Rising tide lifts biometric digital identity verification providers
In the midst of the booming biometrics industry, digital identity verification stands out as an area which has gone through a rapid transformation from a theoretical capability to an increasingly common service. Digital accounts are used for apps and web portals that have become not just one of the channels of customer engagement, but one of the main channels for established business, and the only one for some new digital-only businesses.
Among them are numerous businesses requiring high levels of certainty that the digital account holder is who he or she claims to be. The digital efforts of banks have always required high levels of trust both to guard against fraud, and to satisfy regulations. Companies in heavily regulated industries like health care have also been moving services online, demanding stronger identity verification than possible through knowledge-based tests.
Digital identity companies have turned to biometrics, mostly in combination with a government-issued ID document which includes a photo, to onboard new customers and secure transactions. Once the validity of the document is established, connecting the person holding the mobile device to the identity document becomes the critical element, and facial biometrics is the obvious way to do that, because it leverages the facial images typically included on them, as well as the selfie camera typically included on the device that was used to scan the documents, Mitek Chief Operating Officer Kalle Marsal told Biometric Update in an interview.
The maturity of and familiarity with the biometric technology behind this process is one of the tailwinds driving the market, Jumio Head of Global Marketing Dean Nicolls told Biometric Update. The other tailwinds identified by Nicolls are increasing threat vectors, the decline of traditional methods of identity verification, and increasing regulatory compliance burdens.
There are other advantages to the biometric selfie approach, too. “Just by virtue of asking for a selfie, if you’re a fraudster, you pretty much exit stage left at that point,” Nicolls says.
At the same time, a major regulatory change has just opened up large U.S. markets to digital ID providers. The Mobile Act was introduced to the House of Representatives in 2017 to create a national standard for regulated businesses like banks to accept scanned or photographed images of identity documents for new customer verification purposes. The Act was eventually incorporated into the Regulatory Relief Act, which was signed into law in May.
“It comes down to what is a valid way to identify yourself in financial service institutions,” says Marsal.
The market for digital identity is still new enough as a major business area that relatively few credible estimates have been made of its size. McKinsey recently analysed the market and estimated it was worth roughly $10 billion in 2017. Over the next five years through 2022, it estimates the market will grow be between 9 and 15 percent a year, reaching between $16 and $20 billion.
Jumio, which has re-emerged as a major market player after declaring Chapter 11 bankruptcy just over two years ago, buoyed in part by the rising tide of demand, expects to reach $100 million in booking and ARR by the end of the year.
Supply rushes in
The space is becoming more crowded as new entrants come into the market to challenge the pioneers of mobile biometric digital identity for share in the rapidly expanding market.
“This demand is lifting all boats, although I would argue we’ve grown at a much faster clip,” Nicolls says.
Companies providing biometrically verified digital identity compete to offer the fastest, most user-friendly experience, the most accurate technology that onboards the highest number of customers, and the widest coverage of regions and identity documents. They also share a common goal, however, to grow the digital identity ecosystem and extend it to more use cases. If they are able to encourage enough adoption to double the market size over the next several years, as McKinsey suggests they can, there will be room for multiple big winners.
“We welcome competition because I think it smartens everybody up and keeps everybody sharp, so I think that this is great that we’re seeing startups come into this,” Onfido Chief Product Officer and Interim CTO Kevin Trilli says. “Hopefully they’re funded startups, in which case it’s capital that’s coming into the market. This is still an earlier stage of maturity. The job-to-be-done market has been around forever but there are different technology cycles that introduce and peak over the course of maybe five to seven years, so its great when people come in and try to push those technology cycles. At the same time, you have to think about it in terms of what the customer needs, and make sure you’re addressing that. That requires some degree of completion of the solution, and some degree of applicability of solution.”
Companies can influence the market even without customers, just by introducing a new technology or method. If the market continues to mature as some of its main stakeholders expect, there will likely be an increase in partnerships and consolidation. At this point, the increase in competition from new entrants is apparent to the established market leaders, but not necessarily threatening, yet.
“I think a lot of them are gaining traction,” Nicolls admits. “I see them gaining traction because the market is growing so fast that, in many cases companies may be looking for an easy, quick solution that’s super-cheap, to maybe tick off a compliance check-box. But often a lot of those customers are prospects for us in a year. And the reason for that is the accuracy for these automated solutions is really quite poor.”
Nicolls also points out that there are more companies providing ID document verification than identity verification, which remains a space dominated by a handful of players.
Digital identity technology providers are differentiated in part by the balance they strike between the use of automation and human experts. Nicolls makes a distinction between purely automated solutions and those that employ human experts at some point in the process, at least some of the time. Jumio fits squarely into the latter camp, while Onfido also uses experts in certain situations as well. Nicolls says Jumio’s onboarding process takes an average of 90 seconds or less, while Onfido offers different process depending on the balance of user experience and confidence called for by the use case.
Along with others in the industry, IDMERIT CEO Tony Raval does not approve of the use of humans for mobile digital identity. ”I feel that’s going back in technology, when you do something manual. What about compliance, what about privacy? You’re sending someone’s ID out of the country!”
IDMERIT’s fully automated approach avoids that, and he says that skepticism about the performance gaps in AI is due to the use of libraries built for other, existing apps, which is unnecessary.
“You don’t have to use this outside library,” Raval points out. “If you have a smart team of coders, or a team that can implement the right kind of code into the app. We use OpenCV, we use NodeJS, things like this, and they’re very simple. You just have to run a series of tests, thousands of them, to determine what kind of image matches exactly to what. Your biometric facial points are right here. Doing matching based on that, we’ve been able to achieve tremendous accuracy.”
Marsal says that adding major AI expertise is one of the big benefits for Mitek of its recent A2iA acquisition.
Nicolls notes that regulations like GDPR prohibit co-mingling data from different customers to train algorithms, which could pose a challenge as digital identity providers seek to compete on AI performance.
IDMERIT’s pitch also includes the flexibility to provide authentication in any language the customer wants, including non-Roman languages, and reference to databases in the country of the person being onboarded through its IDMverify product, according to Raval.
More addressable markets
Financial services companies are the original major customer for many digital identity companies. Their combination of exposure to fraud, regulatory requirements, and customer experience standards led many financial institutions to be early adopters of biometrically-backed digital ID. This is part of the reason that The Mobile Act is so important, according to Marsal.
“There are a lot of customers who weren’t even getting the option to use the digital channel end-to-end, for account enrollment, for getting a loan, or re-mortgage, or whatever they needed to do that required an identification step,” Marsal explains.
Not only have non-bank financial institutions in the U.S. market, like payments and fintech companies, been using the technology to perform a process nearly identical to what banks need to do, but U.S. banks themselves have been using similar image processing technology for applications like mobile check deposits, and banks in other regions have already pioneered the process, along with their technology provider partners. Marsal points out that almost all top U.S. banks already use Mitek’s image capture technology.
The Act was followed closely by many in the banking industry, who began to plan for its eventual passage ahead of time, so the market reaction has been immediate.
“It already is underway,” Marsal says. “There is already major testing that just started this year as the act was getting finalized that the banks hadn’t been doing before. There’s clear and visible momentum that is coinciding now with this act being completed.”
As the Mobile Act opens up the American banking market to digital identity, businesses are still adjusting to the demands put in place by other regulations, such as the know your customer (KYC) and anti-money laundering (AML) requirements placed on fintech and cryptocurrency companies. The industry is also pushing policy-makers to consider the future of identity, with efforts such as a recent pitch by the Better Identity Coalition – which counts Onfido as a member – to federal policymakers on Capitol Hill.
Aside from financial services companies and those in the health care and the sharing economy, digital identity providers see several industries ready to benefit from services like remote customer onboarding.
“Digital business has a natural disruptive characteristic to it, so you have to go back and think of the businesses that are being disrupted,” says Trilli. That includes brick-and-mortar and other traditionally non-digital settings, where digital processes are being deployed in “kiosk mode,” such as with tablets for POS systems. He also mentions airlines, car rental companies, and hotels as possible candidates for a second wave, building on the success of the purely digital businesses with the technology.
Another potential market has emerged even since the passage of the Mobile Act, with the legalization of sports gambling in the U.S. A recent Wired story suggests that illicit gambling is an $80 to $150 billion market in the U.S., so while it may take time, yet another potentially massive market is opening up to digital identity. Nicolls is quick to point out that Jumio already supports many of the top gambling sites in Europe.
Survival of the fittest?
For the companies providing digital identity, the addition of the U.S. banking sector to their potential market could mean both new customers and greater investor confidence. Keeping up with recent growth has already required some providers to scale their operations and invest in new infrastructure, so it may be good news that Marsal does not think all of the new demand from banks will result in solutions launching immediately.
“What will take time here is not the work to fully integrate our technology, the work is really for the banks to decide how to redesign their workflows and then roll it out,” Marsal points out. “It will involve quite a lot of simplification for users, so some banks will be fast at trying to get something out there and then iterate, and some banks may go through a process where they want to test it in a safe environment before they roll it out. But the momentum now is far greater than it’s been at any point in time for this particular thing. I think everybody’s assuming that the industry’s going to shift and shift fairly fast.”
At the same time, some early adopters of the technology are evolving and growing, which will be a boon to some providers, but not necessarily to all.
“Increasingly, online companies are going to start to care about getting it right, and making the right decisions,” Nicolls says. “They’re going to start caring about the processes and the technologies that are going to make it easy to render a yes or no decision.” He contrasts this with an approach to digital transformation or compliance that involves checking off items from a list.
Raval says he sees this approach too. “People are not trying to focus on and do it more effectively, they are running to the next step,” he says. For him, those companies rushing into a digital identity partnership without critically assessing them are potential future IDMERIT customers.
As the demand side of the market matures, companies that cannot deliver the technology to enable those processes may be squeezed out. While the representatives of all three established market players Biometric Update spoke to said they can see more competition among digital identity suppliers, they all express confidence in their position, and suggest that the new entrants to the space are not yet threatening their market share.
“You tier out the competition pretty quickly where you see some of the traditional companies that are in the space alongside us,” Trilli explains. “The newer folks we don’t run into other than there’s lots of research and planning, and lots of proof of concepts, and I think potentially they participate in those, and they’re not hitting mainstream. I’m not saying that’s good or bad, they’re just not yet on our radar. We hear of them, we just don’t hear of adoption. We hope they bring great technology, and we hope they partner, you know form a nice solution that can push the market up in terms of adoption.”
Algorithms will continue to improve as more customers are onboarded and more transactions are processed. Anti-spoofing technology will continue to develop, as companies attempt to stay ahead of the latest attack techniques. The biggest changes coming to digital identity solutions will be more about user experience, though, according to Raval.
“In this space, the next step in terms of identity verification is simplifying the technology of how biometrics are going to be used,” he says.
Marsal says something similar. “I think we’re still at an early step in how biometrics get tied into this whole process. At the end of the day the challenge that we have is to prove that you are who you claim to be in a digital setting where we don’t have the benefit of an in-person interaction.”
Trilli notes that constant changes to fraud techniques requires as many data sharing partnerships as possible to stay ahead of attacks.
He draws a comparison: “Some of the ecommerce behavioural fraud companies have interactive data sharing models where they can learn from each other. Same kind of space; we just need to work collaboratively on the next emerging technology threats, with respect to fraud, and I think at the biometric level you see lots of opportunities for people to challenge those systems.”
That challenge will never end. The method for how businesses will prove the identity of their customers remotely well into the future may already be here.
“The world doesn’t need to wait for a federated digital identity solution to mature,” Marsal asserts. “There is a very reliable and secure method today that brings what works in the physical world, the government issued ID document, into the digital world. Then with the biometric of the very advanced facial match ties it to the person. It’s a solution that can help both with compliance reducing financial risk, and improving user experiences to really delighting customers. It’s available today and we believe it will be the de facto standard for identity verification in digital channels for many more years.”