Digital identity verification spending to pass $20B by 2027, but security challenges remain

Businesses around the world are spending $11.6 billion on digital identity verification this year, and that amount will nearly double to $20.8 billion in five years, according to the latest forecast from Juniper Research.

The report examines the market verticals where digital identity verification is used, key vendors, and breaks down its market forecast into eight regions. Spending is divided into banking, government services, ecommerce and other services.

Juniper has also published a white paper on ‘Why Verifying Digital Identity is Critical.’ The seven-page paper starts with the basics, reviewing the remote transactions, fraud, and requirements for know your customer and anti-money laundering checks that are imposed by regulators. Challenges identified are dealing with synthetic identities and balancing customer friction and security.

“There are multiple pathways to identity verification success,” says Damla Sat, co-author of the report. “There are many different segments and verification types, with no single vendor covering all the solutions. As such, there is still a lot of room for innovation; vendors must focus on building out innovation partnerships and acquisitions that allow them to intelligently orchestrate the most effective verification types for each use case to drive growth forward.”

Despite the rapid adoption of digital identity verification, even relatively sophisticated means of biometric online ID verification can be prone to spoof attacks.

Biometric video verifications vulnerable

A researcher with the Chaos Computer Club has cracked six different video-based online identity verification solutions with just open source software and some red paint. A recombination of multiple video sources allowed the researcher to fool both human operators and algorithms, according to the announcement.

The group emphasizes the simplicity of the attack, and the corresponding likelihood of success if attempted by a semi-competent criminal. Success would allow the fraudster to access German people’s medical records, as video identification is used for access control to German online medical services.

The system uses ID cards that contain embedded biometric information, but that information is not transferred as part of the video identification process. This blocks off both a potential means of verifying that the person holding the card is who they claim to be, and selective disclosure possibilities, CCC says.

The report itself (German only) takes issue with claims from IDnow that spoof attacks involve high-cost preparation.

The group says that video identity verification for access to sensitive data should be discontinued, and the burden of proof of the security of systems shifted to “process operators.”

“In the future, compliance with existing and new requirements should be regularly proven by independent tests under real attack conditions,” the CCC advises. “In particular, any statement on the effectiveness of countermeasures requires verified evidence. The mere assertion that ‘some AI has been sprinkled over it’ should no longer be sufficient.”

Article Topics

AML  |  biometrics  |  biometrics research  |  Chaos Computer Club  |  digital identity  |  fraud prevention  |  identity verification  |  Juniper Research  |  KYC  |  spoofing  |  synthetic identity fraud