criminal can only do this one at a time.

Digital injection attacks, on the other hand, can be run from an attacker’s computer. Or they can be done using a thousand cloned devices in a data center operated by a criminal network.

Can Humans Be Trusted To Spot Deepfakes?

The SBF deepfake was mocked for its poor quality. Some Twitter users clearly spotted that it wasn’t a real video. Be that as it may, research has shown that humans are wholly inept a spotting deepfakes, especially when they’re of a certain quality.

In a study conducted by the IDIAP Research Institute, participants were shown progressively more convincing deepfakes interspersed with real videos and asked, ‘is the face of the person in the video real or fake?’ Only 24% of their participants successfully detected a ‘well-made’ deepfake.

Despite research showing the opposite, humans are unjustifiably confident in their ability to successfully detect deepfakes. In a recent survey conducted by iProov, 57% of consumers were confident that they could tell the difference between a real video and synthetic imagery.

Human inability to tell between a real person and a deepfake poses an issue for organizations that conduct identity verification via video conferencing. This is misplaced confidence, as the human eye can easily be spoofed. Organizations have little assurance that the users they are granted access to an online service via video conferencing are indeed real, and not a deepfake. Specialized software is required to provide this level of assurance.

How Can Organizations Defend Against the Deepfake Threat?

Liveness Detection

Liveness detection is incorporated into face verification and authentication systems to distinguish whether the individual asserting their identity is a real-life person and not a presented artifact.

There are a number of ways that a face verification system can achieve this. One is to ask the user to perform actions, such as reading a sequence of characters aloud or blinking or moving their head. Yet, deepfakes can be coded to do these things just as well. It also raises some tricky questions regarding accessibility and inclusivity.

Another approach is to detect liveness passively: i.e not instructing the user to perform actions and instead using clues from the imagery to distinguish between real and fake. This way the technology does the work for the user intuitively.

Liveness detection technology can therefore detect a deepfake if it is used as part of a presentation attack. But as mentioned previously, criminals now have the capability to inject deepfakes directly into the data stream, bypassing the authentication system altogether.

One-Time Biometrics

For high-risk use cases, such as opening a new account or transferring a large sum of money, most liveness detection technology does not provide a high enough level of assurance. Deepfakes can emulate a person verifying themselves, which some liveness technology cannot spot. Advanced methods are needed to secure against advanced threat types.

One-time biometrics that assure both liveness and that a user is a real-live person, verifying in real-time, is essential in an organization’s defense strategy against deepfakes

A one-time biometric is an authentication method that takes place in real-time to assure that a user is ’live’ and genuinely present. A one-time biometric is never repeated in a user’s lifetime and has a limited time duration, which cannot be reused or recreated and is worthless if stolen.

One way to achieve this with a standard device is to use the screen to project controlled illumination onto the user’s face to create a one-time biometric. Once used, it can’t be replayed by a person attempting to use a previous authentication to spoof the system.

Another advantage is that if it’s stolen, it’s worthless because it’s one-time and obsolete as soon as it’s used.

Request a demo here to find out how iProov uses liveness detection and one-time biometrics to assure that a user is the right person, a real person, and genuinely present at the time of authentication.

Back to Resources

Cybermonday 2022 Test 3 B

32% of Consumers Will Forget Passwords on Cyber Monday

November 28 2022

It’s Cyber Monday, which means online shopping deals for consumers and an important revenue-generating opportunity for retailers and other organizations. 2022 is already off to a record start, with Black Friday online sales topping 9.12bn.
However, two hurdles will prevent consumers and retailers from enjoying Cyber Monday this year:

  1. Password Frustration = Abandoned Shopping Carts
  2. Increased Cybercrime = Financial Losses and the Pain of Identity Theft

Password Frustration = Abandoned Shopping Carts

iProov surveyed 16,000 consumers across the globe earlier this year and found 32% of consumers will have forgotten an online password in the last 24 hours.

The frustration of having to guess a password, see it fail, then request a password reminder, then change the password, then log in, will be too much for some people, and they will abandon the purchase.

In fact, our data shows that 82% of consumers have abandoned a transaction at some point due to password frustration:

  • 15% of consumers abandon a transaction at least once a week
  • 32% abandon purchases at least once a month

Survey Graph Abandon Purchase

Increased Cybercrime = Financial Losses and the Pain of Identity Theft

Cyber Monday is also attractive to cybercriminals, who will try to take advantage of deal-hunting consumers to steal money and credentials.

It’s more important than ever that payment providers and banks are protecting their customers. iProov data shows that consumers expect online payments to be verified. We found that 71% of consumers expect a payment provider to check that an online payment is genuine if the purchase costs up to $300. According to TransUnion, 15% of consumers say that not having enough security on a site is their top reason for abandoning their cart!Survey Graph Sevice Provider Check

How Can Face Biometrics and Liveness Prevent Shopping Cart Abandonment and Simplify Payment Verification?

  • Face authentication is faster and more convenient than passwords: Everyone has a face, and presenting your face to a device is far quicker than remembering and typing in a password.
  • Face authentication delivers higher completion rates: A hassle-free user experience means lower user drop-off rates. iProov success rates are typically >98%.
  • Face authentication is more inclusive: Passwords put people off because they require too much thought. iProov technology is more inclusive than other liveness vendors, as it is passive, which means all the user has to do is look at the device to authenticate. No moving the head or reading out words. It also works on any device with a user-facing camera, such as smartphones, computers, tablets, and even kiosks.
  • Face authentication is more usable: You don’t need to remember any knowledge-based security (such as passwords), and you don’t need to carry any hardware tokens with you.
  • Face authentication is reassuring. Everyone knows that passwords can be stolen and are not secure. iProov technology provides the reassurance that a secure transaction has taken place.
  • Face authentication is fast, convenient – and secure: Passwords can be stolen, but nobody can steal your face. iProov’s face authentication technology provides liveness detection to ensure that only the genuine individual can authenticate a transaction.
  • Face authentication is reassuring. Our survey data proves that consumers want reassurance when it comes to online payments. iProov technology provides flexible levels of security to deliver the appropriate reassurance based on the risk profile of the transaction.
  • Face authentication delivers accuracy and higher completion rates: iProov’s success rates are typically >98%, which means that payments can be verified quickly, securely, and accurately.
  • Face authentication ensures inclusivity: iProov face verification works on any device with a user-facing camera, such as smartphones, computers, tablets, and even kiosks. This enables users to authenticate a payment quickly and easily.

Download our Digital Identity Report for more stats, or contact us for more information on how we help organizations to verify online user identity.

Back to Resources

meet Panos iProover v2

Meet the Team: Working on the Frontline of Cybersecurity

November 25 2022

He spends half his time researching enhanced defense solutions; the other half is spent attacking our systems searching for vulnerabilities – I spoke with Panos, Head of Red Team at iProov, whose role involves identifying and closing potential opportunities for cyberattacks. Read on to find out what happens when iProov encounters a deepfake, find out how the cybersecurity landscape has evolved, and get a piece of advice for cybersecurity wannabes!

Hi Panos! To kick us off, can you share what sparked your interest in cybersecurity?

I enjoyed coding from day one when I was taught programming in high school. I joined academia as a developer and over the years I learnt to focus on working fast. Rapid prototyping is crucial in research where failing is likely, so you need to fail fast and retry until it works, and then evaluate its performance.

This made me fall in love with cybersecurity and I knew it was what I wanted to do for the rest of my life. I took two security courses at the university – the first was Introduction to Cryptography and the second was Cybersecurity Attack and Defense Strategies. Cybersecurity for me was, and still is, the continuous battle of good versus evil in cyberspace. It will always provide new adventures and challenges as new technologies emerge.

How has the cybersecurity world changed since you joined iProov?

The recent advances in AI have significantly increased the capabilities of attackers. The growing sophistication of deepfakes and the wider availability of the technology needed to create them pose serious implications for security procedures. As a consequence, day by day, we see even more elaborate attacks. This constitutes a reassuringly hard challenge for me to be kept intrigued by my work.

In addition, as the company grows and more customers trust iProov’s face verification solution, attackers are even more motivated to land a successful attack against us. We see that the funds and the time attackers invest in trying to attack us grow alongside the growth of the company.

As you mentioned, deepfakes represent a huge threat that organizations face. Can you tell us a bit about what happens when iProov encounters a deepfake?

We have rigorous systems and processes in place, firstly to detect deepfakes automatically and then secondly to deal with the detected incidents. This is essential considering the huge amounts of traffic that we process and the frequent attempts at malicious transactions that we encounter.

What piece of advice would you give to someone who is looking to get into cybersecurity?

Let yourself enjoy breaking things! Ensure you get rid of any possible engineering mindset you may have. Don’t look for the proper ways and the best practices to do things, but think outside the box.

Remember that the attacker is not developing. Try and put yourself in their shoes – they are hacking and breaking stuff in a fast, probably sloppy, and elusive way.

What do you enjoy about your role?

I enjoy that I am able to play different roles. I can be the red guy, which involves trying to find the vulnerabilities of a system, and I can also be the blue guy, which is when I am trying to make protocol and algorithms more robust. I really enjoy this variety – no two days are the same!

Finally, can you share what excited you about joining iProov – and hopefully persuade others to join?

I liked the fact that iProov is dealing with new and very challenging problems. Covid-19 led to an inevitable surge in the use of digital technologies due to the social distancing norms and nationwide lockdowns.

As expected, the richer the capabilities provided by online services, the higher the stakes accumulated on those services, which can be incredibly attractive for more attackers and fraud attempts.

We’re also using cutting-edge technologies to provide solutions to these services with the sole mission of eliminating fraud. iProov has daily encounters with very sophisticated forms of attacks.

For me, it means that by working here, I will have to deal with new, exciting, and challenging problems and learn something new every day.

Let this blog be a warning to anyone thinking of attacking iProov! You’ll have to get through Panos and his team first!

And meet more of the iProov team below!

Back to Resources

Image shows a man holding a phone scanning his face with biometric face verification. ID documents are in the background to represent the onboarding / enrollment process

Why Is Biometric Face Verification Ideal for Enrollment and Onboarding?

November 24 2022

Imagine that you need to apply for a new bank account. Would you rather:

  • Send your documents by post and wait for weeks;
  • Travel to a bank branch to apply in person;
  • Or complete the application online in a matter of minutes from the comfort of your own home?

For most consumers, the speed and convenience of completing tasks online would win every time. But some tasks require security checks — for example, if you’re applying for a loan, government benefits, or for a visa to enter another country, the bank or government needs to check that you are definitely who you say you are.

Remote biometric face verification provides the security check needed to enable consumers to enroll or onboard for these services quickly and conveniently online. But not all biometric face verification technologies deliver the same levels of assurance, security, or usability. Different technologies are suited to different use cases, as we’ll explain below.

What Is Enrollment?

Enrollment (also known as onboarding, account opening, or registration) simply means signing up a new customer to an account or service. Traditionally, if an enrollment process required an identity check — if the enrollment involved finances, for example — a member of staff would check the face of the person in front of them against that person’s photo ID.

Today, biometric face verification technology enables the enrollment process to be completed online from anywhere with an internet connection with greater accuracy than a human eye.

Remote identity checks at enrollment are critical. If identity checks are not completed properly, fraudsters can use someone else’s identity to sign up for credit cards, loans and other services in new account fraud. This means a lot of pain and hassle for the victim of identity theft, as well as financial loss for the organization. Criminals can also use synthetic identities where the identity doesn’t belong to a real person, but the financial loss to the organization can be enormous.

Enrollment is also a crucial part of compliance with KYC and AML regulations, too. The most important part of a customer’s lifecycle is enrollment – it’s where trust is initially established. Learn more about biometrics for KYC and AML here.

Secure enrollment is also necessary for subsequent authentication. To authenticate someone every time they use your website or app, you have to establish who they are during your first online interaction. If you enroll a fake person or someone using a stolen identity, this can have serious repercussions later on.

What Are the Factors for Successful Digital Enrollment?

A successful digital enrollment process needs to balance several elements:

  • Appropriate security for the task the security would be high for a credit card application, for example, but lower for a task such as signing up for an e-mail newsletter. Different biometric verification methods can be used for high or low-security options according to the contextual risk. High-security enrollment is essential: 6AMLD regulations assign direct criminality to cases where a “lack of supervision or control” makes criminal acts possible. Individual banks have been fined over $1.4b USD in anti-money laundering cases.
  • Usability – every step in a digital user journey increases the likelihood of the customer dropping out of the process. 36% of financial institutions have lost a customer or prospective customer due to inefficient or slow enrollment processes. There’s significant revenue relying on the success of your enrollment process – so it’s important to get it right the first time. Simplicity is critical and biometric face verification can be effortless.
  • Inclusivity – it is important to offer enrollment in a multitude of ways. If a customer can only enroll on a smartphone, for example, then that assumes a level of technical competency and also excludes everyone without a smartphone. Inclusivity is particularly important for governments to include all ethnicities. Biometric face verification can be delivered via mobile device, computer and kiosk.
  • Scalability – as we saw during the COVID pandemic, some organizations need to be prepared to handle a surge of enrollments. Biometric face verification can be highly scalable, as it doesn’t rely on customer service staff (who can’t be scaled quickly).

How Does Biometric Enrollment Work?

Face verification makes secure enrollment easy – it’s more convenient than in-person enrollment or sending documents physically or completing a video call.

Onboarding new customers begins either on the web, via mobile, or at an on-site kiosk. Individuals simply

  1. Scan their government-issued identity document, such as a passport- this can be done via optical capture or NFC capability.
  2. Completes the iProov passive biometric face scan – just like a selfie. This enables the organization to bind the individual to their government-issued document.

Using iProov’s passive liveness detection solutions as part of the identity verification process, removes friction at the point of onboarding, leading to fewer attempts to succeed and higher pass rates.

Why Is It Crucial to Establish Liveness During Enrollment?

Liveness detection is a component of biometric verification technology that ensures an online user is a real person. It detects whether the face being presented to the camera is from a live human being – as opposed to a recording, picture, or another non-living spoof. Without liveness technology, criminals could spoof the onboarding process with masks, photographs, and other presentation attacks. Additionally, liveness technology should defend against digital replay attacks or deepfakes that are physically presented on a screen.

Only iProov Genuine Presence Assurance® (GPA) can also ensure that the user is authenticating in real-time when they onboard, which is vital in protecting against highly scalable digitally injected attacks. Using patented Flashmark™ technology, a one-time biometric code is created which cannot be replicated.

GPA is recommended for enrollment because initial user onboarding is a high-risk action – you don’t know anything about the user or their risk until you have enrolled them, so it’s important to start off with the higest level of security so you are not onboarding a criminal.

Remember: trust established at onboarding will carry through the customer lifecycle.

Why Choose iProov Biometric Verification for Enrollment?

iProov Genuine Presence Assurance technology delivers:

  • Fast and convenient user experience
  • National-grade security
  • High success rates (typically >98%)
  • Excellent inclusivity and accessibility
  • True usability – Doesn’t require complex instruction and workson any device with a user-facing camera
  • Maximum reassurance for customers that they are following a secure verification process when enrolling to your service

Enabling organizations to:

  • Protect users against new account fraud, identity theft, synthetic identity fraud, and other threats
  • Reduce abondonment and churn with effortless, highly secure enrollment
  • Reduce operational costs while adhering to regulations

Read the complete list of iProov face biometric advantages in this article.

Read More about Enrollment & View Our Case Studies

Biometrics for Digital Onboarding and Enrollment: A Summary

  • Enrollment (otherwise known as onboarding, account opening, or registration) refers to the process of signing a new customer up to an account or service.
  • Technology now enables even the most secure enrollment process to be done online, without the need for an in-person encounter.
  • A digital enrollment process must balance many factors, including risk, usability and security to be successful.
  • Face biometric verification offers the accuracy, security, usability, inclusivity and scalability that is needed.
  • iProov’s Genuine Presence Assurance delivers national-grade security with an effortless and convenient user experience. It’s the only way to securely enroll customers and ensure an individual is the right person, a real person, and that they’re authenticating in real-time.

If you’d like to learn more about how iProov can streamline and secure your enrollment process, you can visit our customer onboarding webpage or book an iProov demo here.

Back to Resources

UBS 2d e1670425746875

UBS Partners with iProov for Automated Online Identity Verification

November 21 2022

Identity checks are a mandatory part of the financial onboarding process, however many of today’s consumers are reluctant to travel into a branch, join a video conference call, or answer questions about a loan they took out 10 years ago to prove that they are who they claim to be.

UBS, the largest Swiss banking institution and the largest private bank in the world, is not unlike other financial institutions in this scenario. They are constantly evaluating ways to innovate current processes to improve customer experience, but they need to ensure that improving customer experience doesn’t increase risk. One of the most common business processes that financial institutions are looking to modernize is the onboarding process. For both financial institutions and customers alike, it is often a very manual and time-consuming process that relies heavily on in-person interactions. One of the unexpected consequences of the pandemic, however, has been that customers now feel entitled to a wide range of virtual services that had traditionally been performed in person.

UBS has embraced this sentiment, and with iProov, is now offering a service to onboard new customers online in a secure, fast, and convenient process. With iProov, UBS customers are now able to open an account online in minutes, thanks to automated identity verification.

In May 2022, UBS launched UBS key4 for clients who want to carry out their banking transactions at any time of day, entirely digitally. UBS key4 includes personal accounts, savings accounts, debit, and other cards, mobile payment options, and more. Using iProov face verification technology, UBS key4 customers can now onboard remotely 24/7 in only 5 minutes. Clients enroll onto the service simply by scanning their face against a trusted government-issued document, such as a passport with a NFC chip. UBS is the first bank in Switzerland to offer this process for account opening in combination with qualified electronic signatures.

Prior to partnering with iProov, UBS key4 relied on using video calls to verify client identity virtually.

Why is face biometric verification a game changer for the financial services industry?

Biometric face verification enables banks and other regulated firms to securely:

  • Verify that an online individual is who they claim to be, within seconds
  • Confirm that an online individual is a real person and not a photo, video, or other spoof, thus protecting against identity theft and synthetic identity fraud

This modernizes the onboarding experience to provide a fully digital, fast, convenient service to users that:

  • Simplifies the user experience for new and existing customers – accessing a new bank account, credit card or other service takes minutes instead of days
  • Offers inclusivity – everyone has a face and no specialist hardware is required to complete a biometric face verification; all that’s needed is a user-facing camera on a device or kiosk
  • Provides reassurance to customers that security checks are in place and their finances are being protected
  • Protects the organization against financial loss from fraud
  • Complies with KYC and other regulatory requirements

But it is important to understand that not all face verification technology is created equal. Financial institutions require the highest levels of resilience to advanced threats and many biometric verification vendors cannot deliver. iProov is different because it offers:

  • Patented Flashmark technology that uses light and color to verify that a customer is the right person, a real person, and verifying in real-time
  • The highest levels of security against digitally injected attacks
  • Protection against evolving cyber threats, thanks to the iProov iSOC and ongoing threat management
  • Passive authentication – the light and color do the work, requiring the user to simply look at their device. No complicated instructions to move or read out numbers are needed.
  • Cloud-based for maximum security – iProov assumes the user’s device has been compromised
  • Proven experience – iProov is used in large-scale mission-critical deployments around the world, including banks and governments such as Rabobank, ING, the U.S. Department of Homeland Security, the UK Home Office, the Australian Taxation Office, Singapore GovTech, and more.
  • Outstanding accuracy and performance – iProov delivers >98% typical pass rate and 1.1 average number of attempts based on in-production results, providing customers with the smoothest, most hassle-free experience possible

Consumer demand for face biometrics as their preferred online verification and authentication method is already huge, and it’s growing. iProov’s Digital Identity Report found that:

  • 55% of consumers already use biometrics to unlock their mobile devices
  • 64% of mobile banking customers either already use face authentication to access their account, or would do so if it was offered – iProov enables financial institutions to make all services securely and effortlessly accessible using face verification

How does face biometric verification work for financial services providers?

Let’s imagine that a consumer wants to apply for a new financial institution’s account or credit card online. They start the application process on their smartphone, tablet, or computer and reach the stage where they need to prove their identity.

Some financial institutions might insist that the customer visits a physical location to confirm their identity and complete the application. Others might ask for an identity check via video call, where a customer service operator asks to see a customer’s ID document and checks it against their face. While others rely on knowledge-based identity checks, for example, asking the user to provide information about previous loans or mortgages, or other financial products.

Biometric face verification from iProov replaces all of the waiting, manual processing, user frustration, drop-offs, and security risks that are inherent in typical identity check methods.

Instead, the customer simply scans their trusted identity document using their smartphone, mobile device, or computer. Then they complete a brief ‘selfie’ of their face. iProov uses a simple multi-frame face scan using a sequence of colored lights to confirm that the customer is:

  • The right person: The user matches the image from a trusted photo ID document or previously enrolled biometric
  • A real person: Reflection of light from the skin confirms liveness and that it is a genuine human biometric, not a photo or other artifact
  • Authenticating right now: The illuminated color sequence creates a one-time biometric which cannot be reused or recreated, validating the authentication is taking place in real-time

The identity verification process takes a matter of seconds and puts the customer in control of the whole journey.

Request a demo of iProov or read more about our work on biometric verification in the financial services sector.

Back to Resources

password statistics v2

Password Statistics | What’s the Alternative to Passwords?

September 8 2022

Here’s a question for you: in the last 24 hours, what percentage of global consumers have had to request a password reminder online?

  1. 12%
  2. 21%
  3. 32%

The answer is C).

Every day, almost a third of consumers go through the hassle of having to request a password reminder from at least one website.

Just think about what that means. At best: frustrated customers. At worst: abandoned transactions, lost revenues, customer support time spent handling enquiries, and so on.

Passwords are not fit for purpose. As well as being a friction point for users, they are not secure – three-quarters of the most popular passwords can be cracked instantly.

iProov’s face biometric authentication provides an alternative to passwords that is more secure and better for users. To find out exactly why organizations should move away from passwords, we surveyed 16,000 people across eight countries (the U.S., Canada, Mexico, Germany, Italy, Spain, the UK, and Australia).

How Often Do Consumers Request A Password Reminder Online?

We asked: When did you most recently have to request a password reminder online?

  • Globally, 32% of consumers have forgotten a password in the last 24 hours.
  • 55% of consumers have forgotten a password in the last week, which rises to a shocking 77% in the last month.
  • The proportion of people that have forgotten a password in the last 24 hours is highest in Mexico (44%) and lowest in Spain (19%).

When did you most recently have to request a password reminder online?

Imagine walking up to a physical store and finding that the door is locked. How long would you knock on the door and try to get someone’s attention to let you in? Or would you immediately give up and go somewhere else? Organizations must make it easy for users to access their services online. Passwords cause a lot of friction and that friction will result in lost transactions.

Passwords are a clunky authentication choice and the risks outweigh the benefits – they are a legacy technology. Biometric authentication on the other hand is more secure and convenient for users (more on why and how further down).

How Often Do People Abandon A Purchase Or Other Process Online Because They Can’t Remember A Password And Retrieving It Took Too Long?

  • 15% of global consumers are abandoning purchases at least once a week.
  • 32% of global consumers are abandoning purchases at least once a month. 
  • The proportion of people abandoning purchases once per week due to forgotten passwords was highest in Mexico (28%) and lowest in Canada (12%).

How often do people abandon a purchase or other process online because they can’t remember a password and retrieving it took too long?

Again: imagine you run a physical store where, every month, 32% of your willing customers get to the payment point but abandon their shopping. That’s a significant amount of lost business.

Money is spent on marketing your services and optimizing your website – only for customers to leave once they’re ready to pay, all because of the clunky and outdated authentication process.

It doesn’t have to be this way. Your customers deserve to log in quickly and complete their purchases without unnecessary roadblocks. With iProov, all you need is a device with a user-facing camera for effortless authentication.

How Often Do Consumers Forget The Password For Their Mobile Banking App And Have To Reset The Log In Details?

  • 27% of global consumers that use mobile banking have had to reset their password in the past 12 months.
  • This is highest in the US – 36% have had to reset the password to their mobile banking app in the past 12 months.

Have you forgotten your password for your mobile banking app in the past 12 months and had to reset the log in details?

People want to do their mobile banking online because it’s convenient – but there’s nothing convenient about needing to reset your password for a secure service.

Face biometric authentication from iProov is effortless, secure and reassuring, which means that banks and other financial institutions can use it to provide access to the most secure services. It can also be used as part of a multi-factor authentication strategy.

In Which Online Situations Would People Rather Use Face Verification Rather Than Passwords?

  • 72% of consumers globally would rather use face verification than passwords for secure processes – this rose to 91% in Mexico.
  • Canada and Germany are least keen on face verification but even then, almost two thirds of Canadians and Germans already want to use biometrics over passwords for secure processes.

In which online situations would people rather use face verification rather than passwords?

Face verification is already the preferred choice for authentication when consumers want the reassurance of security. It is no longer seen as an advanced or high tech option. Organizations should offer face biometric authentication to build trust with customers.

Password Alternatives: The Case For Face Biometric Authentication

iProov’s face biometric authentication provides an alternative to passwords:

  • Our flagship technology, Genuine Presence Assurance® delivers the highest levels of assurance that an online user is the right person, a real person, authenticating right now. 
  • Our Liveness Assurance™ technology offers additional flexibility for lower risk scenarios. 

Both technologies can replace passwords or be part of a multi-factor authentication strategy or a ‘step-up’ authentication tool to augment passwords for high risk activities or transactions.

Organizations and end-users prefer iProov face biometrics to passwords because it:

  • Enables a convenient and user-friendly experience 
  • Is inclusive and usable
  • Offers flexibility, from highly secure transactions to lower risk scenarios 
  • Is accessible for all device and platform types, including kiosks
  • Delivers high success rates (typically >98%)

Read more on the advantages of face biometrics in-depth here. 

Learn More About The Problems With Passwords And Alternative Authentication Methods

Password Statistics And Password Alternatives: A Summary

  • 32% of consumers have forgotten a password in the last 24 hours, and 15% of global consumers are abandoning purchases at least once a week.
  • This proves that passwords are impacting on the bottom line for many organization and alternative online authentication tools must be found.
  • 72% of consumers globally would rather use face verification than passwords for secure processes – this rose to 91% in Mexico.
  • iProov’s Genuine Presence Assurance and Liveness Assurance technologies offer flexibility to organizations looking for different levels of security.
  • iProov is already trusted by leading organizations, such as the US Department of Homeland Security, the UK Home Office, and leading banks to deliver secure biometric face authentication, either in combination with passwords (multi-factor authentication) or as a passwordless authentication solution.

If you’d like to learn more about how iProov can be used to replace passwords or enhance authentication security at your organization – book your iProov demo or contact us.

Back to Resources

Advantages of biometrics explained

What Are The Advantages Of Biometric Authentication? 

May 30 2022

User authentication and verification are crucial for online security because the internet depends on trust. Booking accommodation with a host, accessing your bank account, applying for government benefits, accepting a new friend request on social media — millions of online interactions and transactions take place every day and they all depend on trust.

Over time, many authentication methods have been developed to establish trust online: passwords, PINs, secret questions, one-time passcodes via SMS, and so on. Biometrics have become increasingly common because they offer a highly convenient, secure, and inclusive alternative to oft-forgotten or stolen passwords and PINs. This makes biometrics very useful for online identity verification and authentication.

In this article, we’ll explain why face biometrics is the best way to authenticate and verify users online.

Before we begin, two things to note:

  • Firstly, when talking about face biometrics, we’re referring to face verification, and not face recognition for surveillance. Face verification is for personal benefit and the user willingly collaborates with the verification, whereas with face recognition the user has no control and may not know it’s happening. These are two distinct technologies for different use-cases.
  • Secondly, the majority of this article refers specifically to the benefits of iProov technology, rather than face biometrics in general. Remember: not all biometric solutions are created equal. iProov face biometric solutions use patented technology that gives our customers and their end users unique advantages in security and usability.

So, what are the advantages of biometrics for online identity verification and authentication?

Biometrics Deliver A Fast And Convenient User Experience

A truly passive face biometric verification solution involves a person looking into their user-facing camera. That’s it. There’s nothing to remember, no complex instructions to read, and nothing that you can break or lose. There’s complex technology at work to make biometrics secure, but for the user it’s strikingly simple, fast, and convenient.

How does iProov deliver a fast and convenient user experience?

iProov delivers passive face biometric solutions. The key differences between an active and a passive solution can be found here. Essentialy, it means that the technology does the hard work and makes it effortless for the user – minimizing friction and making it more inclusive. iProov believes that strong security can also offer an excellent user experience without the need to make the user make random movements, say numbers, or follow dots.

iProov’s reassuring ceremony takes just a few seconds. There are no complex steps for the user to take: just look at the user-facing camera and you’re done.

iProov technology delivers a fast and convenient user experience because it is:

  • Passive, meaning it does not require additional steps from the user other than to look at their device’s user-facing camera
  • One of the few solutions that can deliver security with effortless usability
  • Favored by users because of the speed and convenience it delivers. iProov surveyed 1000s of people across the UK, US, Canada, Australia and the EU about biometric face authentication and the results were clear: users love the speed and convenience. You can read the statistics here.

Biometrics Are More Secure

Biometrics are more secure than knowledge-based authentication methods (like passwords or shared secrets) because biometrics can’t be stolen — nobody can steal your genuine face. They can take a copy of your face, but they can’t steal it. Biometrics are also more secure than possession-based authentication because you can’t lose or break your face. You can lose or break a mobile phone, or leave your card reader at home, but your biometrics are always with you.

The right biometric solution can offer the highest levels of security, without compromising on usability and simplicity for the user (which is why you need to be careful choosing your biometric vendor!)

How does iProov offer secure biometrics?

There’s a reason biometric technology – particularly iProov’s Genuine Presence Assurance® – is chosen by the world’s most security-conscious organizations (such as governments and banks) that need to safeguard sensitive information and secure high-risk transactions.

iProov is different to other biometric solutions because it verifies that the remote user is the right person, the real person, and that they are interacting in real-time. The latter is critical. Verifying that a user is the right person, that their face matches their photo identity document, is relatively simple. Verifying that they are not a deepfake or a pre-recorded authentication is much harder and that is what sets iProov apart from other biometric vendors.

iProov’s unrivaled spoof attack detection has been tested by the most rigorous organizations, including independent testing on behalf of the US Department of Homeland Security and other national government organizations. Genuine Presence Assurance defends, detects and protects against threats such as:

  • Highly scalable digital injection attacks (replayed or synthetic imagery that bypasses the device camera or is injected into the data stream)
  • Presentation attacks (physical or digital artifacts presented to the device camera).

Additionally, cloud-based technology enables active threat monitoring and evolving security against new threats. You can read more about cloud vs on-device biometrics here and our active threat management service, iProov Security Operations Center (iSOC), here.

Ultimately, iProov’s face biometric technology proves that world-class security does not have to be complex for the user.

iProov’s biometric face authentication technology delivers the highest levels of security because it:

  • Uses cutting-edge technology to deliver unrivaled spoof detection
  • Is proven in the real-world, being used by security-conscious organizations such as the US Department of Homeland Security
  • Is a cloud-hosted solution, which enables active threat detection and an ever-evolving approach to security.

Biometrics Can Deliver High Success Rates

The right face biometric solution can deliver a more straightforward and seamless user experience. This can mean users are far more likely to complete your organization’s onboarding or authentication processes.

Governments, financial organizations and many other industries have embraced face biometrics for effortless customer experiences that minimize drop-off and deliver high customer satisfaction.

How does iProov deliver high success rates?

  • A user-focused approach to design is at the heart of iProov technology. This focus on inclusivity and user experience means we can deliver industry-leading success rates
  • iProov success rates are typically >98% across the board
  • iProov uses face abstraction, which eliminates selfie anxiety and encourages people to complete the process.

Biometrics Deliver Excellent Inclusivity And Accessibility

Face biometrics only needs a device with a user-facing camera – no specialist hardware is required. The vast majority of devices have a camera; not all have a microphone or fingerprint scanning pad. The ubiquity of mobile and tablet device usage across multiple demographic groups means that the right face biometric solution can deliver maximum inclusivity and accessibility.

For a digital solution to be widely adopted it must be inclusive, and services provided online must be simple to use and offer convenience rather than obstacles for a customer. Traditional methods like visiting a branch may be difficult or impractical for some people. Face biometrics provide a secure online alternative that supports customers in multiple regions and diverse populations.

But ultimately, the inclusivity and accessibility is very much down to the type of face biometrics used.

How does iProov deliver inclusivity and accessibility?

Inclusivity and accessibility are at the heart of our solutions. iProov facial biometrics are accessible regardless of age, gender, ethnicity and cognitive ability. The technology is completely passive and intuitive. The user does not have to smile or turn their head – which is common in many active biometric solutions – but instead simply look at their device. And the more people that can use a solution, the greater reach it has.

iProov works on any device with a user-facing camera. For those that do not possess a smartphone, or require additional assistance in person, we have made our solution available on kiosks – which allows organizations to offer secure services to citizens and customers without access to a smartphone. Anyone can use iProov’s face verification, from the age of 16 to 106!

To summarize, iProov face biometric technology offers inclusivity because it:

  • Has been designed to offer secure services to as many citizens and customers as possible. Attributes like age, gender, technical or cognitive ability, social or ethnic background must not become barriers to inclusion
  • Does not require any complex instructions to read, understand and execute
  • Ensures users are not segregated by their brand or platform choices
  • Is used in different continents, with iProov actively looking for, and removing, bias in our systems
  • Is available on iOS, Android or the web as well as supporting kiosks. Our collaboration with the UK Home Office saw 2500+ devices used during that one implementation.

Biometrics Enable True Usability

Usability means minimizing friction for users. Good usability means effortless access for the widest section of the population as possible. With face biometrics, everyone has a face, so everyone can authenticate.

Usability is the fundamental business requirement of any authentication solution. There are several aspects that must be taken into account. First, it means that any solution should be user-centric and no effort such as complex instructions or actions should be expected from the user. It’s not equitable to demand ownership of a particular technology or device to authenticate.

How does iProov deliver usability?

  • Comfortable user engagement: iProov technology supports natural posing and camera positioning from the user
  • Device-agnostic and omni-channel authentication across any device (mobile, web and kiosks).

Biometrics Increase Authentication & Verification Efficiency, Automating Processes

Face verification can enable a fully automated, secure, effortless and regulatory-compliant digital onboarding journey. Manual verification and authentication, such as in-branch visits or contacting call centers, can negatively impact customer experience and significantly slow things down. With face biometrics, people are able to prove that they are who they say they are securely and conveniently without ever having to leave the comfort of their own couch.

To verify an asserted identity remotely, you also need to scan the ID of a government-issued photo document. This is a distinct advantage of face biometrics specifically, because these IDs largely use the face as means of identification. You could not enroll someone by asking for their fingerprint or their phone number – usually, a face is the only option for verifying someone against an ID.

One Mckinsey report found a 90% reduction in customer onboarding costs by using digital ID-enabled processes.

Ultimately, face biometrics can replace or enhance manual verification to both reduce overall costs and increase accuracy, all while aiding organizational compliance with KYC and AML regulations. It also bolsters fraud prevention efforts and speeds up the onboarding process, which works to maximize customer success rates and reduce drop-off during application.

To summarize, iProov face biometric technology increases efficiency because it:

  • Can replace the need for manual verification processes
  • Can automate part of the onboarding process, which is a distinct advantage of face biometrics because the face is the identifier used for official government IDs. This enables verification of a face against an identity endorsed by a legal authority.

Biometrics Can Deliver Maximum Reassurance

It’s possible to make things too easy. For example, let’s say that a person is making a large payment. They want to feel and see the security verification taking place. If they don’t experience any sort of verification, they may be unnerved, which could cause them to distrust the company or service. The appropriate level of reassurance is important.

At iProov, we call this the “ceremony”: the user is aware that the authentication is happening and they feel reassured that security is being applied.

How does iProov deliver reassurance to users?

  • iProov’s Genuine Presence Assurance technology illuminates the user’s face with a sequence of colors. This short ‘ceremony’ takes a few seconds and helps to reassure the customer that a secure transaction has taken place.

The Advantages Of Face Biometrics Summary

  • Convenience and speed: Presenting your face to a device’s user-facing camera if far quicker than remembering and typing a password, for instance. iProov specifically is passive, which means all the user has to do is look at the camera to authenticate. It’s strikingly simple, fast, and convenient.
  • Security: Biometric face authentication is more secure than passwords or other authentication methods because your face can’t be stolen. iProov delivers unique anti-spoofing techniques to prevent your face being copied.
  • Success rates: A painless user experience means lower user drop-off rates. iProov success rates are typically >98%.
  • Inclusivity and accessibility: Face biometrics only requires a user-facing camera rather than any specialist hardware, making it accessible. iProov is available on many device types: smartphones, computers, tablets, and even kiosks. The technology has been designed to offer the most inclusive and accessible services to citizens and customers.
  • Usability: With face biometrics, everyone has a face, so everyone can authenticate! iProov’s passive solution is particularly usable – there are no complex instructions to follow and no movement required, meaning that the user’s verification and authentication experience is effortless.
  • Efficiency and automation: With face biometrics, people are able to prove that they are who they say they are securely and conveniently without ever having to leave the comfort of their couch. The face is particularly important here because it is the identifier used for official government IDs.
  • Reassurance: Not all authentication methods reassure the user. iProov’s Genuine Presence Assurance technology illuminates the user’s face with a sequence of colors, which reassure the customer that a secure transaction has taken place – user trust is therefore increased.

And there we have it: the top advantages of face biometrics. If you’d like to see the benefits of using face authentication to secure and streamline user authentication for your organization, book your demo here. You can read up further on our customers and case studies here.

Or, want to brush up on your biometric knowledge? Visit our Biometric Encyclopedia!

Back to Resources

iProov Blog Top Posts

The Best Of iProov: What Was Hot On The Blog In 2021?

December 22 2021

As 2021 draws to a close, we thought we’d take a look back at the most popular iProov blog posts of the past 12 months.

This year, the subjects of digital identity, cybersecurity, online identity verification and authentication, and biometrics have been higher on the agenda than ever before. From COVID status credentials to the growing threat of deepfakes, the question of how we can build trust online has been paramount. Our top blog posts provide insight into that.

But our blog is also a place to share some of our more personal achievements, so this is also a great opportunity to relive some of those.

So, without further ado and in reverse order, here are the top ten iProov blog posts of 2021:

10. What’s it like to receive a CBE? An interview with Andrew Bud, CEO of iProov

CBE Andrew Bud

iProov’s Founder and CEO, Andrew Bud, was made a CBE (Commander of the Order of the British Empire) for services to exports in science and technology in the Queen’s 2020 New Year’s Honours List.

In August this year, Andrew was able to go along to St James’ Palace for his investiture. Afterwards, we asked him about the whole experience: how did he find out he had been awarded the CBE? What was it like to go to the palace for the ceremony? What led him to this moment? A very interesting read. 

9. Meet the iProov team!

At number nine, we’ve gathered up our Meet the Team interviews. These profiles introduce you to the people who spend every day working on ways to protect us all from deepfakes (Jim), build great products (Anthony), or help to make iProov a great place to work (Martina)!

Get to know some of the iProov team:

8. Cloud Biometrics vs On-Device Biometrics: What’s the Difference?

Cloud biometrics vs on-device biometrics

This post explaining the advantages of cloud biometrics over device-based biometrics proved very popular. If you’re currently evaluating biometric technologies and providers – or are just interested in understanding how online biometric verification works – then this one is definitely for you. 

7. How Does Biometric Face Verification Help Protect Banks Against Money Laundering?

Anti money laundering compliance with biometrics cover image iproov

Money-laundering is a major global problem. Regulators around the world are cracking down on banks and other regulated industries to enforce more stringent AML processes. This post looks at the open letter sent by the UK regulator to UK banks earlier this year and explains how iProov technology can help organizations to prevent money-laundering. 

6. Can You Use Selfies for Online Identity Verification?

National Selfie Day cover image: looking at Selfie Anxiety, Selfie verification, Selfie identity

To mark National Selfie Day, we asked the question: is it possible to securely verify an individual using a single image or selfie? Spoiler alert: the answer is no. Single frame selfie verification isn’t enough to securely verify a person’s identity – you need a multi-frame solution. In this article, we illustrate how iProov works, and explain the concepts of ‘selfie anxiety’ and ‘selfie perfectionism’.

5. Biometric Authentication vs Biometric Verification: What’s the Difference?

Biometric authentication vs verification - this infographic explains the difference between them

At iProov, we’re always trying to make complex things simple. In this post, we explain the difference between biometric verification and biometric authentication. The two terms are often used interchangeably but they are separate activities. This post explains what they are and why you need them (just as we also did for face verification vs face recognition).

4. Tinder Trials Online Dating Identity Verification

Tinder trials online dating identity verification

In August, Tinder announced that it was introducing identity verification to improve security and make its users feel safer. We looked at how they could make this work for everyone.

3. Deepfakes of the Dead: Could They Be a Threat to the Financial Services Sector?

Deepfakes of the dead: image representing AI-generated woman security fraud attempt, being scanned, deepfake technology

Back in February, a company called MyHeritage released an online tool that enabled people to reanimate the dead. With just a few clicks, a photo of someone’s great-great-grandma could be brought to life.  

iProov has long anticipated the danger of deepfakes being used for nefarious purposes, and our technology has been designed to detect them. In this post, we look at how deepfake technology and deepfake fraud pose a threat to financial services and how it can be mitigated.

2. Ten Things You Need To Know About iProov HQ

iProov HQ 2 blog

It’s fair to say that we iProovers love our UK headquarters. So it isn’t a huge surprise that our second most popular blog post of 2021 is a top 10 of the highlights of working here. From pizza to fitness to free beer and great views, our UK office has a lot to offer. If you’d like to join an ambitious company with a fantastic team in a great working environment, check out our vacancies!

1. Fake COVID Vaccine Certificates and How to Protect Against Them

Fake COVID Vaccine Certificates - the iProov solution

If the world was hoping for an end to COVID in 2021, we were disappointed. As governments and organizations globally scrambled to find ways to keep citizens safe, the problem of fake vaccine certificates quickly became front-page news. Our blog post on how to provide safe and secure COVID Status Credentials and prevent fake vaccine certificates from being used attracted a huge amount of interest.

We’re looking forward to even more exciting developments in digital identity and online user authentication in 2022. If you’d like to be part of our journey, please check out our open vacancies – we’d love to hear from you.

Back to Resources

Data breach

How Can Biometrics Limit the Impact of Data Breaches and Prevent Identity Theft?

December 21 2021

The recent GoDaddy data breach was a timely reminder of the vulnerability of passwords and the importance of biometric authentication. The data of 1.2 million customers may have been exposed because an unauthorized person was able to access GoDaddy systems using a compromised password.

iProov has long warned that passwords are not a secure method of authentication: they can be borrowed, or stolen and then shared on the dark web.

This is why biometric face verification and authentication are so important to online security. Your face cannot be stolen – it can be copied (for example, with a photograph or mask) but it cannot be stolen. This means that:

  • Criminals are prevented from using stolen data to create new accounts online (for example, a new credit card or applying for government benefits) using a victim’s identity because the criminal will not be able to verify themselves using face verification
  • Stolen credentials cannot be used by criminals to access existing user accounts online if those accounts are protected by the genuine owner’s face biometric
  • If systems and accounts are protected using highly secure biometric technology, criminals cannot break in to steal data in the first place

How can face verification help solve the problem of data breaches?

1. Face verification prevents stolen data from being used for identity theft and new account fraud

The problem: If personal data is stolen during a breach, it can be used by criminals to impersonate a victim for new account fraud. Criminals can build dossiers of data from breaches – one breach of 1.2m accounts could provide the e-mail addresses and home addresses of those victims, for example, while another breach might also provide their date of birth.

By combining this data, criminals can have enough information to steal someone’s identity and create accounts online in their name. This could involve setting up new bank accounts for the purposes of money laundering or applying for new credit cards or government benefits for financial gain.

How face verification helps: iProov’s face verification technology helps to prevent new account fraud by securely verifying a new customer’s identity during online onboarding. A new customer is asked to use their mobile device or computer to scan their trusted identity document (for example, a driver’s license or passport). They then complete a brief face scan using iProov technology. This face scan is matched against the photo in the document to confirm that the applicant is the right person (not someone pretending to be that person). The face scan also confirms that the applicant is a real person (not a photo or video or mask). What makes iProov’s Genuine Presence Assurance™ unique is that it also verifies that the applicant is interacting right now (not a digital injected attack).

2. Face authentication prevents stolen credentials being used for account takeover

The problem: If a criminal group acquires the data of 1.2m people, they can theoretically use that data for account takeover on a huge scale. This can involve gaining access to those people’s bank accounts or social media accounts to steal money or demand ransoms.

If the criminals have been able to access email addresses and passwords, they can use those credentials to try and break into bank accounts, retail accounts and other sites where that email address and password combination may have been used.

Alternatively, they can access the email account and use that to convince the victim’s bank (or other organizations) to replace passwords, phone numbers and other details with their own, so that they have full control over a victim’s accounts.

How face authentication helps: iProov helps organizations to prevent online account takeover by authenticating users online with face biometrics. Because a customer’s face cannot be stolen, a criminal would not be able to gain access to their account, even if they had an email address or password. Face authentication can be used for primary authentication or as part of a multi-factor authentication strategy; if one factor, such as a password, is compromised, then the iProov biometric factor remains secure.

For example; login details from the GoDaddy breach are leaked on the dark web. A bad actor takes these credentials and uses them on a number of online websites. The first few accounts, they’re in luck: the accounts are not secured with iProov, so the bad actor gains access. However, they then try the user’s bank account. They’re dismayed to find that the bank uses iProov to authenticate each login or for every transaction. The bad actor is out of luck: they are not the right person and real person authenticating in real-time, so they can’t gain access to the victim’s money.

3. Face authentication prevents criminals from breaching systems

The problem: Data breaches continue to be a global problem because any system is only as strong as its weakest link. If a password can be compromised, then any system that relies on passwords can be compromised.

How face authentication helps: If systems are protected using iProov’s face authentication technology, either as primary authentication or as part of a multi-factor strategy, then criminals cannot gain access.

GoDaddy, data breaches and biometric face verification: a summary

  • GoDaddy is the latest organization to experience a data breach. This was caused by a compromised password and has resulted in the data of over a million customers potentially being exposed.
  • Biometric face authentication can help to prevent criminals from breaching data by reducing an organization’s reliance on passwords for security
  • If data is breached, biometric face verification (where a face scan is combined with a trusted photo source to verify identity online) can prevent stolen data from being used for online identity theft and new account fraud
  • Biometric face authentication helps to prevent stolen data from being used for online account takeover

If you’d like to know more about how iProov biometric face verification and authentication can help protect your organization, please contact us or book your iProov demo today.

Back to Resources

passive authentication from iProov explained

What is Passive Authentication and Why Should Organizations Use it for Online Identity?

December 2 2021

Blink. Nod. Look left, look right. Read the following sentence aloud…  

Sound familiar? If you’ve ever set up facial verification on a new smartphone or downloaded a new app, those instructions may well be recognizable. While some may consider these a minor inconvenience, these actions form part of an authentication process that is actually far more damaging than you might think. 

As more people need to use digital services—expedited by the pandemic—and biometric verification becomes increasingly mainstream, this ‘active’ authentication scenario could be preventing people from accessing important applications and information.   

Passive authentication, on the other hand, enables people to quickly and easily authenticate themselves online with public and private sector organizations. iProov’s technology delivers a truly passive authentication experience and is helping onboard and authenticate users without cognitive overload. 

So what is passive authentication and why is it so important for verifying the identity of individuals online?  

What is passive authentication?  

Passive and active authentication are defined industry terms. According to iBeta and as referenced in the global industry standard ISO 30107-1, an ‘active’ authentication scenario is one which elicits a voluntary response from the user, such as a movement, smile or blink as part of the authentication process. In a ‘passive’ authentication scenario, the user is not required to perform any actions. 

Active authentication vs passive authentication  

If you’ve ever set up face verification on a new smartphone, you will remember being asked to move your head in different directions, read something aloud or use your eyes to follow moving dots on a screen. That is active authentication. Active authentication follows a challenge-response format, prompting you to do something.  

With passive authentication, a user does not have to do anything. They are not asked to follow any complicated instructions or move themselves or their device—they simply look at the camera on the device and the authentication takes place.

Why is passive authentication important in today’s world?  

Biometric verification technologies are increasingly being used to provide users of all ages and abilities with secure access to online services. Government and public service applications must be inclusive to the largest possible audience, while in the commercial world building a system that excludes people limits the reach and success of that system.    

Every additional request during authentication, however minor, risks excluding people. Consider the challenge that lifting and moving a device around may pose to someone with reduced mobility, or the limitations posed by being asked to read from a screen if you have poor eyesight or reading ability. These instructions create cognitive overload, giving the user too much to consider and can result in the authentication either being abandoned or failing.  This means frustration for the user and lower adoption of the service. 

From a security perspective, active authentication also creates more risk. Asking a user to complete an action means that the action they complete is repeatable. Even if only repeatable for a limited number of times, this ‘repeatable’ nature makes it vulnerable to reverse engineering. In passive biometrics, the security mechanisms are ‘hidden’, so it’s far harder for criminals to create an attack that would trick a system. As fraud attacks continue to rise and become more sophisticated, mitigating these reverse engineering risks has never been more important.  

How is iProov passive?  

iProov’s technology delivers a truly passive authentication experience. A user is asked to iProov themselves during an online onboarding or authentication process with a government department or bank or other business. The user simply positions their face in front of the camera on their mobile device or computer and a short biometric face scan is completed. There are no complicated instructions to follow, making it effortless for the user. And because the authentication processes are hidden, this makes it more challenging for criminals to attack. 

Does liveness offer passive authentication?

Liveness detection solutions provide checks that help verify if a remote user is real and alive rather than, say, a photo being presented to a camera. 

Some liveness solutions, like iProov’s Liveness Assurance, deliver passive authentication. Others are active and require the user to move themselves or their device or read out words or numbers. Some liveness solutions use actions such as eye movement, which may be unprompted and unknown to the user. 

It’s important to note that not all liveness solutions are equal. Generally, liveness solutions offer protection against known attacks, such as presentation attacks, but they cannot verify that the remote person is present in real time, nor can they react and respond to new and emerging threats.

Therefore, although some liveness solutions may offer a passive user experience, they do not provide the security that can be found in the passive authentication delivered by Genuine Presence Assurance. 

Passive authentication, liveness, and Genuine Presence Assurance: what’s the difference?  

iProov’s Genuine Presence Assurance (GPA) is an industry leading passive authentication solution that offers greater security than liveness detection. GPA uses iProov’s Flashmark technology—a one-time sequence of colors that illuminates the user’s face during verification or authentication. This light sequence confirms a user is the right person, a real person and that they are authenticating right now. It is also equipped to respond to scalable, digital injected attacks and unknown threats.  

Genuine Presence Assurance offers a reassuring ceremony to the user. Authentication processes that are too quick or invisible can make us feel unsure of the security levels—especially if the speed of the process doesn’t align with the sensitivity or importance of the scenario, such as when we are making a sizable transfer of funds online. The brief light sequence offers reassurance that additional security is taking place, without creating the unnecessary friction of requesting us to complete other actions.  

The future of truly secure, inclusive biometrics is passive

Improving security often comes at the cost of the user experience—and vice versa—but truly passive authentication demonstrates why this needn’t be the case. Biometric verification and authentication are already bringing huge benefits to consumers all over the world in numerous applications. As technologies like facial verification continue to be rolled out more widely, it is imperative that organizations implement passive authentication experiences that champion truly accessible, inclusive biometric authentication. 

Passive authentication: a summary

  • Active authentication requires a response from the user – a nod, or reading of words, or moving the head or device
  • Passive authentication does not require a user to respond to complicated instructions
  • Implementing passive authentication offers many benefits to an organization, including higher completion rates, greater inclusivity and increased security
  • Passive authentication also offers many benefits to a user, including usability, convenience and reassurance
  • iProov technology has been designed to deliver a passive authentication experience

If you’d like to learn more about iProov’s passive authentication, please read about our Genuine Presence Assurance technology, read more about our case studies, or book an iProov demo here.

Back to Resources

10 years - questions Blog Andrew Bud

10 years of iProov: 10 questions for CEO, Andrew Bud

November 30 2021

Today, we’re celebrating our 10th birthday at iProov. For the past decade, we’ve been working to keep organizations and individuals safe online through the use of biometric face verification, working with governments, banks and other enterprises around the world.  To mark the occasion, we asked our CEO, Andrew Bud, to answer 10 questions about iProov’s story so far. You can watch the full video herebelow are some of the highlights.

Q1: Why did you set up iProov?

I set up iProov to solve a problem, a really big problem. About 10 years ago, I was running a large business in the mobile sector and we got involved in a huge case of payments fraud, which affected millions of people. 

I realized that the key to this was about authentication and identity. And with the march of technology, the problem was getting harder. In 2011, I invented a way of of of solving one of the really big problems of the internet: that of creating trust in people. That was big and exciting enough to excite me, but also to excite the team that I knew we would have to build to make it a reality.

Q2: What does iProov do?

We assure that a person on the other end of an internet link is the right person, is the real person, and is there right now. You can have all the facts and information that you like about a person, but in the end, trust depends upon the living, breathing, human being on the other end of the screen. 

Our task is to make sure that it is the right human being and a real human being, and not some sort of physical or digital forgerynot a mask or a piece of sophisticated synthetic imagery, but that a real person is engaging with the enterprise right now. And it’s important also that this can be done on any user’s device, on any smartphone, or any laptop without distinction of cost or brand. That’s our challenge.

Q3: How does iProov work?

Very simply, we have cracked the problem of creating a solution that is both highly secure and extraordinarily usable, and that was very much what we set out to do. When you come from the mobile content industry, as I did, you learn that usability is absolutely the key to success. Every action you ask a user to do reduces your completion rates by tens of percent. So usability was fundamental to everything that we did. And the question was how could we be sure that a user was real and right there right now, without asking them to do anything?  And to do so using the technology that was available on all personal devices? 

The answer was light. We use the screen of the user’s device to illuminate their face with an unpredictable sequence of colors. We send a video of their face back to our servers while that’s happening and we analyze the reflections of that screen light from the user’s face. The way that the light reflects off their face and interacts with the complicated and unpredictable ambient light tells us that these are real-life, three-dimensional human, face-shaped objects. And the sequence of colors that we see reflecting from the face has to be the sequence that we told the device to flash. If it looks realistic, but the sequence is wrong, we know we’re looking at a pre-recorded video or deepfake

Our technology is absolutely unique, and it brings with it a number of benefitsprincipally usability. The user doesn’t have to do anything. They look at their device, it looks back at them. 

Because we do all of this in the cloud, we’re then able to continuously analyze all the attacks that are mounted against usand there are a lot of themto learn about what the attackers are doing and how we can continuously make our system better, and all of this without impacting the user at all. By using this multidimensional technology that we have, we can make a perfectly passive experience and make it the strongest in the world.

Q4: What have been the highlights of iProov’s first 10 years? 

The first was probably the day that we heard that we had won our first grant from Innovate UK back in 2013: getting money to found a brand new business based upon an unproven technology to solve a hard problem when there were just two or three of you is incredibly difficult.

Another huge highlight was in March 2017, when iProov competed with another 19 UK cyber security startups for the National Cyber Security Center. We were competing in a competition called the Cyber Den, and we won. It completely transformed iProov’s profile both within the British government and also internationally. People suddenly realized that we were a very serious international player in the cybersecurity sector. 

Another great highlight was in November 2020, when it was announced that iProov was the fifth fastest-growing technology company in the Deloitte Fast 50 UK. For a decade, the iProov team worked together solving great problems kind of in darkness. Nobody had really heard of us. We had dreams. We wanted to build a large, fast-growth company, and that award said that we had accomplished the first stage of our journey. It said that we were of substantial size and we were growing. The rocket ship had lifted off the tarmac. 

There will be many more highlights to come. 

Q5: How has the digital identity market changed in the past 10 years?

One very striking evolution has been the dramatic transfer of all sorts of activities from in-person or letter-based to online. Ten years ago, it was still unusual to think that you could begin and complete secure transactions online, especially on your phone. Now, we absolutely take it for granted. Therefore, the whole question of digital identity, which was very much theoretical 10 years ago, is now something that national governments talk about, invest in, and execute in many parts of the world. So we’ve seen the rise of digital identity in those 10 years. 

There has been a revolution in the understanding of the intensity of the threats that society faces. Now, everybody understands that the real adversaries are highly resourced teams from serious organized crime and the security services of national state actors for whom fraud and money-laundering are a significant source of revenue to finance their nation states. 

So perhaps the biggest change has been an awareness that cyber is not just a risk, and identity verification is not just a nice to have—it’s a deadly serious requirement. 

Q6: How do you judge your success at iProov? 

Firstly, we judge it by how well we’re defending against attacks. Remember, we see all of the attacks mounted against us by any organization, anywhere in the world at any time. So we are continuously monitoring the threat and our ability to resist those attacks is an absolute cornerstone for how we judge ourselves. 

At the same time, we also monitor and measure how well good people are able to successfully authenticate and how many attempts it takes to for them to do so. And our metrics in that area are industry-leading and we are determined to keep them industry-leading to have them continuously improving. So one measure of our success is how well are we delivering service to good people? How well are we defending against the bad guys? 

A second measure is how motivated, comfortable, strong, confident, and together our teams feel. iProov is a very team-driven organization. We work together. It’s one of our core values and therefore one of the things that matters most to me is the wellbeing and team spirit of all of our staff. 

A very important metric is what our customers and partners think of us. A few recent quotes that I can share:

  • One very large partner said that we showed “deep empathy” for them and that we “share their pain”. They said that we have a “clarity of vision”, and we have “passion and ethics”. 
  • Another large global partner said that we are a “long term, scalable partner with credibility”, that we are a “responsive team that is fun to work with”. Indeed, that partner also said that when they started working with us, the Net Promoter Score within their organization rose because of the quality of the interaction with us. And they said that our solution is “beautifully efficient”. 

That’s the sorts of feedback that we use to judge whether we’re doing a good job. 

Q7: Where is iProov going in the next 10 years?

We’re in the business of assuring genuine presencethat is a huge, technically demanding, vital problem, and it isn’t going away. In fact, it’s going to get harder. So what we’re going to do in the next 10 years is to grow much bigger by solving that problem on a truly global scale, keeping billions of people safe. And we have to continue running fast. Our business is a little bit like a high-performance jetliner: we have to travel fast in order to stay at the altitude, to keep up and ahead of the attackers. 

So we’ve got to continuously innovate, continuously develop new technology, continuously research and implement. We have to achieve vast scale. We have to continuously improve our cost parameters. We have to continuously improve our performance and we have to reach every corner of the online economy so that everywhere in the world people iProov to keep themselves safe and know that iProoving is a marker of their safety. 

Q8: Why should someone come to work at iProov?

The reason why so many fantastically bright people have come to work at iProov, and stayed working at iProov, is because we have a purpose and we have a mission. Our mission is to keep people safe online worldwide to prevent bad things from happening to people and to give them freedom. And to do that, we have to achieve the remarkable. One of our key values is we achieve the remarkable. So it’s an exciting business to work in. I want people at iProov to be able to brag about their time in this company to their grandchildren. 

Q9: What’s your ambition for iProov? 

I want iProov to provide the birthright of trust to billions of people worldwide to enable them to lead full, rich, and safe lives online. 

Q10: What makes iProov different and better?

iProov values are a guiding star for us in the business, and they were developed together with the staff who had contributed so much to our growth. What are they? 

  1. Firstly, we achieve the remarkable., To deliver a solution that provides the highest levels of security and usability at the same time is very difficult. In fact, it’s so difficult that accomplishing it is remarkable and we seek to achieve the remarkable, not the mediocre. 
  2. Secondly, we prize our integrity. Integrity is fundamental to what iProov does. On the one hand, we are in the business of creating trust, and therefore it’s essential that we earn the trust of our customers, of our staff, of our partners, and of regulators everywhere. Trust is something that has to be ingrained in a business, and integrity lies at the core of that. That’s the way that we can hold our heads up high when dealing with questions about privacy, face verification, and identity. Our integrity lies at the heart of the spirit with which we move forward. 
  3. We work as a team. What we’re doing is complicated. It’s multi-functional. It’s multi-skilled. So everybody has to work together. As organizations grow, they often become siloed. We can’t allow that to happen at iProov. And indeed, it’s the teamwork that makes working at iProov such an enriching experience.
  4. Finally, we protect our resources. It’s important that as an organization grows, everybody knows that we work together, we seek to avoid waste. When we were a small company, this meant money and cash. Now, our focus can be more on our people: it’s their time, it’s their energy, and it’s their well-being. And we know those resources are precious and we prize them. 

We live our values at iProov and they’re the guiding star for how we do things.

Back to Resources

Meet the Team Martina Mingolla People Operations iProov

Meet the Team: How to Develop a Career in People & Operations

November 26 2021

This month we’re introducing you to Martina Mingolla. Martina works within our People & Ops team as our People Operations Coordinator.

Hi Martina! Could you tell us about your journey so far and what brought you to iProov? 

I joined iProov last December, initially within the Human Resources department. I joined during a particularly busy period and was only the second member of staff in the HR. I took on a lot of responsibility immediately, and looking back now can’t believe how much I’ve done, learned, and grown.

Joining a smaller, fast-growing company means you’re exposed to so many different sides of the business and can really forge connections with the rest of the company. Although I’m not sure how much longer we can claim to be a ‘small company’; I’ve already watched us go from 60 to over 100 people!

On a personal note, I graduated last year with a Bachelor’s Degree in Business. Initially, I only wanted to do a one-year exchange in the UK to experience London and improve my English. But then I fell in love with the city! I never feel judged here and there’s a lot of freedom. It’s very different from life in the small Italian town where I grew up. In my free time, I’m a big tennis fan and am always trying to get in as much traveling as I can.

What do you do day-to-day and what do you most enjoy about it?

I handle the day-to-day operations of the People function at iProov. This can mean many different things on different days: answering queries and helping people settle in, onboarding new hires, training staff, and helping with project management. I need to wear a lot of different hats! It’s fast-paced and every day there’s a surprise.

To give a concrete example, we recently moved the entire company’s payroll and holiday application from one system to another. This was a colossal task but it was necessary to streamline our internal operations. Along the way people had questions and concerns—answering those and supporting our people is all part of my daily routine.

What I like the most is the variety and scope of projects I can be involved in—everything from implementing systems to changing our healthcare provider, and improving the benefits and perks offered to staff. 

iProov is currently going through change and a lot of focus and investment is happening in the people and operations side. We’re making sure that our values stay consistent and our culture remains supportive.

How would you describe the culture at iProov? 

Friendly, welcoming, supportive. The HR team was small when I first joined iProov but I didn’t feel like I was in a silo—from day one, people from other departments invited me to their lunch plans and have gone the extra mile to help me feel part of the company!  There’s a saying at iProov favored by our CEO, Andrew Bud: “People are our most important asset”. And you can see why when you look across the company: everyone is driven, enthusiastic, and motivated.

In my opinion, Andrew plays a key role in iProov’s culture. Despite being a busy CEO, he puts in a lot of time to speak to people individually and we get time each week to ask him questions on standup about the direction of the business and what’s coming next. Rather than shying away from difficult questions, he seems to enjoy them!

As we soar past 100+ employees, some of whom work across the globe, it’s part of my job to ensure that this culture remains strong and that people feel connected and supported. I’m currently working on our employee handbook, which will optimize the new joiner experience. I’d finally like to say that the office culture at iProov is great—while many still opt to work remotely, I encourage any new joiner to come into the office and experience it. (You can read more about iProov HQ here).

You’ve recently made a change from Recruitment & HR to People & Operations. How did this change happen and what has it been like?

I started my career in HR and was more of a generalist—partly because there was just so much to do! I was involved with recruitment, people, events, and even payroll. It really was a lot of work but was what I wanted at the time in my career: to try and learn everything so that I could decide where I wanted to specialize. 

As my side of the business has grown, Recruitment & HR and People & Operations have expanded quickly and become far more clearly defined. This also opened up opportunities for me. A few months ago, I officially became People Operations Coordinator.

I think my story goes to show how fast things can change at iProov. Nothing’s fixed in place and you shouldn’t be scared to ask about changing or reshaping your career direction. There’s space for everyone here to grow as your teams expand within the company. 

What would you like to say to a person thinking about joining iProov? What should they know?

Let me first say that you won’t regret the iProov experience! It’s anything but a boring environment. But you need to be ready to take ownership of your job and at times it’s challenging, so an ability to work under pressure is valued. But overall it’ll really teach you how to handle fast-paced environments, and now I’ve realized I can handle anything if you approach it in the right way.

At iProov you can say what you think and how you feelthat’s another interesting part of the culture. Proposals are taken on board rather than ignored. You can make things happen and make a difference, develop your skills, and be valued for what you do. 

Finally, I’d like to touch upon the excitement of working in the biometrics and technology sector. It’s fast-paced, innovative, and you’re surrounded by these talented people all day. I also think thatespecially nowthere’s this energy at iProov because we all know we’re going places, but we don’t know exactly where we’ll be in, say, two years. We’re all strapped in for the journey, but we don’t have a crystal ball. That’s not how change works. But that’s also what makes it so exciting. 

There’s a reason people enjoy working here. Come and find out!  Apply to work at iProov today.

And meet more of the iProov team below!

Back to Resources

Meet the iProov Partners / Partnerships team

Meet the iProov Partner Team: Darren, Sachin, and Henry

November 19 2021

At iProov, we value our partners and are deeply committed to our joint success. To ensure that we provide you with all of the support you need, we’re expanding our partner team. 

This month we introduce you to Darren Hughes, Sachin Masade and Henry Walsh. Together they are responsible for running our partner program, onboarding partners, providing partner sales enablement and training, and running joint marketing activity.

Darren Hughes, Product Marketing Manager at iProov

Darren, could you tell us a bit about yourself? 

I’ve spent over 25 years in marketing, business development, and partnership management. Before that I actually always wanted to be a policeman! I think I just have a strong sense of curiosity and problem solving, so it appealed to me. As part of the iProov partner team, I’ve got different problems to solve: essentially how do I work with the partner to best enable their teams? How can we tell a shared and mutually beneficial story? And what is the most effective way to engage the partner teams so they clearly understand our key market differentiators? If I can get the message across clearly then they are well placed to answer detailed questions on our technology themselves and ultimately sell effectively.

When I’m not working you’ll normally find me on the river bank. Whether that’s carp fishing in summer or pike fishing in winter, being alone with my thoughts gives me an opportunity to unwind but also just think. It’s where most of my best ideas come from! 

What does your role as Product Marketing Manager involve?

I’m constantly thinking about how iProov’s key differentiators can help each partner individually. It’s important not to overwhelm partners, but to give enough to make their interactions and experience with iProov easy. 

iProov technology is about solving a problem, so really each product is a story in itself. I tell those stories to our partners, explaining why iProov works the way it does. For example: why do we have face abstraction? Why do we use a controlled illumination of colors on the user’s face? There’s a reason behind it all. When I explain these things as a story, it all seems to fit into place. When people “get” what we’re doing and it clicks, it’s rewarding.

At the end of the day, I’m showing our partners why they can trust us with their business. And in doing so I get to see how collaboratively we are combining some of the best cutting-edge products and technologies in our industry. Our partners are uniquely brilliant and it’s exciting to see how together we are solving many problems.

What do you have planned for our partners moving forward? What can they expect?

One thing I’m quite excited to talk about is our upcoming Partner Hub. This will be a dedicated partner area online where partners can get access to all of our resources, messaging, and collateral. 

This self-serve portal will provide brochures, info sheets, and regular marketing collateral but also easy access to ask questions and request more support.  Essentially this joint area is where we can collaborate and make sure the partner has the right type of material, meaning they can answer any question they get, or know how best to present iProov technologies themselves. All the essential iProov material will always be at their fingertips, which just makes everyone’s life as easy as possible. 

And of course, should the partner need something unique or bespoke then I can work with them to ensure they are fully supported.

Sachin Masade, Channel Marketing Manager at iProov

Sachin, could you tell us a bit about yourself? 

I have spent the last 10 years working with channel partners across emerging markets. Before joining iProov, I worked for Xerox where I was involved in the launch of their new partner portals.

On a more personal note, I started my career in India, which is where I grew up, then I went to the USA before settling in the UK. I actually always wanted to be a professor and teach postgraduates! In my free time, I keep up with all things cricket…I’m a bit of a superfan!

What does your role as Channel Marketing Manager involve?

Day-to-day, I’m constantly thinking about and planning how iProov can best communicate with our amazing partners. I’m creating marketing and communication plans to drive momentum with our networks, creating engaging content that can be shared with our partners and supporting the wider marketing team with partner onboarding and enablement. 

As a relatively new member of the iProov team, a lot of my work is still researching. When I truly understand an organization’s unique challenges and their individual needs, I can establish exactly where iProov can help them best. What are the problems we’re facing in the industry and how are we best posed to solve them together?

My main project at the moment is creating the iProov partner newsletterwhich is likely where you found this blog post! Moving forward, the newsletter will act as a hub: a place where our partners can find out about new content and keep up to date on iProov product releases and updates. Please continue to look out for our partner newsletter at the end of every month. 

What do you have planned for our partners moving forward? What can they expect?

Next yearCOVID allowing—I’m really looking forward to meeting a lot of our partners in-person to build better relationships and closer methods of working together. I’d like to set up regular catch-ups, and also plan for a partner summit.

A lot of this is in view of running shared campaigns. It’s going to be a huge focus for me and for iProov moving forward. This might include shared whitepapers or joint marketing campaigns. Part of this will be supplying those partners with the messaging, co-branded resources and graphics. It’s all about making partners’ lives easier to meet our shared goals. 

Henry Walsh, Partnership Manager at iProov

Henry, could you tell us a bit about yourself? 

I studied History at Cambridge and joined iProov straight after I graduated in 2019. It’s been an amazing place to start and develop my career. 

I was drawn towards partnerships because it involves fitting pieces of a puzzle together. I enjoy running discovery calls and finding out exactly what our partners need so I can fit iProov’s products to those needs. 

I was a rower at uni and I think those early mornings prepared me well for working with our partners in Asia-Pacific! I’m also a big scuba diving guy and am looking forward to getting back into that more seriously post-pandemic, possibly on some APAC visits!

What does your role as Partnership Manager involve?

While Darren and Sachin all work within the Product & Marketing team, I sit on the Revenue side of the business. This means that I’m usually involved with our partners at the earliest stage of the relationship: discovery calls, for instance, where I establish which iProov product they’ll benefit from most and why.

I also take care of partner onboarding. I connect people on the partner side with their relevant counterpoints on the iProov side and set out the processes that will underpin our relationship. This step is vital in ensuring that the partnership gets off on the strongest footing. 

I enjoy my role because the interactions are always collaborative. Working with partners is a really positive experience—I think it’s because we’re doing something immediately mutually beneficial. We know we can help each other and my job is to make that as easy as possible from day one. 

Also, I love that my job has a global remit. That means that it’s varied and at times unconventional: sometimes early mornings talking to Australia and New Zealand, sometimes late evenings speaking to American partners. But it’s exhilarating to work across those geographies and cultures at this stage in my career—and I always had something to do during lockdown!

What do you have planned for our partners moving forward? What can they expect?

As mentioned by my colleagues, we’re building out a more concrete partnership system with a focus on co-marketing. I’m excited that the program is being strengthened across the business. There will be more updates soon in the upcoming newsletters. 

We’ll continue to be flexible and go the extra mile when working with our partners. We’re all very easy to get along with in the Partner team… and if you’re not a partner yet, then I’ll be your first point of contact! 

If you’re curious about partnering with iProov, then you can submit a partnership enquiry here. Henry will be happy to take you through a discovery call.

Back to Resources

facebook (meta) scraps face recognition, clarifying difference from face verification

Facebook’s Decision Highlights the Difference Between Face Verification and Face Recognition

November 8 2021

Facebook is the latest organization to join iProov in drawing an important line between the use of biometrics for face verification versus face recognition.

In a press release, the company now known as Meta announced that it will no longer use face recognition to automatically recognize people’s faces on the Facebook platform.

But they also confirmed that the use of face biometrics for identity verification will grow in importance, seeing it as an important tool:

“Looking ahead, we still see facial recognition technology as a powerful tool, for example, for people needing to verify their identity, or to prevent fraud and impersonation.”

What’s the difference between face verification and face recognition?

Although Facebook refers to ‘face recognition’ in the above paragraph, they are describing face verification. So what’s the difference? Let us explain:

Face verification takes place when a user needs to verify their identity or authenticate themselves. For example, if you want to apply for a driver’s license or a credit card online, you need to be able to prove that you are who you claim to be and that you are not an imposter that is attempting to impersonate you. Then when you log back in to pay off your credit card bill, you will need to authenticate and prove that it is genuinely you that is accessing your account.

At the same time, online dating services like Tinder and social media networks are increasingly worried about users being defrauded by criminals using fake profiles of people that don’t exist at all. Face verification enables organizations to be certain that a user is the right person and a real person so they can protect their customers from fraud.

How does face verification work? With iProov, a user completes a brief, effortless face scan on a mobile device, computer or kiosk. The user knows it is taking place, they participate in the process, they get a direct benefit from it and their privacy is protected.

Face recognition is different. It often takes place when a user is unaware that it is happening—for example, a CCTV camera in a public place could be matching faces that it spots on the street with a database of criminals. The user is often not aware that it is happening, they don’t participate in the process or directly benefit from it, and their privacy is not protected in the same way that it is with iProov.

This is a useful summary:

Verification vs Recognition Twitter 4 social size

Why is Facebook shutting down its face recognition system and what does it mean for users?

Until now, Facebook would store a ‘faceprint’ of any user who opted in to the use of their face recognition system. This then enabled Facebook to identify that person if they appeared in any photos or videos that were uploaded to the platform. The user could then be alerted so they could tag themselves.

Facebook will no longer be providing this option to users and the faceprints of users that opted in will be deleted.

How will Facebook be using face verification from now?

Meta says that it will be looking at face verification for a number of use cases: “This includes services that help people gain access to a locked account, verify their identity in financial products or unlock a personal device. These are places where facial recognition is both broadly valuable to people and socially acceptable, when deployed with care.”

Why is the Facebook announcement so significant?

This announcement from Facebook demonstrates that:

  • Society is recognizing the difference between face biometrics for enabling people to use the internet safely (face verification) and face biometrics as used in surveillance (face recognition). For too long, the two things have been lumped together and often seen in a negative light. That is rightly changing, as this announcement shows.
  • Consumers appreciate the convenience of face verification and this is encouraging them to understand its benefits and the difference between verification and recognition. Earlier this year, iProov surveyed consumers in the UK, US, Canada, Australia, Spain and Italy and discovered that 38% already use face verification to access their mobile banking apps. A further 32% would do so if it was supported. Why? Convenience. Passive face verification, where the user has to do nothing but look at their device camera, is incredibly simple when compared to typing in passwords or tapping images with traffic lights in them.
  • Facebook recognizes that face biometrics are a highly secure way to authenticate users online to keep them safe, and specifically calls out identity recovery and financial services as the areas where face verification will be most valuable. Face verification is more secure than passwords and other online security measures—Facebook appreciates this, as do other enterprises and government agencies around the world. As identity theft, money-laundering and other cybercrime increase, security will become ever-more imperative to protecting consumers and society as a whole.

How does iProov deliver face verification?

iProov’s face verification technology is being used by governments and enterprises around the world to verify the identity of users online.

Our Genuine Presence Assurance technology delivers the highest levels of security, usability, inclusivity, privacy and scalability:

  • Security: iProov’s Genuine Presence Assurance is the only solution that verifies if an online user is the right person, a real person, and if they are authenticating right now. iProov is also cloud-based and does not depend on the integrity of the device as other solutions do. iProov customers also benefit from our iProov Security Operations Centre (iSOC)—we monitor attacks and adjust our algorithms to provide sustainable security in a way that other vendors cannot. This allows us to defend against evolving and unknown threats, including the use of deepfakes and digital injected attacks.
  • Usability: iProov face verification is designed to be effortless for the user. There are no instructions to follow, such as moving the head or device or reading out words or numbers. The user simply positions their face in the oval on the device screen and the authentication completes.
  • Inclusivity: Face verification is inclusive because everyone has a face and most devices have a user-facing camera. iProov’s solution is more inclusive than others because it requires no reading or following instructions and it can be used on any device with a user-facing camera—including mobile devices, computers, tablets, and kiosks—to make it available to the broadest community of users.
  • Privacy: iProov uses a privacy firewall and strong encryption techniques to protect highly sensitive data such as face biometrics to safeguard the user’s confidentiality.
  • Scalability: iProov technology is being used by governments, banks and other organizations around the world, including the UK Home Office, Australian Taxation Office and Singapore Government, to verify millions of online users.

Facebook and face recognition vs face verification: a summary

  • Facebook has decided to end the use of its face recognition system. Users will no longer be automatically recognized in photos and videos, and facial biometric data will be deleted.
  • The company will continue to use face biometrics for identity verification, for example for identity recovery, financial services and other scenarios where online security is needed.
  • In doing this, Facebook joins the increasing number of organizations and individuals that recognize the difference between the use of face biometrics for online trust and the use of face biometrics for surveillance and other forms of recognition.
  • It also demonstrates the acceptance of face verification as the most secure and convenient way to verify and authenticate online users.
  • iProov’s Genuine Presence Assurance delivers the most secure, convenient, inclusive, scalable and private method for verifying and authenticating individuals online to prevent cybercrime.
  • This is why iProov is the chosen vendor for organizations such as the US Department of Homeland Security, the UK’s National Health Service (NHS), the Australian Taxation Office, the Singapore Government and banks including Knab and Rabobank.

If you’d like to learn more about iProov’s face verification, please read about our Genuine Presence Assurance technology, read more about our case studies, or book an iProov demo here

Back to Resources

Biden cybersecurity executive order says multi-factor authentication is needed. Biometrics are the answer. Image shows the white house with a padlock in front

America Goes Multi-factor: Why Cloud-Based Biometrics are Necessary to Accelerate and Secure Multi-factor Authentication

November 3 2021

Earlier this year, following a string of cyber attacks on US infrastructure, President Biden met with over 35 private sector CEOs. He announced plans to enhance cybersecurity across the country, vowing to prioritize and elevate cybersecurity “like never before”. The White House also published an executive order mandating organizations to improve their cybersecurity. Among other things, this order stressed the importance of multi-factor authentication and cloud-based architecture. 

But organizations need to be mindful about how they plan and execute a multi-factor authentication strategy. So much is at stake if it goes wrong.

What are the risks of implementing the wrong multi-factor authentication solution?

  • Security: many existing multi-factor methods are lacking in security. Passwords, SMS one-time passcodes (OTP), and other tactics are vulnerable to attack. Organizations need to think about future-proofing their operations and protecting customers with stronger methods.
  • Completion rates: every step in a customer journey creates friction. Asking customers to complete an extra security check can cause drop-offs if it isn’t convenient and effortless for them. 
  • Inclusivity: asking your customers to follow instructions or use multiple devices for authentication can result in some users not being able to use your services. 

iProov’s cloud-based biometric technology is used by the world’s most security-conscious organizations to assure the genuine presence of an individual during multi-factor authentication. Genuine Presence Assurance can be used as part of a strong MFA strategy by providing the form of inherencesomething the user is

The bottom line? America is going multi-factor, and iProov can help get it right the first time around.

What is multi-factor authentication (MFA)?

When you log on to an online service, such as a social network or bank, you’ll usually get asked for a password. If the password grants you immediate access, you have completed single-factor authentication. If the system asks you for a second security checkfor example, you’re asked to type in a one-time passcode sent to you via SMS, or double click the side button on your iPhonethis is multi-factor authentication.

Multi-factor authentication aims to verify that you are who you say you are. To complete true MFA, you’ll need a combination of two or more authentication factors:

  • Something the user knows (knowledge-based authentication, like a password)
  • Something the user has (possession-based authentication, like an SMS OTP sent to a device owned by the user)
  • Something the user is (inherence-based authentication, like face authentication)

Importantly, if the bank asks you for a password and then for the answer to a security question, it might improve security but this isn’t multi-factor authenticationboth the first step and second step are knowledge-based

Why does America need multi-factor authentication?

In short: America needs to protect its government, enterprises, citizens, and economy against the financial losses and disruption caused by cybercrime. 

Identity theft is a huge problem in America. iProov data shows that a staggering 29% of Americans have been a victim of identity theft, compared with just 15% of Brits and 13% of Australians. 

If a relative, roommate, or a criminal steals your identity by getting hold of your passwords or personal and authentication information and pretending to be you, they can do a lot of damage. They can access your bank or other personal accounts to steal money or demand ransoms (this is account takeover). It’s not always about moneythey can also be aiming for disruption or reputation damage.  

Multi-factor authentication helps to prevent identity theft and other forms of cybercrime through inappropriate account access. It ensures that the person trying to access their account is the genuine owner of that account and not an imposter or criminal. 80% of data breaches could be eliminated by the use of multi-factor authentication.

A recent example: The hack that shut down the US’ largest fuel pipelinethe Colonial Pipelinehappened because just one employee’s compromised password was leaked on the dark web. This password then granted the attacker remote access to the company’s entire computer network. No damage to the pipeline was caused, but Colonial paid out a $4.4 million ransom to the hacker.

How would multi-factor authentication with iProov have prevented this: Imagine, as in the Colonial Pipeline example, that a bad actor manages to get hold of a federal government employee’s password. But this time, the federal agency has set up multi-factor authentication using iProov technology. The bad actor enters the password, trying to gain access to government systems. They’re asked to complete a brief facial scan to authenticate. The criminal is thwarted: even if they had imagery of the defrauded employee’s face, iProov’s Genuine Presence Assurance technology would detect that the real individual was not present and the access request would be rejected. iProov detects images, videos, masks, deepfakes and other synthetic media that can be used in presentation attacks and digital injected attacks to spoof a system.

Why are face biometrics the best option for multi-factor authentication?

If you’re building a multi-factor authentication strategy, face biometrics should be part of your plan. Let’s look at some of the benefits of using face biometrics in your MFA strategy. 

Advantages of face biometrics for your customers: 

Convenience

  • Why does convenience matter? Users like convenience. If your competitors offer a more convenient authentication option, you risk losing your customers. At best, you risk customers abandoning the process if it involves too much effort.
  • How does face authentication deliver convenience? The right face authentication is simple and convenient: there’s no complexity, no need to to copy a one-time passcode from one place to another. And what’s more, you always have your face with you!
  • What makes iProov more convenient than other face authentication solutions? iProov has the added benefit of being device-agnostic. This means that people can iProov themselves on whatever device they’re using at a given moment; a mobile device, a desktop computer, a tablet, or on a kiosk.

Speed: 

  • Why does speed matter? Consumers also like speed. If a log-in process takes too long, there is a risk that they will get frustrated, give up and/or go elsewhere.
  • How does face authentication deliver speed? Face authentication takes a few short seconds. It is often faster than waiting for a one-time passcode or opening up an app on a mobile device to authenticate.  
  • What makes iProov speedier than other face authentication solutions? iProov’s intuitive user interface and use of an abstracted image means that users are not confused by instructions and also not distracted by selfie anxiety

Reassurance: 

  • Why does reassurance matter? It might sound counterintuitive, but speed is not always the priority. If your customer is transferring $50,000 to a new beneficiary, they want to know that the process is secured by appropriate checks and verifications before the transfer is made. The appropriate level of reassurance is important.
  • How does face authentication deliver reassurance? If face authentication is implemented correctly, it can provide the right level of reassurance for a variety of different scenarios. Face authentication delivers more reassurance than other authentication methods: for example, a voice authentication that is done without the user knowing can be disconcerting, while being asked to wait for an OTP being sent via SMS can leave the user feeling like they are not in control of the situation.  
  • What makes iProov more reassuring than other face authentication solutions? iProov’s Genuine Presence Assurance technology illuminates the user’s face with a sequence of colors. This short ‘ceremony’ takes a few seconds and helps to reassure the customer that a secure transaction has taken place.

Ease of use: 

  • Why does ease of use matter? If an authentication process is difficult to use, then your customers will avoid using it. They’ll either find an alternative option with your competitors, or drop-off on this occasion in frustration and not complete the transaction, or they’ll find a workaround, as people do when they write down their passwords.  
  • How does face authentication deliver ease of use? Face authentication can be extremely simple: a user just needs to look at the camera on their mobile device or computer. This is much easier than switching between devices or services to find an OTP.    
  • What makes iProov more usable than other face authentication solutions? iProov’s face authentication is passive—there are no instructions for the user to follow as with other vendor solutions, such as moving their head or device, or reading out words or numbers. They simply position their face in the oval on the device screen and the authentication completes. It provides maximum accessibility and usability.

Advantages of face biometrics for your organization: 

Inclusivity:

  • Why does inclusivity matter? Inclusivity is critical to any organization. If people need to have a smartphone to use your service, or need to be able to follow complicated instructions, you risk excluding audiences that should and could be benefitting from what you have to offer. It’s essential for the public sector but all organizations need to plan for inclusivity.
  • How does face authentication deliver inclusivity? Everyone has a face and most devices have a user-facing camera, which makes passive face authentication an inclusive solution. Fingerprint authentication, for instance, is only available to those with access to certain hardware. Additionally, most government-issued ID documents have a face image, so secure onboarding using a document and face biometric is the optimal choice. 
  • What makes iProov more inclusive than other face authentication solutions? Inclusivity is a priority for iProov. Because our technology works on any device with a user-facing camera, it can be extended to kiosks – this enables those needing support to visit branches or offices to access assistance. 

Completion rates: 

  • Why do completion rates matter? If a user fails to complete an authentication – whether it’s an application for a driver’s license or to transfer $1000 to a friend – there are implications. They may be required to call your call center instead, which means frustration for them and increased costs for your organization. Or they may give up and go elsewhere. The outcome is lost business and customer dissatisfaction.
  • How does face authentication deliver high completion rates? If your face authentication solution is accurate and scalable, as well as convenient and easy to use, it can help you to deliver high completion rates. If a customer has to wait for an OTP or has to request another one and gets them confused, they might abandon the authentication.
  • How does iProov deliver higher completion rates than other face authentication solutions? iProov combines simplicity with accuracy to ensure that completion rates are maximized. We also protect against selfie anxiety and selfie perfectionism to encourage users to complete the authentication process as easily and quickly as possible.

Security

  • Why does security matter? Online crime increased dramatically during COVID-19. Organizations must protect themselves and their customers from the financial, emotional and reputational impact of identity theft and online fraud.   
  • How does face authentication deliver security? Face authentication can offer greater security than passwords, OTPs or other authentication methods. However, not all face authentication solutions can provide the security that is needed – device-based face authentication rather than cloud-based, for example, can be vulnerable to attack. It is important to choose the right vendor that can offer a range of flexible options for different risk profiles.
  • Why is iProov more secure than other face authentication solutions? iProov’s face authentication offers the highest levels of security for online authentication. First, Genuine Presence Assurance is the only face authentication solution that verifies if an online user is the right person, a real person, and if they are authenticating right now and not a presentation attack or digital injected attack. iProov is also cloud-based and does not depend on the integrity of the device, as some other solutions do. iProov customers also benefit from our iProov Security Operations Centre (iSOC)—as a cloud-based service, we can monitor attacks and adjust our algorithms to provide sustainable security in a way that other vendors cannot. This also allows you to defend against evolving and unknown threats. iProov’s cloud-based authentication is also out-of-band. The authentication happens on a different plane, or “band”, to the device used to authenticate. If you use an OTP on a mobile phone, for instance, then access to the phone grants access to the OTP also, which is a critical vulnerability.

You can read more about why face authentication is the best authentication method here. 

The Biden administration and cloud technology 

Multi-factor authentication is just one of several important points covered in the executive order. Cloud technology was also underlined as a necessity; agency heads were given 60 days to show how they will “prioritize resources for the adoption and use of cloud technology.”

This means that iProov’s cloud-based biometric face authentication technology enables you to accomplish two things at once. First, you deliver the best possible multi-factor strategy for your users and organization. Second, you’re prioritizing the use of cloud technology. 

Case studies:

iProov is already used by the world’s most security-conscious organizations, including:

The Biden administration’s commitment to multi-factor authentication in America: a summary

  • The Biden administration has announced that multi-factor authentication will be part of its cybersecurity focus. This will help to avoid password vulnerabilities that can lead to incidents such as the Colonial Pipeline shutdown.
  • However, organizations should know that using two weak authentication methods – for example a password and a security question – is not the answer.
  • Secure multi-factor authentication needs a biometric component, or ‘something you are’ to go with ‘something you have’ and/or ‘something you know’.
  • iProov’s Genuine Presence Assurance is ideal for multi-factor authentication; it’s secure, easy to use, convenient, inclusive, reassuring and maximizes completion rates. 

If you’d like to learn more, you can visit our multi-factor authentication page, read our case studies, or book an iProov demo here

Back to Resources

Cloud biometrics vs on-device biometrics

Cloud Biometrics vs On-Device Biometrics: What’s the Difference?

October 19 2021

A key question for anyone evaluating biometric technologies is: should the authentication take place on-device or in the cloud?

At iProov, we believe that cloud-based, or server-side, biometric authentication is a great option for securely authenticate users remotely. We use the cloud because:

  • Devices are vulnerable. They can be stolen, hacked, lost, or damaged. If the authentication is taking place on the device, then any organization using biometric authentication has to trust the integrity of the device being used. At iProov we take a secure approach by assuming that neither the user nor the device can be trusted.
  • The cloud enables active threat monitoring. iProov is able to monitor and analyze attacks on our systems in real-time because we use the cloud. Our iProov Security Operations Center (iSOC) observes attack techniques and applies machine learning to help us adapt quickly to novel threats, which increases the security and protection that we can provide to our customers and their users.

In this article, we’ll discuss the advantages and applications of cloud-based versus on-device authentication.

Cloud vs on-device biometrics: what’s the difference?

Scenario 1, cloud-based biometrics: You need to send a large sum of money to a friend. You access your bank via your mobile device or computer. First, your bank needs to double-check that you are the genuine account holder so it can authorize the transaction. To do this, it prompts you to iProov with Genuine Presence Assurance. You present your face to the user-facing camera and a short sequence of lights illuminate your face. The imagery and unique sequence of lights is sent to the server to be analyzed and verified against the image you provided at onboarding. This ensures you are the right person, a real person, and are authenticating right now.

The entire authentication process happens server-side, independently from the device. This means that a device affected by malware, for example, will not compromise the authentication process.

Scenario 2, device-based biometrics: You begin the process of transferring money via your mobile device. Again, your bank needs to confirm that you are who you say you are, so you authenticate using biometrics (such as by presenting your face to the camera or fingerprint to a sensor). Only this time, the entire authentication process takes place on the device, which means it is dependent on the device being secure. If the device has been stolen or hacked, the bank or other organization would not be able to detect this and the transaction could potentially be fraudulent.

So, the former processes the authentication on a cloud server, while the latter processes the authentication locally. The main difference is the additional security that cloud-based authentication can deliver over device-based authentication, but there are also many other advantages to using the cloud.

Cloud based authentication, verification, and identity recovery

Before we move on to look at the advantages of cloud in more depth, let’s consider when organizations use biometrics for online identity verification and how the cloud is used in each one:

  • Identity verification for onboarding: When you use iProov to onboard an online customer, the process will likely involve the verification of the user’s physical face against the image in a trusted document, such as a passport or driver’s license. This process needs to be completed in the cloud.
  • Authentication: Once the user has onboarded, they can use iProov to authenticate themselves on an ongoing basis. Apple Face ID and other on-device authentication can work for low-risk scenarios, but if a customer wishes to transfer money or complete other secure processes, a cloud-based authentication is needed to ensure it is the legitimate user and that the device has not been compromised.
  • Identity recovery: If a user loses their device, or it breaks or gets stolen, they lose the ability to authenticate themselves. Cloud-based identity verification is necessary to enable users to securely access their apps and services via another device without needing to re-enroll. There’s no need for any lengthy identity recovery process because the credentials are stored in the cloud rather than a device.

Cloud-based verification forms an essential part of the online customer lifecycle – critical for onboarding,  authentication, and identity recovery.

The benefits and advantages of cloud-based biometric authentication

1: Security

Why is cloud-based biometric authentication more secure than on-device?

  • Cloud-based biometric authentication is unaffected by vulnerabilities on the device (or execution environment). The biometric process is hardware-independent, and the device is simply the medium or facilitator. The security is in the cloud, not on the device.
  • Biometric authentication software operating in the cloud is opaque to an attacker and can be more difficult to reverse-engineer than on-device authentication.
  • With on-device authentication, the onus is on the device owner to keep their device updated with the latest device software and security patches. This means that it can take longer for organizations and system providers to address new threats, which creates vulnerabilities. With iProov, algorithm updates can be made within the cloud to ensure defenses against new and evolving threats are updated rapidly.
  • If you are using iProov’s Genuine Presence Assurance, you also benefit from active threat monitoring. This is an iProov-specific advantage, where the iSOC provides you with continuous security against new threats. Response to new and evolving attacks can be much faster and more efficient in the cloud. Defenses and algorithms can be updated continually in response to new threats, which makes life much harder for attackers, as the cloud-based processes are a moving target. This ultimately means that we learn more about the attackers than they learn about us.

On-device authentication can be trusted if and only if the integrity and identity of the device and its user can be trusted. If a device is compromised through malware or a digitally injected attack, then the user’s biometric data could be extracted or spoofed.

This means that, for an organization, each device is a source of risk, which is a potential insecurity.

The bottom line is: with cloud-based biometrics, organizations can protect themselves against the risk of fraudulent authentications taking place on compromised devices. This is a huge advantage as cybersecurity threats evolve.

2: Privacy

The privacy of data depends on the company collecting it and the operational environment.

For instance, at iProov we use a privacy firewall and strong encryption techniques to protect highly sensitive data to safeguard the user’s confidentiality. The biometric imagery is stored as an encrypted biometric template, which is referred to using an anonymous pseudonym. This is not associated with anything that could reveal the users’ identity.

Ultimately, privacy of data comes down to how it is used, the company using it, and the laws and regulations they adhere to. Cloud-based identity verification providers, such as iProov, are regularly audited and comply with ISO 27001 and 27701 certifications, validating the security and privacy capabilities of the cloud for managing data securely.

3: Hardware: extend to other devices

It’s easier for cloud-based applications to be deployed across a wide range of platforms and hardware. iProov technology in particular can be deployed on any device with a user-facing camera, including:

  • Mobile devices, such as iOS and Android
  • Computers and laptops
  • Tablets
  • Kiosks
  • Web browsers

Once the user is ‘iProoved’ with a particular organization, they’re immediately able to access the service or account on any device.

With an on-device solution, a user would lose access to that organization’s online services if the device they had verified on was lost, stolen, or damaged. Identity recovery would be necessary to get them up and running again. This is because the device ID will be linked to a user’s ‘profile’, and if the device ID changes they would need to re-onboard and reverify. However, with iProov, once you’ve verified you can simply authenticate on any device, even if the original device was lost, broken or stolen.

4: Inclusivity

The cloud can also enable organizations to reach the widest possible audience online. With iProov, you can ensure that users have access to your digital services even if they don’t have access to a smartphone, computer, or tablet.

iProov’s cloud-based technology can be extended to kiosks to ensure that people are not excluded from securely accessing services. These kiosks can either be offered unsupervised in shopping malls or travel hubs, or situated in banks or government offices where staff can be on-hand to offer support.

And across all of these devices, iProov ensures a consistent user interface — designed to combat selfie anxiety — to reassure customers.

5: Convenience and user experience

iProov’s cloud-based technology also makes identity recovery simple. Data shows that people replace their phones around every three years, which means many people need to recover their identity on services or apps every year. This poses two main problems:

  • Inconvenience for the user (often involving a tedious recovery process) which could increase churn rates and cause frustration for users
  • Security risk if the phone is sold without being wiped or is stolen

Because iProov authentication occurs on the cloud and not on the device, recovering identity on a new or replacement device is simple. iProov creates trust in the person holding the device rather than the device itself. All that’s needed is a brief Genuine Presence Assurance face verification on each device, rather than resubmitting all of your documentation or needing to speak to a customer service representative to prove your identity.

This also means that, if required, user journeys can be started on one channel and completed in another.

Here’s what it looks like in practice: A bank’s customer is travelling abroad and loses their mobile phone and credit cards. To access cash and arrange for replacement cards, they use a friend’s device. They authenticate themselves in the same way they would have done on their own device — an effortless biometric face scan processed on the cloud. This simple process enables the user to access the required services with a recognisable, reassuring customer experience. No biometric information is left on the shared device, reducing risk and protecting privacy.

Cloud biometrics vs on-device biometrics: a summary

  • Cloud-based biometrics are necessary throughout the online customer lifecycle; for onboarding, identity recovery and for any authentication that is not low-risk.
  • On-device authentication is useful for every-day activities, such as the unlocking of personal devices, where the threat is low.
  • Cloud authentication is needed for activities where there is a risk that fraud or other crime could be committed if a device has been compromised.
  • iProov’s cloud-based service can offer greater security than on-device systems. On-device authentication can be trusted if — and only if — the integrity and identity of the device and its user can be trusted. iProov assumes the user and the device have been compromised.
  • iProov also provides active-threat monitoring, which is made possible by the cloud, through the iProov Security Operations Center (iSOC) to quickly respond to evolving attack types.
  • It’s easier for cloud-based applications to be hardware-agnostic. iProov works across mobile devices, tablets, computers, and kiosks.
  • The cloud enables greater inclusivity to reach the widest possible audience. iProov can be extended to kiosks to ensure that people are not excluded from securely accessing digital services if they do not have access to a smartphone or other device with a user-facing camera.
  • The cloud offers greater convenience to the end-user, for example making the user experience for identity recovery much easier.

This is why iProov is trusted by some of the world’s most demanding organizations — such as the US Department of Homeland Security, the UK Home Office, Knab, and Rabobank — to provide secure online user verification and authentication.

If you’d like to know more about how our cloud-based biometric technology can help your organization to verify and authenticate users, click here to book a demo.

Back to Resources

iProov Liveness Assurance

How iProov developed Liveness Assurance

September 30 2021

Since 2011, iProov has focused on controlled illumination as a means of assuring genuine presence of a remote user. This technology has proven to be unrivalled in its usability and the robustness of its security.

iProov has also been interested in motion as a biometric and signal of genuineness since 2014. In that year, iProov won a grant from Innovate UK (the UK government’s innovation agency, known at the time as the Technology Strategy Board) for a project looking at the feasibility of using hand movements as a biometric.

In 2014, iProov also won Innovate UK funding to study the way changes in images resulting from device movement, in itself a weak indicator of liveness, could be combined with motion sensor data to provide an adequately strong signal of liveness.

This project was very successful and in 2015 iProov filed patents, subsequently granted in US and overseas, covering this innovation.

The Innovate UK project also addressed the case where motion sensors were not available. This gave rise to some innovations on which patents were filed in 2014 and subsequently granted in many countries worldwide.

iProov was aware of the potential security vulnerabilities that affect liveness technologies based on device motion. This led iProov to focus instead on developing the much higher integrity solution made possible by iProov’s patented Flashmark technology. This was subsequently launched as Genuine Presence Assurance and has won many international awards for its exceptional security and usability.

In the first half of 2020, iProov was able to use the wealth of liveness technology that it had already developed to bring a product to market to meet low risk applications where traditional levels of liveness would be sufficient. This product could continue to provide extremely good usability and high conversion rates (in contrast with competitive offerings). This has earned it significant success in the commodity liveness assurance market.

iProov was also able to combine its Liveness Assurance product with its unique, market-leading Genuine Presence Assurance technology to create another unique offering in 2020: Flexible Authentication. This enables organizations to select the level of ceremony/security trade-off appropriate to each transaction, on a transaction-by-transaction basis, using a single SDK, a single integration and single commercial contract.

Now processing large volumes of liveness assurance, iProov continues to develop its technology and to educate the market on when its use is appropriate. There are many use cases, particularly in government and financial services, when liveness simply does not offer adequate security and Genuine Presence Assurance is the only robust way to safeguard the citizen, the organization and society. Today, Genuine Presence Assurance is the only solution available on the market that adequately defends high value or high profile targets against the full range of attacks launched by determined adversaries. It is also the only solution that has been approved by several national government testing programs.

iProov continues to devote the energies of dozens of research scientists in its rapidly growing Science team to focus on this area. By developing new techniques to defend against tens of thousands of real world attacks against high value targets, iProov can keep its customers and their customers safe through assuring the genuine presence of online users.

Back to Resources

Will Morgan meet the iProover head of development

Meet the Team: A Day in the Life of iProov’s Head of Development 

September 28 2021

This month we introduce to you Will Morgan, our Head of Development. Will talks us through his career journey so far, recounts a day in the life of his role, and shares his biggest achievements at iProov.

Hi, Will! Can you tell us about your story so far what came before iProov?

I started building websites as a teenager and built up a great network of friends as we all learned to write software. Although, it must be said that some of the people I encountered weren’t quite so friendly — a few of our sites were repeatedly hacked! It was a great learning experience though, and when you’re setting out with a self-built tech forum the stakes are much lower, so you can pick up a lot while having fun along the way. 

I learned a huge amount about web technology and software in general more than I could have got out of college. So I went into the industry full time at quite a young age, with freelancing paying the bills. This is how I met Joe Palmernow the President of iProov Inc. We worked on some projects together before our paths diverged for a few years.

I then helped to run a web agency in my early twenties with friends, which was a formative experience. It provided a rich variety of opportunities and challenges, both on the tech and business side of things. It set me up with a lean and iterative mindset to development. The teams would take products from ideation into high quality, production grade deployments in under 100 days without compromising on quality, then carefully maintain and iterate as requirements emerged or the customer’s needs pivoted. I really appreciated the pure innovation and optimism there.

After 10 years and no university gap year, I took a month out to decide what to do next. I did consider trying to race bikes, but a series of crashes made me think again, although pedalling fast is a great way to clear the mind.

What brought you to iProov? What were your first impressions?

Joe reached out and asked if I was available to help extend and test part of an early iteration of iProov’s technology.

From the beginning, iProov was a welcome change from the caricature of startup life no money wasted on ping pong tables; just a dozen or so really driven people focused on breaking new ground. That being said, I’d never worked at a place with a robotic vacuum cleaner that would crash into everyone’s chair on a Monday morning.

Given my background in smaller companies where people wear many hats, and recent experience in moving ‘good and fast’, things just clicked. It’s been five years and I’m still learning a lot from my colleagues here. 

What does being Head of Development at iProov involve? 

It’s a really diverse remit, touching most technical areas of the iProov system. I’m jointly responsible with the various tech leads and heads of department for how we build new things and maintain our services. These days I’m involved with web technologies, iPortal, our data warehouse, and security.

Team development is really important. As iProov has grown, it’s been very rewarding to see my teams develop and specialize in their areas, and do ever-cooler things that solve problems or improve a tangible metric. This allows me to spend more time looking at logs, dashboards, and encouraging people to experiment with novel technologies and techniques to improve the products.

Describe a day in the life of a Head of Development at iProov…

It’s fast-paced and no day is the same. A lot of time is spent context-sharing and brainstorming how things come together and work end to end through the iProov system. I’m spending a lot of time experimenting, researching and sharing findings with various people across the business, then gluing my eyes to a dashboard to see how things improve when that feature or patch is released.

It’s also important for an engineering team to be commercially informed both in what the industry is doing, as well as understanding our existing customers’ integrations. There’s a lot of collaboration with our Product Team and our Customer Success Team. And then there’s hiring — the company is also growing, so recruitment. Lots of that.

What would you say is the most interesting aspect of your job?

Identifying the reasons behind a particular user action or behaviour is always a fun puzzle to solve. This could be anything from trying to troubleshoot a user experience issue during accessibility and usability improvement work, to analyzing an attempted attack on the system and watching the steps the attacker took before they gave up.

Hearing from our solutions consulting team on the potential new use cases for iProov is exciting, especially learning about other companies that we can partner with to combine technologies for a particular industry.

On a lighter note, it’s been hilarious reading fraudsters complain online about our customers moving to iProov because they know their game is over!

And how has iProov changed since you joined?

Besides the obvious growth and acquiring many happy customers, we’ve started to really fly the flag for our service and tell our story worldwide. We’ve become more self-assured but without the hubris. 

One of our values at iProov is that we ‘achieve the remarkable’. What would you highlight as the most remarkable achievements of the Development team?

I have a fabulous and driven team. However, it’s actually three teams so here’s a remarkable achievement for each one:

  1. Data: Building a realtime data platform that now powers most of our day to day analytics and research. It has revolutionized the insights we can get and the speed at which we can access and produce those insights. 
  2. iPortal: Automating our provisioning process and making it configurable, meaning no more manual changes and thousands of hours saved ticking boxes!
  3. Web: Delivering iProov in a browser, which is definitely a remarkable achievement, and providing stellar customer service.

If you feel inspired by Will’s journey and are interested in joining the iProov team, check out our current vacancies. Follow us on LinkedIn and Twitter to keep updated with new openings. We are always looking for new talent. 

And meet more of the iProov team below!

Back to Resources

Authentication methods image cover: What is the best authentication method? 5 types of authentication shown on cover image: SMS OTP, Voice, Password, Fingerprint, and Face verification

Authentication Methods: What Is the Best Type of Authentication? (5 Types)

September 7 2021

A wide variety of methods are available to authenticate users remotely, ranging from passwords and one-time passcodes (OTPs), to fingerprint scanning and face authentication.

Each relies on a different factor to establish trust: 

  • Something you know (like passwords)
  • Something you have (using your phone for OTPs)
  • Something you are (biometrics, such as your face).

In recent years organizations have started to move away from knowledge-based authentication. Passwords are not secure, because they can be shared, guessed or stolen. Passwords also cause user frustration, because they are easily forgotten. This ultimately leads to drop-off and poor completion rates. You can read more about the end of passwords here. 

Instead, organizations are moving toward passwordless solutions. Biometric forms of authentication use something you are to prove your identity. These are convenientyou always have your face with you, for exampleand while they can be copied (using a photo), they cannot be stolen. And in the case of iProov’s Genuine Presence Assurance, biometric authentication technology can deliver the highest levels of security and inclusivity.

Why Do We Need Authentication?

Authentication is needed to securely identify your online users. It’s most commonly used when logging into an account or authorizing a financial transaction remotely, for example. Ultimately, authentication is needed to restrict and allow access to personal information and accounts. As the demand for remote services grows, and cybercrime increases, so does the demand for secure authentication online. 

Secure user authentication…

  • Protects your customers from the emotional and financial impact of identity theft
  • Defends your organization against financial loss through fraud and other crime
  • Reduces the risk of your organization being used for money laundering
  • Helps to ensure that your organization is complying with regulations, such as KYC
  • Ensures your organization is reassuring its users and protecting its reputation

But which authentication method is the right or “best” authentication method for you? 

How Can You Choose the Right Authentication Method?

For your users, the best authentication method will be something that offers convenience, speed, and reassurance. For your organization, the best solution will deliver the appropriate level of security, high completion rates, and will be inclusive to the largest number of customers or citizens.

The things you need to consider include:

  • Security: If the risk profile of the transaction is high, you’ll need a more secure method of authentication. For example, an activity with high financial value (like moving funds from a bank account, or accessing a pension fund or government benefits) will require the highest level of authentication security. 
  • Usability: If authentication is overly complex, people find workarounds—for example, when passwords require multiple special characters, people tend to write them down, which makes them less secure and user-friendly. Consider who your service is aimed at but remember to be inclusive. Most online services need to offer maximum inclusivity, so simplicity and effortlessness are always the aim.
  • Convenience: Customers value convenience, and some authentication methods are better than others in this regard. For example, a customer making a payment on their desktop computer who then needs to fetch their mobile device for an OTP will likely experience frustration.
  • Reassurance: It’s possible to make things too easy. If a customer is making a large payment and doesn’t experience any sort of security authentication, they may be unnerved, which could cause them to distrust your company.
  • Completion rates: If your authentication process asks the user to follow too many instructions, or if it takes too long, or it needs repeated attempts before it succeeds, there’s a high risk of drop-offs and lost business. This impacts any organization, whether it’s a retailer dealing with abandoned baskets or citizens failing to return to access online government services.
  • Privacy: The best authentication method should not compromise a user’s privacy. For instance, a commuter on a train wanting to complete a transaction on their mobile device may not appreciate needing to speak out loud with voice recognition.

The Five Most Popular Methods of Online Authentication

Next, we’ll review some of the most popular authentication methods that organizations employ to secure their systems.

1. Face authentication

Facial authentication uses a face scan done by a human on any device with a front-facing camera to prove they are who they say they are. For face authentication to be secure, it needs to verify that the user is the right person, a real person, and that they are authenticating right now. This is what iProov’s Genuine Presence Assurance technology delivers. 

Some other forms of face authentication use single images to match a physical face to a trusted image, but they can be spoofed by “presentation attacks”, including photographs shown to the device’s camera. iProov technologies use multiple frames to securely determine the authenticity of an individual. 

Facial authentication has many advantages over other biometric methods. One is that everyone has a face, and most government-issued ID documents have a photo but don’t include fingerprint or other biometric data. This means that a user could scan their identity document using their mobile device and then scan their face to prove that they are who they claim to be—completing an entire verification process all from the comfort of their couch. 

Face authentication can also be done on general-purpose hardware. Any smartphone or computer or other devices with a user-facing camera can support face authentication, while fingerprint or iris scans need specialist hardware.

This transforms the way that governments and enterprises can securely verify the identity of online users. Citizens can apply for bank accounts, credit cards, healthcare, tax, or any other secure service without needing to visit a physical building for an identity check. 

Face authentication and verification are sometimes referred to as “face recognition”⁠—but these are completely different technologies. Learn the difference between verification and recognition here. 

2. Fingerprint scanning

Fingerprint authentication compares a user’s fingerprint to a stored template to validate a user’s identity. Fingerprints are complex and unique, which makes them impossible to guess. They are also convenient to use on a smartphone or other device that has the capability to read a fingerprint. 

There are limitations with fingerprint authentication.  Firstly, because not everyone has a fingerprint scanner on their device, fingerprint authentication is not an accessible and inclusive method for all. It’s a method limited to those who own more expensive devices.  

And, just like passwords, there are security concerns. Fingerprints can be copied using silicon rubber, plus they can be hacked on most devices in around 20 minutes. Fingerprint authentication can be good for low-risk scenarios where quick access is needed but it lacks the accessibility of other methods such as face authentication.

3. Voice authentication

Voice authentication measures the physical and behavioral markers in a user’s speech to confirm their identity. Using all the information in human speech enables an effective means of authentication that works on a phone or video call. 

Voice has become a popular form of verification with financial institutions but is prone to background noise, can be overheard, and can be spoofed by a recording or deepfake.

4. SMS One-Time Passcodes

SMS One-Time Passcodes (OTPs) are unique, time-based codes that are sent to the phone number tied to a user’s account. OTPs prove possession of a device/SIMsomething you havebecause only one person should have access to their SIM and text messages.

There are a number of issues with this form of authentication.

  1. SMS codes can add complexity and additional steps to the authentication process. If customers are using a computer to complete a task online and are asked to find their mobile device to retrieve an SMS code, it can be frustrating and potentially cause the user to drop off and abandon the transaction. 
  2. SMS codes are not secure – they can be hacked and diverted. Devices are also often lost, stolen, and shared. OTPs are only as secure as the device they are sent to.
  3. SMS codes are in-band authentication, which offers less security than you might expect. If a user is buying something via a mobile app and the app provider sends an SMS code to that mobile device to verify the purchase, the SMS code is not actually providing any additional securitythe code is being sent to the same device and is, therefore ‘in-band’. If the device has been compromised, the OTP is worthless. iProov face authentication is out of band: it assumes that the device has been compromised and so the authentication is processed securely and privately in the cloud. An iProov authentication is therefore independent of the device being used. Even if a bad actor had full access to another’s device, the authentication process remains secure.

5: Passwords

Passwords are ubiquitous, and the authentication method we’re most familiar with. But they’re not secure. They’re often forgotten, stolen, lost, or sharedas we highlighted in our flagship report, The End of Password. Plus, our research has found that consumers are growing increasingly frustrated with passwords, causing them to abandon their baskets when they forget them.

Passwords, and knowledge-based authentication in general, suffers a fatal flaw: the more secure you make it, the less accessible it is for users. The passwords that fraudsters cannot guess or hack are also harder for people to remember. And as we create more and more accounts, it becomes harder and harder to remember them all.  Other threat vectors such as brute force attacks and credential stuffing are a big concern too. 

Our previous research also found that over 50% of users have abandoned purchases because they forget their password and retrieving it took too long, so there’s a clear commercial penalty here. 

This ubiquity makes passwords the common choice for authentication. But the truth is that passwords are better used in conjunction with other more secure and effortless methods of authentication, such as face authentication. These applications include multi-factor authentication and step-up authentication. However, one strong authentication is better than two weak ones.

iProov Uses Face Biometrics for Authenticating Users Securely and Inclusively

Here at iProov, we provide biometric face verification to some of the world’s most secure organizations to enable them to authenticate online users. 

Consumers prefer methods that do not add additional complexity or effort to their services, transactions, and accounts. So, we eliminated the complexitywhile still retaining national-grade security. This enables you to onboard and authenticate customers and users, with the minimal number of steps for users. 

iProov’s biometric authentication provides:

  1. Genuine presence assurance: To deliver secure biometric face authentication, you must be able to establish that an online user is the right person, a real person, and that they are authenticating right now. Genuine presence assurance detects digital injected attacks, as well as artifact and imposter attacks.
  2. Cloud-based authentication: Cloud-hosted authentication solutions do not rely on the user’s device for security and are less susceptible to biometric security compromise. Cloud-based authentication also enables continuous active threat monitoring to constantly evaluate and respond to evolving attacks. 
  3. Device and platform-agnostic capability: Users should be able to seamlessly authenticate themselves on any device without the need for specific hardware or devices. 
  4. Effortless user experience: Authenticating with iProov is as simple as staring at your user-facing camera. Users do not need to read or follow instructions, or swap devices, and the user interface is inclusive and accessible. 

And that’s why some of the world’s most security-conscious organizations, including…

…choose iProov to verify, authenticate, and onboard their users.

Summary of the Best Authentication Methods

  • The need for organizations to implement secure online authentication of remote users is growing, as cybercrime is increasing and regulations are changing 
  • There are many authentication methods available that offer different approaches within three categories: something you know, something you have, something you are
  • It’s important to consider which authentication method suits your use case, taking security, usability, convenience, reassurance, completion rates, and privacy into consideration.
  • Face authentication offers many benefits over other methods. A face scan can be verified against a trusted document, making it possible to securely validate the identity of the user. iProov’s facial biometric technology in particular is very inclusive as it can be completed on any device with a user-facing camera.
  • iProov’s Genuine Presence Assurance technology delivers face authentication with the highest levels of security, convenience, privacy, and inclusivity.

If you’d like to see the benefits of using face authentication to secure and streamline user authentication for your organization, book your demo here. You can read up further on our customers and case studies here. 

Back to Resources

CBE Andrew Bud

What is it like to receive a CBE? An interview with Andrew Bud, CEO of iProov

August 27 2021

Andrew Bud, iProov’s Founder and CEO, was made a CBE (Commander of the Order of the British Empire) in the Queen’s 2020 New Year’s Honours List. Andrew’s award was for services to exports in science and technology.

A CBE is the highest-ranking award below a Knighthood of the Order of the British Empire, followed by OBE and then MBE. It is awarded to people who have made a distinguished contribution to the nation in any field. Recipients must also meet the highest standards of probity and integrity.

Congratulations on your achievement, Andrew. What was it like to go to the palace for the investiture? Can you tell us what Princess Anne said to you?

The investiture itself was a striking experience because it was deeply formal, yet very unstuffy. There was a relaxed majesty combined with perfect manners and an effortless sense of poise. The whole occasion had a sense of being very intimate and I felt very intensely the privilege of being there.

Princess Anne was extremely well briefed on who I was and what iProov is doing. She asked me several questions that showed real knowledge – she asked about my personal trajectory from engineer to entrepreneur, and we also talked about other industry and technical matters, including the threat of deepfakes. She also made me laugh!

St James’ Palace is also one of the most beautiful of English Baroque buildings. It was marvelous to have the opportunity to visit and admire it.

How did you find out that you had been awarded a CBE and what was the process behind it all?

I received a letter from the Cabinet Office at the beginning of November 2019. Nothing really prepares you for that letter. It said that the Prime Minister was recommending me to be appointed Commander of the British Empire. My wife said that my hands shook as I read it.

It remained the deepest of secrets until the nomination was published in the Official Gazette a few days after Christmas. I told my children about it a few hours beforehand.

Soon afterwards, I received the invitation to Buckingham Palace for the investiture at the beginning of April 2020. Of course, that was then canceled due to the pandemic. By the time it could happen, Buckingham Palace was undergoing building work, so it took place at St. James’ Palace instead. That meant I could bring only my wife and no other family member, but also that she could participate in the investiture, which is unusual.

How did it feel, being nominated? What does this mean to you?

I can’t overstate the wonderful strangeness of it all. I’ve been a struggling entrepreneur most of my life. I’ve been involved in some great things, and it’s true they brought recognition from my peers, which was extremely welcome and gratifying.

But as an entrepreneur, you can tend to think of yourself as that guy way off the mainstream doing his best with a large responsibility unnoticed by the wider world. Then when something like this happens, a very public recognition, it’s a very startling experience.

I was particularly delighted to see my children’s responses. It really surprised them – I think they too have an image of me as a dedicated entrepreneur laboring away in the dark, so discovering that their Dad’s contribution to technology had been recognized at the highest level was special for them. And the greatest thing you can possibly do, I think, is to make your children proud of you. That’s one of my metrics for success in life.

You were made a CBE for services to exports in science and technology – can you tell us a bit about your career and what led to this?

I was very proud that the CBE recognized my work in building exports in science and technology. I started out as an engineer, which led me to lead a project to build the world’s first consumer digital wireless telephone, and subsequently to pioneer wireless data and mobile phone networks with Olivetti in Italy.

I then spotted the enormous opportunity of SMS and set up mBlox, which became the world’s largest provider of SMS transmission for enterprise applications.

I think the CBE also recognizes my 20 years with the Mobile Ecosystem Forum (MEF), an international trade association I helped found. I’ve been the chairman of that for 13 years.

Almost a decade ago I embarked on a new challenge with the search for trust in digital identity. This is perhaps even bigger and more vital than anything I’ve done before.

You’ve established iProov with a mission to bring trust to the internet through biometric authentication. What’s next for you and for iProov?

The CBE also recognizes the scale of iProov’s achievements in winning major business right across the world – in the United States, Europe, Africa, Singapore and Australia. Now I have an added obligation to ensure that iProov builds further on the worldwide impact that this award recognizes.

We have made great strides on our journey to keep people safe online around the world, but it’s a multi-year mission spanning many countries, different sectors, and billions of people. The challenges from cybercriminals will only increase, so we have to continually exert ourselves to stay ahead of the brilliant and well-resourced people who are trying to do harm online.

Ultimately, to fulfill its mission, iProov will have to become a very large global company employing thousands of people worldwide. The next step for me is making sure that happens.

To learn more about Andrew, read more about his CBE here, his fellowship with the Royal Academy of Engineering here, or listen to his interview with the Mobile Ecosystem Forum here.

To learn more about iProov, you can visit our About Us page, read our record-breaking growth in the first half of 2021, or apply to work with us. If you’d like to learn more about iProov’s technology, book a demo.

Back to Resources

Tinder trials online dating identity verification

Tinder Trials Online Dating Identity Verification. Here’s How They Can Get It Right With Face Biometrics

August 26 2021

We were very interested to see that Tinder will be introducing ID verification to its dating app. They’re aiming to make users feel safer and provide “more confidence that their matches are authentic”. 

iProov predicted this back in December 2020. Dating apps and websites are increasingly being targeted by fraudsters who use deceptive dating practices, such as catfishing, to steal money or cause embarrassment to victims. In 2020, record losses of $304m were attributed to romance scamsup 50% from 2019.  

So the reasons for more security are clear. But Tinder is famous for its swipe left/right simplicity. How can they, and other social networks, make the ID verification process as effortless as possible for users? 

iProov isn’t providing the technology for Tinder, but we know how online dating apps and social networks can achieve security with simplicity: Genuine Presence Assurance. With Genuine Presence Assurance, service providers can achieve security, usability, inclusivity, and privacy to make ID verification as strong and hassle-free as possible.

Why is identity verification needed on online dating platforms?

Scenario: A man sees he has a “match” on a dating app. They make introductions and exchange messages, eventually moving their conversation onto another messaging platform. The identity of the two individuals is not verified at any point during this process, beyond names and photos. 

After a few weeks, the match says that they’re struggling to make their rent payment and asks if they could borrow money until the first of the month. The man sends the money. He then never hears from the match againit was a fake profile,  created using pictures easily found on social media, and the story was fabricated. The man uninstalls the app.

This is just one of many ways in which people are vulnerable on dating apps. Other threats include predators and account hijackers. Some people have been scammed by accounts using celebrities’ photos, and one woman even encountered a deepfake video created to support a fake profile on a dating site. 

Tinder has realized that many of its users want some protection from these threats: they want to know who’s on the other side of the screen. Of course, ID verification can’t stop someone from transferring money to a scammer. But with the right identity verification solution, like iProov’s Genuine Presence Assurance, you can enable users to take extra precautions against fake profiles. 

A number of things can be achieved using biometric face verification:

1. Accountability

Accountability is the most important thing that biometric face verification brings to an online dating platform or social network. If you have to use your real face and identity to register, it could discourage criminal or antisocial behavior because users understand that their actions can be linked back to them. 

Accountability helps with three types of users that people will want to avoid:

  • Criminals: These are the users that specifically use the platform to target victims for fraud or other criminal purposes.
  • Trolls: These people are using the platform to be abusive, or to cause offense or emotional distress to other users.
  • Ordinary people that behave antisocially when there’s no accountability: These could be users that start out with a genuine interest in using the platform. But they send an inappropriate joke, which could escalate to abuse or trolling, or they make another user feel uncomfortable or threatened, which they would never do in real life. When people think there are no repercussions to their actions online, they may behave in an unacceptable way. This behavior can be discouraged by accountability.

2. Increased safety and security

Users can feel safer talking to or meeting with someone if their identity is verified. There have been many cases of predators using fake profiles, with the number of recorded sexual offenses involving online dating sites doubling over four years. Users are also less likely to be targeted by fraudsters or trolls. 

3. A better user experience 

Enabling users to be confident that they are talking to a verified, genuine person reduces the likelihood of someone wasting their time on the platform, leading to increased engagement and brand trust.

4. Defend brand reputation 

Online dating services and social networks have a responsibility to protect their users from harm, whether physical, emotional, or financial. 

For something as important as dating, which often leads to real-life meetings, you want to be sure that people are who they say they are online.

How can liveness help the online dating sector? 

Liveness detection enables online dating services to authenticate the identity of an online user. It uses a biometric face scan to verify that a remote individual is the right person and a real person. This process can help to defend against the creation of fake dating profiles, which can then be used for fraud, catfishing and trolling. Read more about iProov Liveness Assurance.

How can Genuine Presence Assurance ensure that online dating ID verification is secure, inclusive, and convenient? 

iProov’s Genuine Presence Assurance delivers all the benefits of liveness detection—it provides greater accuracy that a user is the right person and a real person. It also verifies that the user is authenticating right now—this protects against the use of digital injected attacks that use deepfakes or other synthetic media

How does it work?

When a user onboards to an online dating app or social network, the service can ask the user to iProov. They verify their identity by scanning a trusted document, such as a driver’s license, and then scanning their face to confirm that they are the owner of that identity.

iProov Genuine Presence Assurance delivers four benefits:

  • Security: iProov verifies that the person is the right person, a real person, and that they are authenticating right now. 
  • Effortlessness: If it isn’t easy to use, people won’t use it. People love Tinder because of its simplicity—you simply swipe left or right. iProov’s Genuine Presence Assurance is just as convenient to use: the user looks at their device, the device looks back.
  • Inclusive: It’s very important that social networks and online dating apps are as inclusive as possible. Otherwise, the companies could be accused of excluding sections of the population. iProov’s solution requires no reading and comprehending complex instructions—you simply look at your device’s user-facing camera. 
  • Privacy: iProov is respectful of user privacy. Face verification is very different to face recognition, which is often used in surveillance and other applications. With face verification, a user knows it is happening, they collaborate with it, they get a direct benefit from it and their privacy is respected.

The additional benefit of implementing Genuine Presence Assurance is that it can be used for ongoing authentication. Whenever users return to use the app again, they present their face and prove they are the right person, a real person, and that they are authenticating right now. This means that nobody else can ever access that account, or send messages, or carry out any activity that they then insist they had not done.

Identity verification for online dating: a summary

  • Online dating is vulnerable to various forms of fraud, crime, and identity manipulation such as catfishing and romance scams. So, it comes as no surprise that services such as Tinder are turning to identity verification.
  • Identity verification can help genuine users feel safe and secure while ensuring the authenticity of their matches. At the same time, it mitigates the risk of fake profiles and introduces accountability, ultimately dissuading fraudsters, criminals, and trolls from using the platform. 
  • However, identity verification needs to be done right. iProov’s biometric face verification is secure, convenient, inclusive, and respectful of user privacy. 

If you’d like to know how iProov technology could secure and streamline identity verification for your online dating app or other social network, book your iProov demo here today.

Back to Resources

Insurance and biometrics image cover with picture of umbrella and title: How Can Insurers Use Biometric Face Verification To Protect Against Online Crime?

How Can Insurers Use Biometric Face Verification To Protect Against Online Crime?

August 18 2021

In 2017, French police made a grim discovery: in an old freezer at the bottom of a woman’s garden, they found the body of her 90-year old mother who had died 10 years earlier.

The daughter was concealing the death so she could claim a pension worth $2400 a month.

This story is an extreme example of a global problem: how can insurance companies establish proof of life in a digital world? How can pension and annuity providers be certain that a person claiming from a fund is the genuine holder of the account?

iProov’s Genuine Presence Assurance technology is the answer. iProov provides online biometric face verification to enable insurers confirm that a remote user is the right person, a real person, and that they are authenticating right now. This helps providers of insurance products and services to: 

  • Protect against online fraud
  • Deliver a secure yet effortless digital customer experience. 
  • Comply with KYC and AML regulations
  • Maximize customer inclusion and accessibility 
  • Defend against reputational risk

Proof of life is just the start. Insurance companies can use online face verification in a number of ways. You can read our full guide to the benefits of Online Face Verification in Insurance here.

Here are two more examples:

Protecting against account takeover for pensions and annuities

Insurers can use online face verification to protect against account takeover. This is particularly important for high-value insurance products, as many people check their pension or annuity accounts infrequently.

The scenario: a policyholder has a pension that they pay into regularly through their paychecks. They rarely check or access their pension account. A fraudster gains access to the account. The fraudster could have obtained a password and username from a data breach on an unconnected site, or used social engineering. 

The fraudster then poses as the policyholder and logs onto the online portal, where they change the holder’s address, phone number, and email address. After that, any security checks, such as one-time passcodes sent to a mobile device, are compromised as the genuine holder is no longer receiving the alerts. When the true policyholder tries to access the account, they find that they have been locked out. When they do get access, the funds are missing. 

By impersonating the policyholder, this fraudster can access large amounts of money. Because the true account holder may only check their account once a year or less, account takeover fraud could go undetected and unreported for some time.

Preventing money laundering in insurance

Criminal networks can use insurance policies to ‘launder’ ill-begotten financial gains by depositing large sums that they then drawdown, turning dirty money into clean money. Insurance companies must protect against this.

The scenario: a criminal wanting to launder money through the international financial system buys a life insurance policy using funds from one or more bank accounts. The account is based overseas, and the amounts are small enough to avoid attracting the attention of the insurer’s fraud teams. The criminal can then cash in the policy early and request for the funds to be returned to another bank account, often in a different country. 

Download our full guide to the benefits of Online Face Verification in Insurance.

How can liveness help the insurance sector?

Liveness detection enables insurance companies to authenticate the identity of an online user. It uses a biometric face scan to verify that a remote individual is the right person and a real person. This process can help to defend against cybercrime, such as account takeover or new account fraud. 

Why the insurance sector needs Genuine Presence Assurance 

Liveness enables organizations to verify that a user is the right person and a real person. Genuine Presence Assurance verifies that they are the right person, a real person and that they are authenticating right now. The latter is very important as it protects the insurer against digital injection attacks, which use synthetic media such as deepfakes in a way that is highly scalable and capable of causing a lot of harm.

How many people buy insurance online? 

Insurers need to ensure that their customers have secure, effortless access to services online. More people than ever before are buying insurance on their computers and mobile devices, as data from a recent iProov survey shows:

 

Graph representing insurance in biometrics statistcs - highlights in text below

  • 86% of people in the United Kingdom have bought insurance online, either on a computer, mobile device, or both.
  • On average, 64% of people had bought insurance online across the 6 surveyed countries.
  • Purchasing insurance on a computer is more common than purchasing on a mobile device across all surveyed countries. The UK has seen the highest levels of adoption, and Canada has the least.

Insurers need to make digital services more secure, more convenient, and more inclusive for all. Defending against fraud, building customer and reputational trust, maximizing customer inclusion and accessibility, and complying with regulations—that’s the why. iProov face biometric verification technology is the how. 

Defending against online insurance crime with biometrics: a summary

  • The insurance sector, particularly pensions and annuities, is vulnerable to digital crime, such as account takeover fraud and money laundering. 
  • Customers need safe and convenient access to online insurance services. Biometric face verification and authentication from iProov enable effortless remote access for customers, while offering the highest levels of security.
  • iProov’s Genuine Presence Assurance helps protect insurance companies against digital crime and gives customers the reassurance they want from their insurer.

To read all of the data and more insights on how biometrics help prevent online crime in the insurance sector, download the report. We cover the following topics in full:

  1. Confirming proof of life 
  2. Improving access to online portals
  3. Reducing the risk of account takeover 
  4. Knowing your customer at onboarding 
  5. Building trust online

Access the full report here. 

If you’d like to learn more about the benefits of using biometric face authentication to secure and streamline your digital services, book your iProov demo here today.

Back to Resources

Anti money laundering compliance with biometrics cover image iproov

How Does Biometric Face Verification Help Protect Banks Against Money Laundering?

August 6 2021

Banks across the world realise that failure to maintain tight anti-money laundering frameworks may result in potential regulatory action. Many need to take urgent steps toward securing their AML and financial crime management.

iProov can help banks with AML and other fraud protection. Our remote facial biometric verification technology enables banks to verify that an online user is the right person (i.e, that the user matches the image from a trusted photo ID), a real person (not a photograph or video used in a presentation attack) and that the authentication is taking place right now (not a digitally injected attack).

How Does iProov’s Biometric Technology Help Retail Banks Protect Against Online Money Laundering?

Part 1: Customer verification during online onboarding

Verifying the identity of a new remote customer is the first and most crucial step in a bank’s online anti-money laundering efforts. It’s how banks ensure that they’re engaging with a legitimate individual from the beginning, which enables you to filter out potential bad actors, bots, and fraudulent identities straight away.

The UN estimates that the amount of money laundered globally each year is 2 – 5% of the world’s GDP. Fines are common: in total, global penalties for non-compliance with AML regulations totalled $36bn between 2008-2020. Verifying and enrolling your customers in a way that complies with regulatory guidelines is essential. 

iProov’s simple-to-use, inclusive facial biometric technology enables you to verify each and every remote customer with the highest level of assurance. With Genuine Presence Assurance, retail banks can ask new customers to complete a brief and effortless facial scan during the online onboarding process. This confirms that a remote individual is who they claim to be, by verifying their physical face against the image in their photo ID. 

This helps banks to:

  • Reduce the time and cost involved in onboarding new customers. iProov technology replaces manual verification to increase accuracy and reduce costs. It also speeds up the process, enabling customers to quickly get access to their new accounts, while maintaining high levels of security. This helps to maximize customer completion rates and reduce drop-off during application.
  • Mitigate the risk of fraud and financial crime. iProov enables you to ensure that new customers are who they say they are.
  • Reduce the risk of compliance penalties and reputational damage from negative publicity. iProov enables banks to meet regulatory guidelines while reassuring customers and protecting the organization’s reputation.

Part 2: Ongoing authentication 

Once you have verified a customer during onboarding, the customer will also need to authenticate themselves on an ongoing basis when they access their account online or make transactions.  

An account could be created and verified legitimately, but then be compromised through account takeover fraud, identity theft, phishing, or other activity. Biometric face authentication ensures that the person trying to access an account (the ‘visitor’) is the same person that created the account (the ‘owner’). 

iProov also provides banks with flexible authentication. A returning online customer that wants to check a balance or complete another lower-risk activity can use Liveness Assurance to authenticate. A brief face scan verifies the person is the right person and a real person. 

But if that customer wants to complete a higher risk transaction—for example, transfer money to a new payee, change a PIN or request a new debit or credit card—iProov Genuine Presence Assurance can be used to provide additional security against fraud.  

Money Laundering in Retail Banking: Why Is Face Biometric Verification Needed?

When criminals need to ‘wash’ dirty money through financial systems, they’ll use a number of methods to try to avoid detection. A few examples:

Scenario 1: Account Takeover 

A criminal gains access to a legitimate bank account. They may have gained access to a real person’s account in a number of ways, such as credential cracking, phishing, or malware. Once they have full control of the compromised account, the fraudster then uses it to channel or ‘layer’ transactions, which obfuscates stolen money and conceals their criminal origins by passing money through multiple ‘legitimate’ transactions. The legitimate account owner may never notice, as the money simply passes through. Or when they do notice, it’s likely too late.

Scenario 2: Synthetic Identity Fraud and Account Creation 

Rather than taking over an existing account, a criminal creates a completely new account with a bank. They go through the entire onboarding process using a ‘synthetic identity’. This is done by creating identities using a blend of fake, real, and stolen data — such as an address or phone number, or a utility bill — to create a ‘person’ who doesn’t exist. Criminals can then launder money through this new account, which for all intents and purposes looks like a real account to the bank, with real transactions. 

Scenario 3: Money Mules 

A foreign university student sets up a legitimate bank account in the UK. When their studies finish, they return home. They are then contacted by a criminal who offers to purchase the account from them. The fraudster then uses this legitimate account to move money from account A to account B. In return, the student gets a monetary reward. This is a serious offense and form of money-muling: people agreeing to transfer money in and out of a legitimate bank account on behalf of criminals, either knowingly or unknowingly. This type of fraud has grown exponentially during COVID-19, particularly targeting younger age groups.

These are just a few of the ways that criminals and fraudsters can use financial institutions to launder money.

iProov’s remote face verification technology helps banks to mitigate against these risks of money laundering in several ways:

  • Preventing unauthorized account access and account takeover: iProov’s face biometric security ensures that only the legitimate account holder can access their account. A criminal can steal passwords or mobile devices (or other knowledge or possession-based security factors) but they can’t steal a face. They can copy a face, using a photo or mask or deepfake, but iProov’s Genuine Presence Assurance is designed specifically to detect spoof attacks. With iProov, only the verified account holder, determined during the onboarding process, can log in and authorize transactions. 
  • Detecting synthetic IDs at the point of onboarding: iProov verifies a new customer’s face against a trusted ID document during the onboarding process. If the physical face of the remote customer doesn’t match the ID document that is being provided, the application can be prevented. This provides protection against synthetic identity fraud, impersonation, and applications by bots or other new account fraud.
  • Preventing fraudulent payments: High-risk transactions can be flagged so that the user can be authenticated using Genuine Presence Assurance. This ensures that activity is legitimate, preventing fraudulent payments in real-time.
  • Protecting against money mules: Secure biometric verification and authentication from iProov can also protect against some money mule activities. For example, iProov can prevent legitimate customers’ accounts from being used as money mules without their knowledge, as the person using the account wouldn’t ‘match’ the face biometric of the legitimate owner.

How iProov Can Help: Case Studies in Banking

We’re working with a number of banks around the world to verify and authenticate customers online, helping to deliver AML and KYC compliance. These include:

  • Knab
  • Rabobank
  • ING

You can view all of our case studies here

A Summary: Biometrics for Anti-money Laundering and Financial Crime Control

  • The FCA issued an open letter to UK retail bank chief executives highlighting weak financial crime controls and AML compliance in the sector
  • iProov can help banks to prevent money-laundering and other financial crime. 
  • iProov’s Genuine Presence Assurance technology uses face verification and authentication to enable banks to deliver security, compliance with regulations, and maximum completion rates while ensuring an effortless and reassuring user experience 

If you’d like to see how iProov’s Genuine Presence Assurance technology can secure and streamline your customer onboarding and authentication processes, book an iProov demo here.

Alternatively, you can read more on iProov’s work with fininancial services organizations and on KYC compliance.

Back to Resources

Biometric statistics: How many people use face authentication? Featured image statistics

How Many People Use Face Biometrics? (Biometric Statistics)

July 7 2021

Face authentication and verification have become ubiquitous in the lives of consumers globally. Apple Face ID, launched in 2017, has enabled millions of people to unlock their phones several times a day using a simple face scan instead of a passcode or fingerprint. Those same people are also using their face to access mobile apps — face biometrics is used for mobile banking, payment, shopping, and other services. (Read more about the difference between face verification and face authentication here.)

It’s important to note that on-device face authentication services like Face ID are useful, but they don’t provide the security that many banks, governments, and other organizations need. Device-based authentication authenticates the user so that the device is satisfied that the person is who they claim to be. With iProov’s cloud-based authentication the organization can be satisfied that the user is who they claim to be, but also that the user is authenticating in real-time. 

The problem with on-device biometric authentication is that the organization is having to depend on the device’s face authentication technology. If the device has been compromised, the service provider would have no way of knowing and imposters could be given access. This is why secure processes require cloud-based face authentication with Genuine Presence Assurance (GPA).

One thing is for sure: millions of consumers are now very comfortable with using their face for online security. So how many people are using face authentication across the world? 

Biometric statistics: how many people use face authentication to access their mobile banking app? 

We asked 1000 consumers in the US, UK, Canada, Australia, Spain, and Italy if they currently use face authentication to access their mobile banking app on their devices. 

We found that 38% of people are already using face authentication to access their mobile banking app. An additional 32% of people would use it if they could. Combined, the results look this:

How many people use face authentication for mobile banking? Graph

We also found that around 30% of people do all of their banking remotely on their mobile devices, meaning that a significant proportion of all banking is now accessed using facial biometric technology.

The takeaway here? Consumers are comfortable using facial biometrics on their device, and they are happy using it to access their bank account remotely. 

This means that the opportunity for banks and other organizations is huge. By implementing secure biometric face authentication from iProov, banks can enable customers to complete even the most secure processes online, such as adding a new payee, transferring a large amount of money, changing a PIN or requesting a debit card. This reduces costs, minimizes customer frustration and provides a truly secure, inclusive, and convenient mobile banking experience. 

So what do people like about face authentication?

Why do people like face authentication?

We asked people to tell us why they like using face authentication, allowing them to choose several options. Speed and convenience were the top reasons selected:

What do people like about using face authentication and face verification biometric statistics

Speed

iProov’s reassuring ceremony takes just a few seconds to authenticate users. To use your phone you have to look at it, so authenticating just by looking at it requires the least effort from the user. iProov’s solution is truly passive, as there are no steps for the user to take: just look into the front-facing camera and you’re done. 

Convenience

Face authentication is incredibly convenient. Standard solutions like passwords are often forgotten, requiring a lengthy recovery process. SMS one-time passcodes (OTPs) either require the user to switch between apps and copy a code, or sometimes even require two separate devices. Face authentication is consistently convenient for the user. 

Users always have their face right there — you don’t need to remember anything, carry a security token, or do anything. You just present your face to the device’s front-facing camera. Plus, there is no special hardware required, unlike with a fingerprint reader.

iProov’s Genuine Presence Assurance can be used on any device — including mobile devices, desktop computers, tablets, and kiosks — affording additional convenience. An important additional benefit of iProov’s cloud-based technology is that if your device is lost, stolen, damaged, or out of battery you can easily access your account from any device (unlike on-device biometrics).

Earning trust online with face authentication

To summarise:

  • We asked 1000 people across six countries if they use or would like to use face authentication to log in to their mobile banking app. The results ranged from 70% in the US and 69% in the UK, all the way up to 77% of people in Spain and Italy. An average of 70% of people across the six countries use or would like to use face authentication for mobile banking.
  • We then asked what people liked about using face authentication. The top two answers were speed and convenience.
  • iProov can help onboard, verify, and authenticate your customers using facial biometric technology. Genuine Presence Assurance offers the highest levels of security and user experience.

iProov is already trusted by leading organizations, such as the US Department of Homeland Security, the UK Home Office, and leading banks to deliver secure face authentication. Genuine Presence Assurance is crucial for organizations looking to deliver national-grade security without sacrificing the user experience.

If you’d like to see the benefits of using face authentication to secure and streamline online services for your organization, book your demo here.

Back to Resources

Biometric authentication vs biometric verification - this infographic explains the difference between them

Biometric Authentication vs Biometric Verification: What’s the Difference?

July 2 2021

Biometric verification and biometric authentication both use unique physical characteristics (a biometric) to prove that a person is who they say they are securely online. But each has a different process and different use cases. 

Biometric verification is the act of matching a unique biometric characteristic (i.e. a face) against a trusted identity document (such as a driver’s license). This is typically used when an individual is onboarding or enrolling for a service online for the first time.

Biometric authentication validates the unique biometric characteristic (i.e. the face) against the biometric template created during the verification process. This is used when an individual is returning to use an online service after they have onboarded or enrolled. 

The best biometric solutions do more than just match biometric data: they must also ensure that the person presenting their biometric is a real person (not a photograph or video used in a presentation attack) and that they’re presenting right now (not a digitally injected attack).

Let’s take two real-world scenarios to further clarify the difference between the two…

What is biometric verification?

Scenario 1: You’re signing up remotely for a new online bank account. To onboard securely, you complete the application and are asked to verify your identity. You scan your driver’s license (or other trusted identity document) using your mobile device. You then scan your face using your device’s user-facing camera. The biometric technology matches your live face against the face on the license. In this scenario, Genuine Presence Assurance is needed to ensure that you are the right person and a real person, verifying in real-time. The process proves that you are who you say you are – your identity is approved and the bank opens your new account. This is an example of biometric verification. Your face biometric is verified against the photo in a trusted identity document to confirm you are who you say you are.

What is biometric authentication?

Scenario 2: A week later, you want to check your bank balance online. The bank asks you to authenticate by presenting your face to the camera, which is then matched against the biometric template that you created during the onboarding process. In this scenario, biometric authentication can be delivered using liveness detection, which confirms you are the right person and a real person. If you wanted to transfer $5000 to a friend, the bank can use Genuine Presence Assurance instead of liveness for additional security. This is an example of biometric authentication. You reconfirm your face biometric against the biometric you provided during onboarding to confirm that you have the right to access the account. 

Both biometric verification and authentication are integral parts of secure, convenient online security processes. The right biometric solution can help your organization to prevent fraud or other cybercrime without inconveniencing your customers.

iProov’s cloud-based facial biometric technology provides the most secure and convenient way to verify remote users (…and we explain why below!).

Why do you need biometric verification?

Biometric verification should prove three things:

  1. That the presented biometric data matches a trusted identity document
  2. That the biometric data is presented by a real person 
  3. That the biometric data is presented in real-time

Step 1 ensures that the biometric data matches a real-world, verified identity. This usually happens by verifying the presented biometric against government records, using a trusted identity document such as a passport or driver’s license. Biometric verification is not just about two pieces of data matching each other – it must also match a government-verified identity.

Step 2 ensures that the person presenting their biometric is a real person – many solutions are caught out by attacks that use artifacts, such as masks or photographs. 

Step 3 is where iProov’s Genuine Presence Assurance technology is unique. Liveness solutions cannot guarantee that the face being presented during the onboarding or authentication process is actually being presented right now. This leaves them vulnerable to digitally injected attacks, which inject media directly into the data stream and bypass the camera and other device sensors. Digitally injected attacks can use synthetic media such as deepfakes, where a fraudster creates a fake person or takes a photo of a real person and animates it. iProov’s Genuine Presence Assurance supports you across all three steps.

The onboarding of an online user is critically dependent on that person being the right person, a real person, completing the process right now – fraudsters using stolen or fake identities can do a lot of damage if they are not spotted at the onboarding stage. You can read more about the patented Flashmark technology behind this here. 

Once you have all three, you can safely and securely identify users during onboarding. Biometric often verification forms a part of organizations’ regulatory processes, such as Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance. These regulations set out that organizations must be able to prove that they’ve verified the identity and assessed the risks of those they’re doing business with. 

Biometric verification eliminates the need for lengthy manual processes during onboarding, such as scanning and signing documents. There’s no need to travel and verify your identity in person. Biometric verification allows your users to verify their identity no matter where they are, and enables them to do it in an effortless way.

Without the security that biometric verification provides during onboarding, you leave the door open for scammers and fraudsters to abuse your online services. One 2021 report found that 1 in 7 new account creations are fraudulent, and another found identity theft in the US rose by 72% between 2018-2019.

Biometric verification safeguards against:

  • Financial loss due to illegitimate or fraudulent applications
  • Additional overheads due to fraudulent customers, the cost of manual verification, and becoming overwhelmed by high volumes of illegitimate applications
  • Negative publicity if your onboarding process lacks security, enabling bad actors and impersonation attacks
  • Financial penalties from regulators

When do you need biometric verification? (Examples):

  • Opening a new bank account
  • Onboarding customers or citizens remotely 
  • Onboarding or registering for any digital service, such as age screening
  • Applying for government aid and services
  • Applying for a visa 

Why do you need biometric authentication?

Biometric authentication reconfirms that a person is who they claim to be every time they log in or make a transaction. This ensures that the person attempting access ( the ‘visitor’) and the person who created the account (the ‘owner’) are the same person, by matching biometric data. 

iProov offers Flexible Authentication to enable organizations to apply the right level of security to each authentication, using either Liveness Assurance or Genuine Presence Assurance. If an individual wants to access their bank account to check a balance, for example, Liveness Assurance offers effortless convenience with the appropriate level of security. If the user wants to transfer $5000, then Genuine Presence Assurance delivers the additional reassurance that the request is not part of a digitally injected attack.

There are scenarios in which you can have authentication without verification: for example, Apple’s FaceID does not require you to verify your identity to set up the authentication which locks your device. But most applications require verification before authentication. 

Biometric authentication is crucial because verifying a person’s identity once is not enough. You must also regularly ensure the account has not been compromised. Authentication enables you to continuously ensure that the person onboarded with your organization is the same person attempting to log in each time. 

It’s like creating a password for your bank account: you enter it again every time you log in or make a large transaction. The difference is that biometric solutions, such as face verification, achieve this with greater ease for the user and stronger security.

Biometric authentication safeguards against:

  • Financial loss due to identity theft and account take-over 
  • Loss of customer trust and negative publicity if data is accessed illegally
  • Customer frustration caused by alternative authentication methods, eg passwords

When do you need biometric authentication? (Examples):

Biometric authentication is often used as a replacement for passwords, or as an additional factor as in multi-factor authentication and step-up authentication. Applications include… 

  • Unlocking a device, such as your phone
  • Signing into a verified account, such as a bank account
  • Approving a transaction, such as an Apple Pay payment or bank transfer (particularly in light of European Strong Customer Authentication regulations)
  • Accessing company software applications or sensitive data, such a medical health data 
  • Resetting credentials and recovering accounts

iProov: biometric security for verification and authentication 

iProov technology is being used by organizations around the world for verification and authentication. Some examples:

To summarise:

  • Both biometric verification and authentication enable organizations to confirm that an individual is who they say they are in non-face-to-face scenarios, establishing trust and security online
  • Biometric verification checks an individual’s face or other biometric against a trusted government identity document and is used for onboarding and enrollment 
  • Biometric authentication checks that a returning user’s face or other biometric matches the biometric that was created during the verification/onboarding process. 
  • iProov delivers both biometric verification and biometric authentication, offering the highest levels of security and customer experience. 

To see how iProov can help your business deliver verification and authentication, book your demo here or contact us.

You may also enjoy…

Back to Resources

iProover 5b 1

Meet the team: ‘The Deepfake Guru’ fighting online crime at iProov

June 28 2021

The iProov Science function is made up of multiple teams, with each team playing a key role in iProov technology innovation. This month we caught up with Jim Bremner, Head of AI. Jim talks to us about his journey at iProov, from Research Scientist to Head of AI, and shares his insights into what it’s like to tackle the increasing threat of deepfakes.

Hi Jim! Can you tell us about your journey to iProov?

I studied Physics at Imperial College London because I thought physics was really cool. I liked that I could work on something technical that had so many unusual and interesting aspects to it. I graduated with a Physics MSci and like a lot of physics graduates, I enjoyed the studying but felt a yearning for something more applied. My degree supplied all the theory I needed to start my journey with artificial intelligence and machine learning. So I started working on small projects to get me up to date with where the field was at the time. I was then involved in a Machine Learning Fellowship where I was able to nail down the practical aspects of applying my theory to real-life projects. I learned a lot about computer vision problems, involving interesting ways of visualizing and making sense of image data. Which was how I became interested in iProov and face biometrics…

So why did you choose iProov, specifically?

iProov face verification is solving a problem that is really interesting – how does one tell whether someone on the other side of a smartphone isn’t an attacker trying to steal someone’s identity?  How can you tell they are real? A solution wasn’t obvious to me at first, so that gave me the sense that there was actually quite a lot of open ground – as opposed to an established industry where the techniques weren’t as disruptive. I knew iProov and biometrics had a great balance of these qualities.  iProov also has a really big reach, so I knew that I would be making a difference across a lot of people’s lives. 

How has the battle against deepfakes changed since you started working here?

The battle against deepfakes has been my main focus through my time at iProov. Yet when I started at iProov, ‘deepfakes’ wasn’t a commonly known term. So the idea that I’d be working on trying to protect against them was maybe quite novel because they’d only been around for a couple of years at that point. I remember telling friends and family about my new role and they were interested to discover there was actually a need for it.  

Fast forward a couple years and not only is it really easy for anyone – even with the basic understanding of technology – to go and generate their own deepfakes from a mobile app, but the tools themselves have become a lot more powerful and work in an increasingly difficult environment. So nowadays you only need a single image of someone (which you can get from social media) to create a pretty convincing deepfake, whereas that wasn’t really the case when I started in the industry.

So you are now ‘The Deepfake Guru’! Walk us through an average day in the fight against deepfakes.

The Science team at iProov is focused on staying many steps ahead of the attackers. So we have to keep our ear close to the ground in terms of what’s happening out there with new deepfakes or synthetic media creation techniques; reading a lot of literature and academic papers and getting ideas from them on detecting different types of attacks. 

Post lunch, there’s time for intensive thinking through the problems we’re trying to solve. A lot of the problems aren’t straightforward (which I suppose is why we’re trying to solve them!) and they require a bit of solitary thought. I actually do my best thinking on my cycle home. It gives me that forced time where I can’t actually do anything else apart from think (and maybe think about where I’m going with my bike as well).

So tell us, what’s the best kept secret about working in the AI team at iProov?

Hmmm, I will schedule this into my cycle-home-think-time and get back to you.

Ok, ok. But can you tell us why we should be so worried about deepfakes? 

People should be worried about them, especially in digital identity, because we’re seeing deepfake attacks all the time. They’re at the stage now where the quality is so good that if you’re not working hard to stop them, they’ll quite easily pass as real. This is why we invest so much time and effort into them.  

I feel we are slightly turning the corner in terms of fake news, deepfakes and misinformation. I think more and more people are realizing they can’t trust what they read online. I’m hoping that the same happens with visual media. By showing people concrete examples again and again e.g. a deepfakes of Trump declaring war, they understand what is possible with technology then hopefully it becomes clear these are a threat.

I hear there are a few opportunities opening up to join iProov’s cutting-edge AI Team! What three qualities does someone need to work in the AI team?

I’d say firstly it is important for someone to be very inquisitive. We have to make sure that we protect ourselves against a multitude of attack types which requires exploration of all different possibilities to try and break your own system. If you’re not curious about certain situations that might arise, then we will leave ourselves open to certain types of attack. So having a natural curiosity is key. 

Creativity is really important, because a lot of the answers to the problems we are trying to solve don’t exist. We need to create those solutions ourselves. That requires a lot of creativity in terms of concepts, but also how you might implement these concepts as well.

A third one would be empathy. Empathy in a different context to how it’s normally used: this would be empathy towards the attackers. We have to put ourselves in the attacker’s shoes and try to think like an attacker. This gives you a good sense of what we need to look out for because in truth there are many ways people can attack and understanding their motive means we can stay ahead. 

If you feel inspired by Jim’s iProov journey and are interested in joining the iProov team – check out our current vacancies. Follow us on LinkedIn and Twitter to keep updated with new openings – we are always looking for new talent. 

And meet more of the iProov team below!

Back to Resources

Selfie verification: National Selfie Day cover image: looking at Selfie Anxiety, Selfie verification, Selfie identity

Can You Use Selfies for Online Identity Verification?

June 21 2021

The word ‘selfie’ was first added to the Oxford English Dictionary in 2013.

Torn out page with the definition of a selfie: a photograph that one has taken of oneself

It’s since become a globally recognized term—you’ll rarely go a day without seeing one or hearing them mentioned.

We often hear about selfies being used to verify identity online. But there are three important considerations when talking about verification by selfie:

  1. Selfies for ‘single frame liveness’ are not secure: a single image should not be relied upon to securely authenticate a user online. Selfies can be stolen, edited or fabricated entirely.
  2. Selfie anxiety can harm your completion rates: consumers like the convenience and speed of face authentication if they’re accessing services on their mobile devices or computers. However, suddenly seeing an image of yourself during an onboarding or authentication process can be jarring. And if the experience is jarring, then users could drop-off and harm your completion rates. 39% of Americans say they have selfie anxiety according to recent iProov data, while 51% don’t like the way they look on mobile video calls (which is selfie anxiety in all but name). iProov’s user experience has been designed to avoid the ‘jarring’ experience and maximize completion rates.
  3. Selfie perfectionism is also a danger to your completion rates: what about those people that do like seeing themselves? Another danger lurks: across the surveyed countries, we discovered that 30% of consumers retake selfies at least 3 times before they are happy with them. Like selfie anxiety, selfie perfectionism can slow down the face authentication process and prevent users from completing the task at hand.

Why is selfie verification (known as single-frame liveness) not secure?

Picture the scene: you want to open a new bank account or make a large payment online. The bank needs to verify your identity. Would you be comfortable if the bank only required you to send in a selfie as proof of your identity? Of course not—because we understand that a single, simple selfie is not secure method of verification. Images of our faces are often widely available online, and anybody could go to our social media profile and get hold of one. 

The same goes for single-frame liveness. Single-frame liveness is the term used for technologies that use a single image, or selfie, to determine the authenticity of an individual.

Single-frame liveness can carry out basic face matching—for example, to determine that the person in a selfie matches an image on their ID document. But single-frame selfies do not guarantee that an image is a real person presenting their face right now—it could be an individual using somebody else’s photo. 

So, how can you make selfies secure? 

In short: you can’t. 

You need multiple frames to guarantee authenticity. This is why iProov uses Genuine Presence Assurance (GPA) and Liveness Assurance. These solutions analyze multiple frames from a user-facing camera to determine that a human is the right person, a real person, and — in the case of GPA — that they’re authenticating right now.  Only once you have the assurance of all three conditions, can you use face verification as a secure method of verifying identity. 

But security isn’t the only concern here… 

Selfie anxiety is harming your completion rates

Selfie anxiety is when people experience a negative emotion upon seeing their own unedited, mirrored image—such as discomfort, shock, and unease.

So while consumers love the convenience and speed of face authentication, suddenly seeing an image of yourself can be unpleasant to many people. A user could shut down the app or website and abandon the process. Alternatively, they could start to fix themselves up—the problem here is that biometric face authentication doesn’t need tidy hair or perfect mascara, so the delay is unnecessary.

This is why iProov’s user experience has been designed to avoid the ‘jarring’ experience and maximize completion rates. See below for more on this.

We asked users in six countries if they ever suffered from selfie anxiety. While 39% of Americans said yes along with 30% of Brits and 31% of Australians, only 15% of Italians agreed:

Selfie anxiety UK Selfie anxiety US Selfie anxiety Australia Selfie anxiety Canada Selfie anxiety Spain Selfie anxiety Italy

Selfie perfectionism is also a danger to your completion rates

We also asked: ‘If you were taking a selfie of yourself to post on social media, how many times would you likely retake it before you were happy with it?’ 

Of the users who took selfies, we discovered that:

  • 33% of Australians retake selfies 4 times or more
  • 28% of Spaniards retake 4 or more times
  • 27% of Italians and Canadians do likewise
  • 21% of Brits do the same

How you look during a biometric face authentication is entirely inconsequential. So, how can enterprises and governments encourage users to complete face verification without delay or postponement? 

iProov’s abstracted image solves the selfie anxiety problem

iProov face verification uses face abstraction technology to ensure that the user experience is optimized for all. A line drawing greets the user, rather than a standard selfie, delivering a more respectful experience – no front-facing-camera-look-at-the-state-of-my-hair shocks. You can find out more about our abstracted image here.

Whether users dislike seeing themselves, like seeing themselves, or sit somewhere in the middle, iProov delivers a respectful user experience that maximizes completion rates. 

Image of iProov's Genuine Presence Assurance Abstracted Image line drawing

Benefits of abstracted imagery:

  • The user engages with the screen for the necessary amount of time so that the biometric image is accurately captured, rather than posing, retaking, or feeling uncomfortable or shocked. 
  • The process does not cause selfie anxiety or require unnecessary movements or gestures. 
  • The positioning of the face as directed by our technology is engineered to ensure that maximum light is reflected off the face to optimize authentication results. 

Selfie verification: a summary

  • Our face has become the go-to authentication method for proving who we are online.
  • However, selfies alone are not a secure way of authenticating people online.
  • iProov’s Liveness Assurance and Genuine Presence Assurance technologies use multiple frames of a face to enable secure online onboarding and authentication.
  • Whether you love them or hate them, selfie anxiety is very real for some, while selfie perfectionism can be equally as disruptive to the authentication experience. 
  • Abstracted image delivers a respectful, user-friendly experience that mitigates selfie anxiety and perfectionism to maximize completion rates.

To see how iProov can help your business to deliver biometric verification and authentication with outstanding usability, high customer completion rates and top-level security book your demo here or contact us.

Back to Resources

iProov HQ 2 blog

Want To Come And Work At Iproov HQ? 10 Things You Need To Know

June 10 2021

If you asked our UK team to list the best things about being an iProover, our head office would be in the top three. Located directly opposite Waterloo station on London’s South Bank, it’s a fantastic building for working, collaborating and spending time together. Even as remote working continues post-pandemic, we’re all looking forward to getting together again.

We asked the UK iProovers what they’ve missed most about iProov HQ. The results are in!

#10 When you’ve got work at 9am but the DJ set is at 8am

It’s amazing how much energy you can get from a 20 second burst of Last Night a DJ Saved My Life as you walk through reception. We’re looking forward to the return of our resident DJs – they really set you up for the day.

iProov office DJ

#9 Leaving the house and meeting other human beings

iProovers voted ‘the routine’ as one of the things they miss about coming into the office, which is maybe surprising as iProov isn’t really a ‘routine’ kind of place. We get it though: the commute from bedroom to bathroom to desk might only take a few seconds but it’s quite boring and you can’t spontaneously decide to treat yourself to an Avo Shake or (whisper it) Egg McMuffin on the way.

Laolu Animashaun

#8 You just lost your excuse for not going to the gym

Whether it’s yoga to start your day or a HIIT session to help you wind down, there are activities galore in the Wellness Center. The fitness studio is just three floors away from the iProov offices, so it’s perfect for before work, after work or even in between – sign us up for Breathwork with Michael at 11:30am!

iProov yoga class

#7 Rooftop views and pizza for £5…in London! 

Yes, you read that right: you can get freshly-made pizza served with a side order of 360 degree views of the city for under £5. With the London Eye on your left and the Shard on your right, it’ll be the best pizza you’ve ever had. Also the ideal place to invite family and friends and show off where you work.

iProov rooftop views

#6 Doughnuts, running club, walking meetings – the river has it all

The office is right next to the Thames, so it’s great for walking meetings. On Fridays we head to the South Bank market for lunch – we recommend the giant jam doughnuts. We also have a lunchtime running club, which is currently in training for the London half marathon – good luck iProovers!

iProov office London

#5 Alexa, play iProov hustle and bustle

Our Spotify home office playlists don’t really cut it for us anymore. We miss the hustle and bustle of the office. There are only so many conversations you can have with your cat.

iProov office

#4 A decaf, no-fat, soya latte with caramel syrup and no-foam, please! 

With two baristas in the office – one on the ground floor for easy access to your morning kick-start and one on the 9th floor for that afternoon pick-me-up – we have your coffee fix sorted. Did we mention it’s free? Goodbye Starbucks, hello iProov.

iProov barista

#3 To your left is the London Eye and to your right, the Shard. Next stop: iProov HQ

The views at iProov HQ are spectacular. There’s no need to book a table at Duck and Waffle when you can marvel at the London skyline from your desk. We have great views of the South Bank, the Shard and Canary Wharf on one side and then the London Eye and Houses of Parliament on the other.

iProov office

#2 Free beer! 

You read that right. Free. Beer. And if beer doesn’t tickle your fancy, you can head to the 8th floor where you’ll find free prosecco on tap. Yes. Free. Prosecco. Every Friday, iProovers gather together for Fun @ 5pm so the free beer taps definitely don’t go amiss.

iProov beers

#1 iProovers 

And coming in at number one… it’s the iProovers. Yes, when we asked the iProovers what they missed most about our head office, they said the other iProovers. We’ve got a great culture of togetherness, which grew even as we worked remotely and welcomed new starters to the team. But nothing beats meeting people in person for inspiration and motivation.

iProov Christmas Jumper Day

If that sounds appealing, we have a number of roles available in technology, HR, finance, sales, marketing and product management – find out more here. Follow us on LinkedIn and Twitter to keep updated with new openings.

Back to Resources

Image for website card abandoment rate, Passwordless authentication

Forgotten Passwords are Increasing Your Website’s Abandonment Rate

May 6 2021

We’ve all been there. After hours of searching online, you find that perfect pair of shoes. You’ve made your decision and it’s time to head to checkout. Trouble is, you can’t remember your password. The site recognizes your email address, so you must have a password. You request a reminder, but it goes into spam and you can’t find it. You give up on the purchase.

If this sounds familiar, you’re not alone. Our latest consumer survey data shows that password frustration and abandoned transactions are global problems. In Spain and the US, over half of consumers have abandoned a purchase because of password frustration and Australia, the UK, Canada and Italy are not far behind.

forgotten passwords abandoned baskets 1

Note that this graph only represents the people who completely abandon their purchase—there are likely countless others that get frustrated yet persevere.

The bottom line? Businesses are losing money because of passwords, owing to increased abandonment rates.

So, on World Password Day, let’s consider why passwords are no longer fit for purpose. Because this is just the tip of the iceberg…

The disadvantages of passwords

In our report, The End of the Password, we found that the average American abandons 16 online purchases every year! Why?

Passwords aren’t user friendly

To try and make passwords more secure, consumers are asked to make them more complex, by using numbers, uppercase letters, lowercase letters and special characters. This makes them hard to remember. And if people can’t remember them, they write them down or use the same password on multiple websites…which makes them less secure.

Passwords aren’t secure

Passwords can be shared, guessed or stolen, which means they aren’t secure. Over 50% of young people admit that they share their log-in details with friends, and 59% of respondents admitted to reusing the same passwords across multiple sites.

Balancing security and usability is difficult: a memorable password is insecure, but a secure password is hard to remember. So, what’s the alternative?

Passwords vs face authentication

Face biometrics enable organizations to balance security with an effortless user experience. iProov’s face biometric technology is extremely simple for the individual to use while offering the highest levels of security to protect governments, enterprises and individuals against fraud.

  • Passwords can be stolen: in the US, 60% of consumers have had to change a password after a data breach. You cannot steal someone’s real face. You can try and use a copy of someone’s face using a photograph or mask or deepfake, but iProov’s Genuine Presence Assurance has been built to detect imposters and spoof attacks.
  • Passwords can be shared: sharing passwords is very easy to do, whereas you can’t share someone’s real face.
  • Passwords can be guessed: while passwords are at risk from brute force attacks and social engineering, simply guessing is often effective too—no wonder, when “123456” was the most popular password of 2020!
  • Passwords are hard to remember: the common wisdom is to have a different, unique password for each account. But this quickly becomes a problem when you have multiple accounts and too many combinations to remember. Secure online face verification means one password—your face—that’ll you’ll never forget.
  • Passwords cause frustration: password frustration leads to lost sales and exclusion from online services. iProov’s face verification is effortless, providing inclusivity, customer satisfaction and maximum completion rates.

The forgotten password solution: Face biometrics from iProov

iProov provides two technologies to enable organizations to onboard and authenticate customers.

  • Genuine Presence Assurance ensures that a customer or citizen is the right person, a real person and that they are authenticating right now. It protects against sophisticated criminal attacks and allows our customers—such as the NHS, Rabobank and the US Department of Homeland Security—to onboard and authenticate users remotely.
  • Liveness Assurance provides organizations with the ability to authenticate customers in lower-risk scenarios, making it ideal for frequent online authentications when the threat of attack is low.

For more information on how iProov can provide your organization with secure online facial verification for remote authentication and onboarding, please email us at contact@iproov.com or fill in our demo form here.

Alternatively, if you’d like more stats and information on the limitations of passwords, download our report The End of the Password here.

Back to Resources

Iproover 3

Meet the team: the iProover with a seat at the FIDO table

April 29 2021

From implementing tech policy at one of the largest American tech companies, to fighting identity fraud at iProov; the young Canadian who read TechCrunch every night is now sitting at the FIDO Alliance table. Anthony Lam, Head of Product, Biometrics at iProov, has always been passionate about tech policy and he’s bringing that passion to iProov. Anthony is now representing cloud-based face verification and working with the leaders in the identity space: FIDO Alliance

How would you describe your journey to iProov?

I’ve always been a geek about technology. I used to read up on the latest technology blogs and TechCrunch was my most visited website in one year. During university, an incredible role opened up in the policy team at a big American tech company. So I applied, I got accepted, and I just absolutely fell in love with the world of tech policy. I realized tech policy was always behind technology. Technology always comes first, but tech policy cares about the people. Tech policy is the one that regulates and says, no, you can’t do this to citizens, you can’t take all their data and sell it. Tech policy brings ethics to innovation. A few months into the job I realized I knew nothing about technology but wanted to be in a tech role. When I looked at the roles that were available to somebody who didn’t have a tech background, Product seemed to be a great fit. It was sort of a sweet spot between the commercial, the technical and also the policy.

I moved from Canada to London during Brexit, so I was used to working in EU policy and I was quite familiar with the EU world. When Brexit happened, there was an opportunity for the UK to redefine a lot of their terms, renegotiate some of their contracts and their digital portfolio. I noticed cybersecurity, and biometrics specifically, was a space that was very lowly regulated. This was exciting for me and I wanted to get in on it. So I started writing about cybersecurity and that’s when I came across iProov.

What attracted you to iProov?

During Brexit there was a lot happening in tech legislation and internet safety. Then when the coronavirus pandemic hit in March 2020 a lot of companies were also moving remote and the concept of identity fraud was picking up. As mentioned, I love to read up on cybersecurity and I came across a video interview in Startup London, where the CEO of iProov was being interviewed and I fell in love with his passion for making the internet a safer place. And so I Googled roles at iProov and saw a Product Manager role had opened up and I was like, oh, hell yeah!

Nearly a year has passed since I joined the Product team at iProov and I’m in a company where it’s all happening. We’re leaders in a space that people don’t know a lot about. There’s a chance to educate and inform people. From the policy side, we get to establish what that protection looks like. We’re protecting people from being defrauded and hacked. The work we do at iProov is to make the Internet a safer place – that’s our company mission. We’re very driven by that mission and our work with FIDO stems from that.

Tell us a bit about your work with FIDO Alliance!

FIDO Alliance is an industry association focused on authentication standards and helping to reduce the world’s over-reliance on passwords. They’re leaders in the identity space. We joined the FIDO Alliance to help drive some of the standards they were trying to modernize around biometrics – specifically in face verification, where we’re leading the field. 

We have nearly a decade of experience under our belt in fighting identity fraud, by using image verification for the face. We’re working with some of the most demanding organizations in the world – the Australian government, the UK Home Office, the NHS, the US Department of Homeland Security and the Singapore and Estonian governments. That experience is proving useful in our work with FIDO. 

How is iProov working with FIDO Alliance on establishing standards in the industry, specifically face verification?

Upon joining, we took a leadership position in their working group dedicated to face verification – which is a subgroup of the overarching identity and verification working group. One of the benefits of being a company that produces face verification products is that we work with the latest technologies. So not only are we using the latest models and latest machine learning capabilities, we are also identifying the latest attack vectors that hackers across the world are using to break verification systems. So we’re bringing this expertise to the table when we’re helping to build standards. We’re focused on making sure these standards are modern and they take into account the things that would become fundamental tomorrow or in the future.

Speaking of the future of face biometric policy, what excites you about the future of iProov?

I mentioned at the start that I am in the sweet spot in the company – that also comes with a really big NDA!

Thanks, Anthony! To keep up to date on the iProov news Anthony can’t share yet, stay tuned to our blog and follow us on social LinkedIn and Twitter.

And meet more of the iProov team below!

Back to Resources

G-Cloud provider iProov, supplier of biometric authentication, face verification, digital onboarding, and digital identity for g cloud

iProov Brings Biometric Technology to Government with G-Cloud Supplier Status

April 28 2021

iProov, the world-leader in cloud-based biometric face authentication, is one of the companies that has been awarded G-Cloud Supplier Status by the UK’s Crown Commercial Service (CCS).

The G-Cloud framework enables public sector departments and organizations to source cloud technology services easily and securely.

iProov’s inclusion in the marketplace further solidifies our position as the leading supplier of online biometric authentication, facial verification, and digital onboarding services to the government and public sector.

What is the G-Cloud framework?

The UK government’s G-Cloud initiative has been active since 2012 as part of the wider “Cloud First” policy. It was created so that public sector bodies could access cloud computing technology while shortening the procurement process.

The G-Cloud framework governs the relationship between cloud suppliers and the Crown Commercial Service. The Digital Marketplace acts as an online catalog of the suppliers that have been approved. Government employees can search through the marketplace for trusted providers, and teams can be sure that suppliers listed on the G-Cloud meet UK Government standards.

Being approved on G-Cloud requires a stringent submission process and only certain companies are allowed to appear on the marketplace. Just 5000 suppliers made it into this year’s G-Cloud framework.

The government releases a new version of the G-Cloud framework around every 9 months. More than £7 billion worth of cloud services have been purchased using the G-Cloud framework since its inception.

What does iProov bring to G-Cloud? Biometric authentication, face verification, and support for digital identity

iProov can be found on G-Cloud for a number of services. These include:

  • Digital identity on G-Cloud: Government departments need to be able to verify the identity of citizens online, so that secure, effortless access can be provided to digital government services. iProov’s face biometric verification enables public sector agencies to deliver access to online services securely and inclusively.
  • Biometric authentication on G-Cloud: iProov’s remote biometric authentication provides a highly secure yet effortless way for governments to verify a citizen’s identity online. The governments of Singapore and Australia are using iProov to verify user identity online, helping to minimize the frustrations of passwords and one-time passcodes (OTPs).
  • Face verification on G-Cloud: Face verification is often confused with face recognition, when the two are actually very different. With face verification, a user knows the process is happening, they collaborate with it, and there is a direct benefit to them – read more about the differences between face verification and face recognition. iProov’s face verification enables citizens to onboard and authenticate themselves in a way that protects user privacy, thanks to iProov’s privacy firewall and compliance with GDPR laws.
  • Digital onboarding on G-Cloud: Processes such as creating accounts for access to health services or applying for visas online require users to prove their identity at the point of onboarding. Thanks to iProov’s Genuine Presence Assurance, governments can onboard citizens with the highest level of security.

iProov’s inclusion in the framework further builds on our position as a trusted service provider to public sectors and governments. We work closely with governments and public sectors across the world, including the Australian government, the US Department of Homeland Security, and GovTech Singapore. Genuine Presence Assurance is trusted by government and public sector organizations because it provides the utmost security, without compromising user experience or inclusivity.

G-Cloud also reflects continued support from the UK government; we have been working with the UK Home Office since November 2019, working with Worldreach Software to support the EU Settlement Scheme.

iProov products you can find on G-Cloud

This is the third year iProov has been included on the G-Cloud Digital Marketplace – we have been a verified supplier on both G-Cloud 10 and 11, offering cloud technology services to the UK public sector for several years. We have four products currently listed on G-Cloud:

  • Face Verifier
  • Enroller
  • Palm Verifier
  • Basic Face Verifier

Find an in-depth focus on iProov products here. iProov can be found on the G-Cloud digital marketplace under the following categories: Application Security, Information and Communications Technology, Operations Management, and Software Development Tools.

We look forward to working with customers in the UK government and public sector, both old and new!

Back to Resources

iProov wins the Cyber Security Excellence Biometric Solution awards 2021 image

iProov Takes Home Gold in Three Cybersecurity Excellence Awards: Government, Financial Services, and Identity Proofing & Corroboration

March 23 2021

iProov won three gold awards at the Cybersecurity Excellence Awards, picking up accolades for the best industry solution in the Financial Services, Government, and Identity Proofing & Corroboration sectors.

These wins provide further validation both of iProov’s growth and the value of its mission: to bring trust to the internet. As recognized by the Cybersecurity Excellence Awards, iProov had a stellar 2020—we announced a number of new customers, delivering security and trust particularly to government and financial services organizations. For example:

With iProov, Singapore residents can now securely access government services using biometric face verification. Residents can complete a range of tasks, such as filing tax returns, accessing over 500 different services.

In 2020 the US Department of Homeland Security announced it was moving into pilot phase on a project to enable border crossings to be streamlined while also maintaining a high degree of security and identity status.

iProov announced in June 2020 that we would be providing biometric face verification technology to Knab, the Dutch challenger bank. This means that customers who want to authenticate sensitive transactions online can now do so safely and securely.

You can read more about how we serve financial services here, how we work with governments here, and find a full list of iProov case studies here.

 

What are the Cybersecurity Excellence Awards?

The Cybersecurity Excellence Awards seek to recognize companies that display excellence, innovation, and leadership in digital security. 

The awards are run by Cybersecurity Insiders, an organization followed by over 400,000 infosec members and cybersecurity professionals online. The awards have a global scope, honoring the top companies and solutions in cybersecurity across the world. These awards are selected through the strength of each nomination and by public popular vote.

This was the 6th annual installment of the Cybersecurity Excellence Awards.

If your organization requires world-leading biometric technology for onboarding and authenticating remote customers, iProov can help. Book a demo today. Alternatively, here are two pieces of content we think you’ll enjoy:

Back to Resources

Deepfake fraud and deepfakes of the dead: image representing AI-generated woman security fraud attempt, being scanned, deepfake technology

Deepfakes of the Dead: Could They Be a Threat to the Financial Services Sector?

March 18 2021

The BBC recently reported on a new technology that is raising the dead.

OK, maybe not literally. But, using deepfake technology, a company called MyHeritage allows visitors to upload a photograph of deceased family members, which can then be animated into video. 

The company says that it’s intended “for nostalgic use…to bring beloved ancestors back to life”. But once again, it reminds us that deepfakes can pose a threat to society, governments, and enterprises.

How could deepfakes of the dead be used for fraud in financial services?

Deepfakes are videos or images created using AI-powered software to show people saying and doing things that they didn’t say or do. They have been used for pranks and entertainment, but also for more malicious purposes. The number of deepfake videos posted online is more than doubling year-on-year. 

This is why iProov Genuine Presence Assurance is so important. iProov verifies that a user is the right person, a real person, and that they are authenticating right now. This unique capability enables organizations to authenticate customers using face verification while protecting against the use of deepfakes and other synthetic media.

Let’s take a quick look at the ways that deepfake technology could be used by fraudsters to commit financial crime: 

Ghost Fraud

Ghost fraud refers to the process of using the data of a deceased person to impersonate them for financial gain. Ghost fraudsters can use a stolen identity of an individual to access online services, savings, and credit scores, along with applying for cards, loans, or benefits. Using deepfakes of the dead, criminals could make ghost fraud far more convincing. 

New Account Fraud

New account fraud, also known as application fraud, is when fraudsters use fake or stolen identities specifically to open bank accounts. Fraudsters can max out credit limits under the account name or take out loans that are never paid back. New account fraud is growing, accounting for $3.4 billion losses, and deepfakes of the dead could be used by fraudsters in their crimes.

Synthetic Identity Fraud

Synthetic identity fraud is a sophisticated and hard-to-spot form of online fraud. Fraudsters create identities using information from multiple people. Instead of stealing one identity—such as a recently deceased person’s name, address, and social security number—synthetic fraudsters use a blend of fake, real, and stolen information to create a “person” who doesn’t exist.

Fraudsters use synthetic identities to apply for credit/debit cards or complete other transactions that help build a credit score for non-existent customers. A deepfake of a deceased person could be used to bolster a synthetic identity.

Annuity/Pension/Life Insurance/Benefit Fraud

Another potential use of deepfakes of the dead is in annuity/pension, insurance, or benefit fraud. A deceased person could continue to claim a pension for years, whether by a professional fraudster or a family member. Genuine Presence Assurance from iProov can provide insurers and governments with the proof-of-life assurance that is needed to avoid such fraud. 

Financial crime is estimated to cost around $1.4 to $3.5 trillion in the US annually. Crucially, Mckinsey found that forms of synthetic identity fraud are the fastest-growing types of financial crime. And this was before Covid-19, when the use of digital channels to complete everyday tasks increased. 

What is deepfake technology? How does it work, exactly?

Deepfake technology is, ultimately, a form of synthetic media. It’s powered by artificial intelligence and deep learning. AI neural networks are trained on a dataset of images and video, learning to generate a person’s likeness onto another. The more data it has, the more accurately it can generate a likeness, match mannerisms and expressions, and the more realistic the fake videos can be.

Deepfakes have been garnering increased attention in the public eye. You may have seen fake videos of celebrities circulating social media without even realizing it. Think back to the Zuckerberg video of 2019, which was followed closely by Facebook’s sitewide ban of synthetic video in January 2020. More recently, a computer-generated video of Tom Cruise on TikTok went viral across the web. There was also Channel 4’s infamous deepfake of the Queen, who delivered an alternative Christmas message in the UK. 

Deepfake regulation

But what about regulation and legislation? There must be some restrictions, right?

Well, not quite. Regulations are coming. The US government approved a bill in November last year, ordering further research into deepfakes. The UK government is currently evaluating legislation to ban non-consensual deepfake videos. 

Why should you be worried about deepfakes and deepfake fraud?

Enterprises and governments need to protect their citizens and customers. Consumers are already concerned about deepfakes. We found in our report, The Threat of Deepfakes, that:

  • 75% of consumers are more likely to use online services that protect them from deepfakes 
  • 85% believe that deepfakes will make it harder to trust online services 

The use of deepfakes is growing, as is synthetic identity fraud. Retail banking, regulated insurance, and payment gateway providers are key targets for deepfake crime. 

How to detect deepfakes

Many deepfake videos are low quality. At the same time, there are ways of spotting if a video is likely to be a deepfake—changes in eye color, inconsistencies around the hairline, and other visual strangeness. However, don’t be misled: deepfake technology is becoming more and more sophisticated. Deepfakes that can’t be detected with the human eye are already out there. 

So, what’s the answer? Where does biometrics come in?

iProov’s Genuine Presence Assurance technology protects organizations and users against the threat of deepfake fraud. Our patented solution uses a series of colors in light to verify that a person is the right person, a real person, authenticating right now. This means that banks, governments and other organizations can use face biometric authentication to securely verify the identity of users.

Find out more: The Deepfake Threat

Book your iProov demo or contact us.

Back to Resources

iProov wins the Globee Best Biometric Solution Award 2021 image

iProov wins Best Biometric Solution at 2021 Cyber Security Global Excellence Awards

March 11 2021

iProov has been crowned the Gold Winner of Best Biometric Solution at the 2021 Cyber Security Global Excellence Awards. We won the award for our patented Genuine Presence Assurance technology, which enables organizations to onboard and authenticate customers securely and effortlessly. 

2020 proved that online identity verification is a necessity in our digital-first world. And so, iProov rose to the challenge: last year, the number of people authenticating with iProov grew by over 549%

We were recognized for our role in providing services for organizations such as the U.S. Department of Homeland Security, the UK Home Office, GovTech Singapore, and the UK National Health Service (NHS).

iProov replaces the need for an in-person identity check, enhancing security and convenience. Our technology defends against a wide range of biometric attack vectors, from presentation attacks (the use of photographs, masks, or replayed video presented to the device to spoof the system) to more sophisticated and highly scalable threats (like digital injection attacks using replayed or synthetic video, including deepfakes).

What are the Cyber Security Global Excellence Awards?

The Cyber Security Global Excellence Awards are run by the Globee Business Awards to promote outstanding achievement in digital security and information technology across the world. In the Biometric Solution category, the judges search particularly for advanced and ground-breaking products that are setting new standards in biometric technology. 

This was the 17th annual installment of the Cyber Security Global Excellence Awards, and iProov’s first time winning (but surely not the last!)

Want to know more about how your organization could benefit from iProov’s face verification technology? Book a demo today. Alternatively, here are two pieces of content we think you’ll enjoy:

  • Hear our Chief Technology Officer, Dominic Forrest, talk about how our global active threat management system, iSOC, works.
  • Our predictions for the future of biometrics…what can we expect in 2021?

Back to Resources

iProov International Women's Day

International Women’s Day – The Women Powering iProov

March 8 2021

It’s International Women’s Day and we decided to celebrate by hearing from some of the  talented women that work here at iProov. We asked them two questions:

  1. What’s your favourite thing about working in the technology industry?
  2. What advice would you give to young women starting out in their career? 

 

1: What’s your favourite thing about working in the technology industry?

Sital: The technology industry is incredibly fast-paced. At iProov we’re on the bleeding edge of technology innovation – what we’re doing has a material impact on keeping my friends and family safe online. We make something incredibly powerful and sophisticated easy to use for those that aren’t so tech-savvy. It also means that I get to work with incredibly talented people in domains I never knew existed.

Susannah: I’m exposed to job functions that I wouldn’t usually come across in my day to day life. I love being surrounded by innovation and intelligence which fuels my creativity as a marketer.

Freya: There is an amazing community of technology professionals. Though women aren’t equally represented (yet) in all areas of tech, the strength of them is mighty. They’re always willing to share their stories, experiences, and insights to help others. 

Bilyana: The technology industry is focused on breaking new ground and it’s the place where new inventive ideas and things are created. It’s exciting working in an environment full of variety, challenge, growth and advancement. 

Lynne: Technology underpins so much of what we do in the world. Being part of something meaningful and that can have a material impact on everyone’s daily lives is hugely exciting.

Martina: Every day is a new challenge and a good opportunity to learn something new. It’s great to work in such an innovative and fast-paced environment where everyone supports each other to solve problems and achieve goals.

Reena: It’s the way forwards. To know that I am a part of this fast paced and innovative industry excites me and makes me even more passionate about my contributions and the value my role adds.

Mirielle: No two days are the same. There’s always new technology and innovations around the corner that fuel my ideas. It’s great being on a journey where you are contributing to making a difference on how people interact with technology in their everyday lives.

Sarah: The technology industry is full of very bright people, which means that you’re challenged (in a positive way) every single day. 

Trupti: I’m the only person in tech and science from my banking family. I enjoy working in tech as well as teaching. My interest began in tech and teaching more when I trained visually impaired students with customised ORCA in 2009. Working in tech is making someone’s life better with innovation. I like attending meetups and I was an active volunteer for PyLadies Mumbai and Drupal meetups. Lockdown did not stop me – I organised and conducted the first online PyLadies meetup in March 2020. I always keep myself updated in tech by reading, listening to healthy debates and keeping myself open to learning from everyone around me.

Aarti: Technology is one of the very few industries that shifts the way the world lives and people behave. Technology work environments are often cradles for new concepts to take shape. It touches many other sectors. You can work in technology and play a part in healthcare or agriculture or entertainment! The variety, constant evolution and an opportunity to leave a good legacy behind are some of the reasons why I love working in tech!

 

2: What advice would you give to a young woman starting out their career today?

Sital: Do something that you enjoy and plays to your skills, as career choices today are much wider and varied. Don’t be afraid to ask questions and don’t doubt your capabilities.

Susannah: Believe in yourself and your capabilities. Trust your instincts and use your voice. There’s a place for you at the table – take a seat and join us! 

Freya: Take your time and trust yourself. You absolutely don’t have to know what you want to do or feel like you’re behind because you’re not an expert by age 25. And don’t be afraid to ask questions (yes, even the ones that you feel stupid asking); you’re learning, it’s allowed.

Bilyana: Try to learn as much as you can, don’t be shy to ask questions and show confidence in your work. Life is full of obstacles that you will overcome but also with opportunities to be taken. 

Lynne: Learn as much as you can about whatever type of work you choose to do. Look for inspiring people and learn from them. Be curious, interested and passionate and be prepared to get things wrong and learn from your mistakes. 

Martina: Don’t be shy! Express yourself. A positive and passionate mindset is the key to success.

Reena: Don’t let anyone hold you back. You can do and be whatever you want. Believe in yourself, set realistic goals, network with others, ask questions, learn from your mistakes and those of others. Write down your strengths and achievements in a book and keep adding to this over the years. If you ever find yourself doubting yourself or just feel like it’s becoming too much to handle, go back to that book and remind yourself of what you have achieved and your success so far. Keep going.

Mirielle: Determination to succeed. Don’t be afraid to share your ideas no matter how insignificant you think they are. Work with your colleagues to build on those ideas and create something amazing!

Sarah: There’s a famous quotation – “Whether you think you can or can’t, you’re right” – so be courageous and believe in yourself. And always work for a good boss. 

Trupti: Just be yourself, enjoy your work and never compare.

Aarti:  Adapt, pivot, learn, grow!  There is no such thing as “career for life”.  Don’t be afraid to change career tracks. Never second guess yourself!  Trust your instincts and follow your vision 🙂

Back to Resources

2021: what does the future of biometrics and digital identity hold? Cover image

The Future of Biometrics: Our 2021 Predictions for Digital Identity

December 15 2020

In December 2019, everyone at iProov met in our office and discussed predictions for 2020. We talked about digital transformation, particularly in financial services, government, and health. But nobody predicted a pandemic.

By December 2020—after a year of living, learning, and working online—digital transformation had accelerated beyond all expectations. On what was surely the 10,000th iProov Zoom call of the year, we debated our predictions for 2021 and agreed that it is going to be another big year for digital identity and biometrics.

So, without further ado, here are the topline predictions we think 2021 will bring for the future of biometrics and digital identity…

1: The deepfakes arms race will intensify in 2021

We can expect to see an explosion in the quality and quantity of deepfake usage in 2021. Some of it will be for light-hearted pranking, like Joe Biden turning up to family Zoom calls. Some will be for entertainment—like the makers of South Park are using deepfakes for their weekly online satire show, or creating AI-generated deepfakes from photographs of the dead.

But we’ll also see deepfakes being used for disinformation and fraud. Celebrities, politicians, and experts will be shown saying things that they’ve never said. Armies of ‘fake people’ who look and sound real will share disinformation on an enormous scale online, making people believe that thousands of people hold a contentious opinion, when in fact none of those people even exist.

It has become increasingly simple to create a very high-quality, sophisticated deepfake. What was once a very complicated process, only really possible in Hollywood movie studios is now something that any teenager sitting in their bedroom can execute proficiently. The arms race between misuse of convincing deepfake technology and the technology companies, governments, and businesses that are protecting society and democracy will intensify as a result.

2: Digital onboarding with online biometrics and cloud biometrics will expand to new countries

Within the next 12 months, banking regulators in global territories—including Europe and the far East—will authorize the use of automated biometrics instead of video calling for remote Know Your Customer (KYC) processes. Just as in 2019, when a well-publicized voice fraud scam duped a high-profile CEO, by the end of the year there will have been several criminal money-laundering scandals arising from the use of deepfakes in video calls. Countering this could very well mean that several countries, including the United States, also take concrete steps towards instituting government-backed digital identities. This will be an important step towards enabling financial institutions and government departments to verify identity and mitigate fraud in bank onboarding and government support programs.

3: Social networks will turn their attention to user authenticity

Goodbye, anonymous trolls. To curb abuse and rebuild trust, social media platforms will offer additional capabilities to verify their users. Like the blue checkmark on Twitter, online identities will become easily recognizable as genuine. Currently, this type of confirmation is a manual process reserved for high-profile accounts in the public interest. To automate verification and extend a badge of trust to more users, social media platforms will need to deploy strong, irrefutable authentication that a user is a real human being.

Biometrics offers the effortless usability and accuracy of authentication that will be needed to do this at scale. Informed choice and consent will help to ease privacy concerns and objections.

4: Temporary changes to healthcare will become permanent

Video doctor visits, same-day prescription home deliveries, and online symptom checks are just some of the emergency measures put in place in several countries to provide safe patient access to medical services during the pandemic. Laws were temporarily relaxed to allow for quick innovations that will most likely become a permanent fixture of modern healthcare. But these conveniences cannot become commonplace without putting some additional safety and privacy measures in place. One example is using remote biometric identification to protect patient privacy, verify identity, and prevent abuse of services, such as prescription management.

5: The US will take steps towards instituting government-backed digital identities (both private and public)

One of the reasons that the US is lagging in digitization is that there is no centralized, trustworthy source of online identification. The COVID-19 pandemic has highlighted two significant issues with this: first, the dependence on physical document checks to open bank accounts or access government services, when technology can now verify identity better than humans. Second, the inability to prevent fraud when government support programs are ramped up to cope with crises. Government-backed digital identities will allow banks and other institutions to securely verify the identity of customers and citizens online, giving those individuals access to a broader range of services, while cutting back on the risk of fraud.

6: There will be contactless border crossings on both sides of the Atlantic by 2022

Contactless travel and curb-to-gate self-service will make border crossings safer and faster. The Department of Homeland Security plans to pilot an integrated solution from iProov to enable travelers to quickly transit remote border ports using their personal devices to report their entry and exit to CBP―without requiring the direct engagement of a CBP Officer in person or online―with a secure, privacy-focused mobile application.

In Europe, as part of its railway innovation initiative, Eurostar is planning deployment of iProov biometric technology to authenticate tickets via an optional walk-through biometric facial verification corridor. Transportation experiences that offer contactless checks allow travelers to more easily practice health guidelines to maintain physical distance from others and minimize contact with high-touch surfaces.

7: Biometrics will enable digital novices to connect and authenticate online

The pandemic is pushing everyone online, whether they like it or not. This should be treated as a real opportunity to provide older generations and technology newcomers with access to services that they wouldn’t otherwise have had.

In 2021, this will result in three things:

  • Firstly, the password, which has long been the bane of many people’s online interactions, will be replaced by simpler authentication methods, such as biometrics.
  • Secondly, if progress in this area continues to be made in 2021, it’s possible that worldwide as many as 100 million people over the age of 70 will possess digital IDs, with the concept of the ‘digital power of attorney’ very soon becoming a reality.
  • Thirdly, many of the people using technology for the first time are also often the ones who are most susceptible to online manipulation. Seniors are about five times more likely to report a financial loss due to tech support scams. Creating ways of safeguarding individuals online will move further up the agenda.

8: Online dating will be less risky with biometrics

Matchmaking sites will adopt biometric authentication to make it easier to distinguish deceptive dating practices such as catfishing. More than a quarter of dating website users were duped by fake personas over the past year. With face-to-face interaction greatly diminished in the pandemic, people of all ages are going online, not just to find love but also to socialize and connect with other humans at a safe distance.

Find out more about how iProov is helping customers such as the Singapore Government, the National Health Service, the UK Home Office, Rabobank, Knab Bank, and Eurostar by viewing our case studies.

…And read iProov’s predictions for 2022 here!

Back to Resources

Genuine Presence Assurance examples

5 Times the World Needed Genuine Presence Assurance in 2020

December 2 2020

2020 has been an online year: we’ve had to socialize online, work online, learn online, and do our admin, shopping, banking, healthcare and everything else online. It’s not surprising that online crime has also increased.

More than ever before, we need to be able to check that an individual online is who they claim to be. Governments need to check the identity of people applying for support programs, banks need to check the identity of customers who can no longer come into branches, organizations running secure conference calls need to make sure that they’re not being infiltrated by the wrong people.

The answer to all of the above is biometric Genuine Presence Assurance.

We thought we’d share some of the year’s most newsworthy examples of when Genuine Presence Assurance would have been helpful:

1. A 6 year old boy buys £19,000 monster truck on eBay

It’s a big price to pay for leaving your laptop open: Mohammad Faraji ended up with a bill for £19,000 after his six-year-old son bought a monster truck on eBay. Mr Faraji had been using PayPal for years for small payments and was shocked that the huge amount was processed without any security check. Genuine Presence Assurance would have enabled a quick ‘step-up authentication‘ to check that Mr Faraji was indeed the person agreeing to pay £19,000.

Monster Truck eBay

2. Fraudsters steal $58m using video calls and mask, pretending to be French foreign minister

It was audacious but they nearly got away with $58m. A group of fraudsters pretended to be Jean-Yves Le Drian, now French foreign minister but at the time the minister for defense. The criminals targeted 150 people and organizations, requesting funds by phone and video call for secret missions. In the Skype calls, one of the gang wears a custom-made mask of Mr Le Drian in a fake office, complete with flags and a portrait of the French President. Genuine Presence Assurance can verify identity on conference calls, ensuring that sensitive conversations are held in total confidence that the individuals are who they say they are. Secondly, as the name suggests, Genuine Presence Assurance detects that a user is a real human being – it recognizes masks and other presentation attacks, such as photographs.

3. Premiership football club nearly loses £1m on a hacked player transfer

Another example of audacity: the National Cyber Security Centre (NCSC) reported this year that the email address of a Premier League football club’s managing director was hacked during a transfer negotiation. It was only the intervention of the club’s bank that stopped £1m being paid to the criminals. Transfers are often done under intense time pressure – even if you’re not a Premiership football club, time pressure creates a perfect opportunity for criminals to dupe your employees. Genuine Presence Assurance can ensure that only certain individuals can set up new payees or authorize large payments on bank accounts.

Money and Football

4. Elon Musk joins the conference call

Imagine wrapping up a work call and suddenly Elon Musk appears, apologizing for accessing the wrong meeting and complimenting you on your hair. This scenario, demonstrated by the team at Avatarify, went viral earlier this year showing the power of deepfake technology. It might not have been seamless but it demonstrated the potential of being able to take any face and make it say anything. Genuine Presence Assurance has been designed to detect deepfakes and other synthetic media – as deepfakes become more sophisticated, it is becoming impossible for people to tell the difference between real and fake. Only technology will be able to protect against their malicious use on conference calls, or for accessing devices or secure services.

5. Dutch journalist joins security council call

This final example shows what’s at stake with insecure conference calls: a journalist managed to guess his way onto a confidential video conference of EU defense ministers when the Dutch defense minister accidentally posted some of the login details on Twitter. “You know that you have been jumping into a secret conference?” EU foreign policy chief Josep Borrell says. “You know it’s a criminal offence, huh? You’d better sign off quickly before the police arrives.” It’s easy to blame over-enthusiastic tweeting, but the responsibility lies with the people running the conference: if it needs to be secure, Genuine Presence Assurance is the only way to ensure that only the right identifiable and verifiable human beings are joining the call.

How can Genuine Presence Assurance help your organization?

Genuine Presence Assurance verifies that an individual is:

  • The right person
  • A real person
  • Right now

Read our Genuine Presence Assurance case studies, showing how banks, governments, social networks, healthcare providers, travel organizations and more are protecting their customers and organizations from online fraud and other cybercrime.

Back to Resources

iProov quote Ideas Tw v1 Quote 11

How many online purchases will be abandoned this Black Friday because of password frustration?

November 24 2020

Earlier this year, iProov published data showing that the average American abandons an online purchase 16 times a year because they can’t remember their password. It’s not much better in the UK; the average Brit abandons 15 purchases a year.

Black Friday graph Chart 1 1

Think of all the frustrated customers trying to remember their passwords. Think of the millions of dollars of lost sales. Think of all the marketing budget invested in getting a customer to the point where they’re ready to pay…and then an unnecessarily clunky log-in process that hasn’t changed much in 20 years sends them away. 

How does biometric authentication reduce abandoned purchases?

Biometric authentication provides two things that passwords cannot offer: security and usability. Passwords can be stolen or guessed. Your real face cannot be stolen. Liveness detection enables customers to complete a face scan lasting a few seconds, which confirms that they are the right person (replacing the need for a password) and that they are a real person. 

This means that customers get a simple, convenient, hassle-free way to log into a website within seconds, which prevents abandoned purchases. Retailers, on the other hand, can increase their security against fraud.

Consider the difference between passwords and Liveness Assurance from iProov:

Using passwords:

  • Imagine you are using a password to log in and buy a jumper as a gift for a loved one
  • The website says ‘Sign In! Or choose ‘New Customer!’
  • You immediately start a conversation in your head: Have I used this website before? If I click New Customer and put my email address in it could throw an error that it’s already in use? What to do? I’ll risk it and choose ‘Sign In’.
  • Type in my email address.
  • What’s my password? The password that I was using a lot this time last year was…it could be one of three. I’ll try one of them and see how I get on.
  • ‘Email address or password not recognized.’ Now what? Have I used the wrong email address? Or the wrong password? Do I try the same email with the other two password options? Or do I try another email with the same password? I’ll just click Forgot Password.
  • ‘Please provide your email address and if we recognize it we’ll email you.’ OK. Type in email address. Then go to my email account. Nothing there. Is that because it’s slow? How long should I wait? Or has it gone into spam? Or was the email address wrong?
  • Amazon does jumpers. It’s not the type of jumper my mother asked for or even wears but it’s the thought that counts.

Purchase abandoned.

Using iProov Liveness Assurance:

  • ‘Sign In! Or choose ‘New Customer’!’ I’m fairly sure I have an account with this website. Here’s my email address. Now a quick face scan lasting 3 seconds. It let me in! Great!

Purchase complete.

It’s time to bring authentication into the 21st century. Let’s aim for a Black Friday without the password frustration and abandoned purchases in 2021. Read more about passwordless authentication from iProov.

 

Back to Resources

Andrew Bud

“Scratch me, I’m an engineer” – an interview with Andrew Bud

November 19 2020

iProov CEO, Andrew Bud, talks to the Mobile Ecosystem Forum about his career – from engineering a faster chocolate Flake machine to creating iProov and Genuine Presence Assurance.

Watch the interview with Andrew Bud

Back to Resources

iProov GovTech

Singapore GovTech shares face verification insights on iProov webinar

November 10 2020

A big thank you to everyone who joined our webinar on Face the Challenge: Singapore’s Solution to Digital ID Verification.

We were honored to have Quek Sin Kwok, Senior Director of National Digital Identity at the Government Technology Agency of Singapore (GovTech), as our guest on the panel.

He was joined by iProov’s founder and CEO, Andrew Bud, and by Dr Foong Wai Keong from systems integrator, Toppan Ecquaria.

The webinar kicked off with a presentation from Dominic Foon at GovTech. He talked about Singapore’s Smart Nation initiative and the role that national digital identity plays in growing the economy. He also provided an overview of the SingPass platform, which is used by 4 million Singapore residents to transact with over 400 digital services.

Dominic also explained the importance of GovTech’s biometrics-as-a-service platform. This enables private enterprises to take advantage of the government’s National Digital Identity (NDI) infrastructure, offering simplified face authentication to customers without the business needing to invest in biometric systems. A local bank using the NDI platform has already seen thousands of authentications with a high success rate.

A panel discussion followed the presentation. Some of the points covered on the webinar include:

  • Why facial verification: what are the advantages of face authentication over fingerprints and other biometric identification?
  • How GovTech completed the supplier selection for this pioneering face verification project, testing many global solutions for security before choosing iProov
  • The importance of Genuine Presence Assurance – why GovTech needed the most secure technology available
  • The importance of privacy: how is the biometric data stored?
  • Biometrics-as-a-service: what has been the response from the private sector?
  • Learnings from the project
  • What’s next for SingPass?

You can watch the on-demand webinar here.

Find out more about how iProov supports government national identity programs.
To hear about future iProov webinars, please follow us on Twitter or LinkedIn.

Back to Resources

US consumers reset password

How Can Biometric Technology Help With Data Breaches?

October 23 2020

Barnes & Noble, the US bookseller, has become the latest brand to notify its customers about a data breach.

Customer email addresses, billing and shipping addresses, telephone numbers, and order histories may have been exposed during the breach. 

But does anybody care? Does ‘data breach fatigue’ mean that most people take little to no notice of such occurrences? When iProov completed a consumer survey earlier this year, it showed that 39% of UK consumers and 36% of Americans who had experienced a data breach have now taken the attitude to “just put up with it” when it happens. 10% and 12% respectively went even further and said the breaches “don’t bother me”. 

Why is this? Is our assumption that nothing really bad can happen – the database was stolen, criminals might now know our names, addresses, email addresses and what books we bought. It’s a retailer. As long as my bank account is secure, I’m OK – right?

Wrong. It doesn’t matter if a criminal steals your email address from your bank or from the tiny website that you used once to buy a Hallowe’en outfit for a pet dog – an email address is an email address and chances are that you’ve used it elsewhere. If criminals can break into enough weak databases, they can acquire pots of data that can be pooled. That pooled data can then provide enough information on you to give your own mother a run for her money.

How iProov Biometric Technology Limits the Impact of Data Breaches

1) We ensure that stolen data cannot be used to create bank accounts or apply for credit cards.

Stolen data is always a means to an end, whether that’s money laundering, theft, or malicious intent. Money laundering relies on being able to open bank accounts using stolen identities or fake names.

But criminals cannot steal your physical face. Genuine Presence Assurance from iProov is used by banks and other enterprises to make sure that online accounts can only be opened by a live human being, whose face matches the image held in a trusted identity document and who is genuinely present at that very moment to complete the authentication. If banks are using Genuine Presence Assurance, stolen identity data cannot be used.

2) We ensure that ongoing authentication is secure.

If a criminal attempts to take over a consumer’s existing account using stolen data – a bank account, an Ebay or other retail account, or any kind of account – they can’t do it if the business or service in question insists on an iProov verification for sensitive or flagged transactions. Again – the criminal can’t steal a physical face, so iProov stops them from taking over the account and doing any damage.

“Data breach fatigue is a worrying trend, because as consumers are losing interest in data theft, criminals are getting better and better at it,” says Andrew Bud, CEO of iProov. “The implications of breaches are severe: global crime is being facilitated through money laundering, while consumers, businesses and governments are losing millions of dollars through fraud due to identity theft every year. We need to stop seeing it as an occupational hazard of living and working online.”

“With Genuine Presence Assurance, banks, governments, healthcare providers and other organizations can protect themselves and their customers against fraud, while also playing their part in preventing money laundering and other organized crime.”

Data Breach Statistics – Data Breach Fatigue is a Problem

60% of consumers have had to change a password after a breach

US consumers reset password UK consumers reset password

37% of those have had it happen 3 times or more

US Consumer reset password more than 3 times  UK Consumer reset password more than 3 times

51% get annoyed about it but 37% say they ‘just put up with it’ and 11% say it doesn’t bother them

US consumer annoyed password change  UK consumers annoyed password reset

36% have had to cancel a debit/credit card because of a breach.

US consumer cancel credit card due to security data breach  UK consumer cancel credit card due to security data breach

Back to Resources

safeguarding social network

How can social networks safeguard users with biometric authentication?

October 8 2020

Trolling is a growing issue for social networks, forums, news sites, and any online site where someone can anonymously comment without any real repercussions. 71% of people don’t feel like social platforms are doing enough to fight the problem of virtual harassment.

Social networking sites like Facebook and Twitter are working to reduce trolling. When fake or abusive accounts get reported, what efforts do they actually make to ensure the troll doesn’t just set up another account under an anonymous or fake alias? Twitter recently banned high profile celebrities for their abusive tweets, such as Katie Hopkins and Wiley for breaking the conduct rules. But how can they prevent future abuse?

In a recent interview with the i, iProov CEO Andrew Bud, CBE said: “The scope for minor key forms of terror that can be injected into social networks if you don’t have good accountability of people’s behaviour is huge, and face verification is the way in which you can identify and stop trolls. iProov has the capability to do that on a very large scale, very reliably.”

At iProov, our mission is to make the internet a safer place, by building trust online with our biometric authentication technology. There is great potential for the introduction of biometrics to verify users on social platforms and safeguard communities from abusive behaviour. In early July we helped launch the first use of biometric safeguarding with an intergenerational mentoring platform, bloomd. The launch of the platform, originally planned for later this year, was brought forward to help support those impacted by loneliness or isolation during the pandemic.

bloomd uses biometric authentication as a ‘virtual doorperson’ so that anyone who violates the code of conduct will be banned, even if they attempt to sign up with a different name or email address. Not only does this safeguard the users within the community, but it will hold people accountable to misuse or trolling.

By integrating iProov’s Genuine Presence Assurance into the registration process, social platforms will ensure that users are real humans and not bots. Our biometric authentication confirms in a short ceremony that the user is the right person, a real person, and authenticating right now. The one-time biometric prevents account takeover from cyber criminals. iProov provides a secure way of preventing trolls from signing up under a different name to continue their abusive behaviour, as their iProov authentication will confirm if they have been banned previously.

So how long will it take for more social networks to protect their users from trolls and fake news? We hope platforms like bloomd will set a precedent for change. To find out more about how bloomd works, watch the webcast here.

Read more on how iProov can be used for safeguarding here.

Back to Resources

Mvine digital passport

iProov and Mvine: delivering the first Covid-19 antibody test status digital passport

October 5 2020

After winning an Innovate UK competition to build a technology solution to help manage the COVID crisis, Mvine and iProov worked tirelessly to be the first to deliver a working prototype.

iProov’s SVP Revenue, Luke Moore, spoke with Mvine’s Director of Communications, Joseph Spear to find out more. First, we asked Joseph about Mvine’s unique background and how they got to where they are today. We delve into exactly what is included in the antibody test status digital passport and how it will work for users. And finally, how Mvine and iProov collaborated to ensure the project was delivered on time, in just two months, and to budget, with the help of the customer success team at iProov.

Watch the webcast below, and to learn more, contact contact@iproov.com.

Back to Resources

Reducing online fraud in regulated industries

Reducing Online Fraud for Regulated Industries: iProov Talks to Northrow’s CEO Adrian Black

September 30 2020

iProov’s partner, NorthRow recently reached its 10 year anniversary, which is a significant milestone. Congratulations! 

We took the opportunity to speak to NorthRow’s CEO, Adrian Black, to find out more about the history of one of the UK’s leading RegTech firms, understand the services they provide, and more importantly, why the NorthRow-iProov partnership is a powerful combination for remote onboarding.

So Adrian, how did you get into the fraud and compliance industry?

My last corporate job was at the Daily Mail Group. They run a lot of online businesses which means that online fraud has been a continuing problem. At the time of working there, the Metropolitan Police had set up Operation Sterling, which was an anti-fraud initiative. They created industry-specific forums to share intelligence and fight online fraud. For three years I helped establish, and then chaired one of those fraud forums, working with the Police, the Information Commissioner’s Office, and other leading players in online automotive classified advertising. I was keen to get involved and influence the fight against online fraud. 

We developed an active and effective means of intelligence sharing which resulted in blocking fraudulent advertisements with a face value of around £250m in the first few years of operation. This success, in helping tackle automotive classified advertising fraud, led to meetings with other industry sectors and helped me identify an opportunity to tackle the fraud challenges that they also faced.

It was clear that technology could provide an improved solution by automating intelligence sharing. So in 2010, I decided to start a new venture to use data to tackle this area of financial crime. I wrote the business plan, financial model, and prototype software aimed at a range of classified advertising sectors, which then grew into the broad service we offer today to regulated businesses.

NorthRow provides remote client onboarding services to regulated businesses, including financial services, payments, lenders, retail, hospitality and property. Can you explain how it works?

NorthRow provides technology to digitally transform complex client onboarding, monitoring and KYC remediation processes to improve the customers’ experience, reduce compliance spend and help to ensure regulatory obligations are met.

By automating much of the onboarding process NorthRow simplifies the complexity of compliance, enabling clients to perform Know Your Business (KYB) and Know Your Customer (KYC) verification efficiently.

A key differentiator for NorthRow is that we deliver our highly configurable solution via a single API that can be plugged into clients’ onboarding and monitoring systems, to support different stages and processes. One size doesn’t always fit all for this type of process so our single API is easily customized to help drive operational efficiencies and compliance obligations.

We offer a fully remote verification service called RemoteVerify that captures and verifies the biometrics and ID documents of the end-user for our clients. To ensure we offer our clients the best remote onboarding experience, we integrated iProov’s market-leading Flashmark facial verification technology. By adding Genuine Presence Assurance to RemoteVerify we have further enhanced the user experience and enable regulated businesses to know that each individual checked is not only a real person but also the right person and that they are genuinely present.

Why do regulated companies need to be diligent during onboarding?

I think there are three main reasons:

  • Firstly, they should be looking to reduce their own risk of losses from fraud. Fraud not only costs money in real terms but also in reputational damage that may have a far-reaching impact which can be more severe than the fraud losses themselves.
  • Secondly, they should be diligent in reducing the risk of regulatory failures. The regulations exist to protect consumers and help tackle the corrosive effect of financial crime, especially from organized criminal gangs. 
  • Finally, they should care. They should want to try and reduce the overall harm and the impacts of fraud from an economic and societal sense.

Companies that view client due diligence as a simple tick-box exercise are not just at risk of failing to fulfill their compliance obligations to the regulators, but also the broader moral, economic, and societal efforts.

Society should care about the reasons why we have regulations in place, and business leaders should build a culture within their teams that promotes a better understanding of the importance of compliance. 

Have you ever seen onboarding go wrong? What were the implications and what can other regulated companies learn from it?

Yes, I have seen a number of examples where businesses have tried to tick a box or undertake the bare minimum requirements. Thankfully there have been improvements in awareness and enforcement so there are fewer cases. But just collecting identity documents is nothing like sufficient. 

In the past, I have seen businesses that have adopted the ‘I’ve been sent a document, taken a copy and stuck it in a digital filing cabinet, so I’m fine’ mentality. Unfortunately, these businesses have been exposed to fraud which has not only cost them financially in fines but also loss of revenue through reputational damage.

Once a criminal gang finds an organization that has left itself exposed, they sweep in and systematically attack over a longer period of time. And before they know it, the business has been exposed to fraud or has facilitated massive money laundering without even realizing it. 

Fortunately, the clients we work with have taken a proactive approach to protecting their business and want to benefit from the digital transformation of their compliance processes.

At NorthRow we prevent that exposure to fraud by collecting and verifying all required documents, electronically and automatically in order to make the process more efficient. It’s not just about onboarding, but the entire process of periodic reviews, remediation, and monitoring.

Regulated businesses should learn from past mistakes and place the entire lifecycle at the heart of their compliance strategy

An important part of the process is to have the capacity to complete an expert review only when you need to. Not all clients require review – just those that are high risk. By using a digital solution that can be tailored to the requirements of the organization costs can be kept to a minimum and resources allocated to the right areas with an amber management approach that flags high-risk clients. 

What were the key drivers when you were looking for a partner?

It’s not enough to collect documents. It’s also about asking: where has this document come from? Is it definitely associated with this individual? And therefore you need to see the individual. And to ‘see’ an individual who isn’t physically in front of you, you need to carry out a ‘Genuine Presence Assurance’ check. That’s why we partnered with iProov.

At NorthRow, we have to be experts in what we do. That means we want every one of our suppliers and partners to be class-leading in their own specialty. So we need high-performing, robust technology from our partners. But just as importantly, we want partners that care. We want partners who share values and enjoy working with us, where we can genuinely grow together. That was an early appeal of iProov, even before the technology. We like the company. We like the approach. We like the people and the tech’s great as well.

How does iProov enhance your service?

We can collect documents and images of people through our app. But we also need the Genuine Presence Assurance checks to enable us to deliver the additional level of verification to protect against sophisticated cybercriminals. iProov has really clever, patented tech that identifies impersonation attacks. The technology arms race is developing as cybercriminals continue to invest in clever tech. so we need to ensure we stay one step ahead. 

In the future, I think there’s going to be an increasing need for protection against those more sophisticated replay or injection attacks, which iProov helps protect against. Really risk-averse clients, of which there are many, really care about that. 

What do you think the future holds for remote onboarding and the iProov-NorthRow partnership?

Remote onboarding is just going to accelerate in my view. Demand has been steadily increasing and now it’s seeing exponential growth as a result of Covid-19. Initially, larger companies were reluctant to adopt, but now they have little choice as consumer demand is driving the market to deploy even more services online. 

I can hear the organized criminal gangs cheering as that makes their life so much easier – online activity facilitates increased crime. In our partnership with iProov, we can jointly meet the growing and accelerating demand for remote onboarding with a safe and robust solution that reduces the options for cybercriminals. And together, we can support our clients adapt to the current challenges and allow them to digitally grow their business and operate safely and remotely. That’s really important. 

Thank you to Adrian for speaking with us. If you want to learn more about remote onboarding with NorthRow and iProov, get in touch with us at enquiries@iproov.com.

Back to Resources

Andrew Bud FREng

iProov CEO Andrew Bud is made Fellow of the Royal Academy of Engineering

September 22 2020

iProov is proud to announce today that Andrew Bud, our founder and CEO, has been made a Fellow of the Royal Academy of Engineering.

His election comes in recognition of his outstanding and continuing contribution to the engineering profession.

“I always wanted to be an engineer. It was such a miraculous idea that by the power of thought and action you could conjure into being objects that worked and did clever and useful things.

“And then it was my parents’ dream – they could conceive of no higher calling. That was also my rare good fortune: to be supported by values that valued engineering.

“It wasn’t that common. As a student, I would go to parties and admit I was an engineer. If I was lucky, girls would ask me what kind of lawyer that was. Fortunately, the mood changed suddenly in the early 1980s, and for a period it became glamorous – a little like “building a start-up” nowadays.”

After completing his Masters degree in Engineering at the University of Cambridge, Andrew started his career at the UK Atomic Energy Authority Culham Laboratory for Fusion Research. He then moved to PA Technology where, in his words, he “designed a new catflap, spent time on an oil rig and wrote the software for the fastest chocolate Flake machine in the world.”

It was there that he got involved in the project to build the world’s first digital mobile phone and fell in love with telecommunications. During his time at Olivetti in Italy he led the project to design the Omnitel network, followed by a series of other pioneering and ground-breaking mobile technology projects.

Having spotted the opportunity of SMS, he set up mBlox, which became the world’s largest provider of SMS transmission for enterprise applications. He also helped found a new trade association, which became the Mobile Ecosystem Forum and continues to support vendors from every part of the mobile value chain

At mBlox he recognized the need for remote identity verification and the threat of replay attacks. This led to iProov.

Andrew sums it up:

“I believe that the career of an engineer is defined by the nature of the challenges they choose to face, rather than by a specific sector of technology.

“In the 1980s I took part in the microprocessor revolution, during which products of every kind were completely reengineered to respond to the disruption of microelectronics.

“In the 1990s I was privileged to be a pioneer in the dawn and flowering of the mobile communications revolution, which then evolved in the 2000s into the mobile applications revolution.

“The new challenge – the search for trust in digital identity – is perhaps even bigger and more vital than its predecessor.”

“I hope that many bright young engineers forge their careers in the excitement and challenge of the journey, and just as many can treasure their time in start-ups, scale-ups and, ultimately, the great corporations they build, and say ‘We conjured into being things that worked and did clever and useful things, for the benefit of our fellows and of all mankind’. As my parents believed, there is no higher calling.”

Andrew was also made a CBE in the 2020 New Year Honours.

Back to Resources

iproov security operations centre webcast

The iProov Security Operations Centre: Global Active Threat Management for Biometric Assurance

September 9 2020

iProov recently announced its launch of the world’s first global threat intelligence system for biometric assurance. The iProov Security Operations Centre (iSOC) is fundamental in detecting, blocking, and learning from sophisticated cyber attacks that are attempted every single day against our customers worldwide.

So to explain exactly why the iSOC is needed, and what it does for our customers using iProov Genuine Presence Assurance technology, we spoke to iProov CTO, Dominic Forrest.

In the ten minute webcast, Dominic takes us through three key points:

  1. Biometric authentication: why it’s becoming the go-to technology for online security
  2. What iSOC is, and why it is critical to enterprises and governments
  3. What iSOC does to protect our customers all over the world

If you have more questions about iSOC or iProov’s Genuine Presence Assurance technology, get in touch with us today at contact@iproov.com.

To learn more about the growing threat of Deepfakes, download our latest free report here.

Back to Resources

iproov canny interface

Why iProov Genuine Presence Assurance Doesn’t Use Selfies

August 26 2020

Do you suffer from selfie anxiety? If so, you’re not alone. According to our survey, 34% of people in the UK and US class themselves as having selfie anxiety – either they don’t know how to take a selfie, or they don’t like how they look in them, or they just don’t like taking pictures of themselves.

In fact, 63% of the people we surveyed said that they don’t like how they look on mobile video calls, which is selfie anxiety in all but name.

Why does selfie anxiety matter to iProov?

Let’s be clear: iProov’s face verification doesn’t use selfies. An individual sending a selfie (sometimes known as single frame liveness) to prove their identity online is not secure. iProov uses a brief facial scan that allows you to confirm that you are the right person, a real person, authenticating right now when you use your mobile device or computer to access a service online. The short ‘ceremony’ as we call it lasts a few seconds and gives you the reassurance that your identity and privacy are being protected online.

So we don’t use selfies. But selfie anxiety still matters to us, because we care very much about user experience. If 63% of people don’t like seeing themselves on a mobile device, then that would make the face biometric authentication experience unpleasant for a very large number of people.

This is the interface that a user sees when they authenticate themselves with iProov Genuine Presence Assurance:

Image of iProov's Genuine Presence Assurance Abstracted Image line drawing

Why did we use a line drawing instead of a mirror view of the user’s face? How did this user interface come about?

Stage 1: It Started With Real Images

It happens to us all: your phone switches to camera mode and you realise with horror that your hair is sticking up. You immediately start fixing it. The problem here is that users don’t need to look their best for biometric authentication, as sticky-up hair or smudged mascara don’t affect the accuracy of the result at all. But our natural instinct when faced with a full image of ourselves is to delay the authentication process while we make adjustments, when those things are actually completely inconsequential.

The other risk is that the user might not complete the process at all if they don’t like what they’re seeing. If their hair won’t play ball or they’re in the 63% who flinch on seeing themselves, they could just shut the whole thing down. This is why we decided that the process of iProoving should not involve a mirror image of the user’s face – it’s potentially not an enjoyable experience for a lot of people and could impact the chances of success.

Stage 2: What Happens If You Show Nothing

We briefly experimented with showing nothing at all on the screen during the authentication. It didn’t work: users weren’t able to line their faces up and it became very hard to complete the process. We also felt that it wasn’t fair to scan people’s faces without sharing that fact with them, visually through the use of their face image, as well as in written form.

Stage 3: Meet Mr Canny

It was then that we found our answer, which is now part of several global patents and unique to iProov. The Canny edge detector, developed by a man called John Canny, uses an algorithm to detect a wide range of edges in images. Using this edge detector, we provide a simple outline of the user’s face that gives enough guidance on how to line the face up and complete the process without scaring the user off. We then did a lot of work to develop exactly the right shading to add depth, and fading to soften the edges, resulting in an authentically pleasing filter akin to those found on social media platforms:

iproov interface

The moral of this story is that user experience and security go hand in hand at iProov. Each and every moment of the authentication journey presents an opportunity for the experience to jar with the user and those snags have to be removed to ensure maximum completion rates. iProov has 19 patents and a number of them relate to this line drawing and ensuring a happy user experience.

Statistics from the iProov selfie anxiety survey:

What does selfie anxiety mean?

What does selfie anxiety mean?

Do you ever have selfie anxiety?

Do you ever have selfie anxiety?

Do you like how you look like on mobile video calls?

selfie anxiety on mobile video calls

If someone says to you “let’s take a selfie”, what is the first thing you do?

reaction to taking a selfie

iProov Genuine Presence Assurance is used by governments, financial institutions and other enterprises all over the globe. To find out more, contact us at enquiries@iproov.com today.

Back to Resources

iProov and Evernym webcast

iProov and Evernym: Enabling Trust Online with Self-Sovereign Identity

August 19 2020

iProov recently announced its partnership with Self-Sovereign Identity (SSI) specialists, Evernym. We caught up with Andy Tobin, Managing Director of Evernym’s European business, to find out more.

In the 10 minute webcast, Andy speaks to Tom Whitney, our Global Head of Solutions Consultancy, about Evernym’s story and the problem they are trying to solve. Andy also explains the concept of SSI, why it’s important for enterprises and users wanting to manage their digital identity, and what the future holds for Evernym.

There are also plenty of insights into the partnership between Evernym and iProov and what iProov’s Genuine Presence Assurance technology will bring to Evernym customers.

Watch the webcast below and contact contact@iproov.com if you would like to know more about iProov, Evernym, or digital identity.

Back to Resources

Gartner Guide User Authentication

iProov named in the 2020 Gartner Market Guide for User Authentication

August 13 2020

iProov has been identified as a Representative Vendor in Gartner’s 2020 Market Guide for User Authentication. iProov was named in the Biometric Authentication category.

The 2020 Market Guide for User Authentication takes a close look at the current user authentication landscape as the market continues to grow.

Used for customer onboarding as well as ongoing authentication, iProov technology is being used by the US Department of Homeland Security, UK Home Office, NHS, Rabobank, ING, Knab Bank, and more. iProov’s biometric authentication technology won Best Authentication Software at the 2020 SC Awards.

The biometric authentication technology provided by iProov is unique in that it delivers Genuine Presence Assurance to individuals and enterprises online. This checks for three key attributes when authenticating a user:

  1. Are they the right person?
  2. Are they a real person?
  3. Are they authenticating right now?

iProov CEO and Founder, Andrew Bud, CBE said “Digital transformation has been high on the agenda for many regulated sectors, and now is the time for online biometric authentication to help drive innovation forwards. A successful user authentication system must offer security, usability, and privacy to its users. iProov provides all three in a very unique way, and this is why governments and enterprises around the world are using our patented technology to onboard and authenticate customers.”

Access the full report here (Gartner subscription required).

Gartner, “Market Guide for User Authentication” Ant Allan, Tricia Phillips, David Mahdi, Kaoru Yano, 26 June 2020.

Gartner disclaimer: Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Back to Resources

Face Verification vs Face Recognition. Online face verification with biometrics

Face Verification vs Face Recognition: What’s the Difference?

August 3 2020

Scenario 1, face recognition: You’re walking across Times Square, or sitting in your seat at Wembley Stadium. Facial recognition technology, combined with CCTV, is scanning the crowds and matching faces against a database of known or suspected criminals. You do not know if or when face recognition is being carried out on you. You are not able to opt-out of it. There is no direct personal benefit to you from it. You do not know how the images are being used, shared, or stored.

Scenario 2, face verification: You’re sitting at home. You want to apply for a visa for an upcoming vacation. You open your laptop, or pick up your mobile phone, and log on to the government visa service. You use the device camera to scan your driver’s license or passport to prove your identity. You then scan your face. Facial verification technology confirms that your physical face matches the one in the ID document, and that you are real and completing this application right now. You know facial verification is happening. You choose to do it. There is a direct personal benefit to you (you get to go on your vacation). And with iProov’s face verification technology, you know that the images are kept behind a privacy firewall and are subject to strict GDPR rules.

There is also face detection, which is the process of identifying when a human face is present in a video or image, without identifying that person in any way. iProov specifically uses face verification.

Face recognition and face verification are often lumped together and used interchangeably to mean the same thing. But the truth is that the two technologies and the purpose of their use are completely different and need to be considered separately. Questions about the ethics of facial recognition for surveillance, and the call for clarity and limitations on its use, are matters for serious public discussion. However, face verification is not the same thing.

Why Do We Need Face Verification?

Put simply, face verification is needed for your online security.

Traditionally, we have verified our identity by walking into a bank or a government office and handing someone our documentation, which they then confirm matches the physical face that they see in front of them. But how do we transfer that process onto the internet? How do I prove to you that I am who I say I am if I’m sitting on my sofa using a mobile device?

Your face is the most secure way of verifying your identity online, and it’s the only way that businesses and government services can be assured that you and only you have access to your data:

  • Knowledge-based security (like passwords) can be shared or stolen and are hard to remember when you need countless secure ones for different accounts.
  • Device-based security (like mobile phones or tokens) have to be carried around and can be stolen or lost.
  • Other biometric identifiers, such as irises or fingerprints, are not included in driver’s licenses or passports (unlike photographs).
  • Only face verification enables you to prove online that you are the bona fide holder of your ID document. iProov online face verification also allows you to assert that you are genuinely present during your facial scan and that your image has not been stolen.

Online crime is growing, both in the number of attacks and in the sophistication of the tactics used by international criminal gangs. We all need a way to secure ourselves against identity and financial theft. Face verification enables us to do this, and iProov face verification allows us to do so with maximum security and simplicity.

When Is Online Face Verification Beneficial? Examples

There are many occasions when we as individuals need to confirm with enterprises, banks, and government services that we exist and that the physical being asserting the identity is the rightful owner of that identity. Here are a few examples of when online face verification makes processes easier, faster and more secure:

Digital Onboarding:

  • Banking: opening a bank account
  • Other financial services: applying for a credit card or an insurance policy
  • Government services: applying for visas, driver’s licenses or passports
  • Healthcare: applying to access your health record
  • Education: applying to college or to sit an exam
  • Work permits: applying to be an Uber driver
  • Social networks: setting up an account

Face Authentication:

  • Banking: adding new payees or transferring large amounts of money
  • Other financial services: making an insurance claim
  • Government services: checking visa status, renewing ID documents
  • Healthcare: booking appointments
  • Education: sitting exams
  • Work permits: confirming I am doing the job
  • Social networks: commenting or other activities

iProov: Facial Verification, Not Facial Recognition

iProov provides facial verification. Our Genuine Presence Assurance technology enables users to complete a facial biometric verification and confirm that they are:

  • The right person
  • A real person
  • Verifying right now

A user simply looks at their mobile device or laptop screen. Their face is illuminated by a series of colors. This brief ceremony detects that the user is a real human being and not a photograph or mask. It also assures that they are genuinely present in real-time, and not a deepfake or replay attack. And finally, as a “one-time biometric” it cannot be reused and is therefore secure against being used in a replay or other criminal attacks.

With iProov facial verification the user has:

  • Knowledge that the verification is taking place
  • Willingly collaborated with the verification
  • A direct personal benefit from the verification
  • Assurance of privacy

As well as being the most secure way to verify your identity online, iProov is also the easiest to use. We firmly believe that security without usability is worthless. As passwords become more complicated, users simply find workarounds to remember them. Those workarounds, such as writing passwords down or using the same one for multiple accounts, are often not secure. iProov technology requires no effort from the user.

Face verification offers us security, safety, simplicity and privacy in a digital world. It is quite different to face recognition and the two should be treated differently.

For more information on iProov technology, please contact enquiries@iproov.com or visit www.iproov.com

Back to Resources

Top Considerations for Online Customer Onboarding in Financial Services

Online Onboarding in Financial Services: Top Considerations for Getting It Right

July 20 2020

Online banking continues to grow. According to the latest EY Global FinTech Adoption Index, 71% of UK consumers and 46% of US consumers had used at least two digital financial services in 2019, up from 14% and 17% respectively in 2015. Savings, payments, borrowing and budgeting are all moving online.

The challenge for financial institutions is how to make the online onboarding process as simple as possible for customers, while complying with Know Your Customer guidelines and protecting against fraud. Our latest report Top Considerations for Online Onboarding in Financial Services sets out ideas for how this can be achieved.

One example of financial digital onboarding success is Rabobank. They had realized that asking 18-year-old digital natives to come into a branch with their documentation to open a bank account was not very appealing.

So the innovation team at Rabobank looked at how they could improve the onboarding journey for their customers. The solution included:

  • The creation of a mobile app for onboarding
  • Remote identity documentation checking using InnoValor. Passports, driver’s licenses, or other ID credentials can be scanned with a mobile device using either near field communication (NFC) to read the chip in the document, or optical character recognition (OCR) which reads information from a photo of the document.
  • Biometric identity authentication using iProov’s Genuine Presence Assurance technology to ensure that the person is the right person, a real person, and authenticating right now.

Top Considerations for Online Onboarding in Financial Services: read the report

Read Report

If you want to know more about how iProov can streamline your customer onboarding contact us at contact@iproov.com

Back to Resources

iProov half year report

The iProov Half Year Report: the story so far in 2020

July 20 2020

It’s been a very busy six months here at iProov.

The growth of Genuine Presence Assurance – the ability to confirm that an individual is the right person, a real person, and engaging right now when you’re dealing with them online rather than in the physical world – was already underway when the pandemic struck.

The COVID-19 crisis accelerated the need for remote authentication. Firstly, more people needed to complete more processes online, which meant that verifying identity digitally became essential. Secondly, online fraud increased considerably, with criminals taking advantage of the crisis. The ability to combat machine-driven online crime, which iProov provides, is needed more than ever before.

 

So what’s been achieved at iProov over the past few months?

  • 2020 started with our continued expansion in the US and the opening of our Maryland office.
  • In February we launched iProov for Kiosk, enabling our customers to bring biometric authentication to physical locations. It was a big hit at Finovate Europe, where we won Best of Show for the third year running.
  • In March, we announced our involvement in Estonia’s digital identity program, the first solution using cloud, machine learning and biometric authentication to achieve a “high” level of eIDAS conformance.
  • April brought another significant product launch, this time with iProov Web. This enables iProov customers to authenticate their users on web browsers as well as mobile apps, bringing greater inclusivity and accessibility and opening up services to a wider audience.
  • As the pandemic hit, iProov’s work with the NHS login service proved the value of online onboarding and authentication; over 60,000 UK citizens verified themselves in the first week of April. This took the total to 1 million users registered.
  • To help support the crisis, iProov also offered its services to startups that were building solutions. These included bkynd and bloomd, who launched social networks connecting individuals looking for assistance or companionship.
  • June began with us winning Best Authentication Technology 2020 at the SC Awards. The judges recognised Genuine Presence Assurance as “Game changing for customers and companies looking for speed with security”.
  • Our work with Eurostar also hit the headlines. An opt-in fast-track biometric corridor is being developed at St Pancras International to allow Eurostar passengers to board their trains without needing to show tickets and passports at the ticket gates.
  • The headlines also said it all in June: “Has the UK Just Quietly Seen One of the Most Successful Government IT Projects Ever?”. Our work with the UK Home Office on the application process for the EU Settlement Scheme reached a milestone with 3.1 million applications submitted. Peaks of 25,000-30,000 a day were handled successfully, with a high percentage of applicants completing the entire process in under 10 minutes.
  • We continued to grow our partner network, teaming up with NorthRow to provide simplified onboarding solutions to property companies, financial institutions, law firms, accountants and other professional services organizations.
  • We also announced our partnership with Mvine, working on a digital passport to assist with the management of COVID-19.

Stay tuned for more innovation, exciting new developments, and customer and partner news from iProov over the next six months. We’re just getting started.

Follow us on LinkedIn or Twitter and keep up to date.

Back to Resources

UK Home Office EU Settlement Scheme cover image (remote identity verification software)

How iProov Helped Deliver the World’s Most Successful Remote Identity Verification Immigration Program

June 8 2020

The headline says it all: Has the UK Just Quietly Seen One of the Most Successful Government IT Projects Ever?

Following the UK’s decision to leave the European Union, the Home Office set out to create a simple application process allowing 3.5 million EEA nationals to apply to the EU Settlement Scheme.

Applicants need to complete just three key steps – prove their identity, show that they live in the UK, and declare any criminal convictions. To make this as simple as possible, the Home Office sought out new innovative capabilities to create an optional end-to-end digital application channel.

iProov worked with WorldReach Software and InnoValor to deliver a scalable, secure, and usable solution. The details of the project can be seen in this excellent case study from WorldReach.

The highlights of the project:

  • More than 3.1 million applications have been successfully concluded.
  • A high percentage completed their application in under 10 minutes, with a high level of identity assurance.
  • Over 2,300 different makes and models of Android and iOS devices have been used to complete the identity verification process.
  • Peaks of 25,000-30,000 applications per day have been supported.
  • In a 2019 EUSS  survey, 79% of applicants indicated that proving their identity through the app was either “very easy” or “fairly easy”. A further 7% found it neither difficult nor easy.
  • The app receives an average 4.1 star satisfaction rating on Google Play Store.

How does the EU Settlement Scheme app work?

The app enables EEA nationals living in the UK to complete an application in under 10 minutes, using the following innovations to ensure high levels of identity assurance:

  • Remote identity documentation checking using the InnoValor solution. Passports, driver’s licenses, or other ID credentials can be scanned using a phone using either near field communication (NFC) to read the chip in the document, or optical character recognition (OCR) which reads information from a photo of the document.
  • Biometric identity authentication using iProov’s Genuine Presence Assurance technology to ensure that the person is the right person, a real person, and authenticating right now.

“There has never been a more crucial time for highly trusted, proven-in-use remote identity verification services given the Covid-19 situation, especially for government digital on-boarding and essential services delivery,” said Gordon Wilson, WorldReach CEO. “The EUSS is a very successful, scalable proof-point of what’s possible and achievable with the right end-to-end processes, technology and collaborative team.”

Find out more about iProov’s biometric authentication services in government and public sector here.

Back to Resources

winner

iProov Wins Best Authentication Technology at SC Awards

June 3 2020

iProov was named Best Authentication Technology at the SC Europe Awards yesterday.

The judges said: “Great to see technology which is able to prove the actual identity of a person behind the device. Game changing for customers and companies looking for speed with security,” adding, “Really well presented and very relevant for today’s customer. Innovative good product.”

The judges concluded; “iProov presented some solid business benefits for its solution.”

The SC Awards are recognized as the gold standard of achievement for cybersecurity providers, products and professionals.

Biometric Authentication for the UK Home Office

The award recognized iProov’s Genuine Presence Assurance work for the UK Home Office and the EU Settlement Status application process (described here recently in Has the UK Just Quietly Seen One of the Most Successful Government IT Projects Ever?)

Recent data on the project shows that:

  • More than 3.1 million applications have been successfully concluded
  • A high percentage of applicants completed their application in under 10 minutes, with a high level of identity assurance
  • Over 2,300 different makes and models of Android and iOS devices have been used to complete the identity verification process
  • Peaks of 25,000-30,000 applications per day have been successfully managed
  • 79% of applicants indicated that proving their identity through the app was either “very easy” or “fairly easy”

Read the full EU Settlement Status case study.

In addition to the Home Office, iProov technology is being used by a growing number of governments, financial institutions, identity service providers and other businesses looking for the most secure, usable remote authentication technology:

2020 has also seen a number of other milestone achievements at iProov:

We’d like to thank the organizers of the SC Awards for staging such a great online show – we might not have got the champagne in a big hotel ballroom but we can confirm that the excitement of winning is just as good online!

Read more about iProov biometric authentication services or keep in touch with iProov on Twitter or LinkedIn.

Back to Resources

Onboarding for Financial Services

Rabobank: customer onboarding with iProov and InnoValor

June 2 2020

Last week’s webinar with InnoValor and Rabobank was a fascinating look at an innovative customer onboarding project that started in 2018.

Rabobank is one of the 50 largest banks in the world, with over 40,000 employees. As part of their ongoing commitment to customer service and innovation, in 2018 the onboarding team at Rabobank decided to find a solution to a challenge: how to successfully onboard 18-year-old customers that needed an adult account.

According to Evelien Mooij at Rabobank, the team had realised that the usual process for setting up a bank account – a customer bringing documentation into a branch – was not very appealing to digital natives that prefer to look at their phones.

So Rabobank began a project with their innovation department, looking for a digital onboarding solution that would bring the process onto a customer’s mobile phone. This led them to InnoValor, who worked with Rabobank and iProov to create an innovative technology solution that included:

  • The creation of an app for onboarding.
  • Remote identity documentation checking using the InnoValor solution. Passports, driver’s licenses, or other ID credentials can be scanned using a phone using either near field communication (NFC) to read the chip in the document, or optical character recognition (OCR) which reads information from a photo of the document.
  • Biometric identity authentication using iProov’s Genuine Presence Assurance technology to ensure that the person is the right person, a real person, and authenticating right now.

For Rabobank, this was a very exciting initiative. The compliance component was huge, but the targeted scope of the project allowed them to initially focus on a small group of customers. By working specifically with a target segment of 18-year-olds, the team could gain a lot of experience on how to create an online onboarding journey before scaling out to others.

It worked. 300 customers are now using the mobile onboarding process every day. Channel share has gone from 35% last year to 60% in 2020.

The team met some challenges along the way. Initially, the solution included NFC only on Android devices, with OCR for everyone else. 50% of customers were dropping out of the journey as the photo imaging quality wasn’t always good enough – too much glare on the photos or other issues.

Apple’s decision to support NFC from September 2019 changed everything. 80% of customers now use NFC, although Rabobank still uses OCR as a back-up for users – if your chip is broken, you need OCR for an online journey and that’s still provided.

Another challenge was getting the compliance team on board. Like most banks, Rabobank is a very big organization with a lot of legacy systems and a complex architecture. Eight Rabobank teams and three suppliers were involved in the project, which meant complexity. Evelien and her team involved their colleagues early on, so that everyone could see the decisions and choices that were being made.

And in fact, NFC has helped with compliance; the quality of identity verification is better on the app than it is face to face. It might be possible to trick an employee, but it’s much more difficult with technology.

Evelien and her team had also been concerned about the use of a standalone app for onboarding. Would customers use it? Would it be an issue? A lot of research was done, with initial customer feedback suggesting that it wasn’t going to be a problem. The results since launch have supported this – to the surprise of the team, customers are really not worried about the separate app. In fact, they were glad to use it to onboard and then delete it – app space on an 18-year-old’s phone is at a premium and they like the space!

The next steps for Rabobank include; using the app for onboarding new business users that don’t already have an account and processing change of director notifications; adding remote identification to the main Rabobank app; and bringing in step-up authentication for complex or high value transactions.

Our thanks to Evelien, Wil, Maarten and the rest of the team at InnoValor for sharing such useful insights during a great webinar.

How does iProov make your onboarding effortless? Find out more here.

Back to Resources

End of the Password Report

The End of the Password: 50% Of Young Consumers Share Their Log-in Details

June 2 2020

We’ve released new research today, The End of the Password, which looks at how consumers are struggling to follow online security guidelines.

Everyone knows that passwords are not secure. And yet efforts to make them more secure are only making them more complicated. “People misuse things that aren’t usable,” says iProov CEO, Andrew Bud. “It’s a gift to hackers and it disrupts commerce. We need to make it easier for people to access services and keep their data secure.”

The key findings of the research include:

Consumers are using other people’s passwords

78% of 18-24-year-olds in the UK and 75% in the US have used someone else’s password to gain access to a service or device. 15% and 10%, respectively, have done so without permission. Overall, 49% of Brits and 50% of Americans have used others’ passwords.

People are sharing their own passwords

It seems that we’re less willing to share our own passwords than we are to borrow other people’s, but the numbers remain high; 50% of UK 18-24s and 49% of their US equivalents have given their passwords to other people, compared with 30% and 34% of consumers overall. We’re more willing to share the PIN to our phones; 41% of Brits and 44% of Americans admit to sharing phone passwords with partners or family members.

People are reusing the same passwords (and writing them down)

59% of respondents in both countries admit to reusing the same passwords across sites, while 10% of Brits and 13% of Americans use the same password for everything. Only 9% of people in both countries use a strong suggested password if it is offered. 33% in the UK remember passwords by writing them down – this rises to 46% in the US.

People are abandoning purchases because of forgotten passwords

The average Brit abandons an online purchase 15 times a year because of password frustration, while Americans are doing likewise 16 times a year. 34% of 18-24s in the UK are having to request forgotten passwords at least once a week, along with 25% of young Americans.

Read The End of the Password UK edition and The End of the Password US edition to see all of the stats and survey results.

Andrew Bud added: “Our research shows that passwords have simply outlived their utility. Enforcing ever more complex passwords tortures people into workarounds. People misuse things that aren’t usable. It’s a gift to hackers and it disrupts commerce. We need to make it easier for people to access services and keep their data secure.

“People are recycling and sharing passwords but this leaves them exposed and vulnerable.The time has come to adopt alternatives. Good biometric authentication combines effortless usability with the security to safeguard society’s most sensitive personal data.”

“iProov technology is a safe and secure way to identify yourself without using a password. Copies of your face, like photos, videos or deepfakes, won’t work. This is what iProov Genuine Presence Assurance provides that other biometric technology does not – not only does it check that you’re the right person, but it also checks that you’re a real human being and authenticating yourself right now.”

How does Genuine Presence Assurance replace passwords?

Everyone knows that passwords are no longer fit for purpose in an online world. They are not secure. Yet, efforts to make them more secure have only made them more complicated. Genuine Presence Assurance from iProov is completely unique. It uses face biometrics to enable businesses and governments to verify online that a customer or citizen is the right person, a real person, and authenticating right now, protecting against the most sophisticated criminal attacks. Read more about passwordless authentication with iProov face verification.

To keep up to date on future report releases from iProov, follow us on Twitter and LinkedIn, or visit www.iproov.com for more information.

Back to Resources

increase use online services due to pandemic

Coronavirus: Consumers Look For Identity Verification As Hacking Increases

May 27 2020

In a recent webinar with Mobile Ecosystem Forum, Andrew Bud, CEO of iProov, talked about the impact of COVID-19 and the increased adoption of technology as the pandemic continues. This crisis “is going to accelerate a lot of trends. In areas like identity, health data, financial data, authentication, security, video conferencing. We will see many many years of progress in a short time”.

The use of online services has undoubtedly increased during the pandemic. This is clear from a consumer survey that iProov conducted recently, which also shows increased demand for security and identity verification.

Are consumers using technology more during coronavirus?

We asked 1000 consumers in the UK and 1000 in the US about their use of technology during coronavirus. 69% overall (69% in the US and 70% in the UK) told us that they expected to use more online banking/health/shopping services as the pandemic continued. The importance of digital service provision is now beyond doubt – online retail sales in the US grew by 49% in April, and 16% in the UK, making online 30% of UK retail shopping. Banks, governments, healthcare providers, and all other sectors will move more of their services online in response.

Is the need to authenticate identity more important than ever before?

Overall, 72% of consumers (72% in the US and 71% in the UK) said that authenticating their identity online was more important than ever before. Governments and businesses need to garner citizen and customer trust – iProov enables this with secure, usable biometric face technology that reassures the user.

more need to authenticate online services

Is the coronavirus crisis being exploited by hackers? 

82% of consumers overall (80% in the US and 83% in the UK) felt that hackers were taking advantage of the coronavirus crisis. However, this sits uneasily alongside other data from iProov’s The End of the Password report, which suggests that consumers are still sharing and reusing passwords and putting themselves at risk.

exploited by hackers during coronavirus

Which types of fraud and scams are increasing in volume during the coronavirus crisis? 

63% of consumers overall expected to receive scam offers, followed by fake news and health misinformation. The US and UK were generally aligned in which attacks they expected to see, although US consumers expected to see more of each of them.

more types of hacks during coronavirus pandemic

Online identity verification is more important than ever, as consumers turn to digital channels to complete everyday tasks. With Genuine Presence Assurance from iProov, businesses and government departments can deliver effortless authentication for online services while protecting against the most sophisticated criminal attacks.

How is iProov supporting technology innovation during coronavirus?

iProov is proud to be offering our technology free of charge to start-ups that are creating solutions to support the pandemic crisis. Read more here on  How Technology Is Enabling Kindness During Coronavirus.

Stay tuned on Twitter and LinkedIn to keep up to date on how iProov biometric authentication is supporting business and government during the coronavirus crisis.

Back to Resources

online purchases abandonded due to password fustration

16 Online Purchases Abandoned Every Year by the Average Consumer Due to Password Frustration

May 7 2020

It’s World Password Day and we decided to mark the occasion by sharing some password stats from a recent consumer survey that we carried out in the US and UK. We released a full “The End of the Password” report, but here are a few stand-out findings:

The average US consumer abandons 16 online purchases a year due to password frustration.

This is a staggering number. It means that almost every three weeks, every American citizen is abandoning a purchase online because they forget their password and the process for retrieving it takes too long. And it’s a similar story in the UK, with 15 online purchases a year being left at the checkout by the average consumer.

The problem with passwords

This results in two key problems. Firstly, it means enormous frustration for the customer. Imagine the steps involved: a customer spends valuable time deciding what to buy. They make the decision to purchase and are faced with a request to Register or Login. Have I bought something on this website before? I’m sure I have. Several attempts at remembering their login details later, the customer becomes extremely frustrated and requests a password reminder. This either doesn’t arrive quickly enough or goes into spam. Purchase abandoned.

This leads to the second point: businesses are losing millions in revenue because of password frustration. Each missed sale represents lost dollars but there’s also the loss of the customer’s longer term business, along with the wasted marketing investment in getting a customer to checkout, only for the login to cause confusion and frustration.

online purchases abandonded due to password fustration
Password Statistics (UK and US Consumers)

Passwords are frustrating and they lead to lost business. But what is also clear from the survey results is that consumers are struggling to follow the recommendations on password management. The guidelines – for example, creating a unique password for every account – are too onerous for the average individual:

Only a quarter of people regularly change their passwords
The majority of people are not following guidelines to change their passwords frequently:

  • 44% of Americans and 40% of Brits only change passwords when they forget them or are prompted to change them
  • 5% of people in both regions only change passwords when they get hacked
  • 8% of Americans and 9% of UK consumers never change their passwords at all
  • However, 3% of Americans and 5% of UK consumers change their passwords every month

13% use the same password for everything
37% of Americans and 39% of Brits are managing to follow the guidelines by having a different password for every site. However, most people rotate a few passwords (46% in the US and 49% in the UK), while 13% of Americans and 10% of Brits use the same password for everything.

Most people avoid the ‘suggested password’ when creating an account
89% of Americans and 90% of Brits choose to create their own passwords when registering for a new account, instead of using the auto-generated secure suggestion (9% in both regions). Only a few choose to sign in with Google or Facebook credentials (3% in US and 1% in UK).

Nearly half of consumers have shared the PIN for their phones with their partners
The evidence suggests that we’re willing to share our passwords; 44% of Americans and 41% of Brits have given their partner the PIN to access their phones.

Men are less worried about data privacy than women
76% of Americans and 70% of UK citizens believe that individuals should be worried about data privacy, but men are less likely to be concerned than women (US: 69% men vs 82% women, UK: 63% vs 78%).

“Everyone knows that passwords are not secure,” says Andrew Bud, iProov Founder and CEO. “But the solution that is being applied to weak password security is to make passwords more complicated.

“Perhaps that’s why half of the population of both the US and the UK have abandoned online purchases in the past year, and businesses have lost millions of dollars – we just can’t remember our passwords.

“Imagine a world in which you never forget a password because there aren’t any. You simply authenticate yourself with biometrics – it remembers you even when you haven’t visited a site for months, providing exceptional usability and outstanding security to remove the frustration and make everyone’s lives better.”

Find out how iProov can reduce password reliance with Genuine Presence Assurance technology today. For even more recent data on forgotten passwords and the effect on website abandonment rate, click here.

Back to Resources

rsz shutterstock 1717413775 scaled

Strong Customer Authentication for Banks (Using Facial Biometrics)

May 1 2020

The Financial Conduct Authority (FCA) in the UK has extended the deadline for implementation of Strong Customer Authentication (SCA) rules by six months. The deadline is now 14 September 2021.

Other regulators across Europe are expected to make similar moves.

From 14 September 2021, financial institutions must ensure that customers are completing SCA before they carry out online processes, as set out in the EU Revised Directive on Payment Services (PSD2).

These processes include:

  • Accessing a bank account online
  • Making an electronic transaction
  • Carrying out any activity online that might come with a fraud risk

What is Strong Customer Authentication?

Strong Customer Authentication is the process required by banks and electronic payment providers to verify the identity of their customers online. These rules were introduced in 2019 and aim to enhance security and prevent fraud. SCA does not just apply to banks: the entire e-commerce industry must comply by the 14th September 2021, too.

But how does it actually work?

Strong Customer Authentication means that payment service providers must require customers to use a multi-factor authentication process for payments and verifying their identity online.

Multi-factor authentication requires two or more of the following elements:

  • Knowledge: something only the user knows – eg, a password or PIN
  • Possession: something only the user possesses – eg, a mobile handset or token
  • Inherence: something the user is – eg, a biometric

The two factors also need to be independent of each other. For example, if a customer authenticates via voice on their mobile phone as the first factor, and then the bank sends a one-time password (OTP) to that same device for the second factor, this could potentially present a risk. The two factors use the same channel or band, so if that channel—in this case the mobile phone—had been compromised, both the instruction and the security verification are being sent to an individual who now controls the compromised device. This must be avoided according to the recommendations.

Strong Customer Authentication: Usability vs Security

Did you know, half of consumers have abandoned online transactions?

The challenge for banks is selecting the right balance of security with ease of use. Security is critical, but if systems are hard to access then banks face higher drop-off rates, increased loss of customers to competitors, and the brand impact of being seen as difficult to use.

Drop-off rates and loss of customers are very real concerns. A recent iProov study found that almost half of consumers in the US and UK have abandoned an online purchase because the security process took too long—and those aged 18-44 are more likely to have done so.

With iProov, Strong Customer Authentication is automated, fast, simple, and secure. We work with organizations such as online-only challenger bank Knab to provide SCA to its 500,000+ customers. All customers that open an account with Knab are authenticated by iProov’s cloud-based, device-independent face biometric technology.

Knab bank uses iProov authentication (Something a person is) along with a PIN (something the person knows) as part of their process to comply with SCA requirements and other regulations such as Know Your Customer (KYC). You can read more about iProov’s work with Knab here.

The iProov facial biometric authentication can replace passwords, or it can be used as the second factor as detailed in the two examples below.

How to enable Strong Customer Authentication (SCA) on mobile devices

  • A customer would begin the sign-in process to their bank account.
  • They provide a password for the first-factor authentication (something they know).
  • They then effortlessly iProov themselves for a strong second factor (something they are). The customer simply holds their device in front of their face and a colored illumination provides Genuine Presence Assurance – that is, confirming they are the right person, a real person, and authenticating right now. The illumination ceremony also acts as a reassurance to the customer that their security is being protected.

How to simplify Strong Customer Authentication (SCA) on web browsers

iProov Web offers the significant advantage of allowing strong customer authentication to be completed on a desktop or laptop without the need for a mobile device.

  • A customer would begin the sign-in process to their bank account on a desktop, laptop, or other device using a web browser
  • They provide a password for the first-factor authentication (something they know)
  • They then effortlessly iProov themselves for the second factor (something they are) using the camera on their laptop. A colored illumination provides Genuine Presence Assurance—that is, they are the right person, a real person, and authenticating right now.

For more information on how banks are using iProov for Strong Customer Authentication, please visit iProov.com or contact us at enquiries@iproov.com

Back to Resources

rsz shutterstock 797275474 scaled

Biometrics for Safeguarding: How Technology Is Enabling Kindness During Coronavirus

April 29 2020

By Andrew Bud, Founder and CEO of iProov

iProov is currently providing biometric authentication services free of charge to start-ups that are working on solutions to assist the COVID-19 crisis.

A number of projects are already underway, using our Genuine Presence Assurance technology to great effect.

One area where we’re seeing a lot of focus is safeguarding.

There has been a tremendous surge of kindness, generosity, and community spirit around the world, as people offer their time and resources to help others in need.

But criminal behaviour is never far behind. You only need to take a quick glance at the news to find examples, such as this 92 year-old woman robbed by thieves who persuaded her that her neighbour had the virus.

Safeguarding allows genuine offers of help to be encouraged and utilised, by putting processes and systems in place to protect the vulnerable.

How can biometrics help safeguarding?

Identity and verification provide two critical factors when it comes to safeguarding:

  1. They hold people accountable for their actions
  2. They build confidence among the helpers and the help seekers

Before COVID-19 arrived, we were already seeing evidence of this in the peer-to-peer economy. Sharing economy service providers rely on the exchange of knowledge, services, and confidence between two strangers who have a reason to trust each other.

The reason to trust each other is shared information. If I know your car registration number and you know my name, then it’s very likely that we are two matching halves of a bona fide Uber arrangement.

That trust can be greatly corroborated by a picture. Uber, AirBnB, and the other sharing economy service providers use pictures of drivers, property owners, and renters to instill confidence.

Pictures instill confidence. In a study, researchers at Princeton asked a group of university students to rate the trustworthiness, attractiveness, likeability, competence, and aggressiveness of actors’ faces. One group was given a tenth of a second to make their judgement. The other group was given as long as they wanted. The greatest correlation between the two groups was for trustworthiness – the two groups were most aligned on who could be trusted and who could not. Pictures are very powerful in allowing us to make decisions on trust and it takes just 100 milliseconds for us to make that decision.

But what if those pictures are fake? What if we’re taking 100 milliseconds to decide to trust the woman we’re seeing in the photo, when we’re not actually dealing with her at all?  With a few clicks of a mouse, it’s possible to fabricate a profile picture on social media and pretend to be anyone at all. There are many reasons why attackers would go to considerable lengths to masquerade as someone of a different age or gender, and thousands of criminal offences have been committed against victims of all ages.

So how do we ensure that older, dependent and vulnerable people can receive tremendously valuable support from others without fear of fraud, theft or cruelty perpetrated by people who are not what they seem?

iProov technology can achieve this in a number of ways. Two examples of use cases that we’re working on right now show how Genuine Presence Assurance can be used during online transactions to build trust, by confirming that an individual is the right person, a real person, and authenticating right now.

  1. Registration of volunteers: Providers of voluntary assistance can register themselves for a service using Genuine Presence Assurance. During the online onboarding process, a volunteer would provide their personal details, scan their passport or driver’s license, and then use facial biometric authentication on their mobile phone or web browser to prove that they are indeed the holder of that ID document. This would guarantee that their photograph was genuine and they are indeed a genuine person.
  2. Verification: On any social network, there is always a risk that a person is not who they claim to be. We rely on pictures and other information to help us decide whether to trust an individual, but if those pictures are fake then our trust is misplaced. Verification eliminates that risk. Users can be required to authenticate themselves at the beginning of each session to prove that the person currently online purporting to be them does indeed match their photo. Messages could be marked as ‘verified’ to give additional confidence that a user has authenticated themselves before this conversation. Or authentication could be requested if they want to exchange details or engage in a conversation with someone. In either scenario, trust is increased through a simple, secure facial biometric process via phone or web browser.

The opportunities that stem from these processes are endless. Shopping, gardening, household chores, dog-walking, and even companionable conversation can all be made much safer with easy-to-use authentication technology.

Are older people using technology more during coronavirus?

We all stand to benefit from the safeguarding technology outlined above. Coronavirus has shown that you don’t need to be old or dependent to be vulnerable. You’re vulnerable if you can’t leave your home for 14 days because you live with someone with COVID symptoms. You’re vulnerable if you have asthma or diabetes. The ability to access help quickly and safely is essential to us all.

However, the uptake of technology by the older generation during the pandemic suggests that safeguarding technology could be effective for this particular age-group.

We recently commissioned a study of consumers. One stat that stood out to me was that almost 40% of people aged 65+ in the UK are using online communications more during the pandemic. It’s not hugely surprising but that’s a significant shift in numbers – there are 12 million people in the UK in this age group, so 5 million people are using technology more today than they did 3 months ago.

increased use of online communications during coronavirus

Crises accelerate change and we’re going to see huge changes in how society uses technology going forwards. Safeguarding could, and should, be part of that.

See our website for more information on how Genuine Presence Assurance from iProov can help your organization.

Back to Resources

wrlogo high res

iProov and WorldReach Software: identity verification for government and citizen services

April 7 2020

iProov works in partnership with a number of technology companies around the world. WorldReach Software, based in Canada, is a world leader in government travel and citizen services. We asked Jon Payne, Executive Director, Global Partnerships at WorldReach, to tell us about their work and why they chose iProov for Genuine Presence Assurance.

WorldReach is expert in government travel and citizen services. How has your business evolved since it was originally set up?

WorldReach was founded in 1998 after a five-year software development partnership with Canada’s foreign ministry. As our international government client list grew, we quickly gained a reputation as a highly trusted government partner and advisor specialising in consular assistance including crises, and passport issuance solutions. This was our primary focus, until about five years ago.

In recent years, we chose to apply our expertise to create a new process for remote Identity and Document Verification (IDV), recognising the combination of the growth of smartphones as a mobile platform and the steadily increasing proportion of ePassports. In effect, turning the smartphone into an ePassport reader and allowing the owner to verify their identity in much the same way as an e-Gate or e-Kiosk in an airport does it, using facial biometrics.

What have been the biggest changes in government travel/citizen services since WorldReach started?

When we started, digitisation was really just a concept. Governments still largely depended upon a combination of paper documents and face-to-face processes to determine eligibility and to deliver services. This, in general, was a long, labour intensive and expensive process for governments.

We recognised the potential of technology to improve process. We worked on unlocking the power of the chip embedded in ePassports that are now issued by the majority of governments. Given all the efforts made by passport agencies to embed a small computer full of rich data into the passport, we wanted to make it more easily available in practice for immigration programmes.

Which government was the first to take advantage of this new process innovation? 

With help from the Canadian Safety and Security Program and the sponsorship of Canada’s two immigration agencies, IRCC (Immigration, Refugees and Citizenship Canada) and CBSA (Canada Border Services Agency), we were able to refine and test our technology with the real world input of immigration officials through several demonstration projects aiming at seamless borders for lower risk travellers. This work is still ongoing today in a prototype, soon to be pilot, called the Chain of Trust. The aim of the project is to achieve zero wait time at the future border for admissible passengers, by making the enforcement and compliance processes more dynamic and responsive. Our eIDV service allows applicants to register and authenticate their passport information – using their smartphone to read the chip – and uses the latest facial recognition technology to check that the applicant is a real, live person and the owner of the document.

Can you tell us more about the Home Office’s EU Settlement Scheme and how that came about for WorldReach? 

In the UK, the EU Settlement Scheme (EUSS) run by the Home Office is using the eIDV concept in an immigration context in perhaps its single largest live deployment. Because of Brexit, the freedom of movement previously enjoyed by other EU nationals living in the UK will soon come to an end. The UK government estimates that there are between 3 and 4 million people in this category, who are eligible to apply for a new “settled status” before January 2021, in order to continue living and working in the UK.

The policy presented the Home Office with a new operational challenge, since applying for settlement in the UK usually involves filling out a lengthy form and sending personal documents – including passports – to the department in the mail, or attending a Home Office facility for an interview. The Home Office chose to offer an entirely digital application process, and we are pleased to be a significant part of the solution. Although EUSS began in full release only in March 2019, the Home Office recently announced that more than 3.3 million applicants had already applied for settled status.

So, a convenient, secure identity verification service, using the latest in facial recognition and iProov’s genuine presence technology, is the world’s largest and most successful digital immigration on-boarding programme.

What do you see on the horizon in this sector? What will be the biggest changes/trends over the next 2-5 years?

One of the biggest changes on the horizon concerns the passport itself. The International Civil Aviation Organization (ICAO) is working towards an internationally recognised Digital Travel Credential (DTC) standard. A DTC has the potential to provide functionality and security features that are comparable to those of a current ePassport, with increased convenience. This generated DTC could substitute a conventional passport in some circumstances by providing a digital representation of the traveller’s identity, including in emerging seamless traveller initiatives.

It’s not hard to see how this internationally accepted credential might then be used in other identity verification schemes, beyond travel.

Why did you choose to work with iProov?

We knew genuine presence would be a key component in any successful remote identity verification platform. After all, a selfie alone doesn’t prove a real person is present, nor can it detect a mask or other spoofing techniques. So, we went to work, testing and spoofing between 25 and 30 solutions that were in the market. At the time of the EUSS opportunity, iProov was the only solution that our technical team couldn’t spoof.

Having worked with iProov for more than a year, we continue to be impressed with the technology and the company’s responsiveness as a strategic partner.

What is life like at WorldReach? How would you describe your company culture? 

We pride ourselves on fostering an inclusive, diverse, welcoming and transparent company culture.

As far as diversity goes, WorldReach staff speak 19 different languages. This has proven valuable in a global market, supporting clients from all over the world. Women make up 50% of our Senior Management, 67% of Technical Team Leads, and 40% of the entire staff. We’re very proud of these stats and we work hard to achieve gender parity.

As for daily life at WorldReach, there is a real camaraderie here, which is invaluable in times of crisis, such as we’re now seeing with COVID-19. We can count on one another. We have a very low attrition rate; a large percentage of our staff have been with the company for more than a decade. People like each other, laugh a lot, and work very hard. Our clients and partners recognize this; they know that they can depend on WorldReach, because we’ve shown that we depend on each other.

Finally, a bonus question! Can you tell us something surprising/something most people wouldn’t know about government travel/citizen services?

Well, there are some things hidden in the passport statistics that you might not know. For example, of the 195 or so countries in the world, almost 150 of them now issue ePassports with an embedded chip. The largest issuer of passports in the world was the US for many years, most recently at roughly 20 million per year; however, a few years ago they were overtaken by China, which issued 30 million passports last year. Probably the smallest state issuer is Vatican City, which issues its own passport despite having only about 600 citizens in total.

Find out more about WorldReach at www.worldreach.com

Back to Resources

The FCA letter explained

The FCA coronavirus letter explained: how to remotely onboard customers without encouraging criminals

April 1 2020

On 31st March, the UK Financial Conduct Authority (FCA) issued a letter to the CEOs of UK regulated financial institutions providing guidance on how to navigate the challenges of coronavirus.

This has been interpreted by some national newspapers to mean that identity checks can be done with selfies (“Send your bank a selfie to check your identity, watchdog says”, The Daily Telegraph).

This is not true. Identity checks completed via selfie are an open invitation to money-launderers and other criminals.

The only way to remotely check the identity of an individual is through Genuine Presence Assurance:

  • Are they the right person? Are they able to prove, online, that they are the rightful holder of a passport, driver’s license or other identity document?
  • Are they a real person? Is the individual that is presenting themselves for identification a real person and not a photograph or video?
  • And are they authenticating themselves right now? Criminals can use replay attacks, where videos of previous identifications are used to dupe the system. Genuine Presence Assurance protects against spoof attacks by confirming that the individual is a live human being and is completing the identification at this very moment.

Without Genuine Presence Assurance, criminals and terrorists can, and will, fully exploit identity check processes for the purposes of money-laundering and other fraudulent activity.

What is the FCA coronavirus letter actually saying?

The letter has been misinterpreted in some quarters. It is actually reminding organizations that flexibility already exists within the current guidelines. Financial institutions already have the right to remotely identify and authenticate individuals, thus eliminating the need for customers to come into branches for identity checks.

Financial institutions that have not yet taken advantage of remote identification technology must do so immediately, in order to:

  • Continue with identity verification for remote onboarding of customers, who can no longer come into branches
  • Provide remote step-up authentication on high value or high-risk transactions that previously needed to be completed in-branch
  • Authenticate customers accessing secure online services
  • Protect against increased criminal activity during the coronavirus pandemic

Banks such as ING, Standard Bank, and Rabobank are already using Genuine Presence Assurance technology to effortlessly and safely verify client identity and onboard remotely, protecting themselves against criminals and ensuring compliance with regulations.

The letter makes reference to Joint Money Laundering Steering Group (JMLSG) guidance, which clearly states that any risk must be mitigated when completing identity checks on customers.

The Money Laundering and Terrorist Financing (Amendment) Regulations state:

(19) For the purposes of this regulation, information may be regarded as obtained from a reliable source which is independent of the person whose identity is being verified where— (a) it is obtained by means of an electronic identification process, including by using electronic identification means or by using a trust service (within the meanings of those terms in Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23rd July 2014 on electronic identification and trust services for electronic transactions in the internal market(2)); and (b) that process is secure from fraud and misuse and capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity.”

A selfie submitted by email or text is clearly neither secure from fraud and misuse, nor capable of proving an appropriate level of assurance that the person is who they claim to be.

Andrew Bud, Founder and CEO of iProov, said; “The FCA is not relaxing its rules on identity verification. The financial services industry was already permitted a level of flexibility that is now desperately needed in the current situation.

“Thanks to online identity verification, customers can still set up bank accounts and transactions can still be authorized and completed even when branches are closed and people cannot leave their homes.

“We welcome Chris Woolard’s reminder to the industry that remote identity verification is possible and encourage organizations that have not yet made the transition to do so.”

Any organization that would like advice about implementing the ID verification measures referred to in the recent guidance from the FCA, or about offering online identity verification, should contact enquiries@iproov.com, or book an iProov demo directly.

Back to Resources

rsz 3013 0112

Meet Joe Palmer, President of iProov Inc

March 31 2020

Earlier this year, we announced the opening of our iProov US office, in Catonsville, Maryland, at the bwtech@UMBC Research and Technology Park. Read more here.

Joe Palmer, President of iProov Inc, has been leading the expansion, both strategically and tactically. A founder member of the iProov team, Joe and his family relocated to the US this year to continue building the North American team with iProov culture and values.

How long have you been working at iProov?

I met Andrew Bud, CEO and Founder of iProov, nearly eight years ago. We were introduced through my former supervisor at University College London (UCL), Professor Phillip Treleaven. Andrew had asked Professor Treleaven to recommend someone with development skills who could help him change the world with a new idea.

 

Andrew explained his idea very well – I was really excited by what I heard and knew he was onto something special – so I came on board. For the first 18 months at iProov, I was focused on developing code. This included a basic Android app, an API and a core analysis system that used GPUs to accelerate the image processing. Dominic Forrest, our now-CTO, joined in 2013 and between the two of us, we redesigned the system and built a new version that was architectured to allow us to scale. It’s been improved hugely since then, but the basic micro-services architecture we developed back then is still the foundation of what we have at iProov today.

It was at this point iProov needed to scale up and start supporting large systems. We started to expand the workforce and built a structured tech team. I took on responsibility for the external facing software including web services, SDKs, APIs and integration documentation.

It wasn’t long before we were getting a lot of serious interest from customers. I moved into a more strategic commercial role helping to demonstrate what iProov could do for each bank or government department. We had one sales executive at the time and we became a dream team talking to customers. We closed our first deal with a large European bank and everything took off.

How did your move to the US come about?

We were growing rapidly in Europe, and commercial traction was starting to build in North America. We had a discussion internally and agreed that a US office was needed. I went home to discuss it with my pregnant wife and she agreed that it was a good time for us to make that move. After our daughter, Sophie, was born, we flew out as a family to the RSA conference to look at the US with a new perspective – our future home.

There were a lot of preparations – obviously for my wife and I from a personal point of view, but also for iProov in making changes to the team ready for my relocation. And then earlier this year we made the move and are now settled in a house in Maryland.

What do you miss most about the UK?

I do miss the actual UK office on the South Bank in London. There’s a real buzz about commuting into the city and being part of this incredible global hub. My journey – 30 minutes commute on public transport – allowed me prep time and thinking time ahead of my day.

The UK office is also an incredibly collaborative place. We have a very flexible policy on working from home but most iProovers choose to come in as often as possible, as there’s an energy and a lot of inspiration flying around. We’ve scaled up very quickly but we’ve put good structure in place to ensure that people know what’s going on and who does what, even as we expand.

I’m looking forward to building out the US team – we already have several people onboard – and I’ll be working with my colleague Simon Williamson to extend iProov’s unique, infectious, passionate company culture across the pond.

What does the future hold for iProov Inc and your North American team? 

North America is at a different stage to Europe and Asia-Pacific in terms of its understanding of biometric authentication. We’re bringing tried and tested use cases that have delivered huge benefits both to the business and the consumer, and that’s been incredibly important. The US in particular is a different market with its own unique challenges and opportunities so whilst it feels familiar, it is actually a fundamentally different landscape. It’s an exciting time for iProov and for the Palmers!

Contact us at contact@iproov.com to be put in contact with your US regional representative or follow us on LinkedIn and Twitter for more iProover profiles.

Back to Resources

face verification on android mobile

iProov releases next-generation Android SDK

March 30 2020

iProov is pleased to announce the release of its next-gen Android SDK, which delivers user experience improvements, easier integration, and performance enhancements.

New features in the release include:

  • Increased user experience control with asynchronous streaming
    Previously, an iProov authentication took a user through five steps before returning them to the customer app. This has now been improved; the user is now returned to the customer app immediately after the illumination stage, while the pass/fail result is pending. This allows customers to decide what their users see during those seconds.
  • New adaptive lighting model
    A new adaptive, evolutionary lighting model now controls how iProov responds to varying lighting conditions, replacing hard-coded algorithms. It will now be possible to dynamically update the lighting model. Customers will see immediate benefits, including increased first-time pass rates.
  • New filter options
    Customers can now change the colour scheme on the visualization of the user, allowing further customization. The ‘shaded’ option adds a light tint of colour, while ‘vibrant’ adds a full colour effect.
  • Pose control
    iProov is specifically designed to work from a wide variety of angles. Under normal circumstances, we actively encourage users to adopt a natural ‘from below the eye’ angle as this is how the phone is most naturally held. The latest release now enables customers to request a ‘face-on’ pose, which is appropriate for document compliance in some instances.

Visit our website for more information on iProov’s identity verification services. To keep up to date on further releases and other news from iProov, follow us on Twitter and LinkedIn.

Back to Resources

FIDO Alliance passwords

iProov Joins FIDO Alliance

March 24 2020

iProov is pleased to announce that we have joined the FIDO Alliance, the industry association focused on reducing the world’s over-reliance on passwords.

Passwords have become increasingly unfit for purpose in a world where so much interaction is completed online and consumers are accessing large numbers of websites and apps.

Why are passwords unfit for purpose?

  • Expecting consumers to follow the guidelines for creating passwords (make passwords unique for every important account, make passwords longer and memorable, avoid personal or common words) is no longer reasonable. In a Google survey, 51% of people admitted to reusing the same password for multiple accounts.
  • As consumers increasingly rely on their browsers to remember passwords, the security risk increases – a laptop left unlocked, or that is compromised, potentially provides access to financial and reputation damage.
  • Stolen and reused credentials are responsible for 80% of hacking breaches.

How is iProov enabling the move to a passwordless world?

iProov’s facial biometric technology replaces the need for passwords. With iProov, a user authenticates themselves simply and securely with patented technology. By illuminating the face with a sequence of coloured lights, we provide Genuine Presence Assurance.

What is Genuine Presence Assurance?

Genuine Presence Assurance allows governments, financial service institutions, travel providers, and other enterprises to confirm that an online user of a service is:

  • The right person – the individual trying to access an account or service is the holder of that account and not an impersonator
  • A real person – photos or masks are not being used to gain unauthorized access
  • Present right now – the authentication is happening in real-time and is not a replay attack, where a video of a previous authentication is rerun to gain unauthorized access

Enterprises and public sector agencies around the world are using Genuine Presence Assurance from iProov to enable access to the most secure online services, from bank transfers to tax returns, without depending on passwords.

Which companies are FIDO members?

Other FIDO members include Apple, Amazon, American Express, Bank of America, Facebook, Google, ING, Intel, Mastercard, Microsoft, PayPal, Samsung, and VISA.

Keep up to date on our work in reducing the world’s over-reliance on passwords – follow us on Twitter or LinkedIn.

Back to Resources

iProov wins Finovate Best of Show 2020

iProov Wins Finovate Best of Show For Third Successive Year

February 21 2020

It is known as fintech’s ‘X-Factor’: at Finovate every year, the world’s most cutting edge technology companies showcase their latest products to hundreds of banks and other financial institutions.

Each technology leader gets 7 minutes to conduct a live demo of their latest product in front of banking technology experts from around the world. The audience then votes for their favorites. It’s not for the faint-hearted.

Last week iProov completed a remarkable hat-trick; we won Finovate Best of Show for the third year running. In 2018, 2019, and now again in 2020, Finovate attendees voted for iProov as a stand-out innovator, providing solutions to meet compliance, fraud, and usability challenges in the financial sector.

 

This year’s win was for iProov for Kiosk watch our demo here. Our customers can now use our biometric authentication technology to support secure, high value transactions in low security branches and other physical locations, such as kiosks or unmanned offices. Enterprises that will benefit from both mobile and fixed terminal authentication include banks (for Know Your Customer process and service access), governments (for citizen services and immigration) and travel providers (e.g. airlines, international train services and car hire). Read more about iProov For Kiosk here.

This was the latest in a series of wins for iProov:

  • iProov’s remote authentication technology has been extended to iOS users, who can now authenticate themselves using their passports and contactless NFC document reading from our partners Innovalor ReadID
  • Over 2.5million consumers have ‘iProoved’ themselves over the past 12 months as they accessed financial and government services, such as the Home Office’s EU Settled Status app
  • iProov became the first Genuine Presence Assurance solution in the world whose resilience to all types of attack, including video, has been conformance approved to ISO 30107-3 by a national standards laboratory
  • The iProov team has doubled in size, with new offices opening in London and the US.

For more information about iProov’s technology, click here.

Back to Resources

iProov face verification on tablet

3 Usability Tips for a Slick Authentication Experience

February 1 2020

Whether it’s face ID or airport e-gates – it’s clear that face authentication has really taken off.

While we hear a lot about the ‘security and usability trade-off’, we’d like to suggest you can have the best of both worlds.

Here are some usability tips we’ve learned in the field.

Make the technology do the work, not the user

Placing demands on your user is a sure-fire way to add friction to an authentication experience. Performative actions like ‘look left’…‘blink’…‘recite number 3,2,1’…. ‘do 3 star jumps’ ….creates user frustration and ultimately an increase in abandonment.

Taking an approach that places the security demand on the technology, rather than the user, is not only better for security but skyrockets a user experience.

Deal with selfie anxiety

I want to log into my online banking discreetly on the train and avoid looking like I’m taking a shameless selfie. But do I want to look at my face at a  45-degree angle? No.

To avoid this trauma, consider distorting or softening the imagery. Many people assume distorted imagery lessens the user experience, but data collected by iProov suggests the opposite. 91% of people preferred or were neutral to iProov’s softened imagery, while only 9% would have preferred a photographic selfie.

Your user isn’t a mind reader

A user can’t authenticate? Why? Tell them what the problem is!

Are they too close to the camera? Are they moving too much?

Giving user feedback is essential to prevent frustrated users and increased user abandonment rates!

It’s also important to note that a solution shouldn’t even start unless your user is in a suitable environment.

If the authentication process is able to start in an environment that’s too dark, or too close then the solution has failed to do its job before it’s even begun.

Make sure your feedback has positioned your user for success!

Back to Resources

Deepfake threat protection at iProov

Deepfakes: The Threat To Financial Services

January 29 2020

We’ve just released a new report, Deepfakes: The Threat To Financial Services, which shows that 77% of financial sector CSOs are concerned about the impact of deepfake video, audio, and images.

The use of deepfakes in fake news, pornography, hoaxes and fraud, has created a storm of controversy. Earlier this month, Facebook announced plans to ban deepfakes from its platform, with concerns mounting about their influence on the impending US election.

We surveyed 105 cyber security experts in the financial sector, who told us that:

  • Personal banking and payment transfers were most at risk of deepfake fraud, above social media, online dating, and online shopping
  • Only 28% said that they’ve already put plans in place to protect against deepfakes, with 41% planning to do so in the next two years
  • 29% said that deepfakes were a significant or severe threat to their organisation
  • 64% said that the deepfake threat is going to get worse

Andrew Bud, Founder and CEO at iProov, said: “It’s likely that so few organisations have taken action because they’re unaware of how quickly this technology is evolving. The latest deepfakes are so good they will convince most people and systems, and they’re only going to become more realistic.”

“The era in which we can believe the evidence of our own eyes is ending. Without technology to help us identify fakery, every video and image will in future become suspect. That’s hard for all of us as consumers to learn, so we’re going to have to rely on really good technology to protect us.”

What are deepfakes?

Deepfakes are videos, images or audio recordings that have been distorted to present an individual saying or doing something that they didn’t say or do.

If you think of the thing that you are least likely to ever say, and then imagine your friends, family or employer being shown a (convincing) video of you saying it, it is easy to see the potential for malicious misuse.

How do deepfakes affect banks and other financial services institutions?

For banks and other financial services providers, deepfakes could impact:

  • Onboarding processes could be subverted and fraudulent accounts created to facilitate money-laundering
  • Payments or transfers could be authorised fraudulently
  • Synthetic identities could be created, whereby criminals take elements of a real or fake identity and attach them to a non-existent individual

iProov is working with leading banks, including ING and Rabobank, to protect against deepfakes. Our biometric authentication technology has been built with unique anti-spoofing capabilities that establish the ‘genuine presence’ of a customer. For more information, our The Threat of Deepfakes webpage.

Back to Resources

Simon Headshot Jan 2017

iProov welcomes Simon Williamson, VP of Sales for North America

January 10 2020

Written by Luke Moore, SVP Revenue

I am delighted to welcome Simon Williamson to iProov. Simon joins iProov’s Global Sales Team as VP of Sales North America. He is actively hiring a team of Regional Enterprise Sales professionals across America, so get in touch if you’d like to join our mission of increasing trust online with world-class biometric authentication technology.

Welcome, Simon! What attracted you to iProov?
There are three things. Firstly, the technology. iProov has found a completely unique, completely brilliant way of solving a significant challenge in people’s lives, namely how do I get access to services with my bank or the government or for travel without having to physically go into a building with my ID documents. The opportunity is huge. It allows businesses to increase customer acquisition, and it makes public sector services more easily available to millions of citizens. It’s such a customer-centric idea.

What was your second reason?
Nearly all of us have a digital identity that we use to identify ourselves online, often many times a day. For some, this has come at a cost: identity theft can be inconvenient at best and potentially life-changing at worst. There’s a huge amount at stake if criminals get hold of your identity, so it’s really cool to work in an area focused on protecting people. It’s a space that’s going to see huge growth and focus.

And your third?
The people. I was really blown away by the passion that every single iProover has. We’re all on a mission to achieve something really important in making the internet a safer place and that has created a very special working environment.

What are you most looking forward to?
Working with great organisations to help them reap the benefits of strong customer authentication. iProov is already working with the Department of Homeland Security here in the USA and that’s a great story that other public sector agencies and organisations can learn from. I’ve worked in technology for my whole career – I’ve got a technical background and I love solving business problems.

You’re British but you’ve lived in the US for ten years. Are you still an Englishman in Philadelphia, or is America home?
I love America. I still go back to the UK regularly to see family and watch my beloved Liverpool FC but I’ve lived here for a long time and I love it. iProov was born in the UK but is already helping US organisations to do business online more easily, so I get the best of both worlds in this new role. I’m looking forward to it!

Back to Resources

Genuine Presence

Proving Genuine Presence: The Three Tiers of Security

December 12 2019

You’ve probably heard the term ‘Liveness’ used within the authentication market. But have you heard of ‘Genuine Presence’? At iProov we use the term genuine presence a lot (and not just because we coined it.) It’s printed on our leaflets, our swag… we’ve even had #genuinepresence printed on t-shirts.

Why does Genuine Presence matter?
Determining Genuine Presence is critical to safeguard digital identity. Without Genuine Presence Assurance, mass fraudulent authentication claims can and will be passed. Undetectable attacks will be scaled and digital identity compromised.

What does Genuine Presence mean?
Online Biometric Authentication boils down three tiers of security.
The success of secure biometric authentication is determined by a combination of:

  • Matching – is this the right person?
  • Liveness – is this a real person?
  • Real-Time – is this transaction happening right now?

‘Genuine Presence’ refers to solutions that combine all three tiers. While the majority of the market is still grappling with Liveness – cyber attackers are exploring new, scalable forms of attack that bypass Liveness detection.

So, let’s break down Genuine Presence… tier by tier.

Face Matching: the ‘Right Person’

‘Matching’ is self-explanatory. Matching technology simply matches one set of biometric data to another, to verify the sets of data come from the same person.

Face Matching was first approached in 1964 by a scientist named Bledsoe. His process involved manually entering the coordinates at an average rate of 40 images an hour. We’ve come a long way from there – now matching is a heavily saturated market, with even the most sophisticated face matchers costing as little as 1 cent per match.

Face Matching has been used for surveillance use cases since the late 90s, but more recently Face Matching has been leveraged for Authentication.

Think of setting up a new bank account at home. Instead of going to the branch with your ID in person, with Matching technology you can simply take a picture of your ID and then a selfie. The two images are matched against each other to prove you are in fact the right person.

However, with the increase in face matching for remote, online authentication comes an increase in the exploitation of face matching systems. By now, a lot of people have seen the infamous examples of unlocking the Face Authentication capabilities on smartphones with simply a photo of the device’s owner.

Cue the need for Liveness Detection.

Liveness Detection: the ‘Real Person’

Liveness Detection attempts to verify that we are looking at ‘live user’ by defending against Presentation Attacks. A Presentation Attack is an attempt to pass a fraudulent identity as legitimate, by physically presenting something to a sensor.

In other words, Liveness detection differentiates the real users from the photos, masks and on-screen videos. Liveness detection tells us a user is a Real Person.

There are many methods of doing this – although systems can generally be broken down into two categories:

  • Gesture driven (Active systems)
  • Technology driven (Passive systems)

Gesture-driven Liveness requires the user to perform a series of unnatural actions to prove that they are real, e.g. blinking or facial movements. Our research shows this approach takes a user on average 2.4 attempts to complete a transaction.

Technology-driven Liveness requires no action from the user, instead using internal algorithms to detect spoofs. This approach takes a user on average 1.1 attempts to complete a transaction.

There was a time when a system differentiating a real face from a highly engineered mask was an impressive feat. However, we have entered a new era of identity spoof attacks. Dangerous cyber attackers don’t spend their time holding photos up to a camera. Presentation Attacks are just a small subset of the attacks that can be launched against a system.

Real-Time Detection: the ‘Right Now’

Real-Time Detection is the next tier of security in online biometric authentication. It is the final step to ensure that you are dealing with a user that is genuinely present, by defending against not only Presentation Attacks, but Replay Attacks.

But what is a replay attack? 

Say you perform a successful authentication transaction on your mobile phone. There could easily be malware on your device that you are unaware of. Such malware could record your authentication claim without your knowledge.

A cyberattacker now owns a video of you successfully authenticating.  Now, they can bypass the sensor completely (in this case the phone camera) and inject your previous successful claim directly into the app whenever they want.

This form of attack will pass all Liveness defence.

But how?

Because the claim is not of a mask, a photo or a video. The claim is of a real person, really authenticating. However, they are NOT authenticating right now.

Equally as dangerous is the emergence of Deepfake technology. Realistic synthetic videos of your face can be generated from your social media photos – synthetic imagery that Liveness detection is not equipped to deal with. Such synthetic imagery can be generated in real-time and can also be used to bypass the system’s sensors. Deepfakes can be made easily on free-download apps.

These forms of attacks are low-cost and scalable – two qualities that are very appealing to cyber attackers. These attacks are among the most dangerous and the least defended against.

It’s only a matter of time until these attacks are widespread. Will your systems be equipped to identify them?

Genuine Presence Assurance is critical to safeguard digital identity. We won’t stop talking about Genuine Presence until it is the expected standard of security. We also won’t stop innovating. Existing at the cutting edge of authentication – always a step ahead of the latest dynamic threat.

Back to Resources

deepfake 2

The Replay Attack Challenge

November 21 2019

Written by Andrew Bud, CEO & Founder

When we launched iProov in 2013, it seemed obvious to us that “replay attacks” would be amongst the most dangerous threats to face verification.  These occur when an app, device, communications link or store is compromised and video imagery of a victim is stolen; the stolen imagery is subsequently used to impersonate a victim.  Right from the start, we designed our system to be strongly resilient to this hazard. However, only now is the market beginning to understand the danger of replay attacks.

What is a replay attack and how can it be resisted?

A dwindling number of people still believe that face recognition is the key to the security of face verification.  It isn’t. In practical terms, it would be foolish of a criminal to try to impersonate a victim by trying to look like them – it is incredibly difficult to do and so unlikely to succeed that it is almost pointless.  Since our faces are all public and easy to copy, it is far more effective to present imagery of the victim. Most industry protagonists still focus on artefact copies – photos, screen imagery (stills or videos) or masks.  Lots of energy is spent on masks. Real-f Co., based in Japan, creates some of the most realistic masks available – the skin pore texture is perfect and even the tear-ducts glisten. Although they are visually compelling, such artworks can cost $10,000. Masks are not a scalable way to economically attack large numbers of victims.  Of course, robust detection of masks is essential, but there are bigger dangers.

If an attacker can implant malware on a user device, for example by getting users to click on a rogue link, such malware can potentially gain access to the imagery captured by apps on the device.  This is true of all apps, no matter how strongly they have been armoured. App hardening measures don’t block attacks, they simply increase the effort the attacker must invest to succeed. And if the prize is access to millions of devices, the business drivers to do so are compelling.  This is why, at iProov, we never rely on the integrity of the device. Once stolen, the video will be replayed digitally into a malicious device, bypassing the camera and never appearing on a screen at all.

That’s why our core Flashmark technology makes every verification video unique. Flashmark illuminates the user’s face with a one-time sequence of colours from the device screen. The illuminated face is what we call a “one-time biometric”.  Like a one-time passcode, the number sent by text message to authenticate to many secure services, it is obsolete as soon as it is used and is worthless if stolen.

Any malware or attack that attempts to steal a Flashmarked face video finds that it is totally useless – with the wrong colour sequence on the face, it is immediately detected and rejected.  This same technology also provides the industry’s only strong defence against animated stills, synthetic videos and Deepfakes, a threat iProov has highlighted for several years.

The great advantage of this technology is that it is extremely usable.  Other methods of replay defence destroy usability by bombarding the user with increasingly baffling instructions to move their head one way, then their phone another way,  then recite numbers etc. Very often, they fail because users don’t do as they are told or because quite simply it is impossible to understand the instructions. iProov Flashmark is entirely passive – no action is required from the user, so transaction success rates are uniquely high.

The suggestion that user devices are impervious, or that mobile apps can be made incorruptible, is misleading and dangerous.  We believe that at the heart of good biometric security lies the ability to detect and deflect attacks based on replayed stolen recordings and other digital imagery, directly injected into the dataflow.  Anything less lets down enterprises and their users.

Back to Resources

replay attack

Why Biometric Security Needs Replay Attack Detection

August 30 2019

Presentation Attack Detection or “PAD” is a growing topic within the biometrics industry. While this is definitely a step in the right direction,  cyber-thieves are still diligently exploiting security gaps in identity proofing and strong customer authentication. Exclusive focus on presentation attacks alone fails to address vulnerabilities to other forms of identity spoofing.

This article will illustrate how PAD alone does not guarantee biometric security.  CSOs and Compliance leads must also consider Replay Attack Detection. or “RAD”.

What is Presentation Attack Detection?

Biometric factors like your face, fingerprint, palm, or iris are inherently different to passwords. This is because their security is not reliant on secrecy. You can find a copy of my face on LinkedIn or Facebook in 3 clicks. You could print out a picture of my face and present it to a face authentication system.

If spoofing identity was simply a case of matching my face with the image being presented, my digital identity would be incredibly unsafe. Rather, biometric security relies on accurately matching a biometric that is genuinely present: the real face. PAD addresses the need for biometric matching to check whether the object that is presented to the sensor is the real biometric as opposed to a physical replica.

Effective PAD will stop someone from printing a photo of my face and holding it in front of my phone’s camera most of the time. It might even stop a $10,000 mask that was made by artisans in Japan using a 3D scan of my face.

The problem is that there are few identity fraud scenarios where the benefit of spoofing someone’s identity is worth the cost of creating a sophisticated mask. The real objective for cyber thieves is to find scalable, low-cost attack vectors which can be rolled out globally across large volumes of victims.

What’s the problem with Presentation Attack Detection alone?

There is an additional but equally critical challenge for biometric security:  ensuring there has been no interference from the sensor to the decision processing unit.

What if there is malware affecting the user’s device software or even a full hardware hack? For remote and unsupervised users on their mobile phones, there is always this risk of device compromise.

Browser-based biometric security methods are particularly vulnerable to camera pipeline hijack. This is because the operating system has no control over access to the real camera. Virtual webcam freeware allows users to inject imagery into the application whose real source is totally indistinguishable to the application.

In these cases, the digital service provider cannot be sure exactly how or when the information that reaches its servers was recorded. This means that imagery could be recorded from a successful claim, then retained. At the right moment, that image or video is injected into the application or directly into the network server connection – bypassing the camera entirely. This is a replay attack and it would pass any PAD security. A replay attack is qualitatively indistinguishable from a video of a genuine biometric.

Similarly, device malware can record imagery from the device camera during a successful authentication claim and later be replayed programmatically. This method is incredibly attractive for cyber thieves as it is easily scalable. Once the exploit has been found to work, it can be scaled to thousands of users with minimal incremental cost.

To summarise, PAD fails to addresses the question: “Is this a real authentication, recorded right now?” Biometrics with PAD alone cannot determine that a user is genuinely present at the moment of completing the transaction.

What’s Replay Attack Detection?

Replay Attack Detection is an approach that ensures each authentication claim is unique. Therefore a claim is invalid after the first instance it is processed.

Presentation Attack Detection versus Replay Attack Detection infographic

RAD must ensure a claim is unique with a codespace of random variables.  These variables must have a large enough range, that they are not susceptible to brute force attacks (retrying several variations until the replay version is successful).

Simultaneously, making a claim unique must not put the onus on the user to do something unique and different each time. Reliance on user interaction to create a unique authentication claim vastly reduces completion rates. Users frequently misunderstand instructions, resulting in a high rate of rejection of correct users and therefore user-drop outs.

iProov takes a different approach by timestamping every claim with a passive “FlashMark“. Using the device screen we project a sequence of colors on the user’s face. We then analyze the video to test whether the claim is real or replayed. With a codespace of over 1,000,000 possible combinations, no user will ever receive the same FlashMark twice.

PAD has become topical in recent years. Standards for PAD testing like ISO 30107 and NIST have been introduced.  iProov has been found to conform to such standards by the National Physical Laboratory, who found iProov’s PAD technology “state of the art”. At iProov, we’re thrilled that the market is now demanding biometric security which goes beyond accurate matching. However, we will continue to push the boundary and address the holistic security challenges the market is yet to focus on… because those are the security challenges on which the cybercriminals are focused.

Back to Resources

Webp.net compress image 1 scaled

iProov wins ‘Best of Show’ at Finovate Europe for the second year running

March 14 2019

Described as ‘the highest energy demo of the day’ by audience members, iProov’s 2019 Finovate Europe demo was voted ‘Best of Show’ for the second year running.

The 7-minute demo was delivered by CEO, Andrew Bud, and supported by our Product Manager, Gabriel Turner.

The demo kicked off with a recap of our award-winning technologies that are currently live and in production: Face Verifier and ID Matcher.

We showcased Face Verifier for strong customer authentication and ID Matcher for secure customer onboarding. During our demonstration of ID matcher, we were delighted to announce Microblink as our latest document capture partner. Together, we look forward to creating seamless customer onboarding journeys with staggering completion rates.

Last but not least… we unveiled our latest innovation.

iProov Palm Verifier.

Palm Verifier offers highly secure authentication using an alternative biometric. Like our face-based products, Palm Verifier is supremely simple to use and requires no specialist hardware.

The product leverages our distinct Flashmark technology to check for the genuine presence of a 3D palm and protect against identity spoof attacks.

We are delighted to add another ‘Best of Show’ trophy to our collection and excited to be shaping the market with our latest innovation!

Watch the full demo here.

Back to Resources

KNOW

Acuity Brings Biometric Debate to K(NO)W Identity Conference

May 17 2017

iProov’s Founder & CEO Andrew Bud spoke at the  K(NO)W Identity Conference as part of the ‘Convenience, Security, And The Next Step For Biometrics’ panel hosted by Acuity Principal Maxine Most on day two of the event.

“The inaugural K(NO)W Identity Conference is underway in Washington, DC, and as one would expect from an event aimed at shaping the future of identity, biometrics are playing a major role. Biometric authentication is being taken for granted in many of the conversations occurring at K(NO)W, often with fingerprint authentication on a smartphone mentioned as a run-of-the-mill login option, but when it comes to the deep discussions on biometrics, research firm Acuity Market Intelligence is doing much of the heavy lifting.”

Read the Full Article

Back to Resources

cyberUK roundup

CyberUK 2017 Roundup

March 20 2017

A very exciting three days for iProov at the NCSC’s CyberUK event! Held at the ACC Liverpool from 14-16 March, CyberUK is the Government’s biggest and most influential IA and Cyber Security event to date, hosted by the National Cyber Security Centre (NCSC).

Our team was busy showing the iProov Verifier solution for authentication and remote onboarding to delegates at our stand in the Innovation Zone (sponsored by the DCMS) of the conference.
On the first day, CEO & Founder Andrew Bud delivered a Dragon’s Den-style pitch (an initiative of the DCMS Cyber Security Growth team) to the NCSC’s Dr. Ian Levy, Jon L and Rob T. After facing the “dragons’” questioning, iProov was chosen as the winner of the competition, which was announced by Ciaran Martin (Director, NCSC) during the conference.

The reward for the winner is assistance from the NCSC that will be tailored to suit the selected product or service. It could take the form of developing, assessing and piloting their product or service. It may include consultancy on the technology, targeted penetration testing of the product to improve its security, or potentially working with a government department to test deploy the offering.

After winning the competition, the iProov team also had the opportunity to give a 4-minute presentation on the conference’s Spotlight Stage during the networking evening of day 2 and was featured on BBC Radio4’s You&Yours and itv’s Good Morning Britain.

CyberUK iProov Media

Here are the links to some of the highlights:
NCSC Blog Post “In the Den with the Dragons”
NCSC News “Cyber Security summit closes with commitment to a more diverse future”
ComputerWeekly.com “NCSC commits to greater diversity”
Wookbox.com “NCSC devotes to higher variety”
BBC Radio4 You&Yours “Cyber UK, Mobile phone charges, Granny chic”

Read more about CyberUK

Back to Resources

finovate demo

Finovate Europe 2017 Roundup

February 14 2017

Two very exciting days at Finovate Europe in London for the iProov team:

Our first live demonstration was of the BT Agile Bank prototype app, which is currently in BT’s Innovation Showcase in Adastral Park. Here, the iProov SDK was seamlessly integrated into the banking app for simple and secure account login purposes. It then repelled an attack with a retina video of Matthew blinking and smiling.

Mobile iOS data vault application FaceCrypt was demonstrated next. This app, which is available on the App Store today, uses iProov to protect access to sensitive personal data such as passwords and credit card numbers.

The final live demonstration showed a revolutionary mobile onboarding app in action.  Armed only with a passport and an Android phone, DNB Innovation Lead Ronny Khan showed how a user can be securely verified for KYC/AML purposes.  This app, which generated enormous interest, was developed using the ReadID product of our partner, Dutch ID document experts InnoValor.

DNB app demo screen

Using InnoValor’s ReadID technology to scan the MRZ information and read the embedded NFC chip of the passport, the thus obtained high-quality image of the passport holder is used to authenticate against an iProov selfie capture to make sure that the correct person is physically present for the onboarding process.

A video of the whole 7-minute presentation coming soon, but in the meanwhile you can see the onboarding demo at the link below:

Watch the onboarding demo

Back to Resources

btshowcase 2

The future of banking security: take a glimpse at the BT Adastral research centre

February 8 2017

iProov showcased their unique biometric antispoofing technology to Techworld at the BT Adastral Park research centre in Suffolk.

“The business of banks relies on keeping savings safe, but hackers are finding ever more sophisticated methods to access them.

Swindlers stole £755 million across payment cards, remote banking and cheques in 2015 according to Financial Fraud Action UK, an increase of 26 per cent compared to 2014. The declining cost of technology is lowering the barriers to entry for budding fraudsters, while emerging technologies give them new methods of theft.”

Back to Resources

Get a demo