Biometrics squaring off with deepfakes
Biometrics can protect against the fraud threat of generative AI and deepfakes, but can also be defeated by them if not deployed properly as part of a comprehensive system, as seen in a series of the most-read articles of the week on Biometric Update. Generative AI tools are becoming more easily available and another big-figure deepfake heist has been reported, though Pindrop and Prove have technologies they say can defend against them. The multi-hundred million dollar acquisition of Onfido by Entrust, meanwhile, extends a promising trend for the industry, as Idemia makes changes that may presage another, even larger instance in the series.
Top biometrics news of the week
The acquisition of Onfido by Entrust at a reported valuation well north of $400 million allows the latter to address the entire identity lifecycle. Entrust will integrate Onfido’s selfie biometrics, orchestration services and reusable digital identity capabilities, which were bolstered with Onfido’s acquisition of Airside less than a year ago.
Onfido Co-founder Husayn Kassai writes a summary in Sifted of how the company made a 320-times return on investment for its first investor, from 2010. Kassai credits the company’s success to a healthy ecosystem that supplied advice from peers, and an empowered team that owned more than 20 percent.
Eurostar says the passport biometric checks mandated by the EU’s EES will cause delays of “many hours” for departures from the UK. At issue is the number of pre-departure kiosks deployed, with the French government ordering roughly half the number modeling shows will be needed at peak traffic.
A new authentication service has been introduced in the Philippines through the QR code included with the national digital ID. As PhilSys Check launches, the PSA has put out a public service announcement to sensitize the population about its enrollment drive for isolated and disadvantaged areas.
More than 600,000 applications for ID cards are reportedly sitting in limbo, accumulating since the Kenyan High Court halted the rollout of the new national ID, Maisha Namba. The system is awaiting a final judgement, but the printing had already been reconfigured, preventing the issuance of previous cards in the meantime.
Regional group Austroads plans to assess the provider options for Australia’s mobile driver’s licenses through an expression of interest. The association of government officials will consider mDL uniformity, privacy protections and mutual recognition. It will also hold a forum later this month to discuss hardware and software requirements.
Australia has a tentative launch date for its new national digital ID, pending finalized legislation. The plan is for Australians to be able to choose from a list of accredited digital identity providers to access public and private services following a phased rollout beginning in July.
Idemia has reorganized into Idemia Secure Transactions, Public Security and Smart Identity. Secure Transactions makes up more than half of the total workforce, but the other two are more focused on biometrics and digital ID. The changes could be motivated by the likelihood of intensive regulatory scrutiny were Idemia to be acquired by another digital identity giant like Thales, as has previously been rumored.
A deepfake delivered through an injection attack was used to steal $25 million from a company in Hong Kong, with a phishing email to an employee followed by a fake video call with the company’s CFO. The growth in deepfake attacks necessitates the combination of presentation attack detection, injection attack detection, and image inspection to accompany selfie biometrics, according to Gartner.
The phenomenon of generative AI fraud is not just confined to selfies and video calls, with IBM researchers discovering the use of voice cloning technology to hijack a conversation with a real user or customer and manipulate it without them knowing. New Pindrop research indicates the extent to which algorithms outpace people at detecting artificially generated speech.
Pindrop is also explaining the science behind its unmasking of a prominent deepfake through close analysis of the individual sound components of speech. Prove’s Tim Brown pitched the chain of data points tied to each phone number as a way to provide resilience against identity fraud vectors that can spoof biometric matching at a recent FIDO Alliance conference.
A website has been discovered offering AI-generated photos that can be used in synthetic ID fraud for $15 each. Realistic looking fake ID documents from at least several countries have been seen, and in at least one case used to defeat a crypto exchange’s identity verification.
Professor Karen Yeung of the University of Birmingham offers a bleak assessment of the use of live facial recognition by UK police. Yeung contrasts the practice in England and Wales with the EU and democratic states in general, and argues that the watchlists used are contrary to the presumption of innocence.
Please let us know if you spot any opinion pieces, podcasts or other content we should share with those in biometrics and the digital identity community in the comments below or through social media.