Passive liveness detection and intelligent friction keep remote fraudsters away

Remote identity verification with face biometrics and liveness detection has become sufficient protection against fraud that malicious actors have been turning back to in-person processes where they can rely on fake IDs fooling humans. This was among the key insights the audience of a recent iProov webinar with Acuity Market Intelligence Principal Analyst and Chief Strategist Maxine Most heard.

Treefort Technologies Co-founder Jay Krushell also joined the discussion, and said that his introduction to the world of digital identity came when he was trying to set up a capability to meet with clients remotely to sign documents, such as for mortgages, subject to regulatory requirements. As a lawyer, he quickly realized the importance of being able to confirm that clients are who they claim to be.

Most says that the ability to remotely bind an individual to their claimed identity with biometrics has spurred the surge in the identity verification market since the onset of the covid pandemic.

This is what enabled Krushell to provide the option of online appointments for his clients, he says, despite the regulatory burden of the legal industry.

Then there are the fraud considerations that go into remote identity verification.

“We realized that there was a fundamental difference between compliance and fraud prevention,” Krushell says.  “When you look at the rules, at least in Canada, about what you have to do, what you’re required by law to do, each of those things is very easy for fraudsters to get around.”

He gives the example of a credit file check. It confirms that the person exists, “but does nothing to confirm that the human being you’re interacting with is that Jay Krushell.”

That realization led Treefort to implement multi-factor authentication (MFA).

Liveness feedback and intelligent friction

When asked about friction, Krushell suggests that there is a “sweet spot,” around three to five minutes in the case of Treefort, in which the friction is sufficient to take full advantage of the fraud protections in place, without unduly burdening clients. Longer than that, the drop-off rates become unacceptable.

Treefort selected technologies for its identity verification by identifying the most effective fraud prevention technologies available, and then evaluating them based on how much friction is involved. The vendors chosen satisfied both requirements.

Most introduced the notion of “intelligent friction,” saying “it’s more feedback than it is friction.” She provides the example of apps that are so simple to use that people accidentally perform actions with them. A mis-click during an IDV process carries disproportionate consequences, and must be avoided.

The feedback provided by iProov during the liveness detection process is a good example of how this works, according to Most. “It’s not onerous,” but it tells the user what is happening.

The discussion turned to the importance of liveness detection as a protection against fraud, and Krushell pointed out that Canadian law makes no mention of the technology at all. In other words, in Canada identity verification can comply with the relevant regulations, and be highly susceptible to fraud.

Krushell admits that Treefort was taken somewhat by surprise by Quebec’s passage of a “GDPR-like privacy legislation” that introduces requirements for biometrics use. The company was also surprised by the extent of mistrust of the technology among consumers. In some cases, they decline to use it.

This can pose a significant problem, given the scope of the fraud the technology is intended to prevent.

Most cited stats from Certifid that indicate one in four Americans making a real estate transaction will be receive suspicious communications, and one in ten will be a fraud target.

Before COVID, Canada’s real estate industry did not have a big fraud problem, Krushell says. It “went from zero to a hundred million dollars in a year,” and then title insurance providers started implementing identity verification from providers like Treefort. Fraudsters responded by switching to in-person attacks, skipping the biometric check to try to pull of a scam using a fake physical ID.

When they are successful, the impact goes beyond the dollar amounts, to real human impact on defrauded homeowners and buyers.

Krushell showed how Treefort uses iProov’s liveness detection, and noted that his company found when considering the different liveness vendors that testing showed that failure rates spiked as soon as people were asked to perform even a simple action. Deepfakes, on the other hand, do not struggle to perform the actions used in active liveness or presentation attack detection checks.

Most referred to active liveness processes as “annoying friction,” in contrast to intelligent friction.

An emerging trend in identity verification Krushell notes is more legislation to require its use – and robustness — in more sectors. Another trend is a chorus of claims that possession of a digital credential eliminates fraud risk. The reality, he argues, is that unless the issuance is based on the most robust verification, digital credentials actually exacerbate the problem.

Article Topics

Acuity  |  biometric liveness detection  |  biometrics  |  face biometrics  |  identity verification  |  iProov  |  remote verification  |  selfie biometrics