Onfido launches bug bounty to ensure security of selfie biometrics, identity verification platform

Onfido has opened a bug bounty program to invite cybersecurity researchers and ethical hackers to help it improve the robustness of its digital identity platform.

The company has partnered with YesWeHack to use the latter’s Bug Bounty and Vulnerability Disclosure Policy for penetration testing. YesWeHack’s community of 40,000 researchers will help Onfido understand the tactics used by bad actors and flag security flaws in new products and services before they are used by the public, according to the announcement.

Onfido’s Real Identity Platform was recently upgraded with new features for accurate biometrics capture and threat mitigation.

The bug bounty will reward researchers who discover vulnerabilities in Onfido’s biometrics and digital ID technologies, with the amount determined according to the severity of the bug.

“Security and compliance are essential to our mission of creating a more open world, where identity is the key to online access, and we are always looking for ways to strengthen this,” Onfido Chief Product Officer Alex Valle says. “YesWeHack shares our values in operating under the strictest compliance processes and abiding by a security-by-design approach. The Bug Bounty program delivers us gold standard protection from bad actors, identifying and fixing any critical vulnerabilities before they even have a chance to arise.”

Bug bounties are becoming more popular in the fields of biometrics and digital ID, with France also tapping YesWeHack earlier this year for its national digital ID.

New fintech customer win

Content creator payment platform Fundof is deploying face biometrics from Onfido and technology from fintech Intergiro to launch a payment account and card for faster access to earnings.

Fundof addresses the issues of linking biometrics to various online payment services, as well as the lengthy delays often faced by content creators in collecting donations or “tips” from fans. The app-based platform is launching a free Visa debit card.

Selfie biometrics, ID scans and liveness checks from Onfido are part of the new onboarding process for Fundof, built in collaboration with Intergiro. The digital identity verification process takes about 30 seconds, the companies say.

A member of Berlin band Bad Hammer is quoted in the announcement as saying the onboarding process “was quick and seamless.”

The service is available in 30 European countries.

Article Topics

biometrics  |  bug bounty  |  cybersecurity  |  digital identity  |  identity verification  |  Onfido  |  research and development  |  selfie biometrics  |  YesWeHack